[an error occurred while processing this directive] [an error occurred while processing this directive]
[an error occurred while processing this directive]

[an error occurred while processing this directive]

















Tech Update 
A rogue's gallery of denial of service attacks
Brute force
By Steven J. Vaughan-Nichols
July 11, 2001

[an error occurred while processing this directive]

But why should your enemies worry about sneaking in the back windows when they can simply bulldoze your systems? That's the approach that the Smurf attack and the User Datagram Protocol (UDP) flood use.

When you're Smurfed, your enemy floods your router with Internet Control Message Protocol (ICMP) echo request packets--a special kind of ping packet. Each packet's destination IP address is also your broadcast address, which causes your router to broadcast the ICMP packets to all your network's hosts. Needless to say, with a large network, this quickly leads to an electronic traffic jam of mammoth proportions. And as with the Land attack, if the cracker combines Smurfing with spoofing, matters get even worse.

The simple way to avoid Smurfing is to turn off broadcast addressing at your router and set your firewall to block ICMP echo requests. You may also be able to set your server so it won't respond to requests to send ICMP packets to IP broadcast addresses. These changes won't interfere with your network's normal operations because few applications need IP's broadcast features.

[an error occurred while processing this directive]
the Land attack, if the cracker combines Smurfing with spoofing, matters get even worse.

The simple way to avoid Smurfing is to turn off broadcast addressing at your router and set your firewall to block ICMP echo requests. You may also be able to set your server so it won't respond to requests to send ICMP packets to IP broadcast addresses. These changes won't interfere with your network's normal operations because few applications need IP's broadcast features.

It's not as easy to deal with UDP flood DoS attacks, since some legal applications, like RealVideo, use UDP. In a UDP flood, an attacker spoofs a call to connect one system's UDP chargen service, a test program that generates characters for received packets, with another system's UDP echo service. The result? Chargen's semi-random characters are reflected back and forth between systems, starving legitimate applications' bandwidth needs.

One way to prevent UDP attacks is to disable or filter all UDP services request for your host. As long as you allow non-service UDP requests, normal applications that require UDP or use it as a backup data transport protocol will continue to work normally.

 Previous page |   1 2 3 4 5 6 7 
Next page 

[an error occurred while processing this directive]




[an error occurred while processing this directive]
1. A rogue's gallery of denial of service attacks
2. Breaking TCP/IP implementations
3. Breaking TCP/IP
4. Brute force
5. Distributed DoS
6. If you think it's bad now...
7. What can you do?


ARTICLES
Of zombies and script kiddies: Distributed denial-of-service attacks





TECH UPDATE TODAY DAILY:
Dan Farber and David Berlind deliver daily insights on the business and technology news that matters to enterprise IT.


Enterprise Alerts
IT Management
IT Professionals
Online Shopping
System Administration
Linux

Manage My Newsletters




[an error occurred while processing this directive] [an error occurred while processing this directive]