TP-Link T1700X-16TS T1700X-16TSUN V1 User Guide - Page 210

DoS Attack Type, Description

Get TP-Link T1700X-16TS PDF manuals and user guides View all TP-Link T1700X-16TS manuals
Add to My Manuals
Save this manual to your list of manuals

Page 210 highlights

the illegal packets directly and limit the transmission rate of the legal packets if the over legal packets may incur a breakdown of the network. The switch can defend several types of DoS attack listed in the following table. DoS Attack Type Description Land Attack The attacker sends a specific fake SYN packet to the destination Host. Since both the source IP address and the destination IP address of the SYN packet are set to be the IP address of the Host, the Host will be trapped in an endless circle for building the initial connection. The performance of the network will be reduced extremely. Scan SYNFIN The attacker sends the packet with its SYN field and the FIN field set to 1. The SYN field is used to request initial connection whereas the FIN field is used to request disconnection. Therefore, the packet of this type is illegal. The switch can defend this type of illegal packet. Xmascan The attacker sends the illegal packet with its TCP index, FIN, URG and PSH field set to 1. NULL Scan Attack The attacker sends the illegal packet with its TCP index and all the control fields set to 0. During the TCP connection and data transmission, the packets with all the control fields set to 0 are considered as the illegal packets. SYN packet with its The attacker sends the illegal packet with its TCP SYN field set to 1 source port less than and source port less than 1024. 1024 Blat Attack The attacker sends the illegal packet with its source port and destination port on Layer 4 the same and its URG field set to 1. Similar to the Land Attack, the system performance of the attacked Host is reduced since the Host circularly attempts to build a connection with the attacker. Ping Flooding The attacker floods the destination system with Ping broadcast storm packets to forbid the system to respond to the legal communication. SYN/SYN-ACK Flooding The attacker uses a fake IP address to send TCP request packets to the Server. Upon receiving the request packets, the Server responds with SYN-ACK packets. Since the IP address is fake, no response will be returned. The Server will keep on sending SYN-ACK packets. If the attacker sends overflowing fake request packets, the network resource will be occupied maliciously and the requests of the legal clients will be denied. WinNuke Attack Since the Operation System with bugs cannot correctly process the URG (Urgent Pointer) of TCP packets, the attacker sends this type of packets to the TCP port139 (NetBIOS) of the Host with the Operation System bugs, which will cause the Host with a blue screen. Table 12-1 Defendable DoS Attack Types 199

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
the illegal packets directly and limit the transmission rate of the legal packets if the over legal
packets may incur a breakdown of the network. The switch can defend several types of DoS attack
listed in the following table.
DoS Attack Type
Description
Land Attack
The attacker sends a specific fake SYN packet to the destination Host.
Since both the source IP address and the destination IP address of the
SYN packet are set to be the IP address of the Host, the Host will be
trapped in an endless circle for building the initial connection. The
performance of the network will be reduced extremely.
Scan SYNFIN
The attacker sends the packet with its SYN field and the FIN field set to
1. The SYN field is used to request initial connection whereas the FIN
field is used to request disconnection. Therefore, the packet of this
type is illegal. The switch can defend this type of illegal packet.
Xmascan
The attacker sends the illegal packet with its TCP index, FIN, URG and
PSH field set to 1.
NULL Scan Attack
The attacker sends the illegal packet with its TCP index and all the
control fields set to 0. During the TCP connection and data
transmission, the packets with all the control fields set to 0 are
considered as the illegal packets.
SYN packet with its
source port less than
1024
The attacker sends the illegal packet with its TCP SYN field set to 1
and source port less than 1024.
Blat Attack
The attacker sends the illegal packet with its source port and
destination port on Layer 4 the same and its URG field set to 1. Similar
to the Land Attack, the system performance of the attacked Host is
reduced since the Host circularly attempts to build a connection with
the attacker.
Ping Flooding
The attacker floods the destination system with Ping broadcast storm
packets to forbid the system to respond to the legal communication.
SYN/SYN-ACK
Flooding
The attacker uses a fake IP address to send TCP request packets to
the Server. Upon receiving the request packets, the Server responds
with SYN-ACK packets. Since the IP address is fake, no response will
be returned. The Server will keep on sending SYN-ACK packets. If the
attacker sends overflowing fake request packets, the network resource
will be occupied maliciously and the requests of the legal clients will be
denied.
WinNuke Attack
Since the Operation System with bugs cannot correctly process the
URG (Urgent Pointer) of TCP packets, the attacker sends this type of
packets to the TCP port139 (NetBIOS) of the Host with the Operation
System bugs, which will cause the Host with a blue screen.
Table 12-1 Defendable DoS Attack Types
199