tailieunhanh - Attack Profiles
Forge a connection to a host running chargen and have it send useless chargen data to the echo server on another makes the 2 services so busy that the host may crash or be too busy to respond to normal traffic Defense: configure only services that are absolutely necessary (chargen and echo have no business running on a production server) | Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks * Denial of Service Attacks Ping of Death Teardrop UDP Floods SYN Floods Land Attack Smurf Attack Fraggle Attack e-Main Bombs Malformed Message Attacks * Ping of Death ICMP Echo request packet that is bigger than largest allowable TCP/IP specification says max should be 65 Kbytes Hacker’s goal is to crash the stack by exceeding the max size of the I/O buffer Defense - stack must be hardened (all current popular stack implementations take care of this) * Teardrop IP implementations that trust fragmentation information in the headers of fragmented IP packets if offsets have overlapping offsets many implementations will crash Defenses: apply latest patches configure firewalls to reassemble fragments rather than forwarding (for end point to reassemble) * UDP Floods Forge a connection to a host running chargen and have it send useless chargen . | Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks * Denial of Service Attacks Ping of Death Teardrop UDP Floods SYN Floods Land Attack Smurf Attack Fraggle Attack e-Main Bombs Malformed Message Attacks * Ping of Death ICMP Echo request packet that is bigger than largest allowable TCP/IP specification says max should be 65 Kbytes Hacker’s goal is to crash the stack by exceeding the max size of the I/O buffer Defense - stack must be hardened (all current popular stack implementations take care of this) * Teardrop IP implementations that trust fragmentation information in the headers of fragmented IP packets if offsets have overlapping offsets many implementations will crash Defenses: apply latest patches configure firewalls to reassemble fragments rather than forwarding (for end point to reassemble) * UDP Floods Forge a connection to a host running chargen and have it send useless chargen data to the echo server on another makes the 2 services so busy that the host may crash or be too busy to respond to normal traffic Defense: configure only services that are absolutely necessary (chargen and echo have no business running on a production server) * SYN Floods The goal here is to use up all of the target host’s resources (memory and processes) thereby making it unable to process legitimate traffic each time a user sends a SYN the host accepts and allocates a process and memory this gets done over and over until things just get used up Defense: A firewall that can recognize the characteristics of a SYN attack and start rejecting packets * Land Attack Hardened stack inplementations have made this obsolete send a special SYN packet with source and destination address set to the targeted machines IP address, causes recipient to acknowledge to its own address, connection is left open until OS times it out Defense latest patches configure firewalls to reject inbound packets with
đang nạp các trang xem trước