Manualshelf

Specifications

ManualsBrandsSCAN ManualsHome building and Decor5-2
241242243244245246247248249250
Using the OfficeScan Firewall
7-3
Intrusion Detection System
The OfficeScan firewall also includes an Intrusion Detection System (IDS). When
enabled, IDS can help identify patterns in network packets that may indicate an attack
on the client. The OfficeScan firewall can help prevent the following well-known
intrusions:
Too Big Fragment: A Denial of Service Attack where a hacker directs an oversized
TCP/UDP packet at a target computer. This can cause the computer's buffer to
overflow, which can freeze or reboot the computer.
Ping of Death: A Denial of Service attack where a hacker directs an oversized
ICMP packet at a target computer. This can cause the computer's buffer to
overflow, which can freeze or reboot the computer.
Conflicted ARP: A type of attack where a hacker sends an Address Resolution
Protocol (ARP) request with the same source and destination IP address to a
computer. The target computer continually sends an ARP response (its MAC
address) to itself, causing it to freeze or crash.
SYN Flood: A Denial of Service attack where a program sends multiple TCP
synchronization (SYN) packets to a computer, causing the computer to continually
send synchronization acknowledgment (SYN/ACK) responses. This can exhaust
computer memory and eventually crash the computer.
Overlapping Fragment: Similar to a Teardrop attack, this Denial of Service attack
sends overlapping TCP fragments to a computer. This overwrites the header
information in the first TCP fragment and may pass through a firewall. The firewall
may then allow subsequent fragments with malicious code to pass through to the
target computer.
Teardrop: Similar to an overlapping fragment attack, this Denial of Service attack
deals with IP fragments. A confusing offset value in the second or later IP fragment
can cause the receiving computer’s operating system to crash when attempting to
reassemble the fragments.
Tiny Fragment Attack: A type of attack where a small TCP fragment size forces
the first TCP packet header information into the next fragment. This can cause
routers that filter traffic to ignore the subsequent fragments, which may contain
malicious data.
Fragmented IGMP: A Denial of Service attack that sends fragmented IGMP
packets to a target computer, which cannot properly process the IGMP packets.
This can freeze or slow down the computer.