Chapter 11: Intrusion Detection and Prevention
178
WatchGuard Firebox System
Default Packet Handling
The WatchGuard Firebox System provides default packet
handling options to automatically block hosts that origi-
nate probes and attacks. Logging options help you identify
sites that exhibit suspicious behavior such as spoofing. You
can use the information gathered to manually and perma-
nently block an offending site. In addition, you can block
ports (by port number) to protect ports with known vul-
nerabilities from any incoming traffic. For more informa-
tion on log messages, see the following collection of FAQs:
https://support.watchguard.com/advancedfaqs/log_main.asp
The Firebox System examines and handles packets accord-
ing to default packet-handling options that you set. The
firewall examines the source of the packet and its intended
destination by IP address and port number. It also watches
for patterns in successive packets that indicate unautho-
rized attempts to access the network.
The default packet-handling configuration determines
whether and how the firewall handles incoming communi-
cations that appear to be attacks on a network. Packet han-
dling can:
•
Reject potentially threatening packets
•
Automatically block all communication from a source
site
•
Add an event to the log
•
Send notification of potential security threats
Blocking spoofing attacks
One method that attackers use to gain access to your net-
work involves creating an electronic “false identity.” With
this method, called “IP spoofing,” the attacker creates a
TCP/IP packet that uses someone else’s IP address.
Because routers use a packet’s destination address to for-
ward the packet toward its destination, the packet’s source
address is not validated until the packet reaches its destina-
Содержание Firebox X10E
Страница 1: ...WatchGuard Firebox System User Guide WatchGuard Firebox System ...
Страница 12: ...xii WatchGuard Firebox System ...
Страница 44: ...Chapter 2 Service and Support 22 WatchGuard Firebox System ...
Страница 61: ...Cabling the Firebox User Guide 39 ...
Страница 68: ...Chapter 3 Getting Started 46 WatchGuard Firebox System ...
Страница 78: ...Chapter 4 Firebox Basics 56 WatchGuard Firebox System ...
Страница 156: ...Chapter 8 Configuring Filtered Services 134 WatchGuard Firebox System ...
Страница 182: ...Chapter 9 Configuring Proxied Services 160 WatchGuard Firebox System ...
Страница 220: ...Chapter 11 Intrusion Detection and Prevention 198 WatchGuard Firebox System ...
Страница 242: ...Chapter 12 Setting Up Logging and Notification 220 WatchGuard Firebox System ...
Страница 255: ...Working with Log Files User Guide 233 appear until the remote office Firebox has been properly configured ...
Страница 256: ...Chapter 13 Reviewing and Working with Log Files 234 WatchGuard Firebox System ...
Страница 274: ...Chapter 14 Generating Reports of Network Activity 252 WatchGuard Firebox System ...