Denial of service overview, Syn flood attack, Smurf attack – Allied Telesis AT-S63 User Manual
Page 288: Syn flood attack smurf attack
Chapter 15: Denial of Service Defense
288
Section II: Advanced Operations
Denial of Service Overview
The AT-S63 management software can help protect your switch against
the following types of denial of service attacks.
SYN Flood Attack
SMURF Attack
Land Attack
Teardrop Attack
Ping of Death Attack
IP Options Attack
The following subsections briefly describe each type of attack and the
mechanism employed by the AT-S63 management software to protect
your network.
Note
Be sure to read the following descriptions before you implement a
DoS defense on a switch. Some defense mechanisms are CPU
intensive and can impact switch behavior.
SYN Flood
Attack
In this type of attack, an attacker sends a large number of TCP connection
requests (TCP SYN packets) with bogus source addresses to the victim.
The victim responds with acknowledgements (SYN ACK packets), but
because the original source addresses are bogus, the victim node does
not receive any replies. If the attacker sends enough requests in a short
enough period, the victim may freeze operations when the number of
requests exceeds the capacity of its connections queue.
To defend against this form of attack, a switch port monitors the number of
ingress TCP connection requests it receives. If a port receives more than
60 requests per second, the following occurs.
The switch sends an SNMP trap to the management stations
The port discards all ingress TCP-SYN packets for one minute.
However, the port continues to allow existing TCP connections to go
through.
This defense mechanism does not involve the switch’s CPU. You can
activate it on as many ports as you want without it impacting switch
performance.
SMURF Attack
This DoS attack is instigated by an attacker sending a ICMP Echo (Ping)
request containing a broadcast address as the destination address and
the address of the victim as the source of the ICMP Echo (Ping) request.