R0106-HP MSR Router Series Security Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR4060 Router Chassis

451

452

453

454

455

456

457

458

459

460

447

Single-packet attack Description

Large ICMP packet

An attacker sends large ICMP packets to crash the victim. Large ICMP

packets can cause memory allocation error and crash the protocol stack.

Large ICMPv6 packet

An attacker sends large ICMPv6 packets to crash the victim. Large ICMPv6

packets can cause memory allocation error and crash the protocol stack.

IP options

An attacker sends IP datagrams in which the IP options are abnormal. This

attack intends to probe the network topology. The target system will break

down if it is incapable of processing error packets.

IP fragment

An attacker sends the victim an IP datagram with an offset smaller than 5 but

greater than 0, which causes the victim to malfunction or crash.

IP impossible packet

An attacker sends IP packets whose source IP address is the same as the

destination IP address, which causes the victim to malfunction.

Tiny fragment

An attacker makes the fragment size small enough to force Layer 4 header

fields into the second fragment. These fragments can pass the packet filtering

because they do not hit any match.

Smurf

An attacker broadcasts an ICMP echo request to target networks. These

requests contain the victim's IP address as the source IP address. Every

receiver on the target networks will send an ICMP echo reply to the victim.

The victim will be flooded with replies, and will be unable to provide

services. Network congestion might occur.

TCP flag

An attacker sends packets with defective TCP flags to probe the operating

system of the target host. Different operating systems process unconventional

TCP flags differently. The target system will break down if it processes this

type of packets incorrectly.

Traceroute An attacker uses traceroute tools to probe the topology of the victim network.

WinNuke

An attacker sends Out-Of-Band (OOB) data to the TCP port 139 (NetBIOS)

on the victim that runs Windows system. The malicious packets contain the

Urgent Pointer, which causes the victim's operating system to crash and

display a Blue Screen of Death (BSOD).

UDP bomb

An attacker sends a malformed UDP packet. The length of the UDP packet is

larger than the length of the UDP header plus the UDP data. When

processing the packet, a buffer overflow can occur, which causes a system

crash.

UDP Snork

An attacker sends a UDP packet with destination port 135 (the Microsoft

location service) and source port 135, 7, or 19. This attack causes an NT

system to exhaust its CPU.

UDP Fraggle

An attacker sends a large number of UDP packets to port 7 (echo) and port

19 (chargen) to a network. These UDP packets uses the victim's IP address as

the source IP address. Replies will flood the victim, resulting in DoS.

Teardrop

An attacker sends a stream of overlapping fragments. The victim will crash

when it tries to reassemble the malformed fragments.

Ping of death

An attacker sends the victim an ICMP packet larger than 65535 bytes that

violates the IP protocol. When the victim reassembles the packet, a buffer

overflow can occur, which causes a system crash.