Types Of Dos Attacks - Cisco 500 Series Administration Manual
Stackable managed
Hide thumbs
Also See for 500 Series:
- Configuration manual (1140 pages) ,
- Administration manual (485 pages) ,
- Quick start manual (72 pages)
Table of Contents
Advertisement
21
461
SCT can be monitored in the Denial of Service > Denial of Service Prevention >
Security Suite Settings page (Details button).
Types of DoS Attacks
The following types of packets or other strategies might be involved in a Denial of
Service attack:
•
TCP SYN Packets—These packets often have a false sender address. Each
packets is handled like a connection request, causing the server to spawn a
half-open connection, by sending back a TCP/SYN-ACK packet
(Acknowledge), and waiting for a packet in response from the sender
address (response to the ACK Packet). However, because the sender
address is false, the response never comes. These half-open connections
saturate the number of available connections that the device is able to
make, keeping it from responding to legitimate requests.
•
TCP SYN-FIN Packets—SYN packets are sent to create a new TCP
connection. TCP FIN packets are sent to close a connection. A packet in
which both SYN and FIN flags are set should never exist. Therefore these
packets might signify an attack on the device and should be blocked.
•
Martian Addresses—Martian addresses are illegal from the point of view of
the IP protocol. See
•
ICMP Attack—Sending malformed ICMP packets or overwhelming number
of ICMP packets to the victim that might lead to a system crash.
•
IP Fragmentation—Mangled IP fragments with overlapping, over-sized
payloads are sent to the device. This can crash various operating systems
due to a bug in their TCP/IP fragmentation re-assembly code. Windows
3.1x, Windows 95 and Windows NT operating systems, as well as versions
of Linux prior to versions 2.0.32 and 2.1.63 are vulnerable to this attack.
•
Stacheldraht Distribution—The attacker uses a client program to connect to
handlers, which are compromised systems that issue commands to zombie
agents, which in turn facilitate the DoS attack. Agents are compromised via
the handlers by the attacker.
Using automated routines to exploit vulnerabilities in programs that accept
remote connections running on the targeted remote hosts. Each handler can
control up to a thousand agents.
•
Invasor Trojan—A trojan enables the attacker to download a zombie agent
(or the trojan may contain one). Attackers can also break into systems using
automated tools that exploit flaws in programs that listen for connections
Martian Addresses
Cisco 500 Series Stackable Managed Switch Administration Guide
Denial of Service Prevention
for more details.
Security
Hide quick links:
Advertisement
Table of Contents
