Technology
Microfine™ Granularity
Adaptive Threshold Estimation
Virtual Identifiers
Scan Prevention
Source Tracking
Protocol Anomaly
Custom ASICs
White Papers
FAQs
Overview Presentation
DoS Articles
 

Protocol Anomaly

While the dominant forms of hacker attacks are rate-based intrusions using DoS/DDoS, other intrusions utilize protocol anomalies or faulty TCP state conditions to bring systems down. The most hideous of assaults utilize a “blended attack” of all these. The Intrusion Gateways from IntruGuard solves all these attacks simultaneously.

Anomaly attacks blocked include checksum errors for IP, TCP, UDP, and ICMP. Hackers use checksum errors as different network elements react differently to such errors and occasionally allow infected traffic to pass. Certain routers commonly deployed today are notorious for failing to stop UDP checksum errors. Land attacks, smurf attacks and many other such techniques are blocked by the gateway. Broadcast IP address, loopback address spoofing, and other methods are also prevented.

The IG200/2000 have built-in firewall capabilities and maintain state on every connection. This added functionality allows the gateway to spot illegal TCP state transitions, faulty flag combinations, and TCP sequence number violations. In each case the packet is automatically blocked.