Denial Of Service; Basics; Types Of Dos Attacks - ZyXEL Communications VANTAGE CNM User Manual
Centralized network management
Hide thumbs
Also See for VANTAGE CNM:
- User manual (484 pages) ,
- Quick start manual (36 pages) ,
- User manual (460 pages)
Table of Contents
Advertisement
12.3.1 Denial of Service
Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the
Internet. Their goal is not to steal information, but to disable a device or network so users no
longer have access to network resources. The ZyXEL device is pre-configured to
automatically detect and thwart all known DoS attacks.
12.3.2 Basics
Computers share information over the Internet using a common language called TCP/IP. TCP/
IP, in turn, is a set of application protocols that perform specific functions. An extension
number, called the "TCP port" or "UDP port" identifies these protocols, such as HTTP (Web),
FTP (File Transfer Protocol), POP3 (E-mail), etc. For example, Web traffic by default uses
TCP port 80.
When computers communicate on the Internet, they are using the client/server model, where
the server "listens" on a specific TCP/UDP port for information requests from remote client
computers on the network. For example, a Web server typically listens on port 80. Please note
that while a computer may be intended for use over a single port, such as Web on port 80,
other ports are also active. If the person configuring or managing the computer is not careful, a
hacker could attack it over an unprotected port.
Some of the most common IP ports are shown in
12.3.3 Types of DoS Attacks
There are four types of DoS attacks:
1 Those that exploit bugs in a TCP/IP implementation.
"Ping of Death" and "Teardrop" attacks exploit bugs in the TCP/IP implementations of
various computer and host systems.
2 Those that exploit weaknesses in the TCP/IP specification.
Chapter 12 Configuration > Firewall
•
Ping of Death uses a "ping" utility to create an IP packet that exceeds
the maximum 65,536 bytes of data allowed by the IP specification.
The oversize packet is then sent to an unsuspecting system. Systems
may crash, hang or reboot.
•
Teardrop attack exploits weaknesses in the reassembly of IP packet
fragments. As data is transmitted through a network, IP packets are
often broken up into smaller chunks. Each fragment looks like the
original IP packet except that it contains an offset field that says, for
instance, This fragment is carrying bytes 200 through 400 of the
original (non fragmented) IP packet The Teardrop program creates a
series of IP fragments with overlapping offset fields. When these
fragments are reassembled at the destination, some systems will
crash, hang, or reboot.
Vantage CNM User's Guide
Table 63 on page
180.
172
Advertisement
Table of Contents
