McAfee firewall 4.0 Manual De Usuario
McAfee Firewall’s Intrusion Detection System
46
McAfee Firewall 4.0
Newtear
A Denial of Service (DoS) attack that usually causes computers with a
Windows NT-based operating system to crash. Although the attack is not
usually harmful to the computer itself, data from running applications will
most certainly be lost.
Windows NT-based operating system to crash. Although the attack is not
usually harmful to the computer itself, data from running applications will
most certainly be lost.
High
Oshare
A Denial of Service (DoS) attack caused by sending a unique packet
structure to your computer. The results of these attacks can vary from a
complete system crash, increased CPU load, or momentary delays,
depending upon your computer’s configuration. This will affect almost all
versions of Windows 98 and NT-based systems with varying degrees
based on the hardware involved.
structure to your computer. The results of these attacks can vary from a
complete system crash, increased CPU load, or momentary delays,
depending upon your computer’s configuration. This will affect almost all
versions of Windows 98 and NT-based systems with varying degrees
based on the hardware involved.
High
Ping Flood
This attack involves sending very large numbers of ICMP ECHO (PING)
requests to the host under attack. This attack is particularly effective when
the attacker has a faster network connection than the victim.
requests to the host under attack. This attack is particularly effective when
the attacker has a faster network connection than the victim.
High
Ping of Death
With this attack, a remote user can cause your system to reboot or panic
by sending it an oversized PING packet. This is done by sending a
fragmented packet larger than 65536 bytes in length, causing the remote
system to incorrectly process the packet. The result is that the remote
system will reboot or panic during processing.
by sending it an oversized PING packet. This is done by sending a
fragmented packet larger than 65536 bytes in length, causing the remote
system to incorrectly process the packet. The result is that the remote
system will reboot or panic during processing.
High
Port Scanning
While not an attack in and of itself, a port scan often indicates that an
attacker has begun looking at your system for potential weaknesses. A
port scan consists of checking every TCP and/or UDP port to see what
services (and hence, what vulnerabilities) might be present.
attacker has begun looking at your system for potential weaknesses. A
port scan consists of checking every TCP and/or UDP port to see what
services (and hence, what vulnerabilities) might be present.
Low
Saihyousen
The Saihyousen attack may cause some firewalls to crash. It is caused by
an attacker sending a stream of UDP packets.
an attacker sending a stream of UDP packets.
High
Smurf
This attack is carried out by sending an ICMP ECHO REQUEST (PING)
packet with a forged source address matching that of the target system.
This packet is sent to “amplifier” networks — networks that allow sending
packets to the broadcast address — so that every machine on the
amplifier network will respond to what they think is a legitimate request
from the target. As a result, the target system is flooded with ICMP ECHO
REPLY messages, causing a denial of service attack.
packet with a forged source address matching that of the target system.
This packet is sent to “amplifier” networks — networks that allow sending
packets to the broadcast address — so that every machine on the
amplifier network will respond to what they think is a legitimate request
from the target. As a result, the target system is flooded with ICMP ECHO
REPLY messages, causing a denial of service attack.
High
SynDrop
Overlapping fragmented data sent by an attacker causes your computer to
become unstable and or crash. Unsaved data could be lost.
become unstable and or crash. Unsaved data could be lost.
High
Syn Flood
This attack can be used to completely disable your network services by
flooding them with connection requests. This will fill the queue which
maintains a list of unestablished incoming connections, forcing it to be
unable to accept additional connections.
flooding them with connection requests. This will fill the queue which
maintains a list of unestablished incoming connections, forcing it to be
unable to accept additional connections.
High
Teardrop
On vulnerable systems, it is possible to take advantage of a flaw in the
way the TCP/IP stack handles fragmented packet reassembly to consume
available memory resources. By sending a specially crafted IP datagram,
this attack can cause many operating systems to hang or reboot.
way the TCP/IP stack handles fragmented packet reassembly to consume
available memory resources. By sending a specially crafted IP datagram,
this attack can cause many operating systems to hang or reboot.
High
Attack
Description
Risk
Factor