ZyXEL GS-1548 User Guide - Page 89

CHAPTER 15 Auto Denial of Service (DoS) This chapter shows you how to configure automatic Denial of Service prevention on the Switch. 15.1 About Denial of Service Attacks Denial of Service (DoS) attacks try to disable a device or network so users no longer have access to network resources. The Switch has features which automatically detect and thwart currently known DoS attacks. 15.1.1 DoS Attacks Summary The following table summarizes the types of attacks the Switch can prevent. Table 29 DoS Attack Summary ATTACK DESCRIPTION Land Attacks These attacks result from sending a specially crafted packet to a machine where the source host IP address is the same as the destination host IP address. The system attempts to reply to itself, resulting in system lockup. Blat Attacks These attacks result from sending a specially crafted packet to a machine where the source host port is the same as the destination host port. The system attempts to reply to itself, resulting in system lockup. SYNFIN scans SYNchronization (SYN), ACKnowledgment (ACK) and FINish (FIN) packets are used to initiate, acknowledge and conclude TCP/IP communication sessions. The following scans exploit weaknesses in the TCP/IP specification and try to illicit a response from a host to identify ports for an attack: Scan SYNFIN - SYN and FIN bits are set in the packet. Xmascan - TCP sequence number is zero and the FIN, URG and PSH bits are set. NULL Scan - TCP sequence number is zero and all control bits are zeroes. SYN with port < 1024 - SYN packets with source port less than 1024. GS-1524/GS-1548 User's Guide 89