Network Security Attacks

There are several types of Network Security Attacks as described below:

1. SYN Flood
   

   Here the attacker sends a SYN request from a spoofed source address. When the server responds with SYN-ACK, the source never replies back leaving the server handing with a half-open connection (Typically the client sends a SYN-ACK-ACK to complete the three way handshake). Half open connections consume resources eventually degrading the performance of the server.

   CISCO routers employ ‘TCP Intercept’ and ‘CAR – Committed Access Rate’ features to combat SYN-FLOOD. You can also change the default setting for the ‘maximum number of half-open TCP connections’

2. UDP Flood
   

   Here the server is flooded with UDP requests, degrading the performance of the Server

3. ICMP Flood
   

   Here the Server is flooded with ‘echo’ requests (which is an ICMP request), degrading the performance of the Server.

   It is best to drop ICMP packets at the router or Firewall.

4. Smurf
   

   Here the attacker sends ICMP request packets to the broadcast address of the target network using a spoofed source address. The target responds with a echo request to all the hosts in the network, eventually overwhelming the network.

5. Fraggle
   

   A flavor of Smurf attack which uses UDP Echo packets (UDP Port 7) instead of ICMP packets. Cisco routers can be configured to disable the TCP and UDP services (TCP and UDP small servers) to defend against Fraggle

6. Bluejacking and bluesnarfing
   

   Here the Bluetooth enabled devices are attached. In Bluejacking, unsolicited messages are sent. In Bluesnarfing, personal information such as pictures and contacts, and cell phone information such as serial numbers are stolen.