Manualshelf

User's Manual

ManualsBrandsSHANGHAI UTT TECHNOLOGIES ManualsElectronicsRouter
421422423424425426427428429430
UTT Technologies Appendix B FAQ
http://www.uttglobal.com Page 414
You can view the NAT Statistics list in the Status > NAT Stats page to find out if there is
a LAN host whose Tx Packets is very large but Rx Packets is very small or zero. If a host
meets the above conditions and KDVQ¶W XVHG DQ\ /$1 VHUYHU the host is likely to be
infected with Code Red worm virus.
D. How to find out a host performing a TCP SYN Flood, UDP Flood or
ICMP Flood attack?
You can view the NAT Statistics list in the Status > NAT Stats page to find out if there is
a LAN host whose Tx Packets is very large but Rx Packets is very small. If a host meets
the above conditions, the host is likely to perform a TCP SYN Flood, UDP Flood or ICMP
Flood attack.
Note
The user who is uploading files via HTTP/FTP should be excluded.
E. How to find out a host performing an ARP Spoofing attack?
You can view system logs in the Status > System Log page to find out if there is a LAN
host whose MAC address is changing constantly, for example, the following log message
means that the host with IP address 192.168.1.1 is likely to perform an ARP Spoofing
attack.
MAC New 00:22:aa:00:22:bb
MAC Old 00:22:aa:00:22:aa
ARP SPOOF 192.168.1.1
F. How to find out a host infected with Blaster/Sasser virus
The host infected with
Blaster
/
Sasser
virus randomly sends out a large number of ICMP
packets and broadcasts a large of number of packets whose destination port is 135, 137,
139 or 445, thus it causes network congestion even the whole internal and external
networks paralysis.
Go to the Status > Session Monitor page, select All from the Filter Option drop-down
list, and then click Query button to view all the active NAT sessions in the NAT Session
List. If there are many sessions whose Protocol is ICMP, and many sessions whose Dest
Port is 135, 137, 139 or 445, the corresponding LAN host is likely to be infected with
Blaster/Sasser virus.
If a host has been infected with Blaster virus, it has the following symptoms:
inexplicably
crashes or restarts itself; links in IE cannot be opened properly; copy and paste operation
cannot be performed; sometimes there are certain applications running abnormally, such as
Word; network grows slowly; there is a process named msblast.exe in Task Manager.
If a host has been infected with Sasser virus, it has the following symptoms:
inexplicably