Please check the Blocking Policy of Hanbiro and Several types of attacks.
An excessive number of packets on a specific TCP Port. In most cases, the source address is spoofed.
An excessive number of fragmented packets.
An excessive number of Connection.
A single source sends excessive number of IP packets.
Too many legitimate IP sources send legitimate TCP packets.
Excessive number of packets on HTTP from zombies.
Traffic that appears to originate from the target server’s own IP address or somewhere on its network. Targeted correctly, it can flood the network with pings and multiple responses.
Spoofed UDP packets to a list of broadcast addresses. Usually the packets are directed to port 7 on the target machines, which is the echo port. Other times, it is directed to the Character Generator Protocol (CHARGEN) port. Sometimes a hacker is able to set up a loop between the echo and chargen port.
This attack generates a load on the web server when requesting a web page has invalid header.
User-Agent is the attack that web services of normal web browsers and general client instead of using packets
This attack targets at a vulnerability in the service daemon and paralyzes certain services by sending a packet containing a specific set of characters, such as ABCDEFG or 1111111 to server.
After changing the state of a TCP connection to the "ESTABLISHED", even there is no more service request, server will also deny all other services (Denial of service condition).
Continue to create a normal connection, TCP connections and exit and make a normal connection, then immediately exit
This is a type of Denial of Service (DoS) attack in which the attacker overwhelms random ports on the targeted host with IP packets containing UDP datagrams.
This occur by triggering a response from the ICMP protocol when it responds to a seemingly legitimate request (think of it as echoing). Ping for instance, that uses the ICMP protocol. sPing is a good example of this type of attack, it overloads te server with more bytes than it can handle, larger connections. Its ping flood.