1) sending a spoofed packet with the SYN flag set from a host to any port that is open and listening. If the packet is programmed to have the same destination and source IP address, when it is sent to a machine, via IP spoofing, the transmission can fool the machine into thinking it is sending itself a message, which will crash the machine.


2) an attack taking advantage of a known bug in TCP/IP implementation. The attacker uses the ping system utility to make up an IP packet that exceeds the maximum 65,536 bytes of data allowed by the IP specification. Systems may crash or reboot when they received such an oversized packet.


3) an attack exploiting a weakness in the reassembly of IP packet fragments. The attacker creates a sequence of IP fragments with overlapping offset fields. Some systems will crash or reboot when they are trying to reassemble the malformed fragments.


4) attacker sends PING requests to an Internet broadcast address. Each broadcast address can support up to 255 hosts, so a single PING request can be multiplied 255 times. The return address of the request itself is spoofed to be the address of the attacker's victim. All the hosts receiving the PING request reply to this victim's address instead of the real sender's address.

1. Idle Scan
2. PoD
3. FIN
4. Smurf

:?:

You got 2 & 4 correct =)

How about:

1. SYN Flood
3. Boink

:?:

#1 is still wrong, but you get credit for #3. I was actually thinking of the Teardrop attack, but bonk and boink are both variants of this.

w00t!

Ok. One more try on #1. I'm thinking of a different plane of attack now. Probably wrong, but what the hell. I want to say a type of Replay attack. :?

Ok, its been long enough i think, Attack #1 is the Land attack. By making the src ip the same as the dest, it would readily crash windows machines. =)

ok, i know 2, 3, and 4, however on number 1
would it be needed to all out spoof the ip, or you could just create a SYN packet with nemisis or similar to have the same src/dest ip? also, how old is it. and is it still usfull?

for the smurf attack, somthing ive wondered....
would it be possible to combine a land attack and a smurf attack, using the broadcast address to exponetially increase trafic?

example: i create a packet with a src/dest ip of 10.0.0.0 (our broadcast address), have it send this packet out to, for example, 50 machines, have them all return the packets to the broadcast address, then spit those 50 back out to all 50 machines, then spit those 2500 out to all 50 machines, so you get trafic=50^x where as x is equal to the number of packet cycles that has passed?

i havnt really though about it, so if there a glaring logic flaw, please let me know :)

err... that was me ^^^ woops.

oops sorry forgot to set that forum permission. Taken care of now. :)