Filter and Firewall
Left running head:
Chapter name (automatic)
742
Beta Beta
OmniAccess 5740 Unified Services Gateway CLI Configuration Guide
Alcatel-Lucent
DEFAULT ATTACKS (RATE-LIMITING / STATEFUL)
The following attacks are a part of the default attack prevention list. However, if
you do not want to use the default list, you can turn on only a selected number of
attacks by using their respective keywords with parameters.
ICMP-DEST-UNRCH-STORM
icmp-dest-unrch-storm [threshold < 1-4294967295> <1-4294967295>]
Attackers may flood network with ICMP destination unreachable packets for which
there is information available for original packet. Knowing traffic pattern for the site
helps in preventing this type of attack. For a e-business site, it may be 20,000
ICMP destination unreachable packets/second. For a smaller site, it might be 20
ICMP destination unreachable packets/sec. Hence, depending upon the traffic
pattern, the threshold can be set. If the threshold is crossed, it might be pointer to
a ICMP destination unreachable attack.
ICMP-IP-ADDRESS-SWEEP
icmp-ip-address-sweep [threshold <1-4294967295> <1-4294967295>]
An address sweep attack occurs when one source IP address sends number of
ICMP echo requests (or pings) to different hosts within a defined interval. The
purpose of this scheme is to ping several hosts in the hope that one will reply, thus
uncovering an address to target, resulting in system failure. This command is
included in the Alcatel-Lucent’s default attack prevention list.
ICMP-PING-FLOOD
icmp-ping-flood [threshold <1-4294967295> <1-4294967295>]
A perpetrator sends a large amount of ICMP echo (ping) traffic at IP broadcast
addresses, all of it having a spoofed source address of a victim. If the routing
device delivering traffic to the broadcast addresses performs the IP broadcast to
another broadcast function, most hosts on that IP network will take the ICMP echo
request and reply to it with an echo reply each, multiplying the traffic by the
number of hosts responding. To secure system from this kind of ping flooding, this
command is included in the default attack prevention list.
PORT-SCAN
port-scan [threshold <1-4294967295> <1-4294967295>]
A port scan is a series of messages sent by someone attempting to break into a
computer to learn which computer network services, each associated with a “well-
known” port number, the computer provides. Port scanning, a favorite approach of
computer cracker, gives the assailant an idea where to probe for weaknesses.
Essentially, a port scan consists of sending a message to each port, one at a time.
The kind of response received indicates whether the port is used and can
therefore be probed for weakness.
To Next Page
Loading...
Need help?
General
