Vous êtes sur la page 1sur 6


LAND attack ( local Area Network

Denial )-DoS
Smurf Attack DoS
SYN Flood DoS
Fraggle Attack DoS
INVITE of Death DoS (In VOIP)
Non-TCP Flooding

1.LAND attack ( local Area Network Denial)DoS

A LAND (Local Area Network Denial) attack is a DoS (Denial of Service) attack that consists of
sending a special poison spoofed packet to a computer, causing it to lock up

How it works
The attack involves sending a spoofed TCP SYN packet (connection initiation) with the target host's IP
address to an open port as both source and destination.
The reason a LAND attack works is because it causes the machine to reply to itself continuously.
Definition: A LAND attack involves IP packets where the source and destination address are set to
address the same device.

How to avoid being attacked

Most firewalls should intercept the poison packet thus protecting the host from this attack. Some
operating systems released updates fixing this security hole. In addition, routers should be configured
with both ingress and egress filters to block traffic where the source IP address is the same as the
destination because they should block any source address within the same address space as the


Smurf Attack DoS

The Smurf attack is a way of generating significant computer network traffic on a victim network.
This is a type of denial-of-service attack that floods a system
via spoofedbroadcast ping messages.

This attack relies on a perpetrator sending a large amount of ICMP echo request (ping) traffic
to IP broadcast addresses, all of which have a spoofed source IP address of the intended victim. If
the routing device delivering traffic to those broadcast addresses delivers the IP broadcast to all hosts
(for example via a layer 2 broadcast), most hosts on that IP network will take the ICMP echo
request and reply to it with an echo reply, multiplying the traffic by the number of hosts responding.
On a multi-access broadcast network, hundreds of machines might reply to each packet

The fix is two-fold:


Configure individual hosts and routers not to respond to ping requests or



Configure routers not to forward packets directed to broadcast addresses. Until

1999, standards required routers to forward such packets by default, but, in that year, the
standard was changed to require the default to be not to forward.

Another proposed solution is network ingress filtering which rejects the attacking packets on the
basis of the forged source address.
An example of configuring a router not to forward packets to broadcast addresses, for a Cisco router,
Router(config-if)# no ip directed-broadcast

Smurf amplifier
A Smurf amplifier is a computer network that lends itself to being used in a Smurf attack. Smurf
amplifiers act to worsen the severity of a Smurf attack because they are configured in such a way that
they generate a large number of ICMP replies to the victim at the spoofed source IP address.

3.SYN Flood DoS

A SYN flood is a form of denial-of-service attack in which an attacker sends a succession

of SYN requests to a target's system in an attempt to consume enough server resources to make the
system unresponsive to legitimate traffic.

Technical details
Normally when a client attempts to start a TCP connection to a server, the client and server exchange a
series of messages which normally runs like this:
1. The client requests a connection by sending a SYN (synchronize) message to the server.
2. The server acknowledges this request by sending SYN-ACK back to the client.

3. The client responds with an ACK, and the connection is established.

This is called the TCP three-way handshake, and is the foundation for every connection established using
the TCP protocol.

A SYN flood attack works by not responding to the server with the expected ACK code. The malicious
client can either simply not send the expected ACK, or by spoofing the source IP address in the SYN,
causing the server to send the SYN-ACK to a falsified IP address - which will not send an ACK because it
"knows" that it never sent a SYN.
The server will wait for the acknowledgement for some time, as simple network congestion could also be
the cause of the missing ACK, but in an attack increasingly large numbers of half-open connections will
bind resources on the server until no new connections can be made, resulting in a denial of service to
legitimate traffic. Some systems may also malfunction badly or even crash if other operating system
functions are starved of resources in this way.

There are a number of well-known countermeasures, [1]including:

SYN cookies

provide protection against the SYN flood by eliminating the resources allocated on the

target host.
Limiting new connections per source per timeframe is not a general solution since the attacker can spoof
the packets to have multiple sources.

SYN cookies -are the key element of a technique used to guard against SYN flood attacks. Daniel
J. Bernstein, the technique's primary inventor, defines SYN cookies as "particular choices of
initial TCP sequence numbers by TCP servers." In particular, the use of SYN cookies allows a server to
avoid dropping connections when the SYN queue fills up. Instead, the server behaves as if the SYN
queue had been enlarged. The server sends back the appropriate SYN+ACK response to the client but
discards the SYN queue entry. If the server then receives a subsequent ACK response from the client, the
server is able to reconstruct the SYN queue entry using information encoded in the TCP sequence

4.Fraggle Attack DoS

Same as Smurf attack but Smurf attack uses ICMP broadcast but Fraggle uses UDP echo packets
In computer security a fraggle attack is a type of denial-of-service attack where an attacker
sends a large amount of UDP echo traffic to IP broadcast addresses, all of it having a fake source
address. This is a simple rewrite of the smurf attack code.

5.INVITE of Death DoS (In VOIP)

An INVITE of Death is a type of attack on a VoIP-system that involves sending a malformed or otherwise
malicious SIP INVITE request to a telephony server, resulting in a crash of that server. Because
telephony is usually a critical application, this damage causes significant disruption to the users and
poses tremendous acceptance problems with VoIP. These kinds of attacks do not necessarily affect only
SIP-based systems; all implementations with vulnerabilities in the VoIP area are affected. The DoS attack
can also be transported in other messages than INVITE. For example, in December 2007 there was a
report about a vulnerability in the BYE message ("BYE BYE") by using an obsolete header with the name
"Also". However, sending INVITE packets is the most popular way of attacking telephony systems.
SIP-Session Initiation Protocol
BYE Connection ending in VOIP

In a Teardrop attack, the attacker sends two IP fragments, the latter entirely contained within the former.
This causes some computers to allocate too much memory and crash.

7.Non-TCP Flooding
Advanced firewalls maintain state information about connections in a State table. In Non-TCP Flooding
attacks, the attacker sends high volumes of non-TCP traffic. Since such traffic is connectionless, the
related state information cannot be cleared or reset, and the firewall State table is quickly filled up. This
prevents the firewall from accepting new connections and results in a Denial of Service (DoS).