Motorola WiNG 5.7.1 System Reference Manual page 628

8 - 4 WiNG 5.7.1 Access Point System Reference Guide
Action
Log Level
5. The following
Ascend
Broadcast/
Multicast ICMP
Chargen
Fraggle
FTP Bounce
Invalid Protocol
IP Spoof
LAND
Option Route
If a DoS filter is enabled, chose an action from the drop-down menu to determine how the
firewall treats the associated DoS attack. Options include:
• Log and Drop - An entry for the associated DoS attack is added to the log and then the
packets are dropped.
• Log Only - An entry for the associated DoS attack is added to the log. No further action
is taken.
• Drop Only - The DoS packets is dropped. No further action is taken.
Select this option to enable logging to the system log. Then select a standard Syslog level
from the Log Level drop-down menu.
Events can be filtered on behalf of the firewall:
Ascend DoS attacks are a series of attacks that target known vulnerabilities in various
versions of Ascend routers.
Broadcast or Multicast ICMP DoS attacks are a series of attacks that take advantage of
ICMP behavior in response to echo requests. These usually involve spoofing the source
address of the target and sending ICMP broadcast or multicast echo requests to the rest of
the network and in the process flooding the target machine with replies.
The Chargen attack establishes a Telnet connection to port 19 and attempts to use the
character generator service to create a string of characters which is then directed to the
DNS service on port 53 to disrupt DNS services.
The Fraggle DoS attack uses a list of broadcast addresses to send spoofed UDP packets to
each broadcast address' echo port (port 7). Each of those addresses that have port 7 open
will respond to the request generating a lot of traffic on the network. For those that do not
have port 7 open they will send an unreachable message back to the originator, further
clogging the network with more traffic.
The FTP Bounce DoS attack uses a vulnerability in the FTP "PORT" command as a way to
scan ports on a target machine by using another machine in the middle.
Attackers may use vulnerability in the endpoint implementation by sending invalid protocol
fields, or may misuse the misinterpretation of endpoint software. This can lead to
inadvertent leakage of sensitive network topology information, call hijacking, or a DoS
attack.
IP Spoof is an attack that sends IP packets with forged source addresses. This can hide the
identity of the attacker.
The LAND DoS attack sends spoofed packets containing the SYN flag to the target
destination using the target port and IP address as both the source and destination. This
will either crash the target system or result in high resource utilization slowing down all
other processes.
Enables the IP Option Route denial of service check in the firewall.