Configuring Attack Detection And Prevention; Overview; Attacks That The Device Can Prevent; Single-Packet Attacks - HP FlexNetwork 10500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Configuration manual (512 pages) ,
- Specifications (42 pages) ,
- Datasheet (20 pages)
Table of Contents
Advertisement
Configuring attack detection and
prevention
Overview
Attack detection and prevention enables a device to detect attacks by inspecting arriving packets,
and to take prevention actions to protect a private network. Prevention actions include logging,
packet dropping, and blacklisting.
Attacks that the device can prevent
This section describes the attacks that the device can detect and prevent.
Single-packet attacks
Single-packet attacks are also known as malformed packet attacks. An attacker typically launches
single-packet attacks by using the following methods:
•
An attacker sends defective packets to a device, which causes the device to malfunction or
crash.
•
An attacker sends normal packets to a device, which interrupts connections or probes network
topologies.
•
An attacker sends a large number of forged packets to a target device, which consumes
network bandwidth and causes denial of service (DoS).
Table 21
lists the single-packet attack types that the device can detect and prevent.
Table 21 Types of single-packet attacks
Single-packet attack
ICMP redirect
ICMP destination unreachable
ICMP type
ICMPv6 type
Land
Large ICMP packet
Large ICMPv6 packet
Description
An attacker sends ICMP redirect messages to modify the victim's routing
table. The victim cannot forward packets correctly.
An attacker sends ICMP destination unreachable messages to cut off the
connections between the victim and its destinations.
A receiver responds to an ICMP packet according to its type. An attacker
sends forged ICMP packets of a specific type to affect the packet
processing of the victim.
A receiver responds to an ICMPv6 packet according to its type. An
attacker sends forged ICMPv6 packets of specific types to affect the
packet processing of the victim.
An attacker sends the victim a large number of TCP SYN packets, which
contain the victim's IP address as the source and destination IP
addresses. This attack exhausts the half-open connection resources on
the victim, and locks the victim's system.
An attacker sends large ICMP packets to crash the victim. Large ICMP
packets can cause memory allocation error and crash the protocol stack.
An attacker sends large ICMPv6 packets to crash the victim. Large
ICMPv6 packets can cause memory allocation error and crash the
protocol stack.
468
Advertisement
Table of Contents
Troubleshooting
