EasyManua.ls Logo

Cisco 500 Series - Types of Dos Attacks

Cisco 500 Series
653 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Security
Denial of Service Prevention
461 Cisco 500 Series Stackable Managed Switch Administration Guide
21
SCT can be monitored in the Denial of Service > Denial of Service Prevention >
Security Suite Settings page (Details button).
Types of DoS Attacks
The following types of packets or other strategies might be involved in a Denial of
Service attack:
TCP SYN PacketsThese packets often have a false sender address. Each
packets is handled like a connection request, causing the server to spawn a
half-open connection, by sending back a TCP/SYN-ACK packet
(Acknowledge), and waiting for a packet in response from the sender
address (response to the ACK Packet). However, because the sender
address is false, the response never comes. These half-open connections
saturate the number of available connections that the device is able to
make, keeping it from responding to legitimate requests.
TCP SYN-FIN Packets—SYN packets are sent to create a new TCP
connection. TCP FIN packets are sent to close a connection. A packet in
which both SYN and FIN flags are set should never exist. Therefore these
packets might signify an attack on the device and should be blocked.
Martian Addresses—Martian addresses are illegal from the point of view of
the IP protocol. See Martian Addresses for more details.
ICMP Attack—Sending malformed ICMP packets or overwhelming number
of ICMP packets to the victim that might lead to a system crash.
IP Fragmentation—Mangled IP fragments with overlapping, over-sized
payloads are sent to the device. This can crash various operating systems
due to a bug in their TCP/IP fragmentation re-assembly code. Windows
3.1x, Windows 95 and Windows NT operating systems, as well as versions
of Linux prior to versions 2.0.32 and 2.1.63 are vulnerable to this attack.
Stacheldraht DistributionThe attacker uses a client program to connect to
handlers, which are compromised systems that issue commands to zombie
agents, which in turn facilitate the DoS attack. Agents are compromised via
the handlers by the attacker.
Using automated routines to exploit vulnerabilities in programs that accept
remote connections running on the targeted remote hosts. Each handler can
control up to a thousand agents.
Invasor Trojan—A trojan enables the attacker to download a zombie agent
(or the trojan may contain one). Attackers can also break into systems using
automated tools that exploit flaws in programs that listen for connections

Table of Contents

Other manuals for Cisco 500 Series

Preview: Quick Start Guide
Quick Start Guide72 pages
Preview: User Guide
User Guide6 pages
Preview: Troubleshooting And Maintenance
Troubleshooting And Maintenance14 pages
Preview: Safety Information
Safety Information42 pages
Preview: Datasheet
Datasheet5 pages
Preview: Quick Reference Guide
Quick Reference Guide7 pages
Preview: Quick Start Quide
Quick Start Quide12 pages

Related product manuals