ZyXEL Communications 2WG User Manual

ZyWALL 2WG Support Notes

All contents copyright (c) 2006 ZyXEL Communications Corporation.

230

B07. What is Ping of Death attack?

Ping of Death uses a 'PING' utility to create an IP packet that exceeds the maximum 65535 bytes of data

allowed by the IP specification. The oversize packet is then sent to an unsuspecting system. Systems may

crash, hang, or reboot.

B08. What is Teardrop attack?

Teardrop attack exploits weakness in the reassemble of the IP packet fragments. As data is transmitted

through a network, IP packets are often broken up into smaller chunks. Each fragment looks like the

original packet except that it contains an offset field. The Teardrop program creates a series of IP

fragments with overlapping offset fields. When these fragments are reassembled at the destination, some

systems will crash, hang, or reboot.

B09. What is SYN Flood attack?

SYN attack floods a targeted system with a series of SYN packets. Each packet causes the targeted

system to issue a SYN-ACK response, while the targeted system waits for the ACK that follows the

SYN-ACK; it queues up all outstanding SYN-ACK responses on what is known as a backlog queue.

SYN-ACKs are moved off the queue only when an ACK comes back or when an internal timer (which is

set a relatively long intervals) terminates the TCP three-way handshake. Once the queue is full , the

system will ignore all incoming SYN requests, making the system unavailable for legitimate users.

B10. What is LAND attack?

In a LAN attack, hackers flood SYN packets to the network with a spoofed source IP address of the

targeted system. This makes it appear as if the host computer sent the packets to itself, making the system

unavailable while the target system tries to respond to itself.

B11. What is Brute-force attack?

A Brute-force attack, such as 'Smurf' attack, targets a feature in the IP specification known as directed or

subnet broadcasting, to quickly flood the target network with useless data. A Smurf hacker flood a

destination IP address of each packet is the broadcast address of the network; the router will broadcast the

ICMP echo request packet to all hosts on the network. If there are numerous hosts, this will create a large

amount of ICMP echo request packet, the resulting ICMP traffic will not only clog up the 'intermediary'

network, but will also congest the network of the spoofed source IP address, known as the 'victim'

network. This flood of broadcast traffic consumes all available bandwidth, making communications

impossible.