TFTP Request Options
As long as the Remove Request Option described above is set to false (options are not removed)
then the following request option settings can be applied:
Maximum Blocksize
The maximum blocksize allowed can be specified. The
allowed range is 0 to 65,464 bytes. The default value is
65,464 bytes.
Maximum File Size
The maximum size of a file transfer can be restricted. By
default this is the absolute maximum allowed which 999,999
Kbytes.
Block Directory Traversal
This option can disallow directory traversal through the use of
filenames containing consecutive periods ("..").
Allowing Request Timeouts
The NetDefendOS TFTP ALG blocks the repetition of an TFTP request coming from the same
source IP address and port within a fixed period of time. The reason for this is that some TFTP
clients might issue requests from the same source port without allowing an appropriate timeout
period.
6.2.5. The SMTP ALG
Simple Mail Transfer Protocol (SMTP) is a text based protocol used for transferring email between
mail servers over the Internet. Typically the local SMTP server will be located on a DMZ so that
mail sent by remote SMTP servers will traverse the NetDefend Firewall to reach the local server
(this setup is illustrated later in Section 6.2.5.1, “Anti-Spam Filtering”). Local users will then use
email client software to retrieve their email from the local SMTP server.
SMTP is also used when clients are sending email and the SMTP ALG can be used to monitor
SMTP traffic originating from both clients and servers.
SMTP ALG Options
Key features of the SMTP ALG are:
Email rate limiting
A maximum allowable rate of email messages can be
specified. This rate is calculated on a per source IP address
basis, in other words it is not the total rate that is of interest
but the rate from a certain email source.
This is a very useful feature to have since it is possible to put
in a block against either an infected client or an infected
server sending large amounts of malware generated emails.
Email size limiting
A maximum allowable size of email messages can be
specified. This feature counts the total amount of bytes sent
for a single email which is the header size plus body size plus
the size of any email attachments after they are encoded. It
should be kept in mind that an email with, for example, an
attachment of 100 Kbytes, will be larger than 100 Kbytes.
The transferred size might be 120 Kbytes or more since the
encoding which takes place automatically for attachments
may substantially increase the transferred attachment size.
6.2.5. The SMTP ALG
Chapter 6. Security Mechanisms
259
Содержание NetDefend DFL-260E
Страница 27: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 27...
Страница 79: ...2 7 3 Restore to Factory Defaults Chapter 2 Management and Maintenance 79...
Страница 146: ...3 9 DNS Chapter 3 Fundamentals 146...
Страница 227: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 227...
Страница 241: ...5 4 IP Pools Chapter 5 DHCP Services 241...
Страница 339: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 339...
Страница 360: ...7 4 7 SAT and FwdFast Rules Chapter 7 Address Translation 360...
Страница 382: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 382...
Страница 386: ...The TLS ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 386...
Страница 439: ...Figure 9 3 PPTP Client Usage 9 5 4 PPTP L2TP Clients Chapter 9 VPN 439...
Страница 450: ...9 7 6 Specific Symptoms Chapter 9 VPN 450...
Страница 488: ...10 4 6 Setting Up SLB_SAT Rules Chapter 10 Traffic Management 488...
Страница 503: ...11 6 HA Advanced Settings Chapter 11 High Availability 503...
Страница 510: ...12 3 5 Limitations Chapter 12 ZoneDefense 510...
Страница 533: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 533...