Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100226

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
391392393394395396397398399400
4-105
Firewall
Attack Checking
A small Path Maximum Transmission Unit (small PMTU) message urges
the server to send the data in smaller packets. An attacker can forge a
small PMTU attack to force the sender to send large amounts of data using
very small packets, which overloads the server and severely reduces
server performance.
Enable the ICMP Error Messages attack check to drop all ICMP error messages.
SYN Flooding
SYN flood attacks exploit the process of establishing a TCP/IP session. In a
normal session, the initiator sends a SYN packet, the responder returns a
SYN/ACK packet, and the initiator replies with an ACK packet. In a SYN flood
attack, the attacker repeatedly sends SYN packets but does not reply to the
responder’s SYN/ACK packets. The attacker may also specify an unreachable
source address, so that the responder’s SYN/ACK are never received. The
responder holds the TCP connection open, waiting for ACKs that do not come.
Eventually, the SYN flood attack monopolizes all of the target host’s resources,
creating a denial of service. (See Figure 4-70.)
Figure 4-70. SYN Flood Attack
A variation of this attack creates another victim, as well as the original target.
Rather than using an unreachable source address, the attacker uses IP spoof-
ing to include a source address from another legitimate source. The target host
then begins sending SYN/ACK packets to the spoofed address, which did not
send the SYN packets. The attacker can then create havoc on two, or even
more, systems at once.
The result of both attacks is extremely degraded performance, or worse, a
system crash.