Home » ZyXEL Manuals » Networking » ZyXEL P-660H-T1 v2 » Manual Viewer

ZyXEL P-660H-T1 v2 User Guide - Page 115

LAND Attack, brute-force

Get ZyXEL P-660H-T1 v2 PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 115 highlights

Figure 60 SYN Flood Chapter 8 Firewalls • In a LAND Attack, hackers flood SYN packets into the network with a spoofed source IP address of the targeted system. This makes it appear as if the host computer sent the packets to itself, making the system unavailable while the target system tries to respond to itself. 7 A brute-force attack, such as a "Smurf" attack, targets a feature in the IP specification known as directed or subnet broadcasting, to quickly flood the target network with useless data. A Smurf hacker floods a router with Internet Control Message Protocol (ICMP) echo request packets (pings). Since the destination IP address of each packet is the broadcast address of the network, the router will broadcast the ICMP echo request packet to all hosts on the network. If there are numerous hosts, this will create a large amount of ICMP echo request and response traffic. If a hacker chooses to spoof the source IP address of the ICMP echo request packet, the resulting ICMP traffic will not only clog up the "intermediary" network, but will also congest the network of the spoofed source IP address, known as the "victim" network. This flood of broadcast traffic consumes all available bandwidth, making communications impossible. Figure 61 Smurf Attack P-660H-Tx v2 User's Guide 115

Section	Page
User’s Guide	1
About This User's Guide	3
Document Conventions	4
Safety Warnings	6
Contents Overview	9
Table of Contents	11
List of Figures	19
List of Tables	25
Introduction	29
Introducing the ZyXEL Device	31
1.1 Overview	31
1.2 Ways to Manage the ZyXEL Device	32
1.3 Good Habits for Managing the ZyXEL Device	33
1.4 LEDs	33
1.5 Splitters and Microfilters	34
1.5.1 Connecting a POTS Splitter	34
1.5.2 Telephone Microfilters	35
1.6 Hardware Connections	35
Introducing the Web Configurator	37
2.1 Web Configurator Overview	37
2.2 Accessing the Web Configurator	37
2.2.1 User Access	38
2.2.2 Administrator Access	38
2.3 Resetting the ZyXEL Device	40
2.3.1 Using the Reset Button	40
2.4 Navigating the Web Configurator	40
2.4.1 Navigation Panel	40
2.4.2 Status Screen	43
2.4.3 Status: Any IP Table	45
2.4.4 Status: Bandwidth Status	46
2.4.5 Status: Packet Statistics	47
2.4.6 Changing Login Password	48
Wizards	49
Wizard Setup for Internet Access	51
3.1 Introduction	51
3.2 Internet Access Wizard Setup	51
3.2.1 Automatic Detection	53
3.2.2 Manual Configuration	53
Bandwidth Management Wizard	59
4.1 Introduction	59
4.2 Predefined Media Bandwidth Management Services	59
4.3 Bandwidth Management Wizard Setup	60
Network	65
WAN Setup	67
5.1 WAN Overview	67
5.1.1 Encapsulation	67
5.1.2 Multiplexing	68
5.1.3 Encapsulation and Multiplexing Scenarios	68
5.1.4 VPI and VCI	69
5.1.5 IP Address Assignment	69
5.1.6 Nailed-Up Connection (PPP)	69
5.1.7 NAT	70
5.2 Metric	70
5.3 Traffic Shaping	70
5.3.1 ATM Traffic Classes	71
5.4 Zero Configuration Internet Access	72
5.5 Internet Connection	72
5.5.1 Configuring Advanced Internet Connection Setup	74
5.6 Configuring More Connections	76
5.6.1 More Connections Edit	77
5.6.2 Configuring More Connections Advanced Setup	80
5.7 Traffic Redirect	81
5.8 Configuring WAN Backup	82
LAN Setup	85
6.1 LAN Overview	85
6.1.1 LANs, WANs and the ZyXEL Device	85
6.1.2 DHCP Setup	86
6.1.3 DNS Server Address	86
6.2 LAN TCP/IP	86
6.2.1 IP Address and Subnet Mask	86
6.2.2 RIP Setup	88
6.2.3 Multicast	88
6.2.4 Any IP	89
6.3 Configuring LAN IP	90
6.3.1 Configuring Advanced LAN Setup	91
6.4 DHCP Setup	92
6.5 LAN Client List	93
6.6 LAN IP Alias	94
Network Address Translation (NAT) Screens	97
7.1 NAT Overview	97
7.1.1 NAT Definitions	97
7.1.2 What NAT Does	98
7.1.3 How NAT Works	98
7.1.4 NAT Application	98
7.1.5 NAT Mapping Types	99
7.2 SUA (Single User Account) Versus NAT	100
7.3 SIP ALG	100
7.4 NAT General Setup	101
7.5 Port Forwarding	102
7.5.1 Default Server IP Address	102
7.5.2 Port Forwarding: Services and Port Numbers	102
7.5.3 Configuring Servers Behind Port Forwarding (Example)	103
7.6 Configuring Port Forwarding	103
7.6.1 Port Forwarding Rule Edit	104
7.7 Address Mapping	105
7.7.1 Address Mapping Rule Edit	107
Security	109
Firewalls	111
8.1 Firewall Overview	111
8.2 Types of Firewalls	111
8.2.1 Packet Filtering Firewalls	111
8.2.2 Application-level Firewalls	112
8.2.3 Stateful Inspection Firewalls	112
8.3 Introduction to ZyXEL’s Firewall	112
8.3.1 Denial of Service Attacks	113
8.4 Denial of Service	113
8.4.1 Basics	113
8.4.2 Types of DoS Attacks	114
8.5 Stateful Inspection	116
8.5.1 Stateful Inspection Process	117
8.5.2 Stateful Inspection and the ZyXEL Device	118
8.5.3 TCP Security	118
8.5.4 UDP/ICMP Security	119
8.5.5 Upper Layer Protocols	119
8.6 Guidelines for Enhancing Security with Your Firewall	120
8.6.1 Security In General	120
8.7 Packet Filtering Vs Firewall	121
8.7.1 Packet Filtering:	121
8.7.2 Firewall	121
Firewall Configuration	123
9.1 Access Methods	123
9.2 Firewall Policies Overview	123
9.3 Rule Logic Overview	124
9.3.1 Rule Checklist	124
9.3.2 Security Ramifications	124
9.3.3 Key Fields For Configuring Rules	125
9.4 Connection Direction	125
9.4.1 LAN to WAN Rules	126
9.4.2 Alerts	126
9.5 General Firewall Policy	126
9.6 Firewall Rules Summary	127
9.6.1 Configuring Firewall Rules	129
9.6.2 Customized Services	132
9.6.3 Configuring a Customized Service	132
9.7 Example Firewall Rule	133
9.8 Predefined Services	137
9.9 Anti-Probing	139
9.10 DoS Thresholds	140
9.10.1 Threshold Values	140
9.10.2 Half-Open Sessions	141
9.10.3 Configuring Firewall Thresholds	141
Content Filtering	145
10.1 Content Filtering Overview	145
10.2 Configuring Keyword Blocking	145
10.3 Configuring the Schedule	146
10.4 Configuring Trusted Computers	147
Advanced Setup	149
Static Route	151
11.1 Static Route	151
11.2 Configuring Static Route	151
11.2.1 Static Route Edit	152
Bandwidth Management	155
12.1 Bandwidth Management Overview	155
12.2 Application-based Bandwidth Management	155
12.3 Subnet-based Bandwidth Management	155
12.4 Application and Subnet-based Bandwidth Management	156
12.5 Scheduler	156
12.5.1 Priority-based Scheduler	156
12.5.2 Fairness-based Scheduler	157
12.6 Maximize Bandwidth Usage	157
12.6.1 Reserving Bandwidth for Non-Bandwidth Class Traffic	157
12.6.2 Maximize Bandwidth Usage Example	157
12.6.3 Bandwidth Management Priorities	159
12.7 Over Allotment of Bandwidth	159
12.8 Configuring Summary	159
12.9 Bandwidth Management Rule Setup	160
12.9.1 Rule Configuration	162
12.10 Bandwidth Monitor	164
Dynamic DNS Setup	165
13.1 Dynamic DNS Overview	165
13.1.1 DYNDNS Wildcard	165
13.2 Configuring Dynamic DNS	165
Remote Management Configuration	169
14.1 Remote Management Overview	169
14.1.1 Remote Management Limitations	170
14.1.2 Remote Management and NAT	170
14.1.3 System Timeout	170
14.2 WWW	170
14.3 Telnet	171
14.4 Configuring Telnet	171
14.5 Telnet Login	172
14.6 Configuring FTP	173
14.7 SNMP	174
14.7.1 Supported MIBs	175
14.7.2 SNMP Traps	175
14.7.3 Configuring SNMP	175
14.8 Configuring DNS	177
14.9 Configuring ICMP	177
14.10 TR-069	178
Universal Plug-and-Play (UPnP)	181
15.1 Introducing Universal Plug and Play	181
15.1.1 How do I know if I'm using UPnP?	181
15.1.2 NAT Traversal	181
15.1.3 Cautions with UPnP	181
15.2 UPnP and ZyXEL	182
15.2.1 Configuring UPnP	182
15.3 Installing UPnP in Windows Example	183
15.3.1 Installing UPnP in Windows Me	183
15.3.2 Installing UPnP in Windows XP	184
15.4 Using UPnP in Windows XP Example	185
15.4.1 Auto-discover Your UPnP-enabled Network Device	186
15.4.2 Web Configurator Easy Access	189
Maintenance and Troubleshooting	193
System	195
16.1 General Setup	195
16.1.1 General Setup and System Name	195
16.1.2 General Setup	195
16.2 Time Setting	197
Tools	201
17.1 Firmware Upgrade	201
17.2 Configuration Screen	203
17.2.1 Backup Configuration	203
17.2.2 Restore Configuration	204
17.2.3 Back to Factory Defaults	205
17.3 Restart	205
Diagnostic	207
18.1 General Diagnostic	207
18.2 DSL Line Diagnostic	208
Logs	209
19.1 Logs Overview	209
19.1.1 Alerts and Logs	209
19.2 Viewing the Logs	209
19.3 Configuring Log Settings	210
19.3.1 Example E-mail Log	212
19.4 Log Descriptions	213
Troubleshooting	227
20.1 Power, Hardware Connections, and LEDs	227
20.2 ZyXEL Device Access and Login	228
20.3 Internet Access	230
Appendices and Index	231
Product Specifications	233
Internal SPTGEN	241
Setting up Your Computer’s IP Address	257
IP Addresses and Subnetting	273
Pop-up Windows, JavaScripts and Java Permissions	283
Firewall Commands	289
NetBIOS Filter Commands	295
Triangle Route	297
Legal Information	299
Customer Support	303

Match case Limit results 1 per page

Chapter 8 Firewalls

P-660H-Tx v2 User’s Guide

115

Figure 60

SYN Flood

•

In a

LAND Attack

, hackers flood SYN packets into the network with a spoofed source IP

address of the targeted system. This makes it appear as if the host computer sent the

packets to itself, making the system unavailable while the target system tries to respond to

itself.

brute-force

attack, such as a "Smurf" attack, targets a feature in the IP specification

known as directed or subnet broadcasting, to quickly flood the target network with

useless data. A Smurf hacker floods a router with Internet Control Message Protocol

(ICMP) echo request packets (pings). Since the destination IP address of each packet is

the broadcast address of the network, the router will broadcast the ICMP echo request

packet to all hosts on the network. If there are numerous hosts, this will create a large

amount of ICMP echo request and response traffic. If a hacker chooses to spoof the

source IP address of the ICMP echo request packet, the resulting ICMP traffic will not

only clog up the "intermediary" network, but will also congest the network of the

spoofed source IP address, known as the "victim" network. This flood of broadcast

traffic consumes all available bandwidth, making communications impossible.

Figure 61

Smurf Attack