Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

NetSec > TCP-Attacks > Flashcards

TCP-Attacks Flashcards

1
Q

What is TCP SYN flood attack?

A

Since TCP needs 3 way handshake to initiate the connection, an attacker can send SYN packets with forged source addresses, when the victim replies to those source addresses, he does not receive anything back from them because they did not initiate the connection. This will fill up many half opened connections in bobs connection table.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How can we protect ourselves from TCP SYN flood attack?

A

TCP SYN Cookies.
Instead of having a connection table, this time Bob (the victim) calculates the initial sequence number like a = h(K,Ssyn) where K is a secret key, Ssyn is the source address of the SYN packet (first packet) and sends it with the ACK flag (second packet).
When Bob receives the third packet, he can check whether the ACK flag equals a+1, if so, he can make sure that the client sent a SYN message earlier.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the advantages and disadvantages of the TCP SYN Cookie?

A

Adv:
1.No need to allocate resources after the first SYN packer.
2.Syn cookies dont require changes in the specification of the TCP protocol.
3.The client dont have to be aware that the server is using SYN cookies.

Disadv:
1.Calculating a may be cpu consuming
2.ACK/SEQ number are only 32 bit long

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

NetSec (12 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions