6.6. Denial-of-Service Attack Prevention
6.6.1. Overview
By embracing the Internet, enterprises experience new business opportunities and growth. The
enterprise network and the applications that run over it are business critical. Not only can a company
reach a larger number of customers via the Internet, it can serve them faster and more efficiently. At
the same time, using a public IP network enables companies to reduce infrastructure related costs.
Unfortunately, the same advantages that the Internet brings to business also benefit the hackers who
use the same public infrastructure to mount attacks. Attack tools are readily available on the Internet
and development work on these tools is often split across groups of novice hackers - sometimes
referred to with names such as "script kiddies - spread around the world, providing a 24/7 evolution
of attack methods. Many newer attack techniques utilize the distributed topology of the Internet to
launch Denial of Service (DoS) attacks against organizations resulting in paralysed web servers that
can no longer respond to legitimate connection requests.
To be on the receiving end of a DoS attack is probably the last thing any network administrator
wants to experience. Attacks can appear out of thin air and the consequences can be devastating
with crashed servers, jammed Internet connections and business critical systems in overload.
This section deals with using NetDefend Firewalls to protect organizations against these attacks.
6.6.2. DoS Attack Mechanisms
A DoS attack can be perpetrated in a number of ways but there are three basic types of attack:
•
Consumption of computational resources, such as bandwidth, disk space, or CPU time.
•
Disruption of configuration information, such as routing information.
•
Disruption of physical network components.
One of the most commonly used method is the consumption of computational resources which
means that the DoS attack floods the network and ties up critical resources used to run business
critical applications. In some cases, vulnerabilities in the Unix and Windows operating systems are
exploited to intentionally crash the system, while in other cases large amounts of apparently valid
traffic are directed at sites until they become overloaded and crash.
Some of the most commonly used DoS attacks have been:
•
The Ping of Death / Jolt attacks
•
Fragmentation overlap attacks: Teardrop / Bonk / Boink / Nestea
•
The Land and LaTierra attacks
•
The WinNuke attack
•
Amplification attacks: Smurf, Papasmurf, Fraggle
•
TCP SYN Flood attack
•
The Jolt2 attack
6.6.3. Ping of Death and Jolt Attacks
The "ping of death" is one of the earliest layer 3/4 attacks. One of the simplest ways to execute it is
to run "ping -l 65510 1.2.3.4" on a Windows 95 system where 1.2.3.4 is the IP address of the
6.6. Denial-of-Service Attack
Prevention
Chapter 6. Security Mechanisms
332
Summary of Contents for NetDefend DFL-260E
Page 27: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 27...
Page 79: ...2 7 3 Restore to Factory Defaults Chapter 2 Management and Maintenance 79...
Page 146: ...3 9 DNS Chapter 3 Fundamentals 146...
Page 227: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 227...
Page 241: ...5 4 IP Pools Chapter 5 DHCP Services 241...
Page 339: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 339...
Page 360: ...7 4 7 SAT and FwdFast Rules Chapter 7 Address Translation 360...
Page 382: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 382...
Page 386: ...The TLS ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 386...
Page 439: ...Figure 9 3 PPTP Client Usage 9 5 4 PPTP L2TP Clients Chapter 9 VPN 439...
Page 450: ...9 7 6 Specific Symptoms Chapter 9 VPN 450...
Page 488: ...10 4 6 Setting Up SLB_SAT Rules Chapter 10 Traffic Management 488...
Page 503: ...11 6 HA Advanced Settings Chapter 11 High Availability 503...
Page 510: ...12 3 5 Limitations Chapter 12 ZoneDefense 510...
Page 533: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 533...