ZyXEL P-794H User Guide - Page 196
Port Scanning, 15.3.5 ICMP Flood Attack, 15.3.6 Smurf Attack,
View all ZyXEL P-794H manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 196 highlights
Chapter 15 Security 15.3.4 Port Scanning An attacker scans device(s) to determine what types of network protocols or services a device supports. One of the most common port scanning tools in use today is Nmap. Many connection attempts to different ports (services) may indicate a port scan. These are some port scan types: • TCP Portscan • UDP Portscan • IP Portscan An IP port scan searches not only for TCP, UDP and ICMP protocols in use by the remote computer, but also additional IP protocols such as EGP (Exterior Gateway Protocol) or IGP (Interior Gateway Protocol). Determining these additional protocols can help reveal if the destination device is a workstation, a printer, or a router. 15.3.5 ICMP Flood Attack Flood attacks saturate a network with useless data, use up all available bandwidth, and therefore make communications in the network impossible. 15.3.6 Smurf Attack A smurf attacker (A) floods a router (B) with Internet Control Message Protocol (ICMP) echo request packets (pings) with the destination IP address of each packet as the broadcast address of the network. The router will broadcast the ICMP echo request packet to all hosts on the network. If there are numerous hosts, this will create a large amount of ICMP echo request and response traffic. If an attacker (A) spoofs the source IP address of the ICMP echo request packet, the resulting ICMP traffic will not only saturate the receiving network (B), but the network of the spoofed source IP address (C). Figure 124 Smurf Attack 196 P-794H User's Guide