Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
331332333334335336337338339340
4-91
Firewall
Attack Checking
Figure 4-62. SYN Flood Attack
A variation of this attack creates another victim, as well as the original target.
Rather than using an unreachable source address, the attacker uses IP spoof-
ing to include a source address from another legitimate source. The target host
then begins sending SYN/ACK packets to the spoofed address, which did not
send the SYN packets. The attacker can then create havoc on two, or even
more, systems at once.
The result of both attacks is extremely degraded performance, or worse, a
system crash.
Because SYN packets are a legitimate part of establishing a session, the TMS zl
Module cannot simply screen out these packets. However, when you enable
the SYN Flooding attack check, the firewall filters forged requests when 80%
of allocated connections have been consumed.
Source Routing
A source-routing attack is used to access private network devices. Typically,
data packets sent over a network are surrendered to network devices for
routing. Routers and other network devices work together to deliver the
packet with the lowest number of hops and in the least amount of time.
However, packets can also be routed by the sender, using source routing.
“Strict” source routing requires the sender to specify the exact route of the
packet. “Loose” source routing allows the sender to designate as few as one
node through which the packet must travel.