Avaya 3.7 ユーザーズマニュアル

The security gateway objects Denial of Service tab is used to change the settings for specific 
devices. Changing the settings here overrides the domain level settings for that category. When 
devices are updated, the DOS categories at the device level and the remaining DOS categories 
from the domain level are sent to the device.

You can enable protection for the following seven areas of attack:

Ping of Death. - The ping of death sends packets with invalid lengths. When the receiving 
system attempts to rebuild the packets, the system crashes because the packet length exhausts 
the available memory.

IP Spoofing. - This attack sends an IP packet with an invalid IP address. If the system accepts 
this IP address, the attacker appears to reside on the private side of the security gateway. The 
attacker is actually on the public side, and bypasses the firewall rules of the private side.

Smurf Attack. - This attack floods the system with broadcast IP packet pings. If the flood is 
large enough and long enough, the attacked host is unable to receive or distinguish real traffic.

Tear Drop. - This attack sends IP fragments to the system that the receiving system cannot 
reassemble and the system can crash.

Flood Attack. - This attack floods the system with TCP connection requests, which exhausts 
the memory and the processing resources of the firewall. Flood attacks also attack the UDP 
ports. This attack attempts to flood the network by exhausting the available network bandwidth.

Note:

When you enable Flood Attack, you must also enable the Keep State feature in 
the Firewall Rules Setup in the Security tab.