C
HAPTER
7
| Services
DoS
– 81 –
■
Whole System Flood: FIN:
Prevents a FIN (no more data from
sender) flood in which part of a TCP packet from an invalid (or
spoofed) IP address floods the network with connection resets.
■
Whole System Flood: UDP:
Prevents a flood of large numbers of
raw UDP (User Datagram Protocol) packets targeted at the unit.
■
Whole System Flood: ICMP:
Prevents a flood of ICMP (internet
control message protocol) messages from an invalid IP address
causing all TCP requests to be halted.
■
Per Source IP Flood: SYN:
Prevents a SYN attach on a specified
IP address, usually that of the LAN port.
■
Per Source IP Flood: FIN:
Prevents a FIN attach on the LAN port
IP address.
■
Per Source IP Flood: UDP:
Prevents a UDP attack on the LAN port
IP address.
■
Per Source IP Flood: ICMP:
Prevents an ICMP attack on the LAN
port IP address.
■
TCP/UDP Port Scan:
Prevents a situation whereby a hacker sends
a series of systematic queries to the unit for open ports through
which to route traffic.
■
TCMP Smurf:
Prevents a situation whereby a hacker forges the IP
address of the unit and sends repeated ping requests to it flooding
the network.
■
IP Land:
Prevents an attack that involves a synchronise request
being sent as part of the TCP handshake to an open port specifying
the port as both the source and destination effectively locking the
port.
■
IP Spoof:
Prevents a situation where a hackerby a hacker creates
an alias (spoof) of the units IP address to which all traffic is
redirected.
■
IP Teardrop:
Prevents a Teardrop attack that involves sending
mangled IP fragments with overlapping, over-sized, payloads to the
unit. The fragmented packets are processed by the unit causing it to
crash.
■
PingofDeath:
Prevents the receival of an oversized ping packet
that the unit cannot handle. Normal ping packets are 56 bytes, or
84 bytes with the IP header attached. The Ping of Death will exceed
the maximum IP packet size of 65,535 bytes.
■
TCP Scan:
Prevents the probing of the unit by a hacker for open
TCP ports to then block.