beautypg.com

Enable ads – Efficient Networks 5100 Series User Manual

Page 86

background image

SpeedStream Router User Guide

TCP Xmas Flags:
The TCP Xmas flag configuration is an invalid combination of the FIN, URG and PUSH flags. This
packet can cause some hosts to crash.

Fragmented TCP Packet:
As discussed in the Invalid IP Packet Fragment description, packets may be fragmented in transit.
While it is entirely valid to fragment a TCP packet, this is rarely done because of a process called
“MTU discovery” that occurs when two hosts begin communicating. The rarity of TCP packet
fragmentation makes its occurrence suspicious and could indicate a flawed network stack exploit
attempt.

Fragmented TCP Header:
This indicates that the TCP header in the packet was split into multiple IP fragments. This never
normally occurs and is most likely a flawed network stack exploit attempt.

Fragmented UDP Header:
This indicates that the IP header in the packet was split into multiple IP fragments. This never
normally occurs and is most likely a flawed network stack exploit attempt.

Fragmented ICMP Header:
This indicates that the ICMP header in the packet was split into multiple IP fragments. This never
normally occurs and is most likely a flawed network stack exploit attempt.

Inconsistent UDP/IP header lengths:
Also known as a “UDP bomb,” this indicates that a UDP length less than the IP length was received.
This does not occur normally and is most likely a flawed network stack exploit attempt.

Inconsistent IP header lengths:
This indicates that a length greater than the one indicated by the IP length in the header was received.
This does not occur normally and is most likely a flawed network stack exploit attempt.

When logging is selected for a particular
offending packet, the ADS will write an entry
to the firewall log once a minute for as long as
the attack persists. This allows one to tell that
a long-term attack is taking place without
completely filling up the firewall log with
entries for every single packet.

Enable ADS

• On the main menu, click Setup, then click

Firewall, and then click ADS.

The Attack Detection System
Configuration window displays.

76

See also other documents in the category Efficient Networks Hardware: