ZyXEL Communications 70 Series User Manual
ZyWALL 5/35/70 Series User’s Guide
205
Chapter 10 Firewalls
10.4.2 Types of DoS Attacks
There are four types of DoS attacks:
1 Those that exploit bugs in a TCP/IP implementation.
2 Those that exploit weaknesses in the TCP/IP specification.
3 Brute-force attacks that flood a network with useless data.
4 IP Spoofing.
• "Ping of Death" and "Teardrop" attacks exploit bugs in the TCP/IP implementations of
various computer and host systems.
a Ping of Death uses a "ping" utility to create an IP packet that exceeds
the maximum 65,536 bytes of data allowed by the IP specification.
The oversize packet is then sent to an unsuspecting system. Systems
may crash, hang or reboot.
The oversize packet is then sent to an unsuspecting system. Systems
may crash, hang or reboot.
b Teardrop attack exploits weaknesses in the reassembly of IP packet
fragments. As data is transmitted through a network, IP packets are
often broken up into smaller chunks. Each fragment looks like the
original IP packet except that it contains an offset field that says, for
instance, "This fragment is carrying bytes 200 through 400 of the
original (non fragmented) IP packet." The Teardrop program creates a
series of IP fragments with overlapping offset fields. When these
fragments are reassembled at the destination, some systems will
crash, hang, or reboot.
often broken up into smaller chunks. Each fragment looks like the
original IP packet except that it contains an offset field that says, for
instance, "This fragment is carrying bytes 200 through 400 of the
original (non fragmented) IP packet." The Teardrop program creates a
series of IP fragments with overlapping offset fields. When these
fragments are reassembled at the destination, some systems will
crash, hang, or reboot.
• Weaknesses in the TCP/IP specification leave it open to "SYN Flood" and "LAND"
attacks. These attacks are executed during the handshake that initiates a communication
session between two applications.
session between two applications.
Figure 90 Three-Way Handshake
Under normal circumstances, the application that initiates a session sends a SYN
(synchronize) packet to the receiving server. The receiver sends back an ACK
(acknowledgment) packet and its own SYN, and then the initiator responds with an ACK
(acknowledgment). After this handshake, a connection is established.
(synchronize) packet to the receiving server. The receiver sends back an ACK
(acknowledgment) packet and its own SYN, and then the initiator responds with an ACK
(acknowledgment). After this handshake, a connection is established.
a SYN Attack floods a targeted system with a series of SYN packets.
Each packet causes the targeted system to issue a SYN-ACK