Table of Contents
Advertisement
IP spoofing
Ping of death
Land attacks
IP reassembly
Appendix A: Selected firewall attacks
IP spoofing is a network intrusion where a user pretends to be at a trusted IP
address to gain access to a computer. SMC makes sure all traffic destined to
the Secure Multimedia Zone (SMZ) originates from the authorized Internet
sites.
Ping of death is a DOS attack that exploits the errors in the oversize datagram
handling mechanism of a TCP/IP stack. Certain popular operating systems
have difficulty handling datagrams larger than the maximum datagram size
defined by the IP standard. If hosts running such operating systems come
across oversized ping packets, they tend to hang or crash.
Land attacks are a special type of DOS attack on TCP-based services such as
HTTP, SMTP, and FTP, where an attacker forges the equal values for the
source and destination ports, and source and destination IP addresses. These
port values are the well-known service port values, and the IP addresses are
the target host IP address. This attack exploits the inappropriate
implementation of the TCP connections establishment protocol in a TCP/IP
stack. As a result, the target server enters an uncontrollable infinite spin, and
eventually the system crashes.
While in transit on the Internet, datagrams can pass through heterogeneous
networks, so they can be fragmented and reassembled at their destinations.
Certain popular TCP/IP implementations cannot properly take care of all the
datagram reassembly cases. If the attacker sends datagram fragments in a
certain sequence to such hosts, the hosts perform unpredictably.
Secure Multimedia Controller
Page 123 of 126
Command Reference
Advertisement
Table of Contents
