| Measurement |
Description |
Measurement
Unit |
Interpretation |
| Syn_attacks |
A SYN attack involves a system sending hundreds of requests to a server on the Internet. This measure reveals the number of syn attacks on the Netscreen firewall during the last measurement period. |
Number
|
|
| Tear_drops |
If the attacker's IP puts a confusing value in the offset of the packet fragment, such that the packet cannot be reassembled properly, then such an attack is termed as a Tear drop attack. This measure reports the number of tear drop attacks on the Netscreen firewall during the last measurement period. |
Number
|
|
| Source_routes |
Source route option attacks are attacks that occur when the sender sends the route for the packets to travel to the destination memory. This measure reveals the number of source route option attacks on the firewall during the last measurement period. |
Number
|
|
| Ping_of_deaths |
If the attacker sends an IP packet larger than 65536 bytes due to which the system crashes, then such an attack can be called a ping death attack. This measure reports the number of such attacks during the last measurement period. |
Number
|
|
| Address_spoofs |
If the IP address is spoofed when systems are attacked, then it becomes an address spoof attack. This measure reveals the number of address spoof attacks that were encountered by the firewall during the last measurement period. |
Number
|
|
| Land_attacks |
A Land attack is a remote denial-of-service condition caused by sending a packet to a machine with the source host/port the same as the destination host/port. This measure indicates the number of land attacks on the Netscreen firewall device during the last measurement period. |
Number
|
|
| Icmp_floods |
An ICMP flood occurs when ICMP pings overload a system with so many echo requests that the system expends all its resources responding until it can no longer process valid network traffic. This measure indicates the number of ICMP flood attacks on the firewall during the last measurement period. |
Number
|
|
| Udp_floods |
UDP flooding occurs when UDP packets are sent with the purpose of slowing down the system to the point that it can no longer handle valid connections. This measure reports a count of such attacks during the last measurement period. |
Number
|
|
| Netbios_attacks |
Netbios is an interface between the PC operating system, I/O bus and network. Name resolution, file and print sharing (SMB), netbios browsing and logon are its activities. This measure reveals the number of wierd Netbios attacks during the last measurement period. |
Number
|
Attacks related to NETBIOS network: If port 139 is open, files are shared over the network. Other components of NETBIOS can expose one's computer name, workgroup, user name and other information. One can use 'nbtstat' to enumerate a network by listing NETBIOS names tables and sessions as a prelude to further penetration.
|
| Port_scans |
A port scan attack is where an IP sends packets to different ports of the same destination IP, so that atleast one service could be identified as target of the attack. This measure indicates the number of port scan attacks that occurred during the last measurement period. |
Number
|
|
| IP_sweeps |
A sweep attack is where a range of IP addresses are scanned to show which IP addresses are in use. This measure indicates the number of such sweep attacks during the last measurement period. |
Number
|
|