Product specifications

Efficient Networks
®
Router family
Technical Reference Guide
Chapter 5: System Security
Efficient Networks
®
Page 5-45
Finger Bomb
In this attack, an intruder can disrupt services by causing excessive processing on the
target system. In order to run this attack, the hacker could execute the command:
finger rob@example.com@example.com@example.com……
This causes excessive CPU time by forcing the target server to recursively execute
the finger until it reaches the end of the list. The solution is, to disable fingerd support
for redirections (for example GNU finger). One can also turn the finger service off (but
this not advisable).
Since the router does not implement finger, the router cannot be attacked in this
manner. The firewall, by default, filters the finger service.
Fraggle
In this attack, the attacker bombards the victim site with continuous stream UDP echo
requests sent to a directed broadcast address. Since the echo request is sent to a
broadcast address, all the hosts on the network send back a reply packet. One packet
from the attacker can then generate hundreds or thousands of UDP response packets
and congest the victim network. The source address is also spoofed in such attacks,
so that another victim site gets flooded with these thousands of response packets. By
default, the firewall filters any requests to the UDP echo service.
Ping Flood
In this attack, the attacker bombards the victim host with a continuous stream of ICMP
echo requests. In a distributed Ping flood attack, the victim host and victim network
get flooded with echo ICMP requests from a large number of hosts. Protection form
this type of attack is dispensed by the threshold mechanism described in ICMP Flood
Attack.
Smurf
In this attack, the attacker bombards the victim site with a continuous stream of ICMP
echo requests sent to a directed broadcast address. Since the ping request is sent to
a broadcast address, all the hosts on the network send back a reply packet. One
packet from the attacker can thus generate hundreds or thousands of ICMP response
packets and congest the victim's network. The source address is also spoofed in such
attacks, so that another victim site gets flooded with these thousands of response
packets. Protection form this type of attack is also handled by the threshold
mechanism described in ICMP Flood Attack.