FortiDDos DDoS Attack Mitigation Guide - Fortinet
FortiDDos DDoS Attack Mitigation Guide - Fortinet
FortiDDos DDoS Attack Mitigation Guide - Fortinet
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Attack</strong>s to test functionality and performance<br />
Non-spoofed ICMP attack<br />
This is a limited source layer 3 protocol flood in which the sources send IP protocol 1<br />
which corresponds to ICMP. Remember that this would be a layer 4 ICMP type and<br />
code flood, if a specific ICMP type and code is used in the attack packets.<br />
Non-spoofed TCP ACK flood<br />
This is a limited source layer 4 flood in which TCP ACK packets are continuously sent<br />
without establishing formal connections.<br />
Spoofed TCP ACK flood<br />
This is a spoofed layer 4 flood in which TCP ACK packets are continuously sent<br />
without establishing formal connections.<br />
Non-spoofed TCP NULL flood<br />
This is a limited source layer 4 flood in which TCP packets are continuously sent<br />
without establishing formal connections. These packets don't have any flags set in<br />
them and therefore have a header anomaly in layer 4 header.<br />
Spoofed TCP NULL flood<br />
This is a spoofed layer 4 flood in which TCP packets are continuously sent without<br />
establishing formal connections. These packets don't have any flags set in them and<br />
therefore have a header anomaly in layer 4 header.<br />
Non-spoofed TCP random flag flood<br />
This is a limited source layer 4 flood in which TCP packets are continuously sent with<br />
randomly changing TCP flags. Due to the randomization, there may be a header<br />
anomaly in layer 4 header. Some flag combinations are illegal. Example of legal<br />
combinations are SYN-ACK, FIN-ACK. Examples of illegal flag combinations are SYN-<br />
FIN-RST-ACK, SYN-RST etc.<br />
Spoofed TCP random flag flood<br />
This is a spoofed layer 4 flood in which TCP packets are continuously sent with<br />
randomly changing TCP flags. Due to the randomization, there may be a header<br />
anomaly in layer 4 header. Some flag combinations are illegal. Example of legal<br />
combinations are SYN-ACK, FIN-ACK. Examples of illegal flag combinations are SYN-<br />
FIN-RST-ACK, SYN-RST etc.<br />
TCP random sequence, acknowledgement numbers<br />
TCP is a connection-based stateful protocol to complete datagram oriented IP<br />
protocol which it uses as an underlying protocol. It uses sequence numbers and<br />
acknowledgement numbers to ensure proper windowing and end-to-end ordered<br />
Forti<strong>DDoS</strong> <strong>DDoS</strong> <strong>Attack</strong> <strong>Mitigation</strong> <strong>Guide</strong><br />
28-100-167076-20120501 30<br />
http://docs.fortinet.com/ • Feedback