NB712 / NB714 User Guide 11
YML829 Rev1
Ping of death On the Internet, ping of death is a kind of denial of service
(DoS) attack caused by an attacker deliberately sending an
IP packet larger than the 65,536 bytes allowed by the IP
protocol. One of the features of TCP/IP is fragmentation; it
allows a single IP packet to be broken down into smaller
segments. Attackers began to take advantage of that feature
when they found that a packet broken down into fragments
could add up to more than the allowed 65,536 bytes.
Many operating systems didn’t know what to do when they
received an oversized packet, so they froze, crashed, or
rebooted. Other known variants of the ping of death include
teardrop, bonk and nestea.
SYN Flood The attacker sends TCP connections faster than the
victim machine can process them, causing it to run out
of resources and dropping legitimate connections. A new
defence against this is to create “SYN cookies”. Each side
of a connection has its own sequence number. In response
to a SYN, the attacked machine creates a special sequence
number that is a “cookie” of the connection and forgets
everything it knows about the connection. It can then
recreate the forgotten information about the connection
where the next packets come in from a legitimate
connection.
ICMP Flood The attacker transmits a volume of ICMP request packets to
cause all CPU resources to be consumed serving the phony
requests.
UDP Flood The attacker transmits a volume of requests for UDP
diagnostic services which cause all CPU resources to be
consumed serving the phony requests.
Land attack The attacker attempts to slow your network down by sending
a packet with identical source and destination addresses
originating from your network.
Smurf attack Where the source address of a broadcast ping is forged so
that a huge number of machines respond back to the victim
indicated by the address, thereby overloading it.
Fraggle Attack A perpetrator sends a large amount of UDP echo packets
at IP broadcast addresses, all of it having a spoofed source
address of a victim.
IP Spoofing IP Spoofing is a method of masking the identity of an
intrusion by making it appear that the traffic came from a
different computer. This is used by intruders to keep their
anonymity and can be used in a Denial of Service attack.