Motorola WiNG 5 System Reference Manual page 464

8 - 4 WiNG 5 Access Point System Reference Guide
Action
Log Level
4. The following
Ascend
Broadcast/
Multicast ICMP
Chargen
Fraggle
FTP Bounce
Invalid Protocol
TCP IP TTL Zero
IP Spoof
If a DoS filter is enabled, chose an action from the drop-down menu to
determine how the Firewall treats the associated DoS attack. Options
include:
Log and Drop - An entry for the associated DoS attack is added to the log
and then the packets are dropped.
Log Only - An entry for the associated DoS attack is added to the log. No
further action is taken.
Drop Only - The DoS packets is dropped. No further action is taken.
Select this option to enable logging to the system log. Then select a
standard Syslog level from the Log Level drop-down menu.
Events can be filtered on behalf of the Firewall:
Ascend DoS attacks are a series of attacks that target known
vulnerabilities in various versions of Ascend routers.
Broadcast or Multicast ICMP DoS attacks are a series of attacks that take
advantage of ICMP behavior in response to echo requests. These usually
involve spoofing the source address of the target and sending ICMP
broadcast or multicast echo requests to the rest of the network and in the
process flooding the target machine with replies.
The Chargen attack establishes a Telnet connection to port 19 and
attempts to use the character generator service to create a string of
characters which is then directed to the DNS service on port 53 to disrupt
DNS services.
The Fraggle DoS attack uses a list of broadcast addresses to send spoofed
UDP packets to each broadcast address' echo port (port 7). Each of those
addresses that have port 7 open will respond to the request generating a
lot of traffic on the network. For those that do not have port 7 open they
will send an unreachable message back to the originator, further clogging
the network with more traffic.
The FTP Bounce DoS attack uses a vulnerability in the FTP "PORT"
command as a way to scan ports on a target machine by using another
machine in the middle.
Attackers may use vulnerability in the endpoint implementation by sending
invalid protocol fields, or may misuse the misinterpretation of endpoint
software. This can lead to inadvertent leakage of sensitive network
topology information, call hijacking, or a DoS attack.
The TCP IP TTL Zero DoS attack sends spoofed multicast packets onto the
network which have a Time To Live (TTL) of 0. This causes packets to loop
back to the spoofed originating machine, and can cause the network to
overload.
IP Spoof is a category of Denial of Service attack that sends IP packets with
forged source addresses. This can hide the identity of the attacker.