P-662H/HW-D Series User’s Guide
Chapter 10 Firewalls
173
Under normal circumstances, the application that initiates a session sends a SYN
(synchronize) packet to the receiving server. The receiver sends back an ACK
(acknowledgment) packet and its own SYN, and then the initiator responds with an ACK
(acknowledgment). After this handshake, a connection is established.
•
SYN Attack
floods a targeted system with a series of SYN packets. Each packet causes
the targeted system to issue a SYN-ACK response. While the targeted system waits for
the ACK that follows the SYN-ACK, it queues up all outstanding SYN-ACK responses
on what is known as a backlog queue. SYN-ACKs are moved off the queue only when an
ACK comes back or when an internal timer (which is set at relatively long intervals)
terminates the three-way handshake. Once the queue is full, the system will ignore all
incoming SYN requests, making the system unavailable for legitimate users.
Figure 92
SYN Flood
• In a
LAND Attack
, hackers flood SYN packets into the network with a spoofed source
IP address of the targeted system. This makes it appear as if the host computer sent the
packets to itself, making the system unavailable while the target system tries to respond
to itself.
7
A
brute-force
attack, such as a "Smurf" attack, targets a feature in the IP specification
known as directed or subnet broadcasting, to quickly flood the target network with
useless data. A Smurf hacker floods a router with Internet Control Message Protocol
(ICMP) echo request packets (pings). Since the destination IP address of each packet is
the broadcast address of the network, the router will broadcast the ICMP echo request
packet to all hosts on the network. If there are numerous hosts, this will create a large
amount of ICMP echo request and response traffic. If a hacker chooses to spoof the
source IP address of the ICMP echo request packet, the resulting ICMP traffic will not
only clog up the "intermediary" network, but will also congest the network of the spoofed
source IP address, known as the "victim" network. This flood of broadcast traffic
consumes all available bandwidth, making communications impossible.
Содержание 802.11g ADSL 2+ 4-Port Security Gateway HW-D Series
Страница 1: ...P 662H HW D Series 802 11g ADSL 2 4 Port Security Gateway User s Guide Version 3 40 Edition 1 7 2006 ...
Страница 2: ......
Страница 10: ...P 662H HW D Series User s Guide 10 Customer Support ...
Страница 24: ...P 662H HW D Series User s Guide 24 Table of Contents ...
Страница 32: ...P 662H HW D Series User s Guide 32 List of Figures ...
Страница 38: ...P 662H HW D Series User s Guide 38 List of Tables ...
Страница 64: ...P 662H HW D Series User s Guide 64 Chapter 2 Introducing the Web Configurator ...
Страница 84: ...P 662H HW D Series User s Guide 84 Chapter 4 Bandwidth Management Wizard ...
Страница 108: ...P 662H HW D Series User s Guide 108 Chapter 5 WAN Setup ...
Страница 122: ...P 662H HW D Series User s Guide 122 Chapter 6 LAN Setup ...
Страница 155: ...P 662H HW D Series User s Guide Chapter 8 DMZ 155 Figure 81 DMZ Private and Public Address Example ...
Страница 156: ...P 662H HW D Series User s Guide 156 Chapter 8 DMZ ...
Страница 188: ...P 662H HW D Series User s Guide 188 Chapter 11 Firewall Configuration Figure 97 Firewall Edit Rule ...
Страница 202: ...P 662H HW D Series User s Guide 202 Chapter 11 Firewall Configuration ...
Страница 210: ...P 662H HW D Series User s Guide 210 Chapter 12 Anti Virus Packet Scan ...
Страница 214: ...P 662H HW D Series User s Guide 214 Chapter 13 Content Filtering ...
Страница 232: ...P 662H HW D Series User s Guide 232 Chapter 14 Content Access Control ...
Страница 238: ...P 662H HW D Series User s Guide 238 Chapter 15 Introduction to IPSec ...
Страница 273: ...P 662H HW D Series User s Guide Chapter 17 Certificates 273 Figure 144 My Certificate Details ...
Страница 284: ...P 662H HW D Series User s Guide 284 Chapter 17 Certificates Figure 152 Trusted Remote Host Details ...
Страница 292: ...P 662H HW D Series User s Guide 292 Chapter 18 Static Route ...
Страница 303: ...P 662H HW D Series User s Guide Chapter 19 Bandwidth Management 303 Figure 162 Bandwidth Management Monitor ...
Страница 304: ...P 662H HW D Series User s Guide 304 Chapter 19 Bandwidth Management ...
Страница 308: ...P 662H HW D Series User s Guide 308 Chapter 20 Dynamic DNS Setup ...
Страница 332: ...P 662H HW D Series User s Guide 332 Chapter 22 Universal Plug and Play UPnP ...
Страница 338: ...P 662H HW D Series User s Guide 338 Chapter 23 System ...
Страница 344: ...P 662H HW D Series User s Guide 344 Chapter 24 Logs ...
Страница 350: ...P 662H HW D Series User s Guide 350 Chapter 25 Tools ...
Страница 363: ...P 662H HW D Series User s Guide Chapter 27 Troubleshooting 363 Figure 213 Security Setting ActiveX Controls ...
Страница 364: ...P 662H HW D Series User s Guide 364 Chapter 27 Troubleshooting ...
Страница 368: ...P 662H HW D Series User s Guide 368 Product Specifications ...
Страница 372: ...P 662H HW D Series User s Guide 372 Appendix C Wall mounting Instructions ...
Страница 408: ...P 662H HW D Series User s Guide 408 Appendix F Wireless LANs ...
Страница 420: ...P 662H HW D Series User s Guide 420 Appendix H Command Interpreter ...
Страница 436: ...P 662H HW D Series User s Guide 436 Appendix L NetBIOS Filter Commands ...
Страница 462: ...P 662H HW D Series User s Guide 462 Appendix M Internal SPTGEN ...
Страница 484: ...P 662H HW D Series User s Guide 484 Appendix P Triangle Route ...