GRT-504 4-Wire G.SHDSL.bis Firewall Router User’s Manual
3.3
Denial of Service Attack
Inturruption
Typically, Denial of Service (DoS) attacks result in two flavors: resource starvation and system
overloading. DoS attacks happen usually when a legitimate resource demanding is greater than
the supplying (ex. too many web requests to an already overloaded web server). Software
weakness or system incorrect configurations induce DoS situations also. The difference between a
malicious denial of service and simple system overload is the requirement of an individual with
malicious intent (attacker) using or attempting to use resources specifically to deny those
resources to other users.
Ping of death-
On the Internet, ping of death is a kind of denial of service (DoS) attack caused by
deliberately sending an IP packet which size is larger than the 65,536 bytes allowed in the IP
protocol. One of the features of TCP/IP is fragmentation, which allows a single IP packet to be
broken down into smaller segments. Attackers began to take advantage of that feature when they
found that fragmented packets could be added up to the size more than the allowed 65,536 bytes.
Many operating systems don’t know what to do once if they received an oversized packet, then
they freeze, crash, or reboot. Other known variants of the ping of death include teardrop, bonk and
nestea.
Hacker 's
System
Target
System
Ping of Death Packet (112,000 bytes)
Normal IP Packet (Maximun 65,536 bytes)
Normal reassembled Packets
bytes from 1~1500
bytes from 1501~3000
bytes from 3000~4500
Reassembled teardrop packets
bytes from 1~1700
bytes from 1300~3200
bytes from 2800~4800
SYN Flood-
The attacker sends TCP SYN packets, which start connections very fast, leaving the
victim waiting to complete a huge number of connections, causing it to run out of resources and
dropping legitimate connections. A new defense against this is the “SYN cookies”. Each side of a
connection has its own sequence number. In response to a SYN, the attacked machine creates a
special sequence number that is a “cookie” of the connection then forgets everything it knows
about the connection. It can then recreate the forgotten information about the connection where
the next packets come in from a legitimate connection.
19
Содержание G.SHDSL.bis Bridge Router GRT-504
Страница 1: ...4 Wire G SHDSL bis Firewall Router GRT 504 User s Manual...
Страница 12: ...GRT 504 4 Wire G SHDSL bis Firewall Router User s Manual 1 3 Applications 11...
Страница 24: ...GRT 504 4 Wire G SHDSL bis Firewall Router User s Manual 23...
Страница 25: ...GRT 504 4 Wire G SHDSL bis Firewall Router User s Manual 24...