Denial Of Service; Table 9-1 Common Ip Ports - ZyXEL Communications ZyWALL 5 User Manual

9.4

Denial of Service

Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet.
Their goal is not to steal information, but to disable a device or network so users no longer have access
to network resources. The ZyWALL is pre-configured to automatically detect and thwart all known
DoS attacks.
9.4.1 Basics
Computers share information over the Internet using a common language called TCP/IP. TCP/IP, in
turn, is a set of application protocols that perform specific functions. An "extension number", called
the "TCP port" or "UDP port" identifies these protocols, such as HTTP (Web), FTP (File Transfer
Protocol), POP3 (E-mail), etc. For example, Web traffic by default uses TCP port 80.
When computers communicate on the Internet, they are using the client/server model, where the server
"listens" on a specific TCP/UDP port for information requests from remote client computers on the
network. For example, a Web server typically listens on port 80. Please note that while a computer
may be intended for use over a single port, such as Web on port 80, other ports are also active. If the
person configuring or managing the computer is not careful, a hacker could attack it over an
unprotected port.
Some of the most common IP ports are:
21
23
25
9.4.2 Types of DoS Attacks
There are four types of DoS attacks:
1. Those that exploit bugs in a TCP/IP implementation.
2. Those that exploit weaknesses in the TCP/IP specification.
3. Brute-force attacks that flood a network with useless data.
4. IP Spoofing.
1. "Ping of Death" and "Teardrop" attacks exploit bugs in the TCP/IP implementations of various
computer and host systems.
Ping of Death uses a "ping" utility to create an IP packet that exceeds the maximum
1-a
65,536 bytes of data allowed by the IP specification. The oversize packet is then sent to an
unsuspecting system. Systems may crash, hang or reboot.
Teardrop attack exploits weaknesses in the reassembly of IP packet fragments. As data is
1-b
transmitted through a network, IP packets are often broken up into smaller chunks. Each
fragment looks like the original IP packet except that it contains an offset field that says, for
instance, "This fragment is carrying bytes 200 through 400 of the original (non fragmented) IP
packet." The Teardrop program creates a series of IP fragments with overlapping offset fields.
When these fragments are reassembled at the destination, some systems will crash, hang, or
reboot.
Firewalls

Table 9-1 Common IP Ports

FTP 53
Telnet 80
SMTP 110
ZyWALL 5 Internet Security Appliance
DNS
HTTP
POP3
9-3