Firewall
BAT54-Rail/F..
Release
7.54
06/08
8.5
Denial of Service
307
U Bonk/Fragrouter
Bonk is a variant of the Teardrop attack, which targets not at crashing the at-
tacked computer, but to trick simple port filter Firewalls, which accept also
fragmented packets and thus to penetrate into the network being protected.
During this attack, the UDP or TCP Header of the first fragment is overwritten
by skillful choice of the fragment offset. Thereby, simple port filter Firewalls
accept the first packet and the appropriate fragments while overwriting the
first packet's header by the second fragment. Thus suddenly a permissible
packet is created, which rather actually should be blocked by the Firewall.
Concerning this occurrence, the Firewall can itself either reassemble or filter
only the wrong fragment (and all following), leading to the problems already
indicated by either one of the other solutions above.
Note: By default installation all items are configured as "secure", i.e. maximal
100 permissible half-open connections by different workstations (see
SYN Flooding), at most 50 half-open connections of a single computer
(see Portscan) of fragmented packets to be reassembled.
8.5.2 Configuration of DoS blocking
LANconfig
Parameters against DoS attacks are set in the LANconfig in the configuration
tool 'Firewall/QoS' on the register card 'DoS':
To Next Page
Loading...
Need help?
General
