Example Packet Specifications

• Ping of Death: over-sized ping packets

  • packet(p)|(fragmented(p) &&  (p.offset + p.tot_len - 20 > 65535) ? drop()

• Neptune: SYN-packet flooding

  • unlike previous specs, but like many other network attacks: not deterministic
  • uses abstractions for aggregation with aging

• UDP Storm: loop between simple UDP services

  • packet(p)|(p.udp_sport in UDP_SIMPLE_SVCS) && (p.udp_dport in UDP_SIMPLE_SVCS) ? drop()

Previous slide

Next slide

Back to first slide

View graphic version