Ping Of Death Attack - Huawei quidway s7700 Configuration Manual

Quidway S7700 Smart Routing Switch
Configuration Guide - SPU
damage the target host because the IGMP packet is not fragmented. An attack occurs when a
host receives an IGMP packet.
SYN Flood Attack
The TCP/IP protocol stack only permits a limited number of TCP connections due to resource
restriction. SYN Flood attacks just utilize this characteristic. The attacker forges a SYN packet
whose source address is forged or nonexistent and originates a connection to the server. Upon
receipt of this packet, the server replies with SYN-ACK. Because there is no receiver of the
SYN-ACK packet, a half-connection is caused. If the attacker sends a large number of such
packets, a lot of half-connections are produced on the attacked host and the resources of the
attacked host will be exhausted; therefore, normal users cannot access the host till the half-
connections expire. If the connections can be created without restriction, SYN Flood has similar
influence. That is, it will consume the system resources such as memory.
ICMP and UDP Flood Attack
ICMP and UDP Flood attacker sends a large number of ICMP packets (such as ping packets)
and UDP packets to the target host in a short time and requests for responses. The host is then
overloaded and cannot process valid tasks.
IP Sweeping and Port Scanning Attack
IP address sweeping and port scanning attacker detects the IP addresses and ports of the target
hosts by using scanning tools. The attacker then determines the hosts that exist on the target
network according to the response. The attacker can then find the ports that provide services.

Ping of Death Attack

The length field of an IP packet is 16 bits, indicating that the maximum length of an IP packet
is 65535. If the data field of an ICMP Echo Request packet is longer than 65507, the length of
the ICMP Echo Request packet (ICMP data + 20-byte IP header + 8-byte ICMP header) is greater
than 65535. Upon receiving the packet, routers or systems will crash, stop responding, or restart
due to improper processing of the packet. The so-called "Ping of Death" is an attack to the system
waged by sending some oversize ICMP packets.
ICMP-Redirect and ICMP-Unreachable Attack
A network device sends an ICMP-redirect packet to the hosts on the same subnet, requesting
the hosts to change the route. However, some malicious attackers cross a network segment and
send a fraudulent ICMP-redirect packet to the hosts of another network. In this way, the attackers
change the routing table of the hosts, causing interference to the normal IP packet forwarding
of the hosts.
Another type of attack is sending an ICMP-unreachable packet. After receiving the ICMP-
unreachable packets of a network (code is 0) or a host (code is 1), some systems consider the
subsequent packets sent to this destination as unreachable. The systems then disconnect the
destination from the host.
Teardrop Attack
The More Fragment (MF) bit, offset field, and length field in an IP packet indicate the segment
of the original packet contained in this fragment. Some systems running TCP/IP may stop
Issue 01 (2011-07-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2 Firewall Configuration
33