Continuing previous article about Network attack types, below are the other two attack which are ping of death and Half open connection, describe as below:
Ping of Death is an attack (Denial of Service) DoS against a server / computer that is connected in a network. These attacks take advantage of existing features in the TCP / IP packet fragmentation or breakdown of the package, and also the fact that the limit on the IP protocol packet size is 65,536 bytes or 64 kilobytes. Attackers can send various ICMP packets (used to ping) are fragmented so that when the packets are put back together, then the total packet size exceeds the limit of 65,536 bytes.
A simple example is as follows: C: \ windows> ping-l 65 540
MSDOS commands on a ping or ICMP packet delivery to a size of 65,540 bytes host / server. At the time a server is not protected receives a packet that exceeds the size specified in the IP protocol, the server usually crashes, hangs, or reboot so that the service be disrupted (Denial of Service).
In addition, Ping of Death attack packets can be easily dispoof or engineered so it can not know the real origin of which, and the attacker only needs to know the IP address of the computer you want attacked. But today, Ping of Death attacks are no longer effective because all the operating system has been upgraded and protected from these types of attacks like this. In addition, the firewall can block all ICMP packets from the outside so that these types of attacks can not be done anymore.
Half-open connection is also referred to as a SYN attack, attack because it uses a SYN (synchronization) and the weaknesses that exist in 3-way handshake at connection time of TCP / IP to be established between two computers. In a 3-way handshake to establish a TCP / IP link between the client and server, what happens is as follows:
* First, the client sends a SYN packet to the server / host to establish the relationship of TCP / IP between the client and host.
* Second, the host replied by sending a SYN / ACK (synchronization / Acknowledgement) back to the client.
* Finally, the client replied by sending a packet ACK (Acknowledgement) back to the host. Thus, the relationship of TCP / IP between the client and the host is established and data transfer can begin.
In the half-open connection attacks, the attacker sends to the server that is about to be attacked many SYN packets that have been dispoof or engineered so that the source address (source address) become invalid. In other words, the origin address of SYN packets are not pointed at the computer that really exists. At the time the server receives the SYN packets, then the server sends a SYN / ACK to respond to each SYN packet received. However, since the SYN / ACK from the server is sent to an address that does not exist, then the server will continue to wait to receive an answer in the form of ACK packets.
If the server is flooded with SYN packets are invalid, then the server will eventually run out of memory and computing resources because the server continues to wait for ACK packets received an answer that will never come. Eventually the server will crash, hang, or reboot and there was disruption to services (denial of service). This type of attack half-open connection or a SYN attack can be prevented by packet filtering and firewall, so that the SYN packets are invalid can be blocked by a firewall before flooding the servers.