S Ervice A Ttacks - HP ProCurve 9304M Security Manual
Routing switches
Hide thumbs
Also See for ProCurve 9304M:
- Management and configuration manual (690 pages) ,
- Installation and configuration manual (504 pages) ,
- Installation and getting started manual (348 pages)
Table of Contents
Advertisement
Protecting Against Denial of Service Attacks
In a Denial of Service (DoS) attack, a Routing Switch is flooded with useless packets, hindering normal operation.
HP devices include measures for defending against two types of DoS attacks: Smurf attacks and TCP SYN
attacks.
Protecting Against Smurf Attacks
A Smurf attack is a kind of DoS attack where an attacker causes a victim to be flooded with ICMP echo (Ping)
replies sent from another network. Figure 7.1 illustrates how a Smurf attack works.
Figure 7.1
How a Smurf attack floods a victim with ICMP replies
Attacker sends ICMP echo requests to
1
broadcast address on Intermediary's
network, spoofing Victim's IP address
as the source
If Intermediary has directed broadcast
2
forwarding enabled, ICMP echo requests
are broadcast to hosts on Intermediary's
network
The attacker sends an ICMP echo request packet to the broadcast address of an intermediary network. The ICMP
echo request packet contains the spoofed address of a victim network as its source. When the ICMP echo
request reaches the intermediary network, it is converted to a Layer 2 broadcast and sent to the hosts on the
intermediary network. The hosts on the intermediary network then send ICMP replies to the victim network.
June 2005
Attacker
Intermediary
The hosts on Intermediary's network
3
send replies to Victim, inundating Victim
with ICMP packets
Chapter 7
Victim
7 - 1
Advertisement
Table of Contents
