Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Brocade Mobility RFS Controller CLI Reference Guide

989

53-1003098-01

14

option-route

Optional. Enables an IP Option Record Route DoS check

router-advt

Optional. Detects router-advertisement attacks
This attack uses ICMP to redirect the network router function to some other host. If that host can not
provide router services, a DoS of network communications occurs as routing stops. This can also be
modified to single out a specific system, so that only that system is subject to attack (because only that
system sees the 'false' router). By providing router services from a compromised host, the attacker can
also place themselves in a man-in-the-middle situation and take control of any open channel at will (as
mentioned earlier, this is often used with TCP packet forgery and spoofing to intercept and change open
TELNET sessions).

router-solicit

Optional. Detects router solicitation attacks
The ICMP router solicitation scan is used to actively find routers on a network. A hacker could set up a
protocol analyzer to detect routers as they broadcast routing information on the network. In some
instances, however, routers may not send updates. For example, if the local network does not have other
routers, the router may be configured to not send routing information packets onto the local network.
ICMP offers a method for router discovery. Clients send ICMP router solicitation multicasts onto the
network, and routers must respond (as defined in RFC 1122). (For more information about the process of
ICMP router solicitation, see "Routing Sequences for ICMP.")
By sending ICMP router solicitation packets (ICMP type 9) on the network and listening for ICMP router
discovery replies (ICMP type 10), hackers can build a list of all of the routers that exist on a network
segment. Hackers often use this scan to locate routers that do not reply to ICMP echo requests

smurf

Optional. In this attack, a large number of ICMP echo packets are sent with a spoofed source address.
This causes the device with the spoofed source address to be flooded with a large number of replies.

snork

Optional. This attack causes a remote Windows™ NT to consume 100% of the CPU’s resources. This
attack uses a UDP packet with a destination port of 135 and a source port of 7, 9, or 135. This attack can
also be exploited as a bandwidth consuming attack.

tcp-bad-sequence

Optional. A DoS attack that uses a specially crafted TCP packet to cause the targeted device to drop all
subsequent network traffic for a specific TCP connection

tcp-fin-scan

Optional. Detects TCP FIN scan attacks
Hackers use the TCP FIN scan to identify listening TCP port numbers based on how the target device
reacts to a transaction close request for a TCP port (even though no connection may exist before these
close requests are made). This type of scan can get through basic firewalls and boundary routers that
filter on incoming TCP packets with the Finish (FIN) and ACK flag combination. The TCP packets used in
this scan include only the TCP FIN flag setting.
If the target device's TCP port is closed, the target device sends a TCP RST packet in reply. If the target
device's TCP port is open, the target device discards the FIN and sends no reply.