WatchGuard x1000 用户指南
Chapter 11: Intrusion Detection and Prevention
180
WatchGuard Firebox System
Blocking port space and address space
attacks
attacks
Other methods that attackers use to gain access to net-
works and hosts are known as probes. Port space probes
are used to scan a host to find what services are running on
it. Address space probes scan a network to see which ser-
vices are running on the hosts inside that network. From
Policy Manager:
works and hosts are known as probes. Port space probes
are used to scan a host to find what services are running on
it. Address space probes scan a network to see which ser-
vices are running on the hosts inside that network. From
Policy Manager:
1
On the toolbar, click the Default Packet Handling icon.
You can also, from Policy Manager, select Setup => Intrusion
Prevention => Default Packet Handling.
The Default Packet Handling dialog box appears.
2
Select the checkbox marked Block Port Space Probes.
3
Select the checkbox marked Block Address Space
Probes.
Probes.
Stopping IP options attacks
Another type of attack that can be used to disrupt your net-
work involves IP options in the packet header. IP options
are extensions of the Internet Protocol that are usually used
for debugging or for special applications. For example, if
you allow IP options, the attacker can use the options to
specify a route that helps him or her gain access to your
work involves IP options in the packet header. IP options
are extensions of the Internet Protocol that are usually used
for debugging or for special applications. For example, if
you allow IP options, the attacker can use the options to
specify a route that helps him or her gain access to your