Unix tutorial Contact as

Smurf Attack, Fraggle Attack, Spoofing, SYN Attack definition

This article taken from http://www.allot.com/html/solutions_enterprise_dos_attacks.shtm

Malicious worms were recently distributed and unwillingly duplicated throughout the Internet. Unwilling accomplices' systems actively participated in scheduled and planned DoS (Denial of Service) attacks on unsuspecting sites. Infected systems increased the demand of bandwidth and server resources, thereby slowing down business-critical applications. DDoS (Distributed Denial of Service) attacks are more intense and damaging than DoS attacks. In DDoS attacks, multiple machines unknowingly participate in an attack against a single host target. In February 2000, a variant of the Smurf and DoS attacks brought down Yahoo!, Buy.com, CNN.com, Amazon.com and other sites. In these attacks, hacker "agents" were loaded on hundreds of "Zombie" client machines. A master console then directed, past firewalls, all of the Zombie systems to become active and attack the victim. Malicious traffic, disguised as legitimate traffic, passes firewalls that normally filter out illegal traffic. There is a need for a multilayer security system—one that enhances firewalls and protects network resources from attacks.

Glossary of DoS Attacks and Malicious Traffic:

Smurf Attack - When a perpetrator sends a large number of ICMP echo (ping) traffic at IP broadcast addresses, using a fake source address. The source address will be flooded with simultaneous replies (See CERT Advisory: CA-1998-01).

Fraggle Attack - When a perpetrator sends a large number of UDP echo (ping) traffic at IP broadcast addresses, all of it having a fake source address. This is a simple rewrite of the Smurf code.

Ping of Death - When an attacker sends illegitimate, oversized ICMP (ping) packets. These attacks are targeted at specific TCP stacks that cannot handle this type of packet and overload the victim's servers.

Spoofing - When an attacker uses a fake Internet address so that the source address of an IP packet is not the actual source. An attacker from outside of the network (i.e., from the Internet) may send packets with a source address on the LAN. This deceives the internal servers into identifying the attacker as a legitimate internal network user and the internal address becomes the victim. Spoofing is used in most of the well-known DoS attacks.

SYN Attack - When an attacker sends a series of SYN requests to a target (victim). The target sends a SYN ACK in response and waits for an ACK to come back to complete the session set up. Since the source address was fake, the response never comes, filling the victim's memory buffers so that it can no longer accept legitimate session requests.

P2P applications - These "Peer-to-Peer" applications turn network clients into servers, using expensive WAN bandwidth and potentially distributing worms throughout the network. Napster is a well-known P2P application.

Worms - This self-propagating code floods networks with email and adds registry entries to users' clients. Worms may be transmitted via email, sharing infected files, or via Internet Chat. Worms take advantage of "back doors" or "holes" in popularly used email software and operation systems. "Malicious" worms may also erase or hide certain types of files.

Back to main page

Copyright © 2003-2016 The UnixCities.com
All rights reserved