Flooding attack, provide at least two technology
alternatives for addressing the security topic chosen by the team
and overview of its operations, availibility, cost implementation
issues and benefits to the end user --
- Flooding attack -- Flodd attack is also kown
as denial of service attacks(DoS).
- In the flood attack the attackers send large volume of traffic
to system so that the system can not be able to examine and do not
allow pwermission to network traffic.
- Firebox protection against these type of flood attacks
include --
- IPSec, IKE, ICMP, SYN and UDP.
- Preventing flood attack in default packet handling
page, threshold for the allowed number of packets per
second for different types of traffic can be specified.
- When the number of packets exceed the specified threshold, then
the device start to drop traffic of that type on the
interface.
- For example -- If the Drop UDP flood attack
threshold is set to 2000, then the device start to drop UDP packets
from interface that receive more than 2000 UDP packets per
second.
- SIP DoS attacks -- In a craft SIP request that
exploits vulnerability in a SIP proxy of target and result complete
loss of function.
- The flooding attacks can be classified into the
following type --
- Control packets flood -- The attacker flood
SIP proxies with SIP packets like invite message and bogus
responses. the attacker craft authenticated message that fail
authentication message to cause the victim to validate the
message.
- Call data Flood -- The attacker flood the
target with RTP packets without establishing legtimate RTP session.
and attempt to harm processing power.
- Distributed DoS attack -- When attacker gained
control of large number of VoIP capable host and formed zombies
networks in attackers control