McAfee INTERNET SECURITY 5.0, Руководство пользователя

Страница: 94 / 128

McAfee Firewall
94 McAfee Internet Security 5.0
Common attacks recognized by IDS
The following table lists attacks recognized by McAfee Firewall’s IDS, a
description of each attack, and the risk factor assigned to each attack.
Attack Description Risk
Factor
1234 Also known as the Flushot attack, an attacker sends an oversize ping
packet that networking software could not handle. Usually, computers
hang or slows down. If a total lockup occurs, unsaved data may be lost. Medium
Back Orifice Back Orifice is a back door program for Windows 9x written by a group
calling themselves the Cult of the Dead Cow. This back door allows
remote access to the machine once installed, allowing the installer to run
commands, get screen shots, modify the registry, and perform other
operations. Client programs to access Back Orifice are available for
Windows and UNIX. High
Bonk Designed to exploit an implementation error in the first Teardrop patch
released by Microsoft, this attack is basically a Windows-specific variant of
the original Teardrop attack. High
Fraggle This attack is a UDP variant of the Smurf attack. By sending a forged UDP
packet to a particular port on a broadcast address, systems on the
“amplifier” network will respond to the target machine with either a UDP
response or an ICMP UNREACHABLE packet. This flood of incoming
packets results in a denial of service attack against the target machine. High
IP Spoofing IP spoofing involves sending data with a falsified return IP address. There
is nothing inherently dangerous about spoofing a source IP address, but
this technique can be used in conjunction with others to carry out attacks
TCP session hijacking, or to obscure the source of denial of service
attacks (SYN flood, PING flood, etc.). Medium
Jolt A remote denial of service attack using specially crafted ICMP packet
fragments. May cause slowdowns or crashes on target systems. High
Jolt 2 A remote Denial of Service (DoS) attack similar to Jolt that uses specially
crafted ICMP or UDP packet fragments. May cause slowdowns or crashes
on target systems. High
Land This attack is performed by sending a TCP packet to a running service on
the target host, with a source address of the same host. The TCP packet
is a SYN packet, used to establish a new connection, and is sent from the
same TCP source port as the destination port. When accepted by the
target host, this packet causes a loop within the operating system,
essentially locking up the system. High
Nestea This attack relies on an error in calculating sizes during packet fragment
reassembly. In the reassembly routine of vulnerable systems, there was a
failure to account for the length of the IP header field. By sending carefully
crafted packets to a vulnerable system, it is possible to crash the target. High