Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

NetSec > Chapter 02 > Flashcards

Chapter 02 Flashcards

1
Q

What is TCP?

A

Transmission Control Protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a TCP SYN Flood Attack?

A

A type of denial-of-service attack that exploits the TCP handshake process by sending numerous SYN requests with forged source addresses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are TCP SYN Cookies?

A

A mechanism to protect against SYN Flood attacks by generating an initial sequence number based on a hash function

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What does the TCP 3-way handshake involve?

A

SYN, SYN-ACK, and ACK packets exchanged between a client and server for establishing a connection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Can an attacker with a spoofed source address successfully complete a TCP 3-way handshake?

A

Yes, but only if the attacker can receive the responses to the spoofed packets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What happens when an attacker sends TCP SYN packets with forged source addresses?

A

Bob’s connection table fills up with many half-opened connections, preventing legitimate users from establishing new TCP connections

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How does Bob generate the initial sequence number α in SYN Cookies?

A

α = h(K, Ssyn) where K is a secret key and Ssyn is the source address of the SYN packet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the main advantage of using SYN Cookies?

A

The server does not need to allocate resources after receiving the first SYN packet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a disadvantage of using SYN Cookies?

A

Calculating α may be CPU consuming

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Fill in the blank: The ACK/SEQ number in TCP is only _______ long.

A

32 Bit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the purpose of the ‘check_tcp_syn_cookie’ function?

A

To verify the received syncookie and ensure it is valid

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the significance of the variable ‘count’ in the secure_tcp_syn_cookie function?

A

It increases every minute and is used in the calculation of the secure sequence number

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

True or False: TCP options cannot be negotiated when using SYN Cookies.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What cryptographic function is used in the Linux implementation of TCP SYN Cookies?

A

SipHash, a keyed hash function

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What does the ‘tcp_cookie_time()’ function do?

A

It retrieves the current count for cookie generation based on time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the purpose of the ‘syncookie_secret’ in the Linux kernel?

A

It stores the secret key used for generating SYN Cookies

17
Q

What is the implication of having a poorly implemented SYN Cookie mechanism?

A

It may be vulnerable to cryptoanalysis after receiving a sufficient number of cookies

18
Q

What does the ‘tcp_max_syn_backlog’ parameter control?

A

It determines when to dynamically enable SYN Cookies in the Linux kernel

NetSec (22 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions