The WFBS firewall also includes an Intrusion Detection System (IDS). When enabled, IDS can help identify patterns in network packets that may indicate an attack on the Security Agent. The WFBS firewall can help prevent the following well-known intrusions:
|
Intrusion |
Description |
|---|---|
|
Too Big Fragment |
A Denial of Service attack where a hacker directs an oversized TCP/UDP packet at a target client. This can cause the client's buffer to overflow, which can freeze or reboot the client. |
|
Ping of Death |
A Denial of Service attack where a hacker directs an oversized ICMP/ICMPv6 packet at a target client. This can cause the client's buffer to overflow, which can freeze or reboot the client. |
|
Conflicted ARP |
A type of attack where a hacker sends an Address Resolution Protocol (ARP) request with the same source and destination IP address to a targeted client. The target client continually sends an ARP response (its MAC address) to itself, causing it to freeze or crash. |
|
SYN Flood |
A Denial of Service attack where a program sends multiple TCP synchronization (SYN) packets to the client, causing the client to continually send synchronization acknowledgment (SYN/ACK) responses. This can exhaust client memory and eventually crash the client. |
|
Overlapping Fragment |
Similar to a Teardrop attack, this Denial of Service attack sends overlapping TCP fragments to the client. This overwrites the header information in the first TCP fragment and may pass through a firewall. The firewall may then allow subsequent fragments with malicious code to pass through to the target client. |
|
Teardrop |
Similar to an overlapping fragment attack, this Denial of Service attack deals with IP fragments. A confusing offset value in the second or later IP fragment can cause the receiving client’s operating system to crash when attempting to reassemble the fragments. |
|
Tiny Fragment Attack |
A type of attack where a small TCP fragment size forces the first TCP packet header information into the next fragment. This can cause routers that filter traffic to ignore the subsequent fragments, which may contain malicious data. |
|
Fragmented IGMP |
A Denial of Service attack that sends fragmented IGMP packets to a target client, which cannot properly process the IGMP packets. This can freeze or slow down the client. |
|
LAND Attack |
A type of attack that sends IP synchronization (SYN) packets with the same source and destination address to the client, causing the client to send the synchronization acknowledgment (SYN/ACK) response to itself. This can freeze or slow down the client. |