User guide
150
would otherwise be transmitted to a subnet broadcast address. The Security Monitoring
logs the event.
Logged information includes:
Illegal Packet Size (Ping of Death). The maximum size of an IP packet is 64K bytes,
but large packets must usually be fragmented into smaller pieces to travel across a net-
work. Each fragment contains some information that allows the recipient to reassemble all
of the fragments back into the original packet. However, the fragmentation information can
also be exploited to create an illegally sized packet. Unwary hosts will often crash when
the illegal fragment corrupts data outside of the “normal” packet bounds. The Netopia unit
will detect and discard illegal packet fragments, and the Security Monitoring software logs
the event.
Logged information includes:
Port Scan. Port scanning is the technique of probing to determine the list of TCP or UDP
ports on which a host, or in our case, a Gateway is providing services. For example, the
HTTP service is usually available on TCP port 80. Once hackers have your port list, they
can refine their attack by focusing attention on these ports. According to the TCP/IP/UDP
standards, a host will return an ICMP (Internet Control Message Protocol) message stating
“port unreachable” on all inactive ports. The Security Monitoring software monitors these
circumstances, and will log an alert if it appears the cause is the result of someone run-
ning a port scan.
Logged information includes:
• IP source address • IP destination address
• Number of attempts • Time at last attempt
• IP broadcast address
• IP source address • IP destination address
• Number of attempts • Time at last attempt
• Illegal packer size
• Protocol type • IP source address
• Time at last attempt • Number of ports scanned