Principles of Cybersecurity, 1st Edition page 274

Copyright Goodheart-Willcox Co., Inc. 274 Principles of Cybersecurity Quick Look 8.2.1 Continued 9. Double-click a reply frame to open it. Expand the Internet Control Message Protocol area in the top of the details window, and then expand Data under that. Notice that Windows sends an alphanumeric sequence for the data during ping requests, as shown. The Linux version of the ping command uses numerical values for the padding. This will be helpful in revealing the operating system being used in the ping transmissions. Alphanumeric sequence Protecting Against DoS Attacks Much of the protection against DoS attacks takes place on the edge routers or other security appliances using special confi gurations and access-control lists. An edge router is a router that separates the internal network from the public network. One such option is the use of fl ood guards. A fl ood guard can drop the packets or apply fi lters in place on switches or routers if a denial of service attack is detected. It is either a standalone device installed on the network or a component of a fi rewall. During a normal three-way handshake, when the target receives a SYN packet, the transmission control block (TCB) functionality in TCP/IP stores a TCB SYN-RECEIVED state. This indicates the session is only halfway performed. Since a SYN fl ood never completes this process, the TCB cannot change the status to ESTABLISHED, as shown in Figure 8-23. If a SYN fl ood occurs, so many of these TCB statuses can exhaust the memory of the target. If the source IP is not faked, or spoofed, the IP can be blocked in the fi rewall. Many DoS attacks occur with spoofed IP addresses. A way to overcome this is to limit the total number of sessions. This prevents the system from being overloaded with traffi c. There are other preventative measures that can be taken. The client can be confi gured with antimalware to prevent the host from running programs as part of a larger botnet. It is also possible to turn off ICMP at the host through a host fi re- wall. This prevents the host from responding to ICMP requests. However, turning off ICMP prevents legitimate uses of the ping and tracert commands. Ping Sweeps Hackers can often use common networking tools to exploit inherent vulner- abilities. One such tool is a ping sweep. A ping sweep scans a subnet using ICMP requests to map out valid IP addresses. This is helpful to network administrators CompTIA Security+ 3.2

Previous Page Next Page

Principles of Cybersecurity, 1st Edition Page 274 (286 of 634)

Resources and Downloads

Help