WSM Reference Guide - WatchGuard Technologies

More documents

Recommendations

Info

Internet Protocol OptionsKeyword Number ProtocolSUN-ND 77 SUN NDPROTOCOL-TemporaryWB-MON 78 WIDEBAND MonitoringWB-EXPAK 79 WIDEBAND EXPAKISO-IP 80 ISO Internet ProtocolVMTP 81 VMTPSECURE-VMTP 82 SECURE-VMTPVINES 83 VINESTTP 84 TTPNSFNET-IGP 85 NSFNET-IGPDGP 86 Dissimilar Gateway ProtocolTCF 87 TCFIGRP 88 IGRPOSPFIGP 89 OSPFIGPSPRITE-RPC 90 Sprite RPC ProtocolLARP 91 Locus Address Resolution ProtocolMTP 92 Multicast Transport ProtocolAX.25 93 AX.25 FramesIPIP 94 IP-within-IP Encapsulation ProtocolMICP 95 Mobile Internetworking Control ProtocolSCC-SP 96 Semaphore Communications Security ProtocolETHERIP 97 Ethernet-within-IP EncapsulationENCAP 98 Encapsulation Header99 Any private encryption schemeGMTP 100 GMTP101-254 Unassigned255 ReservedInternet Protocol OptionsInternet Protocol (IP) options are additions to the standard IP header that can be of different lengths.Enabling IP options can be dangerous. Hackers can use them to create routing that helps them getaccess to your network. Because most software applications make it very difficult to use IP options, theyare not frequently used.There are different types of IP options:SecurityThese options control the routing of IP packets that transmit sensitive data. Security options arenot frequently supported.Stream ID (SID)The stream ID option is not frequently supported.4 WatchGuard System Manager
Transfer ProtocolsSource RoutingThe loose source route option and the strict source route option enable the source of anInternet packet to give routing information. Source routing options can be very dangerous,because an attacker could use them to masquerade as a different user. But, loose source routeoption and the traceroute tool can also help debug some unusual routing problems.Record RouteThe record route option was first used to do tests on the Internet. But, record route can recordonly ten IP addresses. On the current Internet, a typical connection can include 20 or 30different routers, making the record route option out of date.Time StampThe time stamp option measures the time for a packet to make one full cycle (source -->destination --> source). Higher level time protocols or time stamp messages do this task betterthan the time stamp option.Transfer ProtocolsThe Internet Protocol (IP) includes information kept in the transport layer. The transport layer has differentprotocols that tell how to transmit data between software applications: for example, UDP, TCP, ICMP,and others.UDPUser Datagram Protocol (UDP) is a datagram protocol that does not use connections. It is a very fast protocol,and it does not use much bandwidth or CPU. But, you cannot trust that datagrams will get to theirdestination. A software application that uses UDP must make sure that the full message gets to its destinationin the correct sequence.Characteristics of UDP include:• Frequently used for services that include the exchange of small quantities of data where sendinga datagram more than one time is not a problem.• Used for services such as time synchronization in which a missing packet does not have an effecton continued operation. Many systems using UDP send packets again at a constant rate to tellother systems about unusual events.• Frequently used on LANs. Because of its low system and bandwidth requirements, it gives a largeperformance advantage to Network File System (NFS) services users. Network File System is apopular TCP/IP service for supplying shared file systems over a network.• Gives supports to broadcasts.• Gives abstraction of ports. A connection is made of its source and destination ports and its sourceand destination IP addresses. In typical use, port numbers less than 1024 are saved for wellknownservices (destinations). The client side can use ports higher than1023 for the source of theconnection. But, this rule has many exceptions: NFS (port 2049) and Archie (port 1525) use serverports at numbers higher than1024. Some services use the same source and destination port forserver to server connections. Examples include DNS (53), NTP (123), syslog (514), and RIP (520).Reference Guide 5
Page 1 and 2: WatchGuard ® System ManagerReferen
Page 3 and 4: ContentsCHAPTER 1 Internet Protocol
Page 5 and 6: CHAPTER 1Internet Protocol Referenc
Page 7: Internet Protocol HeaderKeyword Num
Page 11 and 12: CHAPTER 2MIME Content TypesSoftware
Page 13 and 14: Type Subtype Reference (where avail
Page 23 and 24: CHAPTER 3Services and PortsWell-kno
Page 25 and 26: Well-Known Services ListPort(s) Pro
Page 27 and 28: Well-Known Services ListService Nam
Page 29 and 30: Well-Known Services ListService Nam
Page 31 and 32: CHAPTER 4Log MessagesUnderstanding
Page 33 and 34: Traffic LogsFWAllowEach packet filt
Page 35 and 36: Traffic Logsdst_ip="66.35.250.151"
Page 37 and 38: Traffic LogsDNS Proxy Traffic Log M
Page 39 and 40: Traffic LogsHTTP Proxy Traffic Log
Page 41 and 42: Alarm LogsPolicy AlarmsDefaultNameP
Page 43 and 44: Alarm LogsDenial of Servce (DoS) Al
Page 45 and 46: Event LogsGateway AntiVirus Service
Page 47 and 48: Event LogsDescription of Log Module
Page 49 and 50: Event LogsEvent Log Message Catalog
Page 59 and 60:
Firebox Log File XML DTD and Schema
Page 61 and 62:
Firebox® X Edge Log MessagesModule
Page 63 and 64:
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
Page 73 and 74:
CHAPTER 5WebBlocker ContentWatchGua
Page 75 and 76:
WebBlocker CategoriesCategoryDrugs,
Page 77 and 78:
WebBlocker CategoriesCategoryJob Se
Page 79 and 80:
CHAPTER 6ResourcesThere are many re
Page 81 and 82:
Mailing ListsMailing Listswg-users@
Page 83 and 84:
White Hat Web Sitesbeginners. Cons:
Page 85 and 86:
Other Web Sitesmaintains a list of
Page 87 and 88:
RSS Feedswww.sophos.com/virusinfo/i
Page 89 and 90:
IndexBblocked sites, searching for
show all

WSM Reference Guide - WatchGuard Technologies

Create successful ePaper yourself

Delete template?

Save as template?