| Zones | | |
|
ICMP Flood
|
Internet Control Message Protocol (ICMP) flood counter.
|
An ICMP flood typically occurs when ICMP echo requests use all
resources in responding, such that valid network traffic can no longer
be processed.
|
|
UDP Flood
|
User Datagram Protocol (UDP) flood counter.
|
UDP flooding occurs when an attacker sends IP packets containing
UDP datagrams with the purpose of slowing down the resources, such
that valid connections can no longer be handled.
|
|
TCP Winnuke
|
Number of Transport Control Protocol (TCP) WinNuke attacks.
|
WinNuke is a denial-of-service (DoS) attack targeting any computer
on the Internet running Windows.
|
|
TCP Port Scan
|
Number of TCP port scans.
|
The purpose of this attack is to scan the available services
in the hopes that at least one port will respond, thus identifying
a service to target.
|
|
ICMP Address Sweep
|
Number of ICMP address sweeps.
|
An IP address sweep can occur with the intent of triggering
responses from active hosts.
|
|
IP Tear Drop
|
Number of teardrop attacks.
|
Teardrop attacks exploit the reassembly of fragmented IP packets.
|
|
TCP SYN Attack
|
Number of TCP SYN attacks.
| |
|
IP Spoofing
|
Number of IP spoofs.
|
IP spoofing occurs when an invalid source address is inserted
in the packet header to make the packet appear to come from a trusted
source.
|
|
ICMP Ping of Death
|
ICMP ping of death counter.
|
Ping of death occurs when IP packets are sent that exceed the
maximum legal length (65,535 bytes).
|
|
IP Source Route
|
Number of IP source route attacks.
| |
|
TCP Land Attack
|
Number of land attacks.
|
Land attacks occur when attacker sends spoofed SYN packets containing
the IP address of the victim as both the destination and source IP
address.
|
|
TCP SYN Fragment
|
Number of TCP SYN fragments.
| |
|
TCP No Flag
|
Number of TCP headers without flags set.
|
A normal TCP segment header has at least one control flag set.
|
|
IP Unknown Protocol
|
Number of unknown Internet protocols.
| |
|
IP Bad Options
|
Number of invalid options.
| |
|
IP Record Route Option
|
Number of packets with the IP record route option enabled.
|
This option records the IP addresses of the network devices
along the path that the IP packet travels.
|
|
IP Timestamp Option
|
Number of IP timestamp option attacks.
|
This option records the time (in Universal Time) when each network
device receives the packet during its trip from the point of origin
to its destination.
|
|
IP Security Option
|
Number of IP security option attacks.
| |
|
IP Loose route Option
|
Number of IP loose route option attacks.
|
This option specifies a partial route list for a packet to take
on its journey from source to destination.
|
|
IP Strict Source Route Option
|
Number of IP strict source route option attacks.
|
This option specifies the complete route list for a packet to
take on its journey from source to destination.
|
|
IP Stream Option
|
Number of stream option attacks.
|
This option provides a way for the 16-bit SATNET stream identifier
to be carried through networks that do not support streams.
|
|
ICMP Fragment
|
Number of ICMP fragments.
|
Because ICMP packets contain very short messages, there is no
legitimate reason for ICMP packets to be fragmented. If an ICMP packet
is so large that it must be fragmented, something is amiss.
|
|
ICMP Large Packet
|
Number of large ICMP packets.
| |
|
TCP SYN FIN Packet
|
Number of TCP SYN FIN packets.
| |
|
TCP FIN without ACK
|
Number of TCP FIN flags without the acknowledge (ACK) flag.
| |
|
TCP SYN-ACK-ACK Proxy
|
Number of TCP flags enabled with SYN-ACK-ACK.
|
To prevent flooding with SYN-ACK-ACK sessions, you can enable
the SYN-ACK-ACK proxy protection screen option. After the number of
connections from the same IP address reaches the SYN-ACK-ACK proxy
threshold, JUNOS software with enhanced services rejects further connection
requests from that IP address.
|
|
IP Block Fragment
|
Number of IP block fragments.
| |