Attack defense concept and configuration method for the USG2000&5000

Overview of attack defense

Common network attacks generally intrude or overload web servers (hosts), steal sensitive server data, consume bandwidth resources, or interrupt the services provided by the servers for external users. Certain network attacks directly target at network devices. Such attacks may cause anomalies in network services and bring in adverse impacts, or even interrupt the operations of these services.

Network attacks fall into traffic attacks, scanning and sniffing attacks, malformed-packet attacks, and special-packet attacks. The details are as follows:

?raffic attacks

In a traffic attack, an attacker sends mass useless data to exhaust server resources, causing denial of services on the server. This type of attack has mass data packets sent, overloads devices, and exhausts network bandwidth or device resources. Usually, routers, servers, and firewalls provide limited resources. Once overloaded, they may fail to process normal services, causing denial of services. The commonest traffic attack is flood attacks. In flood attacks, attackers send a large number of seemly legitimate TCP, UDP, and ICMP packets to targets. Some attackers even forge the source addresses to evade detection and monitoring.

?canning and sniffing attacks

Scanning and sniffing attacks mainly refer to IP sweep and port scan. In IP sweep, an attacker constantly sends IP (TCP/UDP/ICMP) packets with changing destination addresses to search existing hosts and networks for a target. In port scan, an attacker scans TCP and UDP ports to detect the operating system and potential services of the target. Through scanning and sniffing, attackers can roughly understand the types of services that targets provide and potential vulnerabilities for further intrusions.

?alformed-packet attacks

In malformed-packet attacks, attackers send defective IP packets to target systems. The target systems may encounter errors or crash when handling such packets. Malformed-packet attacks mainly include Ping-of-Death and Teardrop attacks.

?pecial-packet attacks

In special-packet attacks, attackers use legitimate packets to probe networks or detect data. The packets are legitimate application packets but seldom used on networks.

Scroll to top