Справочник Пользователя для ZyXEL Communications G-2000 Plus

ZyAIR G-2000 Plus User’s Guide

Chapter 14 Firewalls

184

Figure 77   Smurf Attack

ICMP is an error-reporting protocol that works in concert with IP. The following ICMP types 
trigger an alert:

Table 59   ICMP Commands That Trigger Alerts

5

REDIRECT

13

TIMESTAMP_REQUEST

14

TIMESTAMP_REPLY

17

ADDRESS_MASK_REQUEST

18

ADDRESS_MASK_REPLY

Traceroute is a utility used to determine the path a packet takes between two endpoints. 
Sometimes when a packet filter firewall is configured incorrectly an attacker can traceroute 
the firewall gaining knowledge of the network topology inside the firewall.

Often, many DoS attacks also employ a technique known as "IP Spoofing" as part of their 
attack. IP Spoofing may be used to break into systems, to hide the hacker's identity, or to 
magnify the effect of the DoS attack. IP Spoofing is a technique used to gain unauthorized 
access to computers by tricking a router or firewall into thinking that the communications are 
coming from within the trusted network. To engage in IP spoofing, a hacker must modify the 
packet headers so that it appears that the packets originate from a trusted host and should be 
allowed through the router or firewall. The ZyAIR blocks all IP Spoofing attempts.