D-Link DFL-260E User Manual for DFL-260E - Page 355
Denial-of-Service Attack Prevention, 6.6.1. Overview, 6.6.2. DoS Attack Mechanisms
View all D-Link DFL-260E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 355 highlights
6.6. Denial-of-Service Attack Prevention Chapter 6. Security Mechanisms 6.6. Denial-of-Service Attack Prevention 6.6.1. Overview By embracing the Internet, enterprises experience new business opportunities and growth. The enterprise network and the applications that run over it are business critical. Not only can a company reach a larger number of customers via the Internet, it can serve them faster and more efficiently. At the same time, using a public IP network enables companies to reduce infrastructure related costs. Unfortunately, the same advantages that the Internet brings to business also benefit the hackers who use the same public infrastructure to mount attacks. Attack tools are readily available on the Internet and development work on these tools is often split across groups of novice hackers - sometimes referred to with names such as "script kiddies - spread around the world, providing a 24/7 evolution of attack methods. Many newer attack techniques utilize the distributed topology of the Internet to launch Denial of Service (DoS) attacks against organizations resulting in paralysed web servers that can no longer respond to legitimate connection requests. To be on the receiving end of a DoS attack is probably the last thing any network administrator wants to experience. Attacks can appear out of thin air and the consequences can be devastating with crashed servers, jammed Internet connections and business critical systems in overload. This section deals with using NetDefend Firewalls to protect organizations against these attacks. 6.6.2. DoS Attack Mechanisms A DoS attack can be perpetrated in a number of ways but there are three basic types of attack: • Consumption of computational resources, such as bandwidth, disk space, or CPU time. • Disruption of configuration information, such as routing information. • Disruption of physical network components. One of the most commonly used method is the consumption of computational resources which means that the DoS attack floods the network and ties up critical resources used to run business critical applications. In some cases, vulnerabilities in the Unix and Windows operating systems are exploited to intentionally crash the system, while in other cases large amounts of apparently valid traffic are directed at sites until they become overloaded and crash. Some of the most commonly used DoS attacks have been: • The Ping of Death / Jolt attacks • Fragmentation overlap attacks: Teardrop / Bonk / Boink / Nestea • The Land and LaTierra attacks • The WinNuke attack • Amplification attacks: Smurf, Papasmurf, Fraggle • TCP SYN Flood attack • The Jolt2 attack 6.6.3. Ping of Death and Jolt Attacks The "ping of death" is one of the earliest layer 3/4 attacks. One of the simplest ways to execute it is to run "ping -l 65510 1.2.3.4" on a Windows 95 system where 1.2.3.4 is the IP address of the 355