First page Back Continue Last page Overview Other Attacks

Other Attacks

There are many other types of attack. Another recent DOS attack is the Ping o’ Death. This exploits a deficiency in the way ICMP messages are handled. The IP layer allocates a 65,536 byte buffer to handle packets, this is the maximum packet size defined in the RFC. However it is possible to specify larger packet sizes using the ping utility. In this case the operating system may accept all the data and overwrite other areas of kernel memory, the usual result is a system crash. The most recent OS releases take account of this bug, although Microsoft’s fix is to restrict the ping command itself, presumably their engineers hadn’t been told that there are still other OS vendors.

ICMP can be used to launch flooding attacks, these are more expensive than SYN flooding but can have interesting results. Ascend routers popular with Internet providers will reset dial-up connections when bombarded with ICMP messages. Network unreachable messages can also be used to confuse routers and applications. ICMP also supports router redirection, this may be exploited as part of a man in the middle attack to redirect traffic through the attackers system. Routing protocols may also be exploited to launch this sort of attack.

IP packets normally only provide a destination address and leave routing decisions up to the router. However there is an option called source routing whereby the source host adds additional information to the IP header about the route the packet should take. This information is also used in replies. Turning off IP forwarding generally does not disable source routing. Dual homed hosts should be protected by an additional screening router.

A program has recently appeared on the Internet that exploits inability of Microsoft operating systems to handle out of band data properly. NT will display the BSOD (Blue Screen of Death) and will have to be rebooted, 95 systems may crash and will also stop talking to the network. Microsoft delayed the release of Service Pack 3 to work on the problem.

Contents ] DNS ] p6spy ] Weblogic Tuning ] Cactus ] The Grinder ] Word to PDF ]

©1994-2006 All text and images copyright: www.abcseo.com; last updated: