User Guide
NB712 / NB714 User Guide  11
YML829 Rev1 
Ping of death  On the Internet, ping of death is a kind of denial of service 
(DoS) attack caused by an attacker deliberately sending an 
IP packet larger than the 65,536 bytes allowed by the IP 
protocol. One of the features of TCP/IP is fragmentation; it 
allows a single IP packet to be broken down into smaller 
segments. Attackers began to take advantage of that feature 
when they found that a packet broken down into fragments 
could add up to more than the allowed 65,536 bytes. 
Many operating systems didn’t know what to do when they 
received an oversized packet, so they froze, crashed, or 
rebooted. Other known variants of the ping of death include 
teardrop, bonk and nestea.
SYN Flood  The attacker sends TCP connections faster than the 
victim machine can process them, causing it to run out 
of resources and dropping legitimate connections. A new 
defence against this is to create “SYN cookies”. Each side 
of a connection has its own sequence number. In response 
to a SYN, the attacked machine creates a special sequence 
number that is a “cookie” of the connection and forgets 
everything it knows about the connection. It can then 
recreate the forgotten information about the connection 
where the next packets come in from a legitimate 
connection. 
ICMP Flood  The attacker transmits a volume of ICMP request packets to 
cause all CPU resources to be consumed serving the phony 
requests.
UDP Flood  The attacker transmits a volume of requests for UDP 
diagnostic services which cause all CPU resources to be 
consumed serving the phony requests.
Land attack  The attacker attempts to slow your network down by sending 
a packet with identical source and destination addresses 
originating from your network.
Smurf attack  Where the source address of a broadcast ping is forged so 
that a huge number of machines respond back to the victim 
indicated by the address, thereby overloading it.
Fraggle Attack  A perpetrator sends a large amount of UDP echo packets 
at IP broadcast addresses, all of it having a spoofed source 
address of a victim.
IP Spoofing  IP Spoofing is a method of masking the identity of an 
intrusion by making it appear that the traffic came from a 
different computer. This is used by intruders to keep their 
anonymity and can be used in a Denial of Service attack.










