D-Link DXS-3600-32S CLI Guide - Page 239
Xmas Scan, Detect method, SYNFIN, SYN with source port < 1024, Ping of Death, TCP Tiny fragment
View all D-Link DXS-3600-32S manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 239 highlights
DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide Xmas Scan Hackers use the TCP Xmas scan to identify listening TCP ports. This scan uses a series of strangely configured TCP packets, which contain the Urgent (URG), Push (PSH), and FIN flags. Again, this type of scan can get through some firewalls and boundary routers that filter on incoming TCP packets with standard flag settings. If the target device's TCP port is closed, the target device sends a TCP RST packet in reply. If the target device's TCP port is open, the target discards the TCP Xmas scan, sending no reply. Detect method - Check whether a received TCP packet contains URG, Push and FIN flags. SYNFIN To use this type of scan, an attacker first sends a Transmission Control Protocol (TCP) packet that have the Finish (FIN) and Synchronize (SYN) flags set. An open port will respond with Acknowledge (ACK) and SYN TCP packets, but a closed port will return the ACK and Reset (RST) flags set. Detect method - Check whether a received TCP packet contains FIN and SYN flags. SYN with source port < 1024 SYN packet with source port less than 1024; the Internet default services use L4 port between 1 and 1023. If the source port of a TCP packet with SYN flag is less than 1024, the packet should be abnormal. Detect method - Check whether the packets source ports are less than 1024 packets. Ping of Death A ping of death is a type of attack on a computer that involves sending a malformed or otherwise malicious ping to a computer. A ping is normally 64 bytes in size; many computers cannot handle a ping larger than the maximum IP packet size, which is 65,535 bytes. Sending a ping of this size can crash the target computer. Traditionally, this bug has been relatively easy to exploit. Generally, sending a 65536 byte ping packet is illegal according to networking protocol, but a packet of such a size can be sent if it is fragmented; when the target computer reassembles the packet, a buffer overflow can occur, which often cause a system crash. Detect method - Detect whether received packets are fragmented ICMP packets. TCP Tiny fragment attack Use the IP fragmentation to create extremely small fragments and force the TCP header information into a separate packet fragment to pass through the check function of the router and issue an attack. Detect method - Check whether the packets are TCP tiny fragment packets. Example This example shows how to enable defense for all attack types. DXS-3600-32S#configure terminal DXS-3600-32S(config)#defense enable Success DXS-3600-32S(config)# Example This example shows how to enable defense land attack. DXS-3600-32S#configure terminal DXS-3600-32S(config)#defense land enable Success DXS-3600-32S(config)# 231