Tcp Fragment Attack; Login Dos Attack; Login Dictionary Attack; Blacklist Feature - HP FlexNetwork 10500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Configuration manual (512 pages) ,
- Specifications (42 pages) ,
- Datasheet (20 pages)
Table of Contents
Advertisement
An ICMP flood attacker sends ICMP request packets, such as ping packets, to a host at a fast
rate. Because the target host is busy replying to these requests, it is unable to provide services.
•
ICMPv6 flood attack.
An ICMPv6 flood attacker sends ICMPv6 request packets, such as ping packets, to a host at a
fast rate. Because the target host is busy replying to these requests, it is unable to provide
services.
•
UDP flood attack.
A UDP flood attacker sends UDP packets to a host at a fast rate. These packets consume a
large amount of the target host's bandwidth, so the host cannot provide other services.
TCP fragment attack
An attacker launches TCP fragment attacks by sending attack TCP fragments defined in RFC 1858:
•
First fragments in which the TCP header is smaller than 20 bytes.
•
Non-first fragments with a fragment offset of 8 bytes (FO=1).
Typically, packet filter detects the source and destination IP addresses, source and destination ports,
and transport layer protocol of the first fragment of a TCP packet. If the first fragment passes the
detection, all subsequent fragments of the TCP packet are allowed to pass through.
Because the first fragment of attack TCP packets does not hit any match in the packet filter, the
subsequent fragments can all pass through. After the receiving host reassembles the fragments, a
TCP fragment attack occurs.
To prevent TCP fragment attacks, enable TCP fragment attack prevention to drop attack TCP
fragments.
Login DoS attack
In a login DoS attack, a malicious user can attempt to interfere with the normal operations of a device
by flooding it with login requests. These requests consume the authentication resources, which
makes the device unable to allow legal users to log in.
You can configure login attack prevention to prevent the login DoS attacks. This feature blocks user
login attempts for a period of time after the user fails the maximum number of successive login
attempts.
Login dictionary attack
The login dictionary attack is an automated process to attempt to log in by trying all possible
passwords from a pre-arranged list of values (the dictionary). Multiple login attempts can occur in a
short period of time.
You can configure the login delay feature to slow down the login dictionary attacks. This feature
enables the device to delay accepting another login request after detecting a failed login attempt for
a user.
Blacklist feature
The IP blacklist feature is an attack prevention method that filters packets by source IP addresses in
blacklist entries. Compared with ACL-based packet filtering, IP blacklist filtering is simpler and
provides effective screening at a faster speed.
471
Advertisement
Table of Contents
Troubleshooting
