User Manual
User Manual
User Manual
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
ICMP protocol<br />
Reference: Configuration options<br />
The Internet Control Message Protocol (ICMP) is used to exchange error and information<br />
messages on networks. The protocol is also used for status messages with ping or tracer.<br />
With this rule, you can define the incoming and outgoing blocked message types, the<br />
behavior in case of flooding and the reaction to fragmented ICMP packets. This rule<br />
serves for preventing so-called ICMP flood attacks, which results in an increase of the<br />
CPU load of the attacked machine as it responds to every packet.<br />
Predefined rules for the ICMP protocol<br />
Setting Rules<br />
Low Incoming blocked types: no type.<br />
Outgoing blocked types: no type.<br />
Assume flooding if delay between packets is less than 50<br />
ms.<br />
Reject fragmented ICMP packets.<br />
Medium Same rule as for the Low level.<br />
High Incoming blocked types: several types<br />
Outgoing blocked types: several types<br />
Assume flooding if delay between packets is less than 50<br />
ms.<br />
Reject fragmented ICMP packets.<br />
Incoming blocked types: no types/several types<br />
With a mouse click on the link a list of ICMP packet types is displayed. From this list<br />
you can specify the desired incoming ICMP message types you want to block.<br />
Outgoing blocked types: no types/several types<br />
With a mouse click on the link a list of ICMP packet types is displayed. From this list<br />
you can select the desired outgoing ICMP message types you want to block.<br />
Assume Flooding<br />
With a mouse click on the link, a dialog box is displayed where you can enter the<br />
maximum allowed ICMP delay. Example: 50 milliseconds.<br />
Avira Professional Security - <strong>User</strong> <strong>Manual</strong> (Status: 30 Mar. 2012) 126