Introduction to intrusions, Introduction to ports, Introduction to denial of service – ZyXEL Communications ZyXEL ZyWALL IDP 10 User Manual
Page 101: Dos examples, Buffer overflow attacks, Ping of death, Teardrop, Appendix a introduction to intrusions
ZyWALL IDP10 User’s Guide
Introduction to Intrusions
A-1
Appendix A
Introduction to Intrusions
A.1 Introduction to Ports
Computers share information over the Internet using a common language called TCP/IP. An
“extension number”, called the "TCP port" or "UDP port" identifies these protocols, such as HTTP
(Web), FTP (File Transfer Protocol), POP3 (e-mail), etc. For example, Web traffic by default uses
TCP port 80.
When computers communicate on the Internet, they are using a client/server model, where the server
"listens" on a specific TCP/UDP port for information requests from remote client computers on the
network.
Some of the most common IP ports are:
Table A-1 Common IP Ports
21 FTP
53 DNS
23 Telnet
80 HTTP
25 SMTP
110
POP3
A.2 Introduction to Denial of Service
The goal of Denial of Service (DoS) attacks is not to steal information, but to disable a device or
network on the Internet.
A.3 DoS
Examples
A.3.1 Buffer Overflow Attacks
A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary
data storage area) than it was intended to hold. The excess information can overflow into adjacent
buffers, corrupting or overwriting the valid data held in them.
Intruders could run codes in the overflow buffer region to obtain control of the system, install a
backdoor or use the victim to launch attacks on other devices.
A.3.2 Ping of Death
Ping of Death uses a "ping" utility to create an IP packet that exceeds the maximum 65,536 bytes of
data allowed by the IP specification. The oversize packet is then sent to an unsuspecting system.
Systems may crash, hang or reboot.
A.3.3 Teardrop
Teardrop attack exploits weaknesses in the reassembly of IP packet fragments. As data is transmitted
through a network, IP packets are often broken up into smaller chunks. Each fragment looks like the
original IP packet except that it contains an offset field that says, for instance, "This fragment is
carrying bytes 200 through 400 of the original (non fragmented) IP packet." The Teardrop program