BigIron RX Series Configuration Guide 995
53-1002253-01
Chapter
34
Protecting Against Denial of Service Attacks
In a Denial of Service (DoS) attack, a router is flooded with useless packets, hindering normal
operation. The BigIron RX includes measures for defending against two types of DoS attacks, Smurf
attacks and TCP SYN attacks.
Protecting against Smurf attacks
A Smurf attack is a kind of DoS attack where an attacker causes a victim to be flooded with ICMP
echo (Ping) replies sent from another network. Figure 132 illustrates how a Smurf attack works.
FIGURE 132 How a Smurf attack floods a victim with ICMP replies
The attacker sends an ICMP echo request packet to the broadcast address of an intermediary
network. The ICMP echo request packet contains the spoofed address of a victim network as its
source. When the ICMP echo request reaches the intermediary network, it is converted to a Layer 2
broadcast and sent to the hosts on the intermediary network. The hosts on the intermediary
network then send ICMP replies to the victim network.
For each ICMP echo request packet sent by the attacker, a number of ICMP replies equal to the
number of hosts on the intermediary network are sent to the victim. If the attacker generates a
large volume of ICMP echo request packets, and the intermediary network contains a large number
of hosts, the victim can be overwhelmed with ICMP replies.
2
1
3
Attacker
Intermediary
Victim
Attacker sends ICMP echo requests to
broadcast address on Intermediary’s
network, spoofing Victim’s IP address
as the source
If Intermediary has directed broadcast
forwarding enabled, ICPM echo requests
are broadcast to hosts on Intermediary’s
network
The hosts on Intermediary’s network
send replies to Victim, inundating Victim
with ICPM packets
To Next Page
Loading...
