Page 21 / 161 Scroll up to view Page 16 - 20
21
Section 3
General
Pinholes
This feature allows you to:
Transparently route selected types of network traffic using the port for-
warding facility.
FTP requests or HTTP (Web) connections are directed to a specific
host on your LAN.
Setup multiple pinhole paths.
Up to 32 paths are supported
Identify the type(s) of traffic you want to redirect by port number.
Common TCP/IP protocols and ports are:
See
page 47
for How To instructions.
Default Server
This feature allows you to:
Direct your Gateway to forward all externally initiated IP traffic (TCP
and UDP protocols only) to a default host on the LAN.
Enable it for certain situations:
Where you cannot anticipate what port number or packet protocol
an in-bound application might use.
For example, some network games select arbitrary port numbers
when a connection is opened.
When you want all unsolicited traffic to go to a specific LAN host.
See
page 56
for How To instructions.
FTP (TCP 21)
telnet (TCP 23)
SMTP (TCP 25)
HTTP (TCP 80)
SNMP (TCP 161, UDP 161)
Default Server is not available for traffic inbound via a SafeHarbour IPsec
tunnel.
Downloaded from
www.Manualslib.com
manuals search engine
Page 22 / 161
22
Section 3
General
Combination NA
T Bypass Confi
guration
Specific pinholes and Default Server settings, each directed to different
LAN devices, can be used together.
Security Monitor
The Security Monitor detects security related events including common
types of malicious attacks and writes them to a dedicated security log file.
You view this log file from either:
Cayman Web interface
Text-based command line interface using a telnet or serial port facility
The log provides information useful in identifying a specific type of attack
and tracing its origin. The log maintains 100 entries, and requires a manual
reset once full. This preserves for troubleshooting purposes the acquired
information about specific attacks, their frequency and tracing informa-
tion.
COS 6.3 Security Monitor software reports the following eight event types:
IP Source Address Spoofing
Source Routing
Subnet Broadcast Amplification
Illegal Packet Size (Ping of Death)
Port Scan (TCP/UDP)
Excessive Pings
Admin Login Failure
MAC Address Spoofing
Creating a pinhole or enabling a Default Server allows inbound access
to the specified LAN station. Contact your Network Administrator for
LAN security questions.
See
page 80
for more information about the Security Monitoring Log.
Downloaded from
www.Manualslib.com
manuals search engine
Page 23 / 161
23
Section 3
General
Event Details
Details on the eight specific event types and the information logged are:
IP Source Address Spoofing
The Gateway checks all incoming packets to see if the IP address attached
is valid for the interface the packet is received through. If the address of the
packet is not valid for the interface the packet is discarded.
Logged information includes:
Source Routing
IP source routing information packets will be received and accepted by the
Cayman Gateway. Logging of this activity is provided in the event the
source route information has been forged, but appears as valid data.
Logged information includes:
Subnet Broadcast Amplification
Distributed DoS (Denial of Service) attacks often use a technique known as
broadcast amplification, in which the attacker sends packets to a router’s
subnet broadcast address. This causes the router to broadcast the packet to
each host on the subnet. These, in turn, become broadcast sources,
thereby involving many new hosts in the attack. The Cayman unit detects
and discards any packets that would otherwise be transmitted to a subnet
broadcast address. The Security Monitoring logs the event.
Logged information includes:
Illegal Packet Size (Ping of Death)
The maximum size of an IP packet is 64K bytes, but large packets must
usually be fragmented into smaller pieces to travel across a network. Each
fragment contains some information that allows the recipient to reassem-
ble all of the fragments back into the original packet. However, the frag-
IP source address
IP destination address
Number of attempts
Time at last attempt
IP interface
IP source address
IP destination address
Number of attempts
Time at last attempt
IP interface
IP source address
IP destination address
Number of attempts
Time at last attempt
IP broadcast address
Downloaded from
www.Manualslib.com
manuals search engine
Page 24 / 161
24
Section 3
General
mentation information can also be exploited to create an illegally sized
packet. Unwary hosts will often crash when the illegal fragment corrupts
data outside of the “normal” packet bounds. The Cayman unit will detect
and discard illegal packet fragments, and the Security Monitoring software
logs the event.
Logged information includes:
Port Scan
Port scanning is the technique of probing to determine the list of TCP or
UDP ports on which a host, or in our case, a Gateway is providing services.
For example, the HTTP service is usually available on TCP port 80. Once
hackers have your port list, they can refine their attack by focusing atten-
tion on these ports. According to the TCP/IP/UDP standards, a host will
return an ICMP (Internet Control Message Protocol) message stating “port
unreachable” on all inactive ports. The Security Monitoring software moni-
tors these circumstances, and will log an alert if it appears the cause is the
result of someone running a port scan.
Logged information includes:
Excessive Pings
The PING (Packet InterNet Groper) Utility is used by hackers to identify
prospective targets that can be attacked. The Security Monitoring software
will record instances where the router itself is pinged by the same host
more than ten times.
Logged information includes:
IP source address
IP destination address
Number of attempts
Time at last attempt
Illegal packer size
Protocol type
IP source address
Time at last attempt
Number of ports scanned
Highest port
Lowest port
Port numbers of first 10 ports scanned
IP source address
IP destination address
Number of attempts
Time at last attempt
Downloaded from
www.Manualslib.com
manuals search engine
Page 25 / 161
25
Section 3
General
Login Failures
The Cayman software provides the means for assigning passwords to the
Admin or User accounts to control access to the Gateway. Any attempts to
login are given three chances to enter a valid password. The Security Mon-
itoring software records instances where the user fails to enter a valid pass-
word.
Logged information includes:
MAC Address Spoofing
A MAC (Media Access Control) Address Spoofing Attack can be identified
based on the IP-interface where the illegitimate packet came from. If the
interface that the spoofed packet arrives on does not have the same MAC
address as the legitimate entry in the routing table, then an attack is
logged.
Logged information includes:
IP source address
Number of attempts
Attempt count
Time at last attempt
IP source address
Number of attempts
IP interface
Time at last attempt
Downloaded from
www.Manualslib.com
manuals search engine

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top