SROS Command Line Interface Reference Guide
Global Configuration Mode Command Set
5991-2114
© Copyright 2007 Hewlett-Packard Development Company, L.P.
397
Smurf Attack
No
The firewall will drop any ping responses that
are not part of an active session.
Smurf Attack
IP Spoofing
No
The firewall will drop any packets with a
source IP address that appears to be
spoofed. The IP route table is used to
determine if a path to the source address is
known (out of the interface from which the
packet was received). For example, if a
packet with a source IP address of
10.10.10.1 is received on interface fr 1.16
and no route to 10.10.10.1 (through interface
fr 1.16) exists in the route table, the packet is
dropped.
IP Spoofing
ICMP Control Message Floods
and Attacks
No
The following types of ICMP packets are
allowed through the firewall: echo,
echo-reply, TTL expired, dest. Unreachable,
and quench. These ICMP messages are
only allowed if they appear to be in response
to a valid session. All others are discarded.
Twinge
Attacks that send TCP URG
packets
Yes
Any TCP packets that have the URG flag set
are discarded by the firewall.
Winnuke, TCP
XMAS Scan
Falsified IP Header Attacks
No
The firewall verifies that the packet’s actual
length matches the length indicated in the IP
header. If it does not, the packet is dropped.
Jolt/Jolt2
Echo
No
All UDP echo packets are discarded by the
firewall.
Char Gen
Land Attack
No
Any packets with the same source and
destination IP addresses are discarded.
Land Attack
Broadcast Source IP
No
Packets with a broadcast source IP address
are discarded.
Invalid TCP Initiation Requests
No
TCP SYN packets that have ack, urg rst, or
fin flags set are discarded.
Invalid TCP Segment Number
No
The sequence numbers for every active TCP
session are maintained in the firewall
session database. If the firewall received a
segment with an unexpected (or invalid)
sequence number, the packet is dropped.
IP Source Route Option
No
All IP packets containing the IP source route
option are dropped.
Invalid Traffic Pattern
Manually
Enabled?
OS Firewall Response
Common
Attacks