FAQ-How Many Bytes of ICMP Packets Does the USG Regard as Large ICMP Attacks by Default

Publication Date:  2015-07-01 Views:  290 Downloads:  0
Issue Description
How Many Bytes of ICMP Packets Does the USG Regard as Large ICMP Attacks by Default?
Solution
The default threshold for defending against ICMP large packets is 4000 bytes. This value can be adjusted through the command. If the threshold is hit, the USG considers that large ICMP attacks occur and discards the packets. The USG determines whether the sum of fragment offset plus total length in the ICMP fragment packet exceeds 4000. The following uses a ping packet as an example:

If IP packet header (20 bytes) + ICMP packet header (8 bytes) + load size specified through the ping command contains more than 4000 bytes, the USG considers that large ICMP attacks occur.

The threshold can be specified.


[USG] firewall defend large-icmp max-length ?
INTEGER<28-65535> the value of max length of icmp (default is 4000)

END