Glossary
NetVanta 2000 Series System Manual
204
© 2002 ADTRAN, Inc.
61200361L1-1E
HTTP
HyperText Transfer Protocol is the protocol that carries requests from a browser to a Web server
and also transports Web pages from a Web server back to the requesting browser. HTTP is the
most universally used Web transfer protocol, but it is not inherently a secure protocol.
ICMP Redirect
Not necessarily a malicious condition, some routers generate a redirection message whenever a
packet is rerouted. If these messages become excessive or if some mischievous person is
generating these messages in an exponential fashion this condition can become invasive.
IP Reassembly
TCP/IP is a system of packet creation, packet disassembly, packet transmission, and packet
reassembly. An intruder sometimes tries to intervene in the reassembly process and insert bogus
extra or replacement segments.
IPSec
A method of providing secure communication (Internet Protocol security) over potentially
insecure network components such as intermediate routers. IPSec defines encryption,
authentication, and key management standards. IPSec protocols support transport mode and tunnel
mode operations.
IP Spoofing
Gaining access to a computer by pretending to be at a trusted IP address. By setting up a firewall,
all access must come through the firewall and pick up the only authorized address of the firewall
after adequate authentication is completed.
Land attacks
A special type of denial of service attack where an intruder or intruding program identifies a
source and direction of a particular packet and reverses (or swaps) these two IP addresses. This
kind of attack can range from being a nuisance, to being a tragic menace if it prevents the delivery
of an important document or message.
Masquerading
An unauthorized user assumes the identity of an authorized user.
Packet filtering
Is access control at the Internet Protocol layer. This includes accepting or rejecting (dropping)
frames of data based on source and destination addresses. This is a very basic filtering method that
does not include using passwords or authentication algorithms.
Ping of death
Is a denial of service attack that relies upon TCP/IP's difficulty handling unusually large ping
packets. If not protected, a system that receives an oversize ping packet may hang or crash.
Proxy server
A firewall component that manages Internet traffic to and from a network and provides other
features such as file caching and access control. A proxy server can also improve performance by