TMS zl Management and Configuration Guide ST.1.1.100430

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

411

412

413

414

415

416

417

418

419

420

4-108

Firewall

Attack Checking

Generally, source routing use is limited to network administrators who are

checking the connectivity of network devices. By forcing a packet to route

through a particular device, the administrator confirms that a device is con-

nected because the packet is not dropped.

Source routing can also be used by an attacker to:

■ Map a network

By specifying the exact route each packet must take, an attacker can

eventually determine the location of the end device and all devices in

between. If the packet is delivered, the attacker’s assumptions about

device locations are validated. If it is not delivered, the attacker knows

that there is a mistake in the route. This network map information can

then be used to launch a DoS attack.

■ Access private devices

Many devices use private network addresses, which makes them inacces-

sible to devices that connect through the Internet. An attacker can get

data to the private device by sending a packet to a global address, but then

require the packet to route through a private device. The attacker may

then be able to use other techniques, such as spoofing, to convince the

device to share private data and sensitive information.

You can prevent this sort of attack by enabling the source routing attack check

on the TMS zl Module so that it will drop all source-routed packets.

WinNuke Attacks

The WinNuke attack is launched by sending out-of-band (OOB) data to

port 139. Windows NT 3.51 and 4.0 systems crash in response to this attack,

whereas Windows 95 and Windows 3.11 systems display the blue error

screen.

The WinNuke attack does not usually cause permanent damage, although

network connectivity is lost and any open applications crash. To recover, the

user can reboot the PC.

You can enable the WinNuke attack check (which is disabled by default) to

protect against this attack.

Sequence Number Prediction

Each octet of data that is sent over a TCP session receives a sequence number.

These sequence numbers ensure that these octets can be put in the right

sequence upon receipt, even if they arrive in the wrong order.