Figure 410 Smurf Attack - ZyXEL Communications ZyWALL USG 100 Series User Manual
Unified security gateway
Hide thumbs
Also See for ZyWALL USG 100 Series:
- Quick start manual (128 pages) ,
- Release note (19 pages) ,
- Specifications (4 pages)
Table of Contents
Advertisement
• TCP Filtered
Portsweep
• ICMP Filtered
Portsweep
• IP Filtered
Distributed Portscan
Flood Detection
Flood attacks saturate a network with useless data, use up all available bandwidth, and
therefore make communications in the network impossible.
ICMP Flood Attack
An ICMP flood is broadcasting many pings or UDP packets so that so much data is sent to the
system, that it slows it down or locks it up.
Smurf
A smurf attacker (A) floods a router (B) with Internet Control Message Protocol (ICMP) echo
request packets (pings) with the destination IP address of each packet as the broadcast address
of the network. The router will broadcast the ICMP echo request packet to all hosts on the
network. If there are numerous hosts, this will create a large amount of ICMP echo request and
response traffic.
If an attacker (A) spoofs the source IP address of the ICMP echo request packet, the resulting
ICMP traffic will not only saturate the receiving network (B), but the network of the spoofed
source IP address (C).
Figure 410 Smurf Attack
TCP SYN Flood Attack
Usually a client starts a session by sending a SYN (synchronize) packet to a server. The
receiver returns an ACK (acknowledgment) packet and its own SYN, and then the initiator
responds with an ACK (acknowledgment). After this handshake, a connection is established.
ZyWALL USG 100/200 Series User's Guide
• UDP Filtered Portsweep
• TCP Filtered Distributed
Portscan
Chapter 31 ADP
• IP Filtered Portsweep
• UDP Filtered
Distributed Portscan
533
- Quick Links:
- Getting Started
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
