Manualshelf

User's Manual

ManualsBrandsSolaris ManualsSoftwareCX-310-301
31323334353637383940
Solaris 9 Security CX-310-301 35
Security Attacks
This section looks at different types of attacks that can be attempted against your systems or network. It
also looks at ways in which these can be detected and prevented.
Denial of Service (DoS) Attacks
A DoS attack is one where the resources of a system (or network) become depleted so as to prevent the
normal operation of that system (or network). As the name implies it denies service to legitimate users of
the system. A DoS attack can be mailicious or accidental and normally involves using up all the file space,
network bandwidth, swap space, memory, processor cycles or the number of processes that can run on the
system. Some of the more popular DoS attacks are described below:
¾ Worm - A worm is a deliberate attack on a system where a program replicates itself over and
over again, either on the same system, or between systems, thereby spreading the attack. This type
of attack will often take over a system and use all of its processor resources to continue spreading
the worm
¾ Fork bomb – These processes keep replicating themselves (spawning new processes) until the
system reaches its limit for the number of processes that can run. At this point the system will not
be able to create any new processes, stopping users from doing anything. This kind of attack is
normally malicious, but could also be accidental if, for example, a programmer writes some code
using recursion that is not quite right. In this instance, a legitimate program could have exactly the
same effect
¾ Ping of death – This causes a system to crash when a ping request is received containing a larger
amount of data than is permitted, normally over 64K
¾ TCP SYN – This attack exploits the TCP three-way handshake by leaving half-open connections.
It does this until the target system is unable to open any more connections
¾ Teardrop – This exploits the TCP fragmentation of packets facility by sending invalid offset
values in fragmented packets. The receiving system hangs when trying to reassemble the packets
¾ Smurf – This attack sends a broadcast ping to all hosts on a network, but substitutes the target
system’s address for replies to be sent, thereby overloading the target system
¾ Filling up system logs – This can be an accidental DoS if a user, or programmer, does something
that causes the system to repeatedly log an error. If the system does not have a separate /var
filesystem, it can hang the entire system
¾ Backing up to a file – A small typing error can result in a backup writing to a file instead of a
backup device. The backup files can be extremely large and can quickly consume vast amounts of
disk space