TCP Auto Clamping
Automatically clamp TCP MSS according to MTU of involved interfaces, in addition to
TCPMSSMax.
Default: Enabled
TCP Zero Unused ACK
Determines whether NetDefendOS should set the ACK sequence number field in TCP packets to
zero if it is not used. Some operating systems reveal sequence number information this way, which
can make it easier for intruders wanting to hijack established connections.
Default: Enabled
TCP Zero Unused URG
Strips the URG pointers from all packets.
Default: Enabled
TCP Option WSOPT
Determines how NetDefendOS will handle window-scaling options. These are used to increase the
size of the windows used by TCP; that is to say, the amount of information that can be sent before
the sender expects ACK. They are also used by OS Fingerprinting. WSOPT is a common
occurrence in modern networks.
Default: ValidateLogBad
TCP Option SACK
Determines how NetDefendOS will handle selective acknowledgement options. These options are
used to ACK individual packets instead of entire series, which can increase the performance of
connections experiencing extensive packet loss. They are also used by OS Fingerprinting. SACK is
a common occurrence in modern networks.
Default: ValidateLogBad
TCP Option TSOPT
Determines how NetDefendOS will handle time stamp options. As stipulated by the PAWS (Protect
Against Wrapped Sequence numbers) method, TSOPT is used to prevent the sequence numbers (a
32-bit figure) from "exceeding" their upper limit without the recipient being aware of it. This is not
normally a problem. Using TSOPT, some TCP stacks optimize their connection by measuring the
time it takes for a packet to travel to and from its destination. This information can then be used to
generate resends faster than is usually the case. It is also used by OS Fingerprinting. TSOPT is a
common occurrence in modern networks.
Default: ValidateLogBad
TCP Option ALTCHKREQ
Determines how NetDefendOS will handle alternate checksum request options. These options were
initially intended to be used in negotiating for the use of better checksums in TCP. However, these
13.2. TCP Level Settings
Chapter 13. Advanced Settings
432
Содержание 800 - DFL 800 - Security Appliance
Страница 24: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 24 ...
Страница 69: ...2 6 4 Restore to Factory Defaults Chapter 2 Management and Maintenance 69 ...
Страница 121: ...3 9 DNS Chapter 3 Fundamentals 121 ...
Страница 166: ...interfaces without an overriding IGMP Setting Default 1 000 4 6 4 Advanced IGMP Settings Chapter 4 Routing 166 ...
Страница 181: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 181 ...
Страница 192: ...5 5 IP Pools Chapter 5 DHCP Services 192 ...
Страница 282: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 282 ...
Страница 300: ...mechanism 7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 300 ...
Страница 301: ...7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 301 ...
Страница 303: ... Changed on a regular basis such as every three months 8 1 Overview Chapter 8 User Authentication 303 ...
Страница 318: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 318 ...
Страница 322: ...ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 322 ...
Страница 377: ...Management Interface Failure with VPN Chapter 9 VPN 377 ...
Страница 408: ...10 4 6 SLB_SAT Rules Chapter 10 Traffic Management 408 ...
Страница 419: ...11 5 HA Advanced Settings Chapter 11 High Availability 419 ...
Страница 426: ...12 3 5 Limitations Chapter 12 ZoneDefense 426 ...
Страница 449: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 449 ...