Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100226

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
401402403404405406407408409410
4-107
Firewall
Attack Checking
WinNuke Attacks
The WinNuke attack is launched by sending out-of-band (OOB) data to
port 139. Windows NT 3.51 and 4.0 systems crash in response to this attack,
whereas Windows 95 and Windows 3.11 systems display the blue error
screen.
The WinNuke attack does not usually cause permanent damage, although
network connectivity is lost and any open applications crash. To recover, the
user can reboot the PC.
You can enable the WinNuke attack check (which is disabled by default) to
protect against this attack.
Sequence Number Prediction
Each octet of data that is sent over a TCP session receives a sequence number.
These sequence numbers ensure that these octets can be put in the right
sequence upon receipt, even if they arrive in the wrong order.
The two devices participating in the three-way handshake exchange initial
sequence numbers (ISNs) in the first two steps of the three-way TCP hand-
shake. An attacker can mount a sequence-number-prediction attack in two
ways by:
Guessing the ISN and using a spoofed IP address, thereby securing a
session with the targeted network device.
Hijacking a TCP session by predicting a packet’s sequence number and
injecting a packet with that number. If the attacker’s packet reaches the
server before the legitimate client, the attacker will have successfully
high-jacked the session.