1 Welcome To Home Wireless
3
The firewall looks for known data patterns used by hackers, and prevents
them from harming your network. Updates are available online to detect and
block out new hacker patterns.
Your firewall will:
■
Protect the personal, financial, and work-related information on your
network.
■
Keep hackers from using your identity to send unauthorized messages.
■
Keep out unwanted downloads.
The wireless firewall technology protects against the following types of hacker
attacks:
■
IP spoofing: The hacker finds a valid IP address in a target network that
is considered to be a "trusted address," then sends packets with a
modified packet header pretending to be sent from the "trusted
address".
■
Land attack: The hacker utilizes a spoofed packet with the SYN bit set
and source/destination addresses matching with the target machine. The
target system then hangs or crashes. The firewall will inspect packets to
prevent this condition from happening.
■
Ping of death: Some TCP/IP stacks will hang or crash when they receive
large ping packets because of packet memory allocation overflow. The
firewall blocks illegal ping packets that are longer than the specification.
■
IP with zero length: The first fragment of an IP packet is not always
required to have an offset value of zero. By manipulating the "more
fragments" bit and sending decoy packets, the hacker can cause the
target system to assemble malicious packets. The firewall can block this
kind of attack.
■
Smurf attack: In this “denial of service” attack, the hacker sends large
quantities of ICMP echo (ping) request traffic to IP broadcast destination
address with a spoofed source address. Most IP network hosts will
respond with an echo reply causing a massive traffic jam. The firewall
intercepts ICMP Echo packets with x.x.x.0 or x.x.x.255.
■
UDP port loopback: Hackers use UDP scans (transmit 0 byte-length
UDP packets) to locate open ports, then access configurable ports. These
ports can then exploit vulnerable applications such as SNMP, tftp, or NFS.
The firewall detects and blocks these attacks.
■
Snork attack: This is a “denial of service” attack that makes vulnerable
systems continuously bounce packets and tie up CPU and network
resources. The firewall will deny all incoming UDP packets with a
destination port of 135 and a source port of 7, 19, or 135.