Types of attacks and blocks

Please check the Blocking Policy of Hanbiro and Several types of attacks.

Blocking Policy of Hanbiro

  • Analysis and automatic block various TCP attacks
  • Mass UDP automatic blocking
  • Block ICMP, which causes the load on the network equipment
  • Block all IP of non-members who do not belong to White / Black list operations of member site

Types of TCP attacks

SYN Flood

An excessive number of packets on a specific TCP Port. In most cases, the source address is spoofed.

Fragment Flood

An excessive number of fragmented packets.

Connection Flood

An excessive number of Connection.

Source Flood

A single source sends excessive number of IP packets.

Zombie Attack

Too many legitimate IP sources send legitimate TCP packets.

My Doom Attack

Excessive number of packets on HTTP from zombies.

Smurf Attack

Traffic that appears to originate from the target server’s own IP address or somewhere on its network. Targeted correctly, it can flood the network with pings and multiple responses.

Fraggle Attack

Spoofed UDP packets to a list of broadcast addresses. Usually the packets are directed to port 7 on the target machines, which is the echo port. Other times, it is directed to the Character Generator Protocol (CHARGEN) port. Sometimes a hacker is able to set up a loop between the echo and chargen port.

Header Anomaly

This attack generates a load on the web server when requesting a web page has invalid header.

Abnormal User-Agent

User-Agent is the attack that web services of normal web browsers and general client instead of using packets

String attack

This attack targets at a vulnerability in the service daemon and paralyzes certain services by sending a packet containing a specific set of characters, such as ABCDEFG or 1111111 to server.

TimeOut Connection Attack

After changing the state of a TCP connection to the "ESTABLISHED", even there is no more service request, server will also deny all other services (Denial of service condition).

FIN Attack

Continue to create a normal connection, TCP connections and exit and make a normal connection, then immediately exit


UDP Attack

This is a type of Denial of Service (DoS) attack in which the attacker overwhelms random ports on the targeted host with IP packets containing UDP datagrams.


ICMP Attack

This occur by triggering a response from the ICMP protocol when it responds to a seemingly legitimate request (think of it as echoing). Ping for instance, that uses the ICMP protocol. sPing is a good example of this type of attack, it overloads te server with more bytes than it can handle, larger connections. Its ping flood.

Supervisor
Nam Kee Yeon
1544-4755 Ext. 706
keeyeon@hanbiro.com
(English Consultation Available)