HP A6600 Configuration Manual page 399
Hide thumbs
Also See for A6600:
- Configuration manual (426 pages) ,
- Getting started (222 pages) ,
- Limited warranty (41 pages)
Table of Contents
Advertisement
Single-
packet
attack
Route Record
Smurf
Source Route
TCP Flag
Tracert
WinNuke
Scanning attack
An attacker uses scanning tools to scan host addresses and ports in a network, in order to find possible
targets and the services enabled on the targets, and to figure out the network topology and prepare for
further attacks to the target hosts.
Flood attack
An attacker sends a large number of forged requests to the targets in a short time, so that the target
systems are too busy to provide services for legal users, resulting in denial of services.
The device can effectively defend against three types of flood attacks:
SYN flood attack
Because of the limited resources, the TCP/IP stack permits only a limited number of TCP connections. An
attacker sends a great quantity of SYN packets to a target server, using a forged address as the source
address. After receiving the SYN packets, the server replies with SYN ACK packets. Because the
destination address of the SYN ACK packets is unreachable, the server can never receive the expected
ACK packets, thus having to maintain large amounts of half-open connections. In this way, the attacker
exhausts the system resources of the server, making the server unable to service normal clients.
ICMP flood attack
An attacker sends a large number of ICMP requests to the target in a short time by (for example, using
the ping program), causing the target to get too busy to process normal services.
Description
An attacker exploits the route record option in the IP header to probe the topology of a
network.
An attacker sends an ICMP echo request to the broadcast address of the target network. As
a result, all hosts on the target network reply to the request, causing the network to be
congested and hosts on the target network to be unable to provide services.
An attacker exploits the source route option in the IP header to probe the topology of a
network.
Some TCP flags are processed differently on different operating systems. A TCP flag attacker
sends TCP packets with such TCP flags to a target host to probe its operating system. If the
operating system cannot process such packets properly, the attacker successfully makes the
host crash down.
An attacker exploits the Tracert program to probe the network topology.
The Tracert program sends batches of UDP packets with a large destination port number
and an increasing TTL (starting from 1). The TTL of a packet is decreased by 1 when the
packet passes each router. Upon receiving a packet with a TTL of 0, a router must send an
ICMP time exceeded message back to the source IP address of the packet. The Tracert
program uses these returning packets to figure out the hosts that the packets have traversed
from the source to the destination.
An attacker sends OOB data with the pointer field values overlapped to the NetBIOS port
(139) of a Windows system with an established connection to introduce a NetBIOS
fragment overlap, causing the system to crash.
387
Advertisement
Table of Contents
Troubleshooting
