Filter
Top Products
24
Section 3 General
mentation information can also be exploited to create an illegally sized
packet. Unwary hosts will often crash when the illegal fragment corrupts
data outside of the “normal” packet bounds. The Cayman unit will detect
and discard illegal packet fragments, and the Security Monitoring software
logs the event.
Logged information includes:
Port Scan
Port scanning is the technique of probing to determine the list of TCP or
UDP ports on which a host, or in our case, a Gateway is providing services.
For example, the HTTP service is usually available on TCP port 80. Once
hackers have your port list, they can refine their attack by focusing atten-
tion on these ports. According to the TCP/IP/UDP standards, a host will
return an ICMP (Internet Control Message Protocol) message stating “port
unreachable” on all inactive ports. The Security Monitoring software moni-
tors these circumstances, and will log an alert if it appears the cause is the
result of someone running a port scan.
Logged information includes:
Excessive Pings
The PING (Packet InterNet Groper) Utility is used by hackers to identify
prospective targets that can be attacked. The Security Monitoring software
will record instances where the router itself is pinged by the same host
more than ten times.
Logged information includes:
IP source address
IP destination address
Number of attempts
Time at last attempt
Illegal packer size
Protocol type
IP source address
Time at last attempt
Number of ports scanned
Highest port
Lowest port
Port numbers of first 10 ports scanned
IP source address
IP destination address
Number of attempts
Time at last attempt