Manualshelf

User`s guide

ManualsBrandsZyXEL Communications ManualsComputer equipmentB-5000 -
231232233234235236237238239240
ZyAIR B-5000 User’s Guide
Firewall 28-3
28.4.1 Basics
Computers share information over the Internet using a common language called TCP/IP. TCP/IP, in turn, is a
set of application protocols that perform specific functions. An “extension number”, called the "TCP port" or
"UDP port" identifies these protocols, such as HTTP (Web), FTP (File Transfer Protocol), POP3 (E-mail),
etc. For example, Web traffic by default uses TCP port 80.
When computers communicate on the Internet, they are using the client/server model, where the server
"listens" on a specific TCP/UDP port for information requests from remote client computers on the network.
For example, a Web server typically listens on port 80. Please note that while a computer may be intended
for use over a single port, such as Web on port 80, other ports are also active. If the person configuring or
managing the computer is not careful, a hacker could attack it over an unprotected port.
Some of the most common IP ports are:
Table 28-1 Common IP Ports
21 FTP 53 DNS
23 Telnet 80 HTTP
25 SMTP 110 POP3
28.4.2 Types of DoS Attacks
There are four types of DoS attacks:
1. Those that exploit bugs in a TCP/IP implementation.
2. Those that exploit weaknesses in the TCP/IP specification.
3. Brute-force attacks that flood a network with useless data.
4. IP Spoofing.
5. IP Zero Length
1. "Ping of Death" and "Teardrop" attacks exploit bugs in the TCP/IP implementations of various
computer and host systems.
1-a Ping of Death uses a "ping" utility to create an IP packet that exceeds the maximum 65,536
bytes of data allowed by the IP specification. The oversize packet is then sent to an unsuspecting
system. Systems may crash, hang or reboot.
1-b Teardrop attack exploits weaknesses in the reassembly of IP packet fragments. As data is
transmitted through a network, IP packets are often broken up into smaller chunks. Each fragment
looks like the original IP packet except that it contains an offset field that says, for instance, "This
fragment is carrying bytes 200 through 400 of the original (non fragmented) IP packet." The