ZyXEL UAG715 User Guide - Page 330
LAND Attack, UDP Flood Attack, Protocol Anomaly Background Information
View all ZyXEL UAG715 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 330 highlights
Chapter 27 ADP Figure 225 SYN Flood LAND Attack In a LAND attack, hackers flood SYN packets into a network with a spoofed source IP address of the network itself. This makes it appear as if the computers in the network sent the packets to themselves, so the network is unavailable while they try to respond to themselves. UDP Flood Attack UDP is a connection-less protocol and it does not require any connection setup procedure to transfer data. A UDP flood attack is possible when an attacker sends a UDP packet to a random port on the victim system. When the victim system receives a UDP packet, it will determine what application is waiting on the destination port. When it realizes that there is no application that is waiting on the port, it will generate an ICMP packet of destination unreachable to the forged source address. If enough UDP packets are delivered to ports on victim, the system will go down. Protocol Anomaly Background Information The following sections may help you configure the protocol anomaly profile screen (see Section 27.3.5 on page 324) HTTP Inspection and TCP/UDP/ICMP Decoders The following table gives some information on the HTTP inspection, TCP decoder, UDP decoder and ICMP decoder UAG protocol anomaly rules. Table 125 HTTP Inspection and TCP/UDP/ICMP Decoders LABEL DESCRIPTION HTTP Inspection APACHE-WHITESPACE ATTACK This rule deals with non-RFC standard of tab for a space delimiter. Apache uses this, so if you have an Apache server, you need to enable this option. ASCII-ENCODING ATTACK This rule can detect attacks where malicious attackers use ASCIIencoding to encode attack strings. Attackers may use this method to bypass system parameter checks in order to get information or privileges from a web server. 330 UAG715 User's Guide