Network and Internet Security - PowerPoint PPT Presentation

About This Presentation
Title:

Network and Internet Security

Description:

Network and Internet Security CISSP All in One. Shon Harris * CISSP All in One. Shon Harris * Application Layer Security Secure Remote Procedure Call (SRPC) Uses ... – PowerPoint PPT presentation

Number of Views:283
Avg rating:3.0/5.0
Slides: 107
Provided by: work218
Category:

less

Transcript and Presenter's Notes

Title: Network and Internet Security


1
Network and Internet Security
2
The OSI Model
  • Developed in the early 1980's by the Open Systems
    Interconnect group
  • Became a standard for discussing and detailing
    how network operations actually function
  • Before OSI many different conflicting standards.

3
The OSI Stack
Networked applications 7. Application
Networked applications 6. Presentation
Networked applications 5. Session
Network overhead and end to end addressing 4. Transport
Network overhead and end to end addressing 3. Network
LAN WAN delivery systems 2. Data Link
LAN WAN delivery systems Physical
How to remember People Dont Need To See Paula Abdul Please Do Not Throw Sausage Pizza Away How to remember People Dont Need To See Paula Abdul Please Do Not Throw Sausage Pizza Away

4
OSI and TCP/IP
5
Protocol
  • What is a protocol?
  • - A set of rules we adhere to
  • - Specifies how things will work

6
Physical Layer
  • Bits, bytes, and electrical signals
  • Means of moving information from point A to point
    B
  • Could be wireless, ethernet, modem, phone line.

7
Data Link Layer
  • Where frames are built
  • Frame - A logical organization / packaging of the
    data
  • Protocols
  • Address Resolution Protocol (ARP)
  • Reverse Address Resolution Protocol (RARP)
  • Point-to-Point Protocol (PPP)
  • Serial Line Internet Protocol (SLIP)

8
Network Layer
  • It's all about IP and routing
  • IP will only deliver.
  • Protocols
  • Internet Protocol (IP)
  • Internet Control Message Protocol (ICMP)
  • Internet Group Management Protocol (IGMP)
  • Routing Information Protocol (RIP)
  • Open Shortest Path First (OSPF)
  • Novel Internetwork Packet Exchange (IPX)

9
Transport Layer
  • Provides end-to-end transport services and
    establishes logical connection between
    communicating computers
  • Protocols
  • TCP - Reliable protocol, connection oriented
  • UDP- Fast Protocol, connection less
  • SSL
  • SPX

10
Session Layer
  • Establishes and maintains the session and traffic
    between two computers
  • Session Layer keeps track of what data goes where
  • Analogy Traffic Cop
  • Protocols
  • Network File System (NFS)
  • NetBIOS
  • Structured Query Language (SQL)
  • Remote procedure call (RPC)

11
Session Layer
  • Communication between two applications to in
    three different modes
  • Simplex
  • Communication takes place in one direction.
  • Half-duplex
  • Communication takes place in both directions, but
    only one application can send information at a
    time.
  • Full-duplex
  • Communication takes place in both directions, and
    both applications can send information at the
    same time.

12
Presentation Layer
  • Deals with how data is formatted how users see
    it
  • Services encryption, decryption, compression,
    decompression
  • Presentation Layer Standards
  • ASCII
  • EBCDIC
  • TIFF
  • JPEG
  • MPEG
  • MIDI

13
Application Layer
  • Application layer formats the data and displays
    it
  • Protocols
  • FTP
  • TFTP
  • SNMP
  • SMTP
  • Telnet
  • HTTP

14
Network Security
  • Security can be implemented at different layers
    of the OSI model to provide a more robust
    architecture
  • Goal - defense and depth

15
Physical Layer Security
  • Secure
  • Cable
  • Fiber
  • Wireless

16
Network Layer Security
  • IP Security or IPsec
  • A set of protocols developed by the (Internet
    engineering task force)IETF to support secure
    exchange of packets at the IP layer
  • Widely used to protect VPNs

17
Transport Layer Security
  • Guarantees privacy and data integrity between
    client server applications communicating over the
    Internet

18
Session Layer Security
  • Encryption at the session layer protects data

19
Application Layer Security
  • The level of security provided by applications
    varies
  • Some are more secure and have encryption built in
    (e.g., secure shell)
  • Others are less secure and send information in
    clear text (e.g., FTP)

20
TCP/IP Protocol Stack
7 Process layer
6 Process layer
5 Host-to-host
4 Host-to-host
3 Internet
2 Network Access Layer
1 Network Access Layer
21
Network Access Layer
  • All things physical
  • Includes cabling, framing, hardware equipment

22
Internet Layer
  • All things logical i.e., software
  • Where Internet Protocol (IP) fits in
  • Makes sure frames from network layer reach the
    correct destination
  • IP postman- Determines the best route from
    source to target network
  • Different types of frames for internal and
    external routing
  • Analogy Interoffice envelope Vs FedEx envelope

23
Host to Host Layer
  • Ensures that packets are delivered quickly and/or
    reliably
  • Two protocols reside at this layer
  • - TCP - Reliable
  • - UDP Quick
  • Think about TCP (professional) and UDP (your
    friends) as moving services

24
Host to Host Layer
  • TCP
  • Connection-oriented protocol
  • Provides reliable communication using
  • Handshaking
  • Acknowledgments
  • Error detection
  • Session teardown
  • TCP data is referred as segments
  • TCP moves data in segments
  • Each segment is verified as it moves across the
    network

25
Host to Host Layer
  • User Datagram Protocol (UDP)
  • - A protocol without a connection
  • - Offers speed and low overhead
  • - Datagram
  • - No set up or shutdown
  • UDP is fast but unrealiable
  • VOIP, video-conferencing

26
Process or Application Layer
  • Telnet Port 23
  • SMTP Port 25
  • HTTP Port 80
  • DNS port 53
  • FTP Port 20, Port 21
  • TFTP (trivial FTP) Port 69
  • SNMP Port 61

27
Signaling Types
  • Analog
  • Digital
  • Robust and can recover from errors
  • Widely used

28
Data Transmission Methods
  • Synchronous communications
  • High speed data synchronized by electronic clock
    signals
  • Takes place between two devices that are
    synchronized via a clocking mechanism
  • Asynchronous communications
  • Transfer data by sending bits sequentially
  • used when two devices are not synchronized
  • Data transfer can take place at any time

29
Signaling Methods
  • Broadband
  • More than one signal at a time
  • Cable 160 TV channels Internet
  • DSL Phone internet
  • Baseband - One signal at a time
  • Ethernet
  • Dial up phone line

30
Transmission Methods
  • unicast transmission
  • packet goes from source computer to one
    particular system
  • Multicast
  • packet goes to a specific group of systems
  • Broadcast
  • If a system wants all computers on its subnet to
    receive a message

31
Transmission Methods
  • IP multicast protocols use a Class D address
  • special address space designed especially for
    multicasting
  • used to send out information, multimedia data,
    real-time video and voice clips.
  • IGMP is used to report multicast group
    memberships to routers.
  • When a user chooses to accept multicast traffic,
  • User becomes a member of a particular multicast
    group.
  • IGMP allows a computer to inform the local
    routers that user is part of a group and to send
    traffic with a specific multicast address to her
    system.

32
Network Topologies
33
Topologies
  • Bus
  • linear, single line
  • Ring
  • Linear and closed loop
  • Star
  • All systems connected to a single point
  • Tree
  • Bus topologies, multiple braches
  • Mesh
  • Multi connection of systems
  • Provides redundancy and multiple routes to
    systems

34
Ethernet
  • Shares media
  • Broadcast and collision domains
  • CSMA/CD access method
  • Implemented on
  • -10 base-2(thin net)
  • -10 base-5 (coax cable)
  • -10 base-T (twisted pair, RJ45 connector)

35
Fast Ethernet-
  • 100Mbps
  • CSMA/CD
  • Twisted pair
  • Support 10/100 Mbps

36
Token Rings
  • Token passing technology
  • Multistation access unit (MAU)
  • Each computer connected to a Central hub
  • LAN networks
  • Mechanisms to deal with problems
  • Active Monitor removes frames continuously
    circulating on the network
  • beaconing if a computer detects a problem with
    the network it sends a beacon frame.

37
FDDI
  • Fiber Distributed Data Interface
  • Ring topology
  • Dual ring for redundancy
  • Data transmission speed of 100 mbps
  • Token passing
  • Used for distances up to 100 kilometers
  • MAN networks

38
Network Cabling
  • Required for the modern network
  • Different types of cable have
  • - Specific speeds
  • - Maximum cable runs
  • - Connectivity issues

39
Common Cable Specs
Ethernet Name Cable Specifications Distance Supported Topology
10Base5 50-ohm Thick Coaxial 500 Meters Bus
10Base2 50-ohm RG-58 A/U 185 Meters Bus
10BaseT Cat 3 UTP (or better) 100 Meters Star
100BaseTX Cat 5 UTP (or better) 100 Meters Star
Gigabit Ethernet Cat 6 UTP (or better) Depends Star
40
Fiber Cable
  • Multimode fiber optic cable
  • Uses LED to transmit data
  • 200 meters Max
  • Singlemode fiber optic cable
  • Laser
  • 200 miles max

41
Cabling Issues
  • Noise
  • Caused by surrounding devices
  • Caused by motors, computers, copy machines,
    fluorescent lighting
  • Distortion of signal
  • Attenuation
  • Loss of signal strength as it travels
  • Length of cable
  • Use repeater
  • Can also be caused by cable breaks
  • Crosstalk
  • Signals from one wire spill over to other
  • UTP is susceptible to crosstalk

42
Cabling Issues
  • Fire rating
  • Non plenum rated cables polyvinyl chloride (PVC)
    jacket covering
  • plenum-rated cables jacket covers made of
    fluoropolymers
  • will not produce and release harmful chemicals in
    case of a fire
  • pressurized conduits
  • if someone attempts to access a wire the pressure
    of the conduit will change, causing an alarm

43
LAN Protocols
  • Address Resolution Protocol (ARP)
  • Reverse Address Resolution Protocol (RARP)
  • Internet Control Messaging Protocol (ICMP)

44
Address Resolution Protocol (ARP)
  • Resolves known IP addresses to unknown MAC
    addresses
  • ARP maps the MAC address and associated IP
    addresses
  • Mapping is stored in a table
  • ARP Table poisoning
  • Attacker alters a systems ARP table
  • IP address is mapped to a different MAC address
  • type of masquerading attack.

45
Reverse Address Resolution Protocol (RARP)
  • Diskless environments
  • Clients connecting to the mainframes
  • Workstation broadcasts its MAC addresses and RARP
    server assigns IP address
  • RARP evolved into BOOTP which evolved into DHCP

46
Internet Control Messaging Protocol (ICMP)
  • Designed for logical errors and diagnostics
  • Most commonly seen as a ping
  • Ping to check connectivity
  • Malicious use to check if a device is up and
    running to attack it
  • Ping DoS

47
Routing Protocols
  • Vector-distancing
  • List of destination networks with direction and
    distance in hops
  • Router has a table with the destination and the
    number of hops data will make to get to the
    destination
  • Use if the network has 2 or 3 segments
  • Link-state routing
  • Topology map of network identifies all routers
    and sub networks
  • Route is determined from shortest path to
    destination
  • Use if network is highly meshed with multiple
    subnetworks
  • Routes that can be manually loaded (static) or
    dynamically maintained router
  • Routing path is loaded manually in a command line
    or GUI
  • Router uses the path entered to route data

48
Routing Protocols
  • RIP
  • Distance vector
  • RIP based on hop counts
  • Interior Gateway Protocol
  • Noisy not the most efficient
  • Broadcast routes every 30 seconds
  • Lowest cost / closest route always best even is
    the route is congested
  • Physical limitation Cannot route beyond 16
    points
  • No security anyone can pretend to be arouter
  • Masquerading attack

49
Routing Protocols
  • Open Shortest Path First (OSPF)
  • Link-state routing
  • Interior Gateway Protocol
  • Routers elect a Designated Router (DR)
  • All routers establish a topology database using
    DR as gateway between areas
  • A replacement for outdated RIP

50
Routing Protocols
  • Border Gateway Protocol (BGP)
  • Core of Internet
  • Used to exchange high volume of data between
    routers
  • Exterior Gateway Protocol (EGP)
  • Used to exchange routing data with core and other
    autonomous systems
  • Routes data to subsystems
  • Interior Gateway Protocol (IGP)
  • Used within autonomous systems
  • Organization with multiple networks
  • Data routed within multiple networks

51
Routing Protocols
  • Border Gateway Protocol (BGP)
  • Exterior Gateway Protocol
  • Can support multiple paths between autonomous
    systems
  • Most ISPs use BGP
  • Can detect and suppress routing loops
  • Lacks security, authentication
  • Internet recently went down because of
    incorrectly configured BGP on an ISP router

52
Domain Name Service (DNS)
  • Resolves known Fully Qualified Domain Names
    (FQDNs) to unknown IP addresses
  • Example Domain Name Yahoo.com
  • DNS will resolve the IP address for us

53
  • Networking Equipment and routing protocols

54
Data Network Devices
  • Hubs / repeaters / concentrators
  • Provides physical interconnection
    of multiple nodes to a network
  • Bridge
  • Connects two network segments
  • Layer 2 device

55
Data Network Devices
  • Router
  • Contains network management protocols that
    enhance network functionality
  • Operates in network layer 3
  • Handles packet traffic across the networks

56
Data Network Devices
  • Brouter
  • A router that can bridge, merging both
    capabilities into a single box
  • Routes selected protocols
  • Bridges all other traffic
  • Bridge two networks at layer 2 and also add some
    routing capabilities
  • Gateway
  • Acts as a translator between networks using
    incompatible protocols
  • Operates in any layer from 4 to 7

57
Switch
  • Multiport connection device
  • Each port provides dedicated bandwidth to the
    device attached to it
  • Multilayer switches combine data link layers,
    network layer and other layer functionalities

58
Switch
  • Layer 2 routing based on MAC address
  • Layer 3/4 Like a router.
  • Routing based on IP address
  • Routes are chosen based on availability and
    performance
  • Tags are assigned to each destination network or
    subnet
  • Switch appends tags to the packet
  • Switches between the source and destination
    review tag information.
  • Multiprotocol label switching (MPLS)
  • Priority information is placed in tags
  • E.g. Video conferencing

59
Switch and VLANS
  • Switch makes it difficult for intruders to sniff
    and monitor network traffic
  • No broadcast and collision information
  • VLANS
  • Use switches
  • Logically (instead of physically) segment users
    and computers based on
  • Resource requirements
  • Security policies
  • Business needs

60
Firewall Types
  • Packet Filtering
  • Stateful
  • Proxy
  • Dynamic packet filtering
  • Kernel proxy

61
Firewall Architecture
  • Screened Hosts
  • Dual Home
  • Screened subnet

62
Packet Filtering Firewall
  • Packet-filtering router
  • Most Common
  • Uses access control lists (ACLs)
  • Port
  • Source/ destination address

63
Stateful Inspection Firewalls
  • Stateful inspection
  • State and context analyzed on every packet in
    connection
  • Only looks at a sampling of packets and not all
    packets of a connection
  • When a packet is received firewall looks in its
    state table to check if connection was
    established and if data was requested
  • Works at network and transport layers
  • Vcitims of DoS attack
  • Dynamic state tables are flooded with bogus
    information
  • Firewall freezes or reboots

64
Proxy Firewalls
  • Second Generation firewalls
  • Stands between the trusted and untrusted networks
  • Proxy server only has a valid IP address
  • Network address translation (NAT)
  • internal addresses are unreachable from external
    network
  • Private IPs for internal networks instead of
    internet routable IPs
  • De-militarized zone (DMZ)
  • Hosts are directly reachable from untrusted
    networks
  • Host in semi-untrusted network
  • Could be application or circuit level proxy

65
Application Proxy
  • Inspect the entire packet and make access
    decision based on the contents of the packet
  • One proxy per firewall is required
  • One portion of the firewall dedicated to
    understand how a specific protocol works and how
    to filter it for suspicious data.
  • Application proxy firewalls for FTP, SMTP,
    TELNET

66
Circuit Level Proxy
  • Secure circuit between the client and server
  • Protection at the sessions layer
  • Provides a wider variety of protocols and
    services than an application proxy
  • Less degree of granular control than application
    proxy
  • Similar to packet filtering and decision is based
    on address, port and protocol type
  • Looks at data within the payload of the packet
  • E.g. SOCKS

67
Dynamic packet filtering
  • Combination of IP address and higher port
  • Firewall creates an ACL that allows the external
    entity to communicate with an internal entity via
    a high port
  • 4th generation firewall
  • Gives control to allow any type of outbound
    traffic and only response traffic inbound

68
Kernel Proxy Firewall
  • 5th generation
  • Creates dynamic, customized TCP/IP stacks for
    evaluating packets
  • Every layer of the stack is scrutinized
  • Packet is discarded is anything deemed unsafe at
    any of the layers

69
(No Transcript)
70
Firewall Architecture Bastion Host
  • Locked down or Hardened system
  • Highly exposed, front line device
  • Existence known on the internet
  • Extremely secure
  • Choke router
  • A router with packet filtering rules (ACLs)
    enabled

71
Dual-homed host
  • 2 interfaces one facing external one facing
    internal
  • Firewall software installed to make packet
    forwarding decisions
  • Underlying operating system turned off to apply
    necessary ACL rules
  • Multihomed
  • Several NICs connect several different computers

72
Screened host
  • Communicates with a perimeter router and the
    internal network

73
Screened subnet
  • More protection than a screened host
  • Typical DMZ implementation

74
Firewall Rules
  • Masquerading or spoofing of packets is a common
    firewall attack
  • Packets from outside with internal host address
    DENY
  • Packets from inside going outside with internal
    host address DENY
  • DDoS attack internal hosts are used as zombies
  • Packets leaving the network with different source
    address

75
Firewall Rules
  • When security is top priority
  • Firewall assembles packets and makes access
    decision based on the entire packet
  • Deny source routing
  • Packet decides route to get to destination not
    the router

76
Intrusion Detection
  • Host or network-based
  • Context and content monitoring
  • Positioned at network boundaries
  • For defense in depth, deploy sensors at multiple
    segments
  • A sniffer with capability to detect traffic
    patterns (attack signatures)

77
Data Transmission Methods
  • Leased line networks
  • Dedicated private facilities
  • Organization leases the network and they have
    dedicated lines for certain facilities.
  • Dedicated line
  • A private or leased line
  • Lease a line that is dedicated to the
    organization
  • Common carriers
  • A common carrier voice line ATT, verizon etc
  • Digital communications
  • Passes data encoded in on-off pulses

78
Web Security
  • Secure sockets layer (SSL)
  • Transport layer security (TCP based)
  • Widely used for Web-based applications
  • By convention - https\\
  • Secure hypertext transfer protocol (S-HTTP)
  • Less popular than SSL
  • Used for individual messages rather than
    sessions

79
Web Security
  • Secure electronic transactions (SET)
  • PKI
  • Mostly used for Financial data
  • Supported by VISA, MasterCard, Microsoft

80
  • Voice and Data Communications - LANs, WANs, and
    Remote Access

81
VOIP Security Issues
  • VOIP vulnerabilities
  • Gateways issues
  • Because VOIP utilizes UDP traffic
  • DoS attacks
  • Voice communications
  • Eavesdropping
  • Open network to UDP traffic
  • Do not open ports for a wide range of systems

82
Gateways Issues
  • IP PBX gateways
  • Open to DOS attacks
  • Single point of failure
  • Interconnection authentication
  • PBX can be fooled to believe that it is talking
    to another PBX

83
Eavesdropping
  • Voice packets over IP
  • Uses UDP
  • Sniffing
  • Replay
  • Packet injection

84
Open Network
  • Multiple IP phones
  • Open port services
  • Utilizes wide range of ports from 7000 - 8000
  • UDP transmission
  • Inefficient firewall access control

85
Remote Networks
  • Remote access
  • VPN
  • Authentication
  • Remote access guidelines

86
Remote Access
  • Dialup/RAS
  • ISDN
  • DSL
  • Cable modems

87
VPN
  • Tunneling protocols
  • Point to point tunneling protocol (PPTP)
  • Layer 2 forwarding (L2F)
  • Works at layer 2
  • Forwards packets from layer 2 and does not
    consider upper IP stacks
  • Layer 2 tunneling protocol (L2TP)
  • Establishes a tunnel at layer 2
  • IPSec
  • Most secure and widely used

88
IPSEC
  • IP Security
  • Set of protocols developed by IETF
  • Standard used to implement VPNs
  • Two modes
  • Transport mode
  • Encrypted pay load (data)
  • Clear text header
  • Tunnel mode
  • Encrypted payload and header
  • Requires shared public key

89
Authentication Remote Access
  • Password authentication protocol (PAP)
  • Challenge handshake authentication protocol
    (CHAP)
  • Extensible authentication protocol (EAP)

90
Wireless Standards
  • 802.11b
  • 802.11a
  • 802.11g
  • 802.16
  • Wimax
  • Blue tooth
  • WAP

91
WLAN Components
  • Access points (AP)
  • Service set ID (SSI)
  • Authentication
  • OSA
  • SKA
  • WEP
  • Encryption process for wireless transmission
  • - Weak encryption due to repetition of key
  • War driving

92
Network Security Services
  • Network layer security
  • Transport layer security
  • Application layer security
  • Identification and authentication

93
Network Layer Security
  • ISO / OSI layer 3
  • Provides IP security
  • Enables host to send encrypted IP packet without
    prior message exchange
  • Protocols include -
  • - IPSEC
  • - SKIP
  • - SWIPE

94
Transport Layer Security
  • ISO / OSI layer 4
  • Secure Socket Layer (SSL)
  • Used for TCP applications
  • Two-layered protocol
  • - One for records
  • - The other for handshakes (TCP does the
    handshake)
  • Uses public key encryption
  • Supports Message Authentication Code (MAC)
  • SSL primarily used for TCP

95
Application Layer Security
  • Secure Electronic Transactions (SET)
  • Secure protocol for messages and transactions
  • Protocol defines a public key infrastructure
    (PKI)
  • Usually used to protect financial data

96
Application Layer Security
  • Privacy Enhanced Mail (PEM)
  • Internet standard for secure electronic mail
  • Limits disclosure of message only to privileged
    user
  • Contains origin authenticity and integrity check
    to prevent tampering

97
Application Layer Security
  • Secure Hypertext Transfer Protocol (SHTTP)
  • Secure HTTP server
  • Supports encryption and authentication of
    documents over the Internet
  • Provides similar service like SSL
  • SSL and SET are used more instead of a secure
    http server

98
Application Layer Security
  • Secure Remote Procedure Call (SRPC)
  • Uses Diffie-Hellman key generation
  • Server provides encryption services and
    authentication
  • Used for secure connections between the remote
    procedure and initiator
  • Authentication server contains all keys for users
    and services
  • Self contained unit
  • Authenticates the server and the client

99
  • Network Attacks

100
Network Security Issues
  • Types of attacks
  • Spoofing
  • Sniffing
  • Session hijacking
  • IDS attacks
  • Syn floods

101
Spoofing Attacks
  • TCP Sequence number prediction
  • After establishment TCP session, a sequential
    number is initiated for data transfer.
  • The hacker will craft packets to guess the
    sequence number.
  • One the sequence number is known packets are
    injected into the session.
  • UDP- Easy to spoof because no handshake
  • DNS - Spoof and manipulation IP/ hostname pairing
  • Hacker will spoof the IP to establish a session
    with another domain having the same hostname
  • Source routing
  • Spoofing of paths the packets will take to reach
    the destination

102
Sniffing Attacks
  • Passive attacks
  • Information is gathered in wired or wireless
    networks
  • Monitors the wire for all traffic
  • Most effective in shared media networks
  • Sniffers used to be hardware
  • Now software tool
  • Can be deployed from a laptop, PC or any other
    computing device

103
Session Hijacking Attacks
  • Hacker uses sniffers to
  • Detect sessions
  • Acquire pertinent session info
  • Actively injects packets
  • Spoofs the client side of the connection
  • Takes over session with server
  • Bypasses Identification and Authentication
    controls
  • Countermeasures
  • Encryption
  • Stateful inspection

104
IP Fragmentation Attacks
  • TCP/IP weakness
  • Big packets are fragmented
  • Uses fragmentation options in the IPheader
  • Forces data in the fragmented packet to be
    overwritten upon reassembly
  • Code is injected while packets are assembled
  • Used to circumvent packet filters

105
IDS Attacks
  • Insertion attacks
  • inserts information to confuse pattern matching
  • Used for attacking pattern matching IDS
  • Evasion attacks
  • Tricks the IDS into not detecting traffic
  • Send a packet with Short Time to Live. Once time
    expires, IDS will not recognize the packet
  • Open ports
  • Stealth Syn attcks

106
SYN Flood Attacks
  • 3 way TCP handshake
  • Syn Originator an initial packet called a "SYN"
    to establish communication and "synchronize"
    sequence numbers in counting bytes of data which
    will be exchanged. 
  • Syn-Ack - The destination then sends a "SYN/ACK"
    which again "synchronizes" his byte count with
    the originator and acknowledges the initial
    packet. 
  • Ack - The originator then returns an "ACK" which
    acknowledges the packet the destination just sent
    him. 
  • Sends a lot of Syns
  • Doesn't send Acks
  • Victim
  • Has a lot of open connections
  • Can't accept any more incoming connections
  • Eventually crashing the TCP/IP system
  • Denial of service (DoS)
Write a Comment
User Comments (0)
About PowerShow.com