176
C
HAPTER
13: T
YPES OF
A
TTACK AND
F
IREWALL
D
EFENCES
The return address of the ping has been faked (spoofed) to appear to
come from a machine on another network (the victim). The victim is then
flooded with responses to the ping. As many responses are generated for
only one attack, the attacker is able use many amplifiers on the same
victim.
The results of a
smurf attack
range from slowing of the network to the
crashing of the victim devices.
Firewall Response as Amplifier:
Spoofed IP address is detected and
packet is dropped. Firewall will not act as amplifier.
Firewall Response as Victim:
Traffic from a
smurf attack
cannot be
separated from other network traffic. Traffic is allowed to pass.
SYN Flood Attack
A
SYN flood attack
attempts to slow your network by requesting new
connections but not completing the process to open the connection.
Once the buffer for these pending connections is full a server will not
accept any more connections and will be unresponsive.
Firewall Response:
The connection request will be completed by the
Firewall and the connection monitored to check if data is sent. If no data
is sent the Firewall resets the connection.
Land Attack
A
land attack
is an attempt to slow your network down by sending a
packet with identical source and destination addresses originating from
your network.
Firewall Response:
Packet is dropped. Attack is stopped.
Intrusion Attacks
An
Intrusion Attack
is designed to get information from your network or
place information on your network. This may be the theft of confidential
material, the defacing of a web site or the theft of passwords or discovery
of network infrastructure that will enable further attacks.
External Access
Without a firewall your network can be accessed from anywhere on the
Wide Area Network
(WAN) outside your network. The Firewall blocks all
attempts to access the
Local Area Network
(LAN) that are initiated from
outside your network
Firewall response:
Packet is dropped. Attack is stopped.
DUA1611-0AAA02.book Page 176 Thursday, August 2, 2001 4:01 PM
Содержание SUPERSTACK 3CR16110-95
Страница 18: ...18 DUA1611 0AAA02 book Page 18 Thursday August 2 2001 4 01 PM...
Страница 50: ...50 DUA1611 0AAA02 book Page 50 Thursday August 2 2001 4 01 PM...
Страница 96: ...96 CHAPTER 6 USING THE FIREWALL DIAGNOSTIC TOOLS DUA1611 0AAA02 book Page 96 Thursday August 2 2001 4 01 PM...
Страница 122: ...122 CHAPTER 8 ADVANCED SETTINGS DUA1611 0AAA02 book Page 122 Thursday August 2 2001 4 01 PM...
Страница 150: ...150 CHAPTER 10 CONFIGURING HIGH AVAILABILITY DUA1611 0AAA02 book Page 150 Thursday August 2 2001 4 01 PM...
Страница 152: ...152 DUA1611 0AAA02 book Page 152 Thursday August 2 2001 4 01 PM...
Страница 166: ...166 CHAPTER 11 ADMINISTRATION AND ADVANCED OPERATIONS DUA1611 0AAA02 book Page 166 Thursday August 2 2001 4 01 PM...
Страница 174: ...174 DUA1611 0AAA02 book Page 174 Thursday August 2 2001 4 01 PM...
Страница 178: ...178 CHAPTER 13 TYPES OF ATTACK AND FIREWALL DEFENCES DUA1611 0AAA02 book Page 178 Thursday August 2 2001 4 01 PM...
Страница 190: ...190 CHAPTER 14 NETWORKING CONCEPTS DUA1611 0AAA02 book Page 190 Thursday August 2 2001 4 01 PM...
Страница 192: ...192 DUA1611 0AAA02 book Page 192 Thursday August 2 2001 4 01 PM...
Страница 206: ...206 APPENDIX D TECHNICAL SUPPORT DUA1611 0AAA02 book Page 206 Thursday August 2 2001 4 01 PM...
Страница 212: ...212 INDEX DUA1611 0AAA02 book Page 212 Thursday August 2 2001 4 01 PM...
Страница 214: ...DUA1611 0AAA02 book Page 214 Thursday August 2 2001 4 01 PM...