TCP attacks
TCP SYN attack: This attack begins as a normal TCP connection, the client and server exchange information in TCP packets. A client sends an ACK packet to the server requesting a connection. The server will respond with a packet acknowledging the connection and then the data transmission may continue as normal. But in this attack, the client continually sends ACK packets but does not open a session with the server. This causes the server to hold open all of these sessions which uses up resources and stops others from accessing resources on the server machine. This attack is virtually unstoppable. The only way to combat this is to set limits on the length of an initial session to force sessions that have not completed to close out. This attack may be carried out from a spoofed invalid IP address and it will still be successful. TCP will respond to any valid request made from the IP layer.
TCP sequence number attack: TCP sequence number attacks occur when an attacker takes control of one end of a TCP session. This is a successful attack when the attacker kicks the attacked end node off the network for the duration of the attack. Each time a TCP message is sent, either the client or the server generates a sequence number. In this attack, the attacker intercepts and then responds with a sequence number that is similar to the one used in the original session. This attack can either disrupt or hijack a valid session. If a valid sequence number is guessed, this allows the attacker to place their system in between the client and the server. This allows access to the system privileges of the target system.
TCP/IP Hijacking: TCP/IP Hijacking, also called active sniffing, involves an attacker gaining access to a host on a network and then logically disconnecting it from the network. The attacker then may insert their own machine in place without anyone noticing the change. The network server will not know this has happened and will respond to requests from the machine as it is the original trusted machine. This is not an easy attack to counter, but having secure management of your network and monitoring would go a long way towards countering this threat.
UDP attacks
A UDP attack uses either the maintenance protocol or a UDP service to overload network services and initiates a DoS situation. UDP attacks may also use the UDP protocol. UDP packets are not connection-oriented. They are susceptible to interception by third parties and this may allow attacks upon the UDP layer. UDP like TCP does not check the validity of IP addresses. The IP layer is trusted with this task. The most common UDP attacks involve UDP flooding. UDP flooding overloads services, networks, and servers. Large streams of UDP packets are focused at a target and this causes the UDP services on the host to shut down. UDP floods also cause the network bandwidth to be overloaded and this is how a Denial of Service situation may occur.
ICMP attacks
ICMP attacks are carried out by triggering a response from ICMP to a seemingly innocuous maintenance request.
The ICMP protocol supports debugging and reporting in a network situation. This is commonly used as everyone has used the ping command on Windows or Linux. There are two attack types that are used to attack a network with ICMP, Smurf Attacks and ICMP tunneling.
Smurf attacks: Smurf attacks can create much havoc on a network. Smurf attacks use IP spoofing and broadcasting to send a ping request to a group of hosts on a network. The ICMP ping request is answered if the target system is up, otherwise, it will return an unreachable message. If the broadcast is sent to the network, all of the hosts will answer the ping, this can overload the network due to the volume of data being transferred.
ICMP tunneling: This is a connection between two computers using ICMP ping requests and reply packets. An ICMP packet is always a certain size. So knowing what to look for when analyzing traffic can allow us to see abnormal packets and then act on the traffic to block it. An automatic algorithm can do this. Cisco NetFlow can automatically detect and eliminate abnormal network traffic.
A free trial is available to determine if this product fits your needs.