D-Link DFL-800-AV-12 User Manual - Page 310
TCPRF, TCPNULL, TCPSequenceNumbers, Explicit Congestion Notification, StripLog, DropLog
View all D-Link DFL-800-AV-12 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 310 highlights
TCPRF Chapter 13. Advanced Settings Specifies how NetDefendOS will deal with TCP packets with either the Xmas or Ymas flag turned on. These flags are currently mostly used by OS Fingerprinting. Note: an upcoming standard called Explicit Congestion Notification also makes use of these TCP flags, but as long as there are only a few operating systems supporting this standard, the flags should be stripped. Default: StripLog TCPRF Specifies how NetDefendOS will deal with information present in the "reserved field" in the TCP header, which should normally be 0. This field is not the same as the Xmas and Ymas flags. Used by OS Fingerprinting. Default: DropLog TCPNULL Specifies how NetDefendOS will deal with TCP packets that do not have any of the SYN, ACK, FIN or RST flags turned on. According to the TCP standard, such packets are illegal and are used by both OS Fingerprinting and stealth port scanners, as some firewalls are unable to detect them. Default: DropLog TCPSequenceNumbers This setting determines if the sequence number range occupied by a TCP segment will be compared to the receive window announced by the receiving peer before the segment is forwarded. If the setting is set to ValidateLogBad or ValidateSilent, segments that do not match the receive window announced by the receiving peer will be dropped. If the setting is set to ValidateLogBad such drops will also be logged. TCP sequence number validation is only possible on connections tracked by the state-engine (not on packets forwarded using a FwdFast rule). Default: ValidateLogBad 310