Traffic patterns meeting the DoS attack classifications are automatically reported in MSS notifications.
DoS Attack |
Description |
LAND_ATTACK |
Land attack packets with the source IP the same as an IP address |
TCP_URGENT_ATTACK |
TCP packets with the URGENT option set |
ICMP_RATE_LIMIT |
ICMP (echo) requests exceeding a pre-defined rate |
SMURF_ATTACK |
ICMP echo packets with limited broadcast destination address |
FRAGGLE_ATTACK |
UDP packets with limited broadcast destination address |
SYN-FLOOD |
The number of unacknowledged TCP SYN-ACK exceeds a predefined rate |
UNREACHABLE_PORT_ ATTACK |
TCP/UDP IP packets sent to unreachable ports |
MALFRAGMENTED_IP |
Malfragmented IP packets on TO-ME interfaces |
MALFORMED_IP |
Malformed IP packets. The Branch Gateway reports malformed IP packets when:
The IP version in the IP header is a value other than 4 The IP header length is smaller than 20 The total length is smaller than the header length |
MALFORMED_ARP |
ARP messages with bad opcode |
SPOOFED_IP |
For all routable packets, the Branch Gateway report reception of IP spoofed packets |
UNKNOW_L4_IP_PROTOCOL |
Packets with unknown (unsupported or administratively closed) protocol in IP packet with TO-ME interface as a destination |
UNATHENTICATED_ACCESS |
Failure to authenticate services |
