ZyXEL Prestige 792H SDSL Router 91-004-342004B User Manual

Prestige 792H G.SHDSL Router 

8-4  

Firewalls 

21 FTP 

53 DNS 

23 Telnet 

80 HTTP 

25 SMTP 

110 

POP3 

There are four types of DoS attacks:  

1.  Those that exploit bugs in a TCP/IP implementation. 

2.  Those that exploit weaknesses in the TCP/IP specification. 

3.  Brute-force attacks that flood a network with useless data.  

4. IP 

Spoofing. 

1. "Ping of Death" and "Teardrop" attacks exploit bugs in the TCP/IP implementations of various 

computer and host systems.  

1-a  Ping of Death uses a "ping" utility to create an IP packet that exceeds the maximum 65,536 
bytes of data allowed by the IP specification. The oversize packet is then sent to an unsuspecting 
system. Systems may crash, hang or reboot.  

1-b  Teardrop attack exploits weaknesses in the re-assembly of IP packet fragments. As data is 
transmitted through a network, IP packets are often broken up into smaller chunks. Each fragment 
looks like the original IP packet except that it contains an offset field that says, for instance, "This 
fragment is carrying bytes 200 through 400 of the original (non fragmented) IP packet." The 
Teardrop program creates a series of IP fragments with overlapping offset fields. When these 
fragments are reassembled at the destination, some systems will crash, hang, or reboot.  

2.  Weaknesses in the TCP/IP specification leave it open to "SYN Flood" and "LAND" attacks. These 

attacks are executed during the handshake that initiates a communication session between two 
applications.