Manualshelf

R3204P16-HP Load Balancing Module Security Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
21222324252627282930
18
Packet inspection configuration
NOTE:
The LB module supports configuring packet inspection only in the web interface.
Overview
A single-packet attack is also called a malformed packet attack. A single-packet attack occurs when:
An attacker sends defective IP packets, such as overlapping IP fragments and packets with illegal
TCP flags, to a target system, making the target system malfunction or crash when processing such
packets.
An attacker sends large quantities of junk packets to the network, using up the network bandwidth.
With packet inspection configured, a LB module analyzes the characteristics of received packets to
determine whether the packets are attack packets. Upon detecting an attack, the module logs the event
and, when configured, discards the attack packets.
The LB module supports detection of the following types of single packet attacks.
Table 8 Types of single packet attacks supported by the LB module
Attack t
yp
e Descri
p
tion
Fraggle
A Fraggle attack occurs when an attacker sends large amounts of UDP echo requests with
the UDP port number being 7 or Chargen packets with the UDP port number being 19,
resulting in a large quantity of junk replies and finally exhausting the bandwidth of the target
network.
Land
A Land attack occurs when an attacker sends a great number of TCP SYN packets with both
the source and destination IP addresses being the IP address of the target, exhausting the
half-open resources of the victim and thereby making the target unable to provide services
normally.
WinNuke
A WinNuke attacker sends out-of-band (OOB) data with the pointer field values overlapped
to the NetBIOS port (139) of a Windows system with an established connection to introduce
a NetBIOS fragment overlap, causing the system to crash.
TCP Flag
Some TCP flags are processed differently on different operating systems. A TCP flag attacker
sends TCP packets with such TCP flags to a target to probe its operating system. If the
operating system cannot process such packets properly, the attacker will successfully make
the host crash down.
ICMP
unreachable
Upon receiving an ICMP unreachable response, some systems conclude that the destination
is unreachable and drop all subsequent packets destined for the destination. By sending
ICMP unreachable packets, an ICMP unreachable attacker can cut off the connection
between the target host and the network.
ICMP redirect
An ICMP redirect attacker sends ICMP redirect messages to a target to modify its routing
table, interfering with the normal forwarding of IP packets.