ZyXEL Communications 2602HWNLI-D7A Modem User Manual


 
Prestige 2602HWNLI-D7A Support Notes
All contents copyright (c) 2007 ZyXEL Communications Corporation.
199
What is Denials of Service (DoS)attack?
Denial of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet.
Their goal is not to steal information, but to disable a device or network so users no longer have access to
network resources.
There are four types of DoS attacks:
1. Those that exploits bugs in a TCP/IP implementation such as Ping of Death and Teardrop.
2. Those that exploits weaknesses in the TCP/IP specification such as SYN Flood and LAND
Attacks.
3. Brute-force attacks that flood a network with useless data such as Smurf attack.
4. IP Spoofing
What is Ping of Death attack?
Ping of Death uses a 'PING' utility to create an IP packet that exceeds the maximum 65535 bytes of data
allowed by the IP specification. The oversize packet is then sent to an unsuspecting system. Systems may
crash, hang, or reboot.
What is Teardrop attack?
Teardrop attack exploits weakness in the reassemble of the IP packet fragments. As data is transmitted
through a network, IP packets are often broken up into smaller chunks. Each fragment looks like the
original packet except that it contains an offset field. The Teardrop program creates a series of IP
fragments with overlapping offset fields. When these fragments are reassembled at the destination, some
systems will crash, hang, or reboot.
What is SYN Flood attack?
SYN attack floods a targeted system with a series of SYN packets. Each packet causes the targeted
system to issue a SYN-ACK response, While the targeted system waits for the ACK that follows the
SYN-ACK, it queues up all outstanding SYN-ACK responses on what is known as a backlog queue.
SYN-ACKs are moved off the queue only when an ACK comes back or when an internal timer (which is
set a relatively long intervals) terminates the TCP three-way handshake. Once the queue is full , the
system will ignore all incoming SYN requests, making the system unavailable for legitimate users.