Reference Guide (Supporting software release 5.5.0.0 and later) Owner manual
Brocade Mobility RFS Controller CLI Reference Guide 989
53-1003098-01
14
option-route Optional. Enables an IP Option Record Route DoS check
router-advt Optional. Detects router-advertisement attacks
This attack uses ICMP to redirect the network router function to some other host. If that host can not
provide router services, a DoS of network communications occurs as routing stops. This can also be
modified to single out a specific system, so that only that system is subject to attack (because only that
system sees the 'false' router). By providing router services from a compromised host, the attacker can
also place themselves in a man-in-the-middle situation and take control of any open channel at will (as
mentioned earlier, this is often used with TCP packet forgery and spoofing to intercept and change open
TELNET sessions).
router-solicit Optional. Detects router solicitation attacks
The ICMP router solicitation scan is used to actively find routers on a network. A hacker could set up a
protocol analyzer to detect routers as they broadcast routing information on the network. In some
instances, however, routers may not send updates. For example, if the local network does not have other
routers, the router may be configured to not send routing information packets onto the local network.
ICMP offers a method for router discovery. Clients send ICMP router solicitation multicasts onto the
network, and routers must respond (as defined in RFC 1122). (For more information about the process of
ICMP router solicitation, see "Routing Sequences for ICMP.")
By sending ICMP router solicitation packets (ICMP type 9) on the network and listening for ICMP router
discovery replies (ICMP type 10), hackers can build a list of all of the routers that exist on a network
segment. Hackers often use this scan to locate routers that do not reply to ICMP echo requests
smurf Optional. In this attack, a large number of ICMP echo packets are sent with a spoofed source address.
This causes the device with the spoofed source address to be flooded with a large number of replies.
snork Optional. This attack causes a remote Windows™ NT to consume 100% of the CPU’s resources. This
attack uses a UDP packet with a destination port of 135 and a source port of 7, 9, or 135. This attack can
also be exploited as a bandwidth consuming attack.
tcp-bad-sequence Optional. A DoS attack that uses a specially crafted TCP packet to cause the targeted device to drop all
subsequent network traffic for a specific TCP connection
tcp-fin-scan Optional. Detects TCP FIN scan attacks
Hackers use the TCP FIN scan to identify listening TCP port numbers based on how the target device
reacts to a transaction close request for a TCP port (even though no connection may exist before these
close requests are made). This type of scan can get through basic firewalls and boundary routers that
filter on incoming TCP packets with the Finish (FIN) and ACK flag combination. The TCP packets used in
this scan include only the TCP FIN flag setting.
If the target device's TCP port is closed, the target device sends a TCP RST packet in reply. If the target
device's TCP port is open, the target device discards the FIN and sends no reply.