Manualshelf

User`s manual

ManualsBrandsDestination Audio ManualsComputer equipmentCS500
181182183184185186187188189190
Content Security Gateway User’s Manual
- 184 -
Security Gateway. Once the UDP packets exceed this limit, the activity will be logged in
Alarm and an email alert is sent to the Administrator. The default UDP flood threshold is set
to 1000 Pkts/Sec .
Detect Ping of Death Attack: Select this option to detect the attacks of tremendous trash
data in PING packets that hackers send to cause System malfunction This attack can cause
network speed to slow down, or even make it necessary to restart the computer to get a
normal operation.
Detect Tear Drop Attack: Select this option to detect tear drop attacks. These are packets
that are segmented to small packets with negative length. Some Systems treat the negative
value as a very large number, and copy enormous data into the System to cause System
damage, such as a shut down or a restart.
Detect IP Spoofing Attack: Select this option to detect spoof attacks. Hackers disguise
themselves as trusted users of the network in Spoof attacks. They use a fake identity to try
to pass through the Content Security Gateway System and invade the network.
Filter IP Route Option: Each IP packet can carry an optional field that specifies the replying
address that can be different from the source address specified in packet’s header. Hackers
can use this address field on disguised packets to invade LAN networks and send LAN
networks’ data back to them.
Detect Port Scan Attack: Select this option to detect the port scans hackers use to
continuously scan networks on the Internet to detect computers and vulnerable ports that
are opened by those computers.
Detect Land Attack: Some Systems may shut down when receiving packets with the same
source and destination addresses, the same source port and destination port, and when
SYN on the TCP header is marked.
Enable this function to detect such abnormal packets.
After enabling the needed detect functions, click OK to activate the changes.
4.6.2 Attack Alarm
4.6.2.1 Internal Alarm
Step 1. When the CS-500 had detected the internal PC sending large DDos attacks and then the
Internal Alarm will start on blocking these packets to maintain the whole network.