"Faulty appearance" false source address attack, Hacker machine sends a lot of fake source address TCP SYN message to the victim host, occupy the NAT session resource of Security gateway, occupy the NAT session table of the security gateway Finally, incur all people in the LAN to be unable to on-line.
"Rapid Search" in the Webuià system Ànat Computing Ànat situation, you can see the "IP Address" column inside there are many users do not belong to the intranet IP network segment:
In the Webuià system situation à user computing à user computing information, you can see a security gateway to receive a user (192.168.0.67/24) sent a large number of packets, but the security net Guan Fa to the user's packet is very small, in accordance with this to determine the user can make a false source address to invade:
"Solution"
1, the host virus from the intranet disconnect, antivirus.
2, in the security Gateway equipment strategy only promised intranet network segment to join the security gateway, so that the security gateway automatically rebuffed the fake source address announced the TCP connection:
1 Webuià high-grade equipment à group, set up a team "all" (can be customized title), including the entire network segment of all IP address (192.168.0.1--192.168.0.254).
Attention: Here the user LAN segment is 192.168.0.0/24, the user should be based on the actual use of IP address segment for group IP address segment designation.
2) Webuià high-grade equipment à transaction for the strategic equipment, set up a strategic "pemit" (can be customized title), the "all working Group" to all the policy address (0.0.0.1-255.255.255.255) visit, according to the following figure for equipment, custody.
This paper comes from http://www.zkddos.com (DDoS attack)