Page 221 / 428
Scroll up to view Page 216 - 220
SmartDefense Categories
Chapter 11: Using SmartDefense
207
Ping of Death
In a Ping of Death attack, the attacker sends a fragmented PING request that exceeds the
maximum IP packet size (64KB). Some operating systems are unable to handle such
requests and crash.
You can configure how Ping of Death attacks should be handled.
Table 39: Ping of Death Fields
In this field…
Do this…
Action
Specify what action to take when a Ping of Death attack occurs, by selecting
one of the following:
•
Block.
Block the attack. This is the default.
•
None.
No action.
Track
Specify whether to log Ping of Death attacks, by selecting one of the
following:
•
Log.
Log the attack. This is the default.
•
None.
Do not log the attack.
Page 222 / 428
SmartDefense Categories
208
Check Point ZoneAlarm User Guide
LAND
In a LAND attack, the attacker sends a SYN packet, in which the source address and port
are the same as the destination (the victim computer). The victim computer then tries to
reply to itself and either reboots or crashes.
You can configure how LAND attacks should be handled.
Table 40: LAND Fields
In this field…
Do this…
Action
Specify what action to take when a LAND attack occurs, by selecting one of
the following:
•
Block.
Block the attack. This is the default.
•
None.
No action.
Track
Specify whether to log LAND attacks, by selecting one of the following:
•
Log.
Log the attack. This is the default.
•
None.
Do not log the attack.
Page 223 / 428
SmartDefense Categories
Chapter 11: Using SmartDefense
209
Non-TCP Flooding
Advanced firewalls maintain state information about connections in a State table. In Non-
TCP Flooding attacks, the attacker sends high volumes of non-TCP traffic. Since such
traffic is connectionless, the related state information cannot be cleared or reset, and the
firewall State table is quickly filled up. This prevents the firewall from accepting new
connections and results in a Denial of Service (DoS).
You can protect against Non-TCP Flooding attacks by limiting the percentage of state table
capacity used for non-TCP connections.
Table 41: Non-TCP Flooding Fields
In this field…
Do this…
Action
Specify what action to take when the percentage of state table capacity used
for non-TCP connections reaches the
Max. percent non TCP traffic
threshold.
Select one of the following:
•
Block.
Block any additional non-TCP connections.
•
None.
No action. This is the default.
Track
Specify whether to log non-TCP connections that exceed the
Max. Percent
Non-TCP Traffic
threshold, by selecting one of the following:
•
Log.
Log the connections.
•
None.
Do not log the connections. This is the default.
Page 224 / 428
SmartDefense Categories
210
Check Point ZoneAlarm User Guide
In this field…
Do this…
Max. Percent
Non-TCP Traffic
Type the maximum percentage of state table capacity allowed for non-TCP
connections.
The default value is 10%.
DDoS Attack
In a distributed denial-of-service attack (DDoS attack), the attacker directs multiple hosts
in a coordinated attack on a victim computer or network. The attacking hosts send large
amounts of spurious data to the victim, so that the victim is no longer able to respond to
legitimate service requests.
You can configure how DDoS attacks should be handled.
Page 225 / 428
SmartDefense Categories
Chapter 11: Using SmartDefense
211
Table 42: Distributed Denial of Service Fields
In this field…
Do this…
Action
Specify what action to take when a DDoS attack occurs, by selecting one of
the following:
•
Block.
Block the attack. This is the default.
•
None.
No action.
Track
Specify whether to log DDoS attacks, by selecting one of the following:
•
Log.
Log the attack. This is the default.
•
None.
Do not log the attack.
IP and ICMP
This category allows you to enable various IP and ICMP protocol tests, and to configure
various protections against IP and ICMP-related attacks. It includes the following:
•
Checksum Verification
on page 222
•
Cisco IOS DOS
on page 219
•
IP Fragments
on page 215
•
Max Ping Size
on page 214
•
Network Quota
on page 217
•
Null Payload
on page 221
•
Packet Sanity
on page 212
•
Welchia
on page 218
19216811.live