176 CHAPTER 13: T YPES OF ATTACK AND F IREWALL DEFENCESThe return address of the ping has been faked (spoofed) to appear tocome from a machine on another network (the victim). The victim is thenflooded with responses to the ping. As many responses are generated foronly one attack, the attacker is able use many amplifiers on the samevictim.The results of a smurf attack range from slowing of the network to thecrashing of the victim devices.Firewall Response as Amplifier: Spoofed IP address is detected andpacket is dropped. Firewall will not act as amplifier.Firewall Response as Victim: Traffic from a smurf attack cannot beseparated from other network traffic. Traffic is allowed to pass.SYN Flood Attack A SYN flood attack attempts to slow your network by requesting newconnections but not completing the process to open the connection.Once the buffer for these pending connections is full a server will notaccept any more connections and will be unresponsive.Firewall Response: The connection request will be completed by theFirewall and the connection monitored to check if data is sent. If no datais sent the Firewall resets the connection.Land Attack A land attack is an attempt to slow your network down by sending apacket with identical source and destination addresses originating fromyour network.Firewall Response: Packet is dropped. Attack is stopped.Intrusion Attacks An Intrusion Attack is designed to get information from your network orplace information on your network. This may be the theft of confidentialmaterial, the defacing of a web site or the theft of passwords or discoveryof network infrastructure that will enable further attacks.External Access Without a firewall your network can be accessed from anywhere on theWide Area Network (WAN) outside your network. The Firewall blocks allattempts to access the Local Area Network (LAN) that are initiated fromoutside your networkFirewall response: Packet is dropped. Attack is stopped.DUA1611-0AAA02.book Page 176 Thursday, August 2, 2001 4:01 PM