2 cissp ® Official Study Guide Eighth Edition

752
Chapter 17 
■
Preventing and Responding to Incidents
Although the ping of death isn’t a problem today, many other types of 
attacks cause buffer overflow errors (discussed in Chapter 21). When ven-
dors discover bugs that can cause a buffer overflow, they release patches 
to fix them. One of the best protections against any buffer overflow attack 
is to keep a system up-to-date with current patches. Additionally, produc-
tion systems should not include untested code or allow the use of system 
or root-level privileges from applications.
Teardrop 
In a
teardrop attack
, an attacker fragments traffi c in such a way that a system is unable to 
put data packets back together. Large packets are normally divided into smaller fragments 
when they’re sent over a network, and the receiving system then puts the packet fragments 
back together into their original state. However, a teardrop attack mangles these pack-
ets in such a way that the system cannot put them back together. Older systems couldn’t 
handle this situation and crashed, but patches resolved the problem. Although current 
systems aren’t susceptible to teardrop attacks, this does emphasize the importance of keep-
ing systems up-to-date. Additionally, intrusion detection systems can check for malformed 
packets.
Land Attacks 
A
land attack
occurs when the attacker sends spoofed SYN packets to a victim using the 
victim’s IP address as both the source and destination IP address. This tricks the system 
into constantly replying to itself and can cause it to freeze, crash, or reboot. This attack 
was fi rst discovered in 1997, and it has resurfaced several times attacking different ports. 
Keeping a system up-to-date and fi ltering traffi c to detect traffi c with identical source and 
destination addresses helps to protect against LAND attacks.

Download 19,3 Mb.

Do'stlaringiz bilan baham: