Manualshelf

User`s guide

ManualsBrandsZyXEL Communications ManualsComputer equipmentZyWALL 10/10
111112113114115116117118119120
ZyWALL IDP 10 User’s Guide
111 Appendix A Introduction to Intrusions
Figure 64 Smurf Attack
Traceroute
Traceroute is a utility used to determine the path a packet takes between two endpoints.
Sometimes when a packet filter firewall is configured incorrectly an attacker can traceroute
the firewall gaining knowledge of the network topology inside the firewall.
IP Spoofing
Often, many DoS attacks also employ a technique known as IP spoofing as part of their attack.
IP spoofing may be used to break into systems, to hide the hacker's identity, or to magnify the
effect of the DoS attack. IP spoofing is a technique used to gain unauthorized access to
computers by tricking a router or firewall into thinking that the communications are coming
from within the trusted network. To engage in IP spoofing, a hacker must modify the packet
headers so that it appears that the packets originate from a trusted host and should be allowed
through the router or firewall.
Distributed Denial-Of-Service Attack
A distributed denial-of-service (DDoS) attack is one in which multiple compromised systems
attack a single target, thereby causing denial of service for users of the targeted system. A
hacker begins a DDoS attack by exploiting vulnerability in one computer system and making
it the “DDoS source”. It is from this source that the hacker identifies and communicates with
other systems that can be compromised. The hacker instructs the “DDoS source(s)” to launch
flood attacks against a specified target. The inundation of packets to the target causes a denial
of service.
Scanning
Hackers scan ports to find targets. Some example methods are as follows: