Instruction manual
NetVanta 2000 Series System Manual Section 4, User Interface Guide
61200361L1-1E © 2002 ADTRAN, Inc. 43
> CONFIG > FIREWALL > ICMP REDIRECT CHECK
ICMP Redirect is a standard ICMP message used to provide hosts with better route information to the
source. When this message is received, the recipient updates its routing table with the new routing
information provided with no authentication required. An intruder can provide a target with the route
information of his or her interest thereby gaining access to the hosts routing table. It is possible for an
intruder to access the data originated from the target hosts once the hosts routing table has been
compromised. If
ICMP R
EDIRECT
C
HECK
is E
NABLED
, the NetVanta 2000 series discards all ICMP Redirect
messages.
> CONFIG > FIREWALL > SOURCE ROUTING CHECK
Strict and loose source routing (as specified in IP standard RFC 791) allows datagrams to take a predefined
path towards a destination. An intruder can gain detailed information about the corporate network by
tracking datagrams through the corporate network. If
S
OURCE
R
OUTING
C
HECK
is E
NABLED
, the NetVanta
2000 series filters out all datagrams that contain the strict or loose source routing option.
> CONFIG > FIREWALL > WINNUKE ATTACK CHECK
WinNuke attack is a well-known denial of service attack on hosts running Windows operating systems. A
malicious intruder sends Out of Band (OOB) data over an established connection to a Windows user.
Windows cannot properly handle the OOB data and the host reacts unpredictably. Normal shut-down of the
hosts will generally return all functionality. If
W
IN
N
UKE
A
TTACK
C
HECK
is selected, the NetVanta 2000
series filters OOB data to prevent network problems.
> CONFIG > FIREWALL > EVENT LOGGING THRESHOLDS
Event logging thresholds prevent large quantities of duplicate logs if the NetVanta 2000 series or the
corporate network connected to it is under attack.
The
L
OG
A
TTACKS
FOR
E
VERY
threshold indicates the number of attack mounting attempts the NetVanta
2000 series should see before generating a log message. The default value for an attack log threshold is
100.
The
L
OG
P
OLICY
FOR
E
VERY
threshold defines the number of connections required by an access policy
through the NetVanta 2000 series before a log message is generated for that policy. The default value for
the policy access log threshold is 100.
The
L
OG
VPN
FOR
E
VERY
threshold defines the number of VPN enabled connections required by a VPN
policy before generating a log message for that policy. The default value for the VPN log threshold is 100.
> CONFIG > LOGGING
The NetVanta 2000 series periodically exports event log messages to well-secured external systems for
secondary storage. The NetVanta 2000 series provides two industry-standard ways to export the event log:
e-mail and syslog. Log messages may be e-mailed to specified addresses, exported to a standard syslog
service, or a combination of both. The Logging Configuration page is displayed by clicking on Logging in
the menu list on the left side of the display window.