Chapter 27 Security Policy
ZyWALL USG Series User’s Guide
587
27.5.4 Protocol Anomaly Profiles
Protocol anomalies are packets that do not comply with the relevant RFC (Request For Comments).
Protocol anomaly detection includes:
•TCP Decoder
• UDP Decoder
•ICMP Decoder
• IP Decoder
Teardrop
When an IP packet is larger than the Maximum Transmission Unit (MTU) configured in the Zyxel Device, it
is fragmented using the TCP or ICMP protocol.
A Teardrop attack falsifies the offset which defines the size of the fragment and the original packet. A
series of IP fragments with overlapping offset fields can cause some systems to crash, hang, or reboot
when fragment reassembling is attempted at the destination.
IP Spoofing
IP Spoofing is used to gain unauthorized access to network devices by modifying packet headers so
that it appears that the packets originate from a host within a trusted network.
• In an IP Spoof from the WAN, the source address appears to be in the same subnet as a Zyxel Device
LAN interface.
• In an IP Spoof from a LAN interface, the source address appears to be in a different subnet from that
Zyxel Device LAN interface.
To Next Page
Loading...
