Kaspersky Lab Internet Security 2011, Base, 3U, 1Y, ENG KL1837UCCFS User Manual
Product codes
KL1837UCCFS
A
D V A N C E D A P P L I C A T I O N S E T T I N G S
129
The Ping of death attack consists of sending an ICMP packet with a size greater than the maximum of 64
KB. This attack can crash some operating systems.
KB. This attack can crash some operating systems.
Land attack consists of sending a request to an open port on the target computer to establish a connection
with itself. This attack sends the computer into a cycle, which intensifies the load on the processor and can
lead to the crashing of some operating systems.
with itself. This attack sends the computer into a cycle, which intensifies the load on the processor and can
lead to the crashing of some operating systems.
The ICMP Flood attack consists of sending a large quantity of ICMP packets to your computer. The
computer attempts to reply to each inbound packet, which slows the processor to a crawl.
computer attempts to reply to each inbound packet, which slows the processor to a crawl.
The SYN Flood attack consists of sending a large quantity of queries to a remote computer to establish a
fake connection. The system reserves certain resources for each of those connections, which completely
drains your system resources, and the computer stops reacting to other connection attempts.
fake connection. The system reserves certain resources for each of those connections, which completely
drains your system resources, and the computer stops reacting to other connection attempts.
Intrusion attacks, which aim to take over your computer. This is the most dangerous type of attack, because if it
is successful, the hacker takes total control of your system.
is successful, the hacker takes total control of your system.
Hackers use this attack to obtain confidential information from a remote computer (for example, credit card
numbers, passwords), or to penetrate the system to use its computing resources for malicious purposes later
(e.g., to use the invaded system in a zombie network, or as a platform for new attacks).
numbers, passwords), or to penetrate the system to use its computing resources for malicious purposes later
(e.g., to use the invaded system in a zombie network, or as a platform for new attacks).
This group is the largest in number of attacks included. They may be divided into three groups depending on the
operating system installed on the user's computer: Microsoft Windows attacks, Unix attacks, and the common
group for network services available in both operating systems.
operating system installed on the user's computer: Microsoft Windows attacks, Unix attacks, and the common
group for network services available in both operating systems.
The following types of attacks are the most common among those using the network resources of operating
systems:
systems:
Buffer overflow attacks. Buffer overflow may be caused by lack (or insufficiency) of control when working
with data arrays. This is one of the oldest vulnerability types and the easiest for hackers to exploit.
with data arrays. This is one of the oldest vulnerability types and the easiest for hackers to exploit.
Format string attacks. Format string errors arise from insufficient control of input values for I/O functions,
such as printf(), fprintf(), scanf(), and others, from the standard C library. If an application has this
vulnerability, the hacker is able to send queries created with a special technique and can take total control
of the system.
such as printf(), fprintf(), scanf(), and others, from the standard C library. If an application has this
vulnerability, the hacker is able to send queries created with a special technique and can take total control
of the system.
Intrusion Detection System automatically analyzes and prevents attempts to exploit these vulnerabilities in
the most common network services (FTP,
the most common network services (FTP,
POP3, IMAP) if they are running on the user‟s computer.
Attacks aimed at computers with Microsoft Windows are based on the use of vulnerabilities of the software
installed on a computer (such as Microsoft SQL Server, Microsoft Internet Explorer, Messenger, and
system components available via the network
installed on a computer (such as Microsoft SQL Server, Microsoft Internet Explorer, Messenger, and
system components available via the network
– DCom, SMB, Wins, LSASS, IIS5).
In addition, the use of various malicious scripts, including scripts processed by Microsoft Internet Explorer and
Helkern-type worms, can be classified as isolated incidents of intrusion attacks. The essence of this attack type
consists of sending a special type of UDP packets to a remote computer that can execute malicious code.
Helkern-type worms, can be classified as isolated incidents of intrusion attacks. The essence of this attack type
consists of sending a special type of UDP packets to a remote computer that can execute malicious code.
E
NABLING AND DISABLING
N
ETWORK
A
TTACK
B
LOCKER
By default, Network Attack Blocker is enabled, functioning in optimum mode. You can disable Network Attack Blocker, if
necessary.
necessary.
To disable Network Attack Blocker:
1. Open the application settings window.
2. In the left part of the window, in the Protection Center section, select the Network Attack Blocker component.
3. In the right part of the window, uncheck the Enable Network Attack Blocker box.