Protecting against denial of service attacks, Protecting against smurf attacks, Chapter 33 – Brocade TurboIron 24X Series Configuration Guide User Manual

Page 1057: Chapter

Advertising
background image

Brocade TurboIron 24X Series Configuration Guide

1023

53-1003053-01

Chapter

33

Protecting Against Denial of Service Attacks

In this chapter

Protecting against Smurf attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1023

Protecting against TCP SYN attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1025

Protecting against Smurf attacks

This chapter explains how to protect your devices from Denial of Service (DoS) attacks.

In a Denial of Service (DoS) attack, a router is flooded with useless packets, hindering normal
operation. Devices include measures for defending against two types of DoS attacks Smurf attacks
and TCP SYN attacks.

A Smurf attack is a kind of DoS attack where an attacker causes a victim to be flooded with ICMP
echo (Ping) replies sent from another network.

Figure 125

illustrates how a Smurf attack works.

FIGURE 125

How a Smurf attack floods a victim with ICMP replies

The attacker sends an ICMP echo request packet to the broadcast address of an intermediary
network. The ICMP echo request packet contains the spoofed address of a victim network as its
source. When the ICMP echo request reaches the intermediary network, it is converted to a Layer 2
broadcast and sent to the hosts on the intermediary network. The hosts on the intermediary
network then send ICMP replies to the victim network.

For each ICMP echo request packet sent by the attacker, a number of ICMP replies equal to the
number of hosts on the intermediary network are sent to the victim. If the attacker generates a
large volume of ICMP echo request packets, and the intermediary network contains a large number
of hosts, the victim can be overwhelmed with ICMP replies.

2

1

3

Attacker

Intermediary

Victim

Attacker sends ICMP echo requests to
broadcast address on Intermediary’s
network, spoofing Victim’s IP address
as the source

If Intermediary has directed broadcast
forwarding enabled, ICPM echo requests
are broadcast to hosts on Intermediary’s
network

The hosts on Intermediary’s network
send replies to Victim, inundating Victim
with ICPM packets

Advertising
Popular Brands
Popular manuals