Possible attacks in Optical Internet. M . PRASAD M.Tech (Information security) Pondicherry Engineering College Pondicherry. Contents. Optical Internet. OBS Network Architecture. Possible Attacks in optical internet. OBS Network Architecture.
M.Tech (Information security)
Pondicherry Engineering College
SYN flooding occurs when a server receives more incomplete connection requests than it can handle. The SYN flood attack is based on preventing the completion of the 3-way handshake—in particular the server’s reception of the TCP ACK flag.
The simplest and most effective defence against IP spoofing, TCP spoofing, and TCP session hijacking lies with those organisations providing access to the Internet. If all of these organisations were responsible enough to prevent IP datagrams with source addresses originating from outside their networks from reaching the Internet.
TCP sequence number prediction is used by attackers to attack TCP sessions, and takes advantage of the fact that TCP is a sequenced data delivery protocol.
TCP sequence prediction attacks can be effectively stopped by any router or firewall that is configured not to allow packets from an internal IP address to originate from an external interface.
These does not fix the TCP sequence prediction vulnerability, it simply prevents TCP sequence prediction attacks from being able to reach their targets.
The Ping program tests whether a host is reachable by sending it an ICMP echo request message and receiving an ICMP echo in reply. Ping also measures the round—trip time to the host, which provides an indication as to how distant the host is, and is helpful for determining whether the intervening network is congested.
The best solution is to obtain patches for the operating systems involved. Fortunately, the “Ping O’ Death” attack is now mainly of historical interest as most operating systems released since 1996 are immune, or have patches freely available. The attack is only possible because of insufficient error handling within the effected operating systems, not because of vulnerabilities inherent in the IP protocol itself.
IP Half Scan implies that a full TCP connection is never established. The process of establishing a TCP connection is three phase: The originating party first sends a TCP packet with the SYN flag on, then the target party sends a TCP packet with the flags SYN and ACK on if the port is open, or, if the port is closed, the target party resets the connection with the RST flag. The third phase of the negotiation is when the originating party sends a final TCP packet with the ACK flag on (all these packets, of course, have the corresponding sequence numbers, ack numbers, etc). The connection is now open. A SYN-scanner only sends the first packet in the three-way-handshake, the SYN packet, and waits for the SYN|ACK or a RST. When it receives one of the two it knows whether or not the port is listening.
Using a firewall that understand the state of TCP connections and rejects stealth scan packets. Stateful Inspections and Proxy firewalls will defeat IP half scan flaw. Intrusion detection system like snort is used to prevent this attack.
The Internet Control Message Protocol (ICMP) is one of the core protocols of the Internet Protocol Suite. It is chiefly used by networked computers operating systems to send error messages—indicating, for instance, that a requested service is not available or that a host or router could not be reached.
ICMP relies on IP to perform its tasks, and it is an integral part of IP. It differs in purpose from transport protocols such as TCP and UDP in that it is typically not used to send and receive data between end systems. It is usually not used directly by user network applications, with some notable exceptions being the ping tool.
TCP session hijacking is when a hacker takes over a TCP session between two machines. Since most authentication only occurs at the start of a TCP session, this allows the hacker to gain access to a machine.
TCP session hijacking which can be carried out against any TCP based application, e.g. Telnet, rlogin, FTP, etc.
Utilize all countermeasures for spoofing attacks Encryption of Session information: IPSec, SSH, Kerberos with session encryption.