beautypg.com

Smurf attack, Land attack, Smurf attack land attack – Allied Telesis AT-S62 User Manual

Page 311

background image

AT-S62 Menus Interface User’s Guide

Section II: Advanced Operations

311

SMURF Attack

This DoS attack is instigated by an attacker sending a ICMP Echo (Ping)
request containing a broadcast address as the destination address and
the address of the victim as the source of the ICMP Echo (Ping) request.
This overwhelms the victim with a large number of ICMP Echo (Ping)
replies from the other network nodes.

A switch port defends against this form of attack by examining the
destination addresses of ingress ICMP Echo (Ping) request packets and
discarding those that contain a broadcast address as a destination
address.

Implementing this defense requires providing an IP address of a node on
your network and a subnet mask. The switch uses the two to determine
the broadcast address of your network.

This defense mechanism does not involve the switch’s CPU. You can
activate it on as many ports as you want without having it negatively
impact switch performance.

Land Attack

In this attack, an attacker sends a bogus IP packet where the source and
destination IP addresses are the same. This leaves the victim thinking
that it is sending a message to itself.

The most direct approach for defending against this form of attack
would be for the AT-S62 management software to check the source and
destination IP addresses in the IP packets, searching for and discarding
those with identical source and destination addresses. But this would
require too much processing by the switch’s CPU, and would adversely
impact switch performance.

Instead, the switch examines the IP packets that are entering or leaving
your network. IP packets generated within your network and containing
a local IP address as the destination address are not allowed to leave the
network, while IP packets generated outside the network but containing
a local IP address as the source address are not allowed into the network.

In order for this defense mechanism to work, you need to specify an
uplink port. This is the port on the switch that is connected to the device
that leads outside your network, such as a DSL router. You can specify
only one uplink port. The default uplink port is the highest numbered
existing port in the switch. For example, the default uplink port for an
AT-8524M switch with no installed expansion modules is Port 24.

You will also need to specify an IP address of one of your network nodes
and a subnet mask. The management software uses the two to
determine which addresses are local to your network and which are not.

See also other documents in the category Allied Telesis Computer hardware: