Đang chuẩn bị liên kết để tải về tài liệu:
cisco press router security strategies phần 9

được bảo vệ bởi một tường lửa cá nhân, cho example.7 Một quét nổi tiếng khác là cái gọi là Xmas cây quét. Công cụ quét Nmap sử dụng các cờ vì thế tên Xmas-cây (hoặc tất cả các lá cờ thắp sáng) cho các quét. Xmas Tree quét (còn gọi là nastygram, kamikaze, | TCP Header 515 Table B-2 TCP Header Fields and Their Security Implications Continued Bit-Offset Header Field Header Value and Description protected by a personal firewall for example.7 One other well-known scan is the so-called xmas-tree scan. The scanning tool Nmap uses the flags FIN-URG-PSH in its xmas scan mode -sX option . Other tools use the full set of TCP flags URG-ACK-PSH-RST-SYN-FIN hence the name xmas-tree or all flags lit up for these scans. Xmas Tree scanning also referred to as nastygram kamikaze and lamp-test is most often used to bypass simple firewalls and in OS fingerprinting techniques. Any packet that uses the URG or PSH flags may always carry data. WinNuke is an older attack against a Windows system that caused a Blue Screen of Death BSOD . The exploit consisted of setting the URG flag but not following it with data and then sending an RST to tear down the connection. The combination SYN-PSH is invalid because a SYN would never be used in a packet carrying data. Other variations exist as well all are illegal. 112-127 16 bits Window This value is exchanged by each side of the TCP connection to tell the opposite side how much data it is capable of buffering and hence how much data the opposite side can send before pausing and waiting for acknowledgement from the receiver of the data. Because TCP is a full-duplex protocol there are two window sizes one in each direction. Security Implications This is perhaps the most important field in legitimate TCP connections in that it is a key factor for efficient data transmission. The window value is also used as a form of flow control. The maximum value is 65 535 bytes. Typically the window value fluctuates as data is received and processed. Under normal conditions if the receiver s input buffer is full it will advertise a window size of 0 indicating that the other side should stop sending data until it is told to do so with an increased window size . All TCP attacks against existing connections require .