79
z
Land Attack:
Sending packets that use the same address as the source and
destination address
z
Ping of Death:
Illegal IP packet length.
DoS Protection:
Click the Enable radio button to use the following denial of service
protections:
Max Half open TCP Connection:
Sets the percentage of concurrent IP sessions that can be
in the half-open state. In ordinary TCP communication, packets are in the half-open state only
briefly as a connection is being initiated; the state changes to active when packets are being
exchanged, or closed when the exchange is complete. TCP connections in the half-open state
can use up the available IP sessions. If the percentage is exceeded, then the half-open
sessions will be closed and replaced with new sessions as they are initiated.
Max ICMP Connection:
Sets the percentage of concurrent IP sessions that can be used for
ICMP messages. If the percentage is exceeded, then older ICMP IP sessions will be replaced
by new sessions as the are initiated.
Max Single Host Connection: Sets the percentage of concurrent IP session that can originate
from a single computer. This percentage should take into account the number of hosts on the
LAN.
Log Destination:
Specifies how attempted violations of the firewall settings will be tracked.
Records of such events can be sent via Ethernet to be handled by a system utility (Trace) or
can e-mailed to specified administrators.
E-mail ID of Admin 1/2/3:
Specifies the e-mail addresses of the administrators who should
receive notices of any attempted firewall violations. Type the addresses in standard internet
e-mail address format, e.g., jxsmith@onecompany.com.
5.7.4 IP
Filter
The
IP filter
feature enables you to create rules that control the forwarding of incoming
and outgoing data between your LAN and the Internet and within your LAN.
You can create IP filter rules to block attempts by certain computers on your LAN to access
certain types of data or Internet locations. You can also block incoming access to computers
on your LAN.