D-Link DFL-2560 Product Manual - Page 509
TCP Auto Clamping, TCP Zero Unused ACK, TCP Option WSOPT, TCP Option ALTCHKREQ, Enabled
UPC - 790069335433
View all D-Link DFL-2560 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 509 highlights
13.2. TCP Level Settings Chapter 13. Advanced Settings TCP Auto Clamping Automatically clamp TCP MSS according to MTU of involved interfaces, in addition to TCPMSSMax. Default: Enabled TCP Zero Unused ACK Determines whether NetDefendOS should set the ACK sequence number field in TCP packets to zero if it is not used. Some operating systems reveal sequence number information this way, which can make it easier for intruders wanting to hijack established connections. Default: Enabled TCP Zero Unused URG Strips the URG pointers from all packets. Default: Enabled TCP Option WSOPT Determines how NetDefendOS will handle window-scaling options. These are used to increase the size of the window used by TCP; that is to say, the amount of information that can be sent before the sender expects ACK. They are also used by OS Fingerprinting. WSOPT is a common occurrence in modern networks. Default: ValidateLogBad TCP Option SACK Determines how NetDefendOS will handle selective acknowledgement options. These options are used to ACK individual packets instead of entire series, which can increase the performance of connections experiencing extensive packet loss. They are also used by OS Fingerprinting. SACK is a common occurrence in modern networks. Default: ValidateLogBad TCP Option TSOPT Determines how NetDefendOS will handle time stamp options. As stipulated by the PAWS (Protect Against Wrapped Sequence numbers) method, TSOPT is used to prevent the sequence numbers (a 32-bit figure) from "exceeding" their upper limit without the recipient being aware of it. This is not normally a problem. Using TSOPT, some TCP stacks optimize their connection by measuring the time it takes for a packet to travel to and from its destination. This information can then be used to generate resends faster than is usually the case. It is also used by OS Fingerprinting. TSOPT is a common occurrence in modern networks. Default: ValidateLogBad TCP Option ALTCHKREQ Determines how NetDefendOS will handle alternate checksum request options. These options were 509