User guide
A D V A N C E D A P P L I C A T I O N S E T T I N G S
131
By default, the blocking persists for one hour. You can edit the blockage settings (see page 132). A warning will appear
on the screen stating that an attempted network attack has taken place, with specific information about the computer
which attacked you. Descriptions of currently known network attacks (see section "Types of detected network attacks" on
page 131) and methods to fight them, are provided in Kaspersky Small Office Security databases. The list of attacks
which the Network Attack Blocker can detect is updated when the application's databases are updated (see section
"Update" on page 72).
IN THIS SECTION:
Types of detected network attacks ................................................................................................................................ 131
Enabling and disabling Network Attack Blocker ............................................................................................................ 132
Editing the blockage settings ......................................................................................................................................... 132
TYPES OF DETECTED NETWORK ATTACKS
Nowadays, a great number of network attacks exist. These attacks exploit vulnerabilities of the operating system and
other software, system-type or otherwise, installed on your computer.
To ensure the security of your computer, you must know what kinds of network attacks you might encounter. Known
network attacks can be divided into three major groups:
Port scan – this threat type is not an attack itself but it usually precedes one, since it is one of the common ways
of obtaining information about a remote computer. The UDP / TCP ports used by the network tools on the
computer targeted by an intruder are scanned to find out their status (closed or open).
Port scans can tell a hacker what types of attacks work on that system, and what types do not. In addition, the
information obtained by the scan (a model of the system) helps the malefactor to know what operating system
the remote computer uses. This, in turn, further restricts the number of potential attacks, and, correspondingly,
the time spent perpetrating them. It also aids a hacker in attempting to use vulnerabilities characteristic of the
operating system.
DoS attacks, or Denial of Service attacks are attacks which cause an unstable performance of a system or its
crash. Attacks of this type may affect the operability of information resources under attack (for example,
blocking Internet access).
There are two basic types of DoS attacks:
sending the target computer specially created packets that the computer does not expect, which cause the
system either to restart or to stop;
sending the target computer many packets within a timeframe that the computer cannot process, which
causes system resources to be exhausted.
The most flagrant examples for this group of attacks are the following types:
The Ping of death attack consists of sending an ICMP packet with a size greater than the maximum of 64
KB. This attack can crash some operating systems.
Land attack consists of sending a request to an open port on the target computer to establish a connection
with itself. This attack sends the computer into a cycle, which intensifies the load on the processor and can
lead to the crashing of some operating systems.
The ICMP Flood attack consists of sending a large quantity of ICMP packets to your computer. The
computer attempts to reply to each inbound packet, which slows the processor to a crawl.
The SYN Flood attack consists of sending a large quantity of queries to a remote computer to establish a
fake connection. The system reserves certain resources for each of those connections, which completely
drains your system resources, and the computer stops reacting to other connection attempts.