ZyXEL p-660h-61 Guida Utente
Prestige 660H Series User’s Guide
Firewalls
10-5
numerous hosts, this will create a large amount of ICMP echo request and response traffic. If a
hacker chooses to spoof the source IP address of the ICMP echo request packet, the resulting
ICMP traffic will not only clog up the "intermediary" network, but will also congest the network
of the spoofed source IP address, known as the "victim" network. This flood of broadcast traffic
consumes all available bandwidth, making communications impossible.
hacker chooses to spoof the source IP address of the ICMP echo request packet, the resulting
ICMP traffic will not only clog up the "intermediary" network, but will also congest the network
of the spoofed source IP address, known as the "victim" network. This flood of broadcast traffic
consumes all available bandwidth, making communications impossible.
Figure 10-4 Smurf Attack
ICMP Vulnerability
ICMP is an error-reporting protocol that works in concert with IP. The following ICMP types trigger
an alert:
an alert:
Table 10-2 ICMP Commands That Trigger Alerts
5 REDIRECT
13 TIMESTAMP_REQUEST
14 TIMESTAMP_REPLY
17 ADDRESS_MASK_REQUEST
18 ADDRESS_MASK_REPLY
Illegal Commands (NetBIOS and SMTP)
The only legal NetBIOS commands are the following - all others are illegal.
Table 10-3 Legal NetBIOS Commands
MESSAGE:
REQUEST:
POSITIVE:
NEGATIVE:
RETARGET:
KEEPALIVE:
All SMTP commands are illegal except for those displayed in the following tables.
Table 10-4 Legal SMTP Commands
AUTH DATA EHLO ETRN EXPN HELO HELP MAIL NOOP
QUIT RCPT RSET SAML SEND SOML
TURN VRFY