D-Link DFL-800-AV-12 User Manual - Page 306
IPOptionSizes, IPOPT_SR, IPOPT_OTHER, DirectedBroadcasts, StripDFOnSmall, ValidateLogBad, DropLog
View all D-Link DFL-800-AV-12 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 306 highlights
IPOptionSizes Chapter 13. Advanced Settings Verifies that the size information contained in each "layer" (Ethernet, IP, TCP, UDP, ICMP) is consistent with that of other layers. Default: ValidateLogBad IPOptionSizes Verifies the size of "IP options". These options are small blocks of information that may be added to the end of each IP header. This function checks the size of well-known option types and ensures that no option exceeds the size limit stipulated by the IP header itself. Default: ValidateLogBad IPOPT_SR Indicates whether source routing options are to be permitted. These options allow the sender of the packet to control how the packet is to be routed through each router and firewall. These constitute an enormous security risk. NetDefendOS never obeys the source routes specified by these options, regardless of this setting. Default: DropLog IPOPT_TS Time stamp options instruct each router and firewall on the packet's route to indicate at what time the packet was forwarded along the route. These options do not occur in normal traffic. Time stamps may also be used to "record" the route a packet has taken from sender to final destination. NetDefendOS never enters information into these options, regardless of this setting. Default: DropLog IPOPT_OTHER All options other than those specified above. Default: DropLog DirectedBroadcasts Indicates whether NetDefendOS will forward packets which are directed to the broadcast address of its directly connected networks. It is possible to achieve this functionality by adding lines to the Rules section, but it is also included here for simplicity's sake. This form of validation is faster than entries in the Rules section since it is more specialized. Default: DropLog IPRF Indicates what NetDefendOS will do if there is data in the "reserved" fields of IP headers. In normal circumstances, these fields should read 0. Used by OS Fingerprinting. Default: DropLog StripDFOnSmall Strip the Don't Fragment flag for packets equal to or smaller than the size specified by this setting. Default: 65535 bytes 306