Gateway—How to Configure the WS 2000 Firewall
Configurable Firewall Filters
The administrator can enabled or disabled the following filters. By default, all these filters
are activated. If it reasonable to turn off the filters if one of the following things is true:
• The switch is on a completely isolated network with no access to the Internet and is
therefore secure.
• The switch is heavily loaded a slight increase in performance outweighs the safety of
the network.
• Blocking these types of attacks would also block legitimate traffic on their network
(although this scenario is highly unlikely.
SYN Flood Attack Check
A SYN flood attack requests a connection and then fails to promptly acknowledge a
destination host’s response, leaving the destination host vulnerable to a flood of connection
requests.
Source Routing Check
A source routing attack specifies an exact route for a packet’s travel through a network,
while exploiting the use of an intermediate host to gain access to a private host.
Winnuke Attack Check
A “Win-nuking” attack uses the IP address of a destination host to send junk packets to its
receiving port. This attack is a type of denial of service (DOS) attack that completely
disables networking on systems Microsoft Windows 95 and NT. Because this attack is only
affective on older systems, it may not be necessary to enable this feature on a LAN with
newer Microsoft Windows operating systems or with systems that have the appropriate
“Winnuke” patches loaded.
FTP Bounce Attack Check
An FTP bounce attack uses the PORT command in FTP mode to gain access to arbitrary
ports on machines other than the originating client.
IP Unaligned Timestamp Check
An IP unaligned timestamp attack uses a frame with the IP timestamp option, where the
timestamp is not aligned on a 32-bit boundary.
Sequence Number Prediction Check
A sequence number prediction attack establishes a three-way TCP connection with a forged
source address, and the attacker guesses the sequence number of the destination host’s
response.
Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved 53
WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004
