37 What about denial of service? (Various Attacks - Firewalls)
Description
This article is from the Firewalls FAQ, by Matt Curtin cmcurtin@interhack.net and Marcus J. Ranum mjr@nfr.com with numerous contributions by others.
37 What about denial of service? (Various Attacks - Firewalls)
Denial of service is when someone decides to make your network or firewall
useless by disrupting it, crashing it, jamming it, or flooding it. The
problem with denial of service on the Internet is that it is impossible to
prevent. The reason has to do with the distributed nature of the network:
every network node is connected via other networks which in turn connect to
other networks, etc. A firewall administrator or ISP only has control of a
few of the local elements within reach. An attacker can always disrupt a
connection ``upstream'' from where the victim controls it. In other words,
if someone wanted to take a network off the air, they could do it either by
taking the network off the air, or by taking the networks it connects to off
the air, ad infinitum. There are many, many, ways someone can deny service,
ranging from the complex to the brute-force. If you are considering using
Internet for a service which is absolutely time or mission critical, you
should consider your fall-back position in the event that the network is
down or damaged.
TCP/IP's UDP echo service is trivially abused to get two servers to flood a
network segment with echo packets. You should consider commenting out unused
entries in /etc/inetd.conf of Unix hosts, adding no ip small-servers to
Cisco routers, or the equivalent for your components.
Continue to:
My Books
