Filter
Top Products
Chapter 26 ADP
ISG50 User’s Guide
424
A SYN flood attack is when an attacker sends a series of SYN packets. Each packet causes the
receiver to reply with a SYN-ACK response. The receiver then waits for the ACK that follows the
SYN-ACK, and stores all outstanding SYN-ACK responses on a backlog queue. SYN-ACKs are only
moved off the queue when an ACK comes back or when an internal timer ends the three-way
handshake. Once the queue is full, the system will ignore all incoming SYN requests, making the
system unavailable for other users.
Figure 276 SYN Flood
LAND Attack
In a LAND attack, hackers flood SYN packets into a network with a spoofed source IP address of the
network itself. This makes it appear as if the computers in the network sent the packets to
themselves, so the network is unavailable while they try to respond to themselves.
UDP Flood Attack
UDP is a connection-less protocol and it does not require any connection setup procedure to
transfer data. A UDP flood attack is possible when an attacker sends a UDP packet to a random port
on the victim system. When the victim system receives a UDP packet, it will determine what
application is waiting on the destination port. When it realizes that there is no application that is
waiting on the port, it will generate an ICMP packet of destination unreachable to the forged source
address. If enough UDP packets are delivered to ports on victim, the system will go down.
Protocol Anomaly Background Information
The following sections may help you configure the protocol anomaly profile screen (see Section
26.3.5 on page 418)