H3C Technologies H3C SecPath F1000-E User Manual

2

Table 1 Description of attack types

Attack type

Description

Fraggle

A Fraggle attack occurs when an attacker sends large amounts of UDP echo requests
with the UDP port number being 7 or Chargen packets with the UDP port number
being 19, resulting in a large quantity of junk replies and finally exhausting the

bandwidth of the target network.

ICMP Redirect

An ICMP redirect attacker sends ICMP redirect messages to a target to modify its
routing table, interfering with the normal forwarding of IP packets.

ICMP Unreachable

Upon receiving an ICMP unreachable response, some systems conclude that the
destination is unreachable and drop all subsequent packets destined for the

destination. By sending ICMP unreachable packets, an ICMP unreachable attacker

can cut off the connection between the target host and the network.

Land

A Land attack occurs when an attacker sends a great number of TCP SYN packets
with both the source and destination IP addresses being the IP address of the target,
exhausting the half-open resources of the victim and thereby making the target unable

to provide services normally.

Large ICMP

For some hosts and devices, large ICMP packets will cause memory allocation error
and thus crash down the protocol stack. A large ICMP attacker sends large ICMP

packets to a target to make it crash down.

Route Record

A route record attack exploits the route record option in the IP header to probe the
topology of a network.

Scan

A scanning attack probes the addresses and ports on a network to identify the hosts
attached to the network and application ports available on the hosts and to figure out

the topology of the network, so as to get ready further attacks.

Source Route

A source route attack exploits the source route option in the IP header to probe the
topology of a network.

Smurf

A Smurf attacker sends large quantities of ICMP echo requests to the broadcast
address of the target network. As a result, all hosts on the target network will reply to
the requests, causing the network congested and hosts on the target network unable

to provide services.

TCP Flag

Some TCP flags are processed differently on different operating systems. A TCP flag
attacker sends TCP packets with such TCP flags to a target to probe its operating

system. If the operating system cannot process such packets properly, the attacker will
successfully make the host crash down.

Tracert

The Tracert program usually sends UDP packets with a large destination port number
and an increasing TTL (starting from 1). The TTL of a packet is decreased by 1 when

the packet passes each router. Upon receiving a packet with a TTL of 0, a router must

send an ICMP time exceeded message back to the source IP address of the packet. A

Tracert attacker exploits the Tracert program to figure out the network topology.

WinNuke

A WinNuke attacker sends out-of-band (OOB) data with the pointer field values
overlapped to the NetBIOS port (139) of a Windows system with an established
connection to introduce a NetBIOS fragment overlap, causing the system to crash.