Ping of death | On the Internet, ping of death is a kind of denial of service |
| (DoS) attack caused by an attacker deliberately sending an |
| IP packet larger than the 65,536 bytes allowed by the IP |
| protocol. One of the features of TCP/IP is fragmentation; it |
| allows a single IP packet to be broken down into smaller |
| segments. Attackers began to take advantage of that feature |
| when they found that a packet broken down into fragments |
| could add up to more than the allowed 65,536 bytes. |
| Many operating systems didn’t know what to do when they |
| received an oversized packet, so they froze, crashed, or |
| rebooted. Other known variants of the ping of death include |
| teardrop, bonk and nestea. |
SYN Flood | The attacker sends TCP connections faster than the |
| victim machine can process them, causing it to run out |
| of resources and dropping legitimate connections. A new |
| defence against this is to create “SYN cookies”. Each side |
| of a connection has its own sequence number. In response |
| to a SYN, the attacked machine creates a special sequence |
| number that is a “cookie” of the connection and forgets |
| everything it knows about the connection. It can then |
| recreate the forgotten information about the connection |
| where the next packets come in from a legitimate |
| connection. |
ICMP Flood | The attacker transmits a volume of ICMP request packets to |
| cause all CPU resources to be consumed serving the phony |
| requests. |
UDP Flood | The attacker transmits a volume of requests for UDP |
| diagnostic services which cause all CPU resources to be |
| consumed serving the phony requests. |
Land attack | The attacker attempts to slow your network down by sending |
| a packet with identical source and destination addresses |
| originating from your network. |
Smurf attack | Where the source address of a broadcast ping is forged so |
| that a huge number of machines respond back to the victim |
| indicated by the address, thereby overloading it. |
Fraggle Attack | A perpetrator sends a large amount of UDP echo packets |
| at IP broadcast addresses, all of it having a spoofed source |
| address of a victim. |
IP Spoofing | IP Spoofing is a method of masking the identity of an |
| intrusion by making it appear that the traffic came from a |
| different computer. This is used by intruders to keep their |
| anonymity and can be used in a Denial of Service attack. |
NB712 / | NB714 User Guide | 11 |
YML829 | Rev1 |
|
