Manualshelf

3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
141142143144145146147148149150
Overview of Attack Prevention and Packet Statistics 145
10
ATTACK PREVENTION AND PACKET
STATISTICS
Overview of Attack
Prevention and Packet
Statistics
Introduction to Attack
Prevention
Generally, network attacks intrude or destroy network servers (hosts) for stealing
the sensitive data on servers or interrupting server services. There are also the
network attacks that directly destroy network devices, which can make networks
service abnormal or even out of service. The attack prevention function of the
firewall can detect various types of network attacks and take the corresponding
measures to protect internal networks against malicious attacks so as to assure the
normal operations of internal networks and systems.
Classes of Network
Attacks
Network attacks can be divided into three classes, denial of service attack,
scanning and snooping attack and defective packet attack.
Denial of service attack
Denial of service (DoS) attack is to attack a system by sending a large number of
data packets so that the system cannot receive requests from clients normally or
the host is suspended and cannot work normally. The main DoS attacks include
SYN Flood and Fraggle. Different from other types of attacks, the special feature
of the DoS attack is that attackers prevent valid clients from accessing network
resources instead of searching for ingresses of internal networks.
Scanning and snooping attack
Scanning and snooping attack is to point out a potential target by identifying an
existing system in the network by ping scanning (including ICMP and TCP).
Scanning through TCP and UDP ports, the attacker can detect the running system
and the monitoring service and then get a general idea of the service type and the
potential security defect of the system so as to prepare for the further intrusion.
Defective packet attack
Defective packet attack is to send a defective IP packet to the destination system
so that the system will crash when it processes the IP packet. The main defective
packets include Ping of Death and Teardrop.
Typical Examples of
Network Attacks
IP spoofing attack
To get an access authority, an intruder generates a packet carrying a bogus source
address, which can make an unauthorized client access the system applying the