Firewall
304
8.5
Denial of Service
BAT54-Rail/F..
Release
7.54
06/08
D The sender address will be blocked for an adjustable period of time.
D The destination port of the scan will be blocked for an adjustable period
of time.
WEBconfig, Telnet
The behavior of the Intrusion Detection Systems can be configured here un-
der WEBconfig or Telnet:
8.5 Denial of Service
Attacks from the Internet can be break-in attempts, as well as attacks aiming
to block the accessibility and functionality of individual services. Therefore a
BAT is equipped with appropriate protective mechanisms, which recognize
well-known hacker attacks and which guarantee functionality.
8.5.1 Examples of Denial of Service Attacks
Denial of service attacks do profit from fundamental weaknesses of TCP/IP
protocols, as well as from incorrect implementations of TCP/IP protocol
stacks. Attacks, which profit from fundamental weaknesses are e.g. SYN
Flood and Smurf. Attacks aiming at incorrect implementations are all attacks,
which operate with incorrectly fragmented packets (e.g. Teardrop), or which
work with falsified sender addresses (e. g. Land). In the following some of
these attacks are described, their effects and possible countermeasures.
U SYN Flooding
SYN Flooding means that the aggressor sends in short distances TCP pack-
ets with set SYN flag and with constantly changing source ports on open
ports of its victim. The attacked computer establishes as a result a TCP con-
nection, replies to the aggressor a packet with set SYN and ACK flags and
waits now in vain for the confirmation of the connection establishment. Hun-
dreds of "half-open" TCP connections are staying thereby, and just consume
resources (e.g. memory) of the attacked computer. This procedure can go
that far that the victim can accept no more TCP connection or crashes due to
the lack of memory.
Configuration tool Run
WEBconfig Expert Configuration:
Setup/IP Router Module/Firewall
Terminal/Telnet Setup/IP Router Module/Firewall
To Next Page
Loading...
Need help?
General
