Chapter 12
| Security Measures
DoS Protection
– 338 –
no flags. If the target's TCP port is closed, the target replies with a TCP RST
(reset) packet. If the target TCP port is open, it simply discards the TCP NULL
scan.
◆ SYN/FIN Scan – Protects against SYN/FIN-scan attacks in which a TCP SYN/FIN
scan message is used to identify listening TCP ports. The scan uses a series of
strangely configured TCP packets which contain SYN (synchronize) and FIN
(finish) flags. If the target's TCP port is closed, the target replies with a TCP RST
(reset) packet. If the target TCP port is open, it simply discards the TCP SYN FIN
scan.
In these packets, SYN=1 and FIN=1.
◆ SYN/RST Scan – Protects against SYN/RST-scan attacks in which a TCP SYN/RST
scan message is used to stop an ongoing TCP session. An attacker can forge a
set of Synchronize (SYN) and Reset (RST) packets in an attempt to guess a TCP
sequence number within a narrow range (or TCP window) of values. Successful
exploitation of this issue results in a termination of the TCP session. Depending
on the targeted software or hardware, the outcome may result in a simple
denial of service, or it may leave the system in an unpredictable state, possibly
leading to data loss or additional vulnerabilities.
In these packets, SYN=1 and RST=1.
◆ SYN Flood – Protects against flooding attacks in which a perpetrator sends a
succession of TCP synchronization requests (with or without a spoofed source
IP address) to a target and never returns ACK packets. These half-open
connections will bind up resources on the target, and no new connections can
be made, resulting in denial of service. (Maximum allowed rate: 64-2048 kbits/
second)
In these packets, SYN=1.
Protection for UDP
◆ Invalid Header Length – Protects against attacks which send UDP packets
with an incorrect header length. Such packets are not allowed by the system,
but their abundant number can cause computer crashes and other system
errors.
In these packets, the UDP raw data length is less than 8 bytes.
◆ Blat Block – Protects against attacks in which a specially crafted packet is sent
to a host where the source host port is the same as the destination host port.
The system attempts to reply to itself, resulting in system lockup.
◆ Flood – Protects against flooding attacks in which a perpetrator sends a large
number of UDP packets (with or without a spoofed source IP address) to
random ports on a remote host. The target will determine that an application is
listening at that port, and reply with an ICMP “Destination Unreachable” packet.
It will be forced to send many ICMP packets, eventually leading it to be
unreachable by other clients. (Maximum allowed rate: 64-2048 kbits/second)
To Next Page
Loading...
Need help?
General
