1
2
3
4
LAN ISDN/ NAT (LAN#) (PP#) (TUNNEL#) + R 5
----------< >---------- <IN> ----------< >---------- <OUT> 6
IPv6 VPN ping IPsec PPTP ICMP (1) TCP (6) UDP (17) IPv6 (41) AH (51) ESP (50) GRE (47) IPv4 IPv6 PPP 7
<IN> ----------< >---------- ----------< >---------- <OUT> 8
<IN> ----------< >---------- ----------< >---------- <OUT> 9
10
TCPestablished telnet [TCP] <SYN> <SYN+ACK> <ACK> [TCP] established [TCP] telnet SYNACKRST established PC 11
ftp ftp(pasv) ftp(port) ftp server [*] [21] established ftp server [20] [21] [*] [*] [*] [*] ftp client ftp client [] ftp tcp established ftpestablished [] 12
UDP(DNSNTP) DNS NTP DNS(UDP) [UDP] <> <> NTP(UDP) [UDP] <> <> DNS PC NTP PC 13
14
15
16
VPN IPv6 IPsec PPTP ICMP (1) TCP (6) UDP (17) IPv6 (41) AH (51) ESP (50) GRE (47) IPv4 IPv6 PPP 17
() 1 2 3 4 5 6 7 NetBIOS (:135,137,138,139,445) () () 18
----------< >---------- <IN> <OUT> ----------< >---------- 19
----------< >---------- <IN> <OUT> ----------< >---------- 20
----------< >---------- <IN> <OUT> ----------< >---------- 21
#1 () [] RTA54i 5 22
----------< >---------- <IN> <OUT> ----------< >---------- 23
[] #2 () RTA54i 7 24
25
pass/reject/restrict IP() IP() ICMP/TCP/UDP ICMP:icmp-info,icmp-error TCP:established,tcpfin,tcprst,tcpflag (TCPUDP) (TCPUDP) 26
tcp tcp tcp () udp udp udp() ftp tcp ftp tftp udp tftp domain www udp(tcp) tcp DNS www stmp tcp () pop3 tcp () telnet tcp telnet tcp,udp 27
#1 Unknown IP protocol protocol101 Land atack IPIP IP Short IP header IPlength Malformed IP packet length 28
#2 IP Malformed IP opt Security IP opt Loose routing IP opt Record route IP opt Stream ID IP opt Strict routing IP opt Timestamp IP opt Security and handling restriction header Loose source routing header Record route header Stream identifier header Strict source routing header Internet timestamp header 29
#3 Fragment storm Large fragment offset offset Too many fragment Teardrop Same fragment offset teardrop offset Invalid fragment 30
#4 ICMP source quench source quench ICMP timestamp req timestamp request ICMP timestamp reply timestamp reply ICMP info request information request ICMP ICMP info reply information reply ICMP mask request address mask request ICMP mask reply address mask reply ICMP too large 1024ICMP 31
#5 UDP TCP UDP short header UDP bomb UDP port scan TCP queue overflow TCP no bits set TCP SYN and FIN TCP FIN and no ACK TCP port scan TCP SYN flooding UDPlength8 UDPlength TCP SYNFIN ACKFIN SYN 32
#6 FTP SMTP FTP improper port SMTP pipe attack SMTP decode alias SMTP DEBUG command SMTP EXPN command SMTP VRFY command SMTP WIZ command PORTPASV 102465535 From: : decode@ DEBUG EXPN VRFY WIZ 33