SMC Networks Barricade SMC2404WBR User Manual page 113

A. SYN Flood Attack An assault on a network that prevents a TCP/IP
-
server from servicing other users. It is accomplished by not sending the final
acknowledgment to the server's SYN-ACK response (SYNchronize-
ACKnowledge) in the handshaking sequence, which causes the server to
keep signaling until it eventually times out. The source address from the
client is, of course, counterfeit. SYN flood attacks can either overload the
server or cause it to crash.
Smurf Attack - A type of network security breach in which a network
connected to the Internet is swamped with replies to ICMP echo (PING)
requests. A smurf attacker sends PING requests to an Internet broadcast
address. These are special addresses that broadcast all received messages to
the hosts connected to the subnet. Each broadcast address can support up to
255 hosts, so a single PING request can be multiplied 255 times. The return
address of the request itself is spoofed to be the address of the attacker's
victim. All the hosts receiving the PING request reply to this victim's address
instead of the real sender's address. A single attacker sending hundreds or
thousands of these PING messages per second can fill the victim's T-1 (or
even T-3) line with ping replies, bring the entire Internet service to its knees.
Smurfing falls under the general category of Denial of Service attacks --
security attacks that don't try to steal information, but
instead attempt to disable a computer or network.
Denial Of Service Attack - An assault on a network that floods it with so
many additional requests that regular traffic is either slowed or completely
interrupted. Unlike a virus or worm, which can cause severe damage to
databases, a denial of service attack interrupts network service for some
period. A distributed denial of service (DDOS) attack uses multiple
computers throughout the network that it has previously infected. All of these
"zombies" work together to send out bogus messages, thereby increasing the
amount of phony traffic.
Ping of Death - A ping request that crashes the target computer. It is caused
by an invalid packet size value in the packet header. There are patches for
most operating systems to prevent it.
IP Spoofing - A technique used to gain unauthorized access to computers,
whereby the intruder sends messages to a computer with an IP address
indicating that the message is coming from a trusted port. To engage in IP