are not understood by any today's standard systems. As NetDefendOS cannot understand checksum
algorithms other than the standard algorithm, these options can never be accepted. The
ALTCHKREQ option is normally never seen on modern networks.
Default: StripLog
TCP Option ALTCHKDATA
Determines how NetDefendOS will handle alternate checksum data options. These options are used
to transport alternate checksums where permitted by ALTCHKREQ above. Normally never seen on
modern networks.
Default: StripLog
TCP Option Con Timeout
Determines how NetDefendOS will handle connection count options.
Default: StripLogBad
TCP Option Other
Specifies how NetDefendOS will deal with TCP options not covered by the above settings. These
options usually never appear on modern networks.
Default: StripLog
TCP SYN/URG
Specifies how NetDefendOS will deal with TCP packets with SYN (Synchronize) flags and URG
(Urgent data) flags both turned on. The presence of a SYN flag indicates that a new connection is in
the process of being opened, and an URG flag means that the packet contains data requiring urgent
attention. These two flags should not be turned on in a single packet as they are used exclusively to
crash computers with poorly implemented TCP stacks.
Default: DropLog
TCP SYN/PSH
Specifies how NetDefendOS will deal with TCP packets with SYN and PSH (Push) flags both
turned on. The PSH flag means that the recipient stack should immediately send the information in
the packet to the destination application in the computer. These two flags should not be turned on at
the same time as it could pose a crash risk for poorly implemented TCP stacks. However, many
Macintosh computers do not implement TCP correctly, meaning that they always send out SYN
packets with the PSH flag turned on. This is why NetDefendOS normally removes the PSH flag and
allows the packet through despite the fact that the normal setting should be dropping such packets.
Default: StripSilent
TCP SYN/RST
The TCP RST flag together with SYN; normally invalid (strip=strip RST).
Default: DropLog
TCP SYN/FIN
13.2. TCP Level Settings
Chapter 13. Advanced Settings
433
Содержание 800 - DFL 800 - Security Appliance
Страница 24: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 24 ...
Страница 69: ...2 6 4 Restore to Factory Defaults Chapter 2 Management and Maintenance 69 ...
Страница 121: ...3 9 DNS Chapter 3 Fundamentals 121 ...
Страница 166: ...interfaces without an overriding IGMP Setting Default 1 000 4 6 4 Advanced IGMP Settings Chapter 4 Routing 166 ...
Страница 181: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 181 ...
Страница 192: ...5 5 IP Pools Chapter 5 DHCP Services 192 ...
Страница 282: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 282 ...
Страница 300: ...mechanism 7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 300 ...
Страница 301: ...7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 301 ...
Страница 303: ... Changed on a regular basis such as every three months 8 1 Overview Chapter 8 User Authentication 303 ...
Страница 318: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 318 ...
Страница 322: ...ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 322 ...
Страница 377: ...Management Interface Failure with VPN Chapter 9 VPN 377 ...
Страница 408: ...10 4 6 SLB_SAT Rules Chapter 10 Traffic Management 408 ...
Страница 419: ...11 5 HA Advanced Settings Chapter 11 High Availability 419 ...
Страница 426: ...12 3 5 Limitations Chapter 12 ZoneDefense 426 ...
Страница 449: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 449 ...