8
Setting Up the Nokia IP45 Security Platform Security Policy
164
Nokia IP45 Security Platform User’s Guide v4.0
Denial of Service
Denial of Service includes the following attacks:
±
TearDrop
—the attacker sends two IP fragments, the latter entirely contained within the
former. This causes some computers to allocate too much memory and crash.
±
Ping of Death
—in a Ping of Death Attack, the attacker sends a fragmented PING request
that exceeds the maximum IP packet size (64 KB). Some operating systems are unable to
handle such requests and crash.
±
LAND
— the attacker sends a SYN packet, in which the source address and port are the
same as the destination (the victim computer). The victim computer then tries to reply to
itself and either reboots or crashes.
±
Non-TCP Flooding
—advanced Firewalls maintain state information about connections in a
State table. In non-TCP Flooding attacks, the attacker sends high volumes of non-TCP
traffic. Since such traffic is connectionless, the related state information cannot be cleared or
reset, and the firewall State table is quickly filled up. This prevents the firewall from
accepting new connections and results in a Denial of Service (DoS).
±
DDoS Attack
—in a distributed denial-of-service attack (DDoS attack), the attacker directs
multiple hosts in a coordinated attack on a victim computer or network. The attacking hosts
send large amounts of spurious data to the victim, so that the victim is no longer able to
respond to legitimate service requests.
To handle teardrop attack
1.
From the main menu, choose Security > SmartDefense.
SmartDefense page is displayed.
SmartDefense GUI is organized as a tree structure in which each branch represents a
category of setting.
19216811.live