426
Single-packet attack
Description
IP options
An attacker sends IP datagrams in which the IP options are abnormal. This
attack intends to probe the network topology. The target system will break
down if it is incapable of processing error packets.
IP fragment
An attacker sends the victim an IP datagram with an offset smaller than 5,
which causes the victim to malfunction or crash.
IP impossible packet
An attacker sends IP packets whose source IP address is the same as the
destination IP address, which causes the victim to malfunction.
Tiny fragment
An attacker makes the fragment size small enough to force Layer 4 header
fields into the second fragment. These fragments can pass the packet
filtering because they do not hit any match.
Smurf
An attacker broadcasts an ICMP echo request to target networks. These
requests contain the victim's IP address as the source IP address. Every
receiver on the target networks will send an ICMP echo reply to the victim.
The victim will be flooded with replies, and will be unable to provide
services. Network congestion might occur.
TCP flag
An attacker sends packets with defective TCP flags to probe the operating
system of the target host. Different operating systems process
unconventional TCP flags differently. The target system will break down if it
processes this type of packets incorrectly.
Traceroute
An attacker uses traceroute tools to probe the topology of the victim
network.
WinNuke
An attacker sends Out-Of-Band (OOB) data to the TCP port 139 (NetBIOS)
on the victim that runs Windows system. The malicious packets contain an
illegal Urgent Pointer, which causes the victim's operating system to crash.
UDP bomb
An attacker sends a malformed UDP packet. The length value in the IP
header is larger than the IP header length plus the length value in the UDP
header. When the target system processes the packet, a buffer overflow
can occur, which causes a system crash.
UDP Snork
An attacker sends a UDP packet with destination port 135 (the Microsoft
location service) and source port 135, 7, or 19. This attack causes an NT
system to exhaust its CPU.
UDP Fraggle
An attacker sends a large number of chargen packets with source UDP
port 7 and destination UDP port 19 to a network. These packets use the
victim's IP address as the source IP address. Replies will flood the victim,
resulting in DoS.
Teardrop
An attacker sends a stream of overlapping fragments. The victim will crash
when it tries to reassemble the overlapping fragments.
Ping of death
An attacker sends the victim an ICMP echo request larger than 65535
bytes that violates the IP protocol. When the victim reassembles the
packet, a buffer overflow can occur, which causes a system crash.
Scanning attacks
Scanning is a preintrusion activity used to prepare for intrusion into a network. The scanning allows
the attacker to find a way into the target network and to disguise the attacker's identity.
Attackers use scanning tools to probe a network, find vulnerable hosts, and discover services that
are running on the hosts. Attackers can use the information to launch attacks.
The device can detect and prevent the IP sweep and port scan attacks. If an attacker performs port
scanning from multiple hosts to the target host, distributed port scan attacks occur.
Summary of Contents for FlexFabric 5940 SERIES
Page 251: ...238 ...