TCP Protocols and Denial-of-Service Attacks

TCP Protocols and Denial-of-Service Attacks

Instructions/Descriptions

TCP Protocols and Denial-of-Service Attacks

TCP Protocols and Denial-of-Service Attacks: A common exploit for a hacker is to attempt to bring down a popular service, such as Yahoo, by doing a denial-of-service (DOS) attack. A simple DOS attack that can be understood using the simple TCP model of Figure A.1 is TCP Syn-Flooding.

In this attack, the hacker sends a number of SYN packets to the chosen destination D (e.g., Yahoo) using randomly chosen source addresses. D sends back a SYN-ACK to the supposed source S and waits for a response. If S is not an active IP address, then there will be no response from S. Unfortunately, state for S is kept in a pending connection queue at D until D finally times out S.

By periodically sending bogus connection attempts pretending to be from different sources, the attacker can ensure that the finite pending connection queue is always full. Thereafter, legitimate connection requests to D will be denied. • Assume there is a monitor that is watching all traffic.

What algorithm can be used to detect denial-of-service attacks? Try to make your algorithm as fast and memory efficient as possible so that it can potentially be used in real time, even in a router. This is a hard problem, but even starting to think about the problem is instructive. • Suppose the monitor realizes a TCP flood attack is under way. Why might it be hard to distinguish between legitimate traffic and flood traffic?

TCP Protocols and Denial-of-Service Attacks

PLACE THE ORDER WITH US TODAY AND GET A PERFECT SCORE!!!