ZyXEL Communications 2602RL-D3A ユーザーズマニュアル

 

All contents copyright (c) 2007 ZyXEL Communications Corporation.   

147 

With the spectacular growth of the Internet and online access, companies that do business on the Internet 

face greater security threats. Although packet filter and NAT restrict access to particular computers and 

networks, however, for the other companies this security may be insufficient, because packets filters 

typically cannot maintain session state. Thus, for greater security, a firewall is considered.   

Denial of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. 

Their goal is not to steal information, but to disable a device or network so users no longer have access to 

network resources.   

There are four types of DoS attacks:   

1.  Those that exploits bugs in a TCP/IP implementation such as Ping of Death and Teardrop.   

2.  Those that exploits weaknesses in the TCP/IP specification such as SYN Flood and LAND 

Attacks.   

3.  Brute-force attacks that flood a network with useless data such as Smurf attack.   

4.  IP Spoofing   

Ping of Death uses a 'PING' utility to create an IP packet that exceeds the maximum 65535 bytes of data 

allowed by the IP specification. The oversize packet is then sent to an unsuspecting system. Systems may 

crash, hang, or reboot.   

Teardrop attack exploits weakness in the reassemble of the IP packet fragments. As data is transmitted 

through a network, IP packets are often broken up into smaller chunks. Each fragment looks like the 

original packet except that it contains an offset field. The Teardrop program creates a series of IP 

fragments with overlapping offset fields. When these fragments are reassembled at the destination, some 

systems will crash, hang, or reboot.   

SYN attack floods a targeted system with a series of SYN packets. Each packet causes the targeted 

system to issue a SYN-ACK response, While the targeted system waits for the ACK that follows the