Outline. Definition Point-to-point network denial of service Smurf Distributed denial of service attacks Trin00, TFN, Stacheldraht, TFN2K TCP SYN Flooding and Detection. Denial of Service Attack Definition.
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
1 ICMP Echo ReqSrc: Dos Target
Dest: brdct addr
3 ICMP Echo ReplyDest: Dos Target
Prevention: reject external packets to brdcst address.
Agent machine sends a stream of packets to the victim
SYN Flooding Attack
full duplex data:
bi-directional data flow in same connection
MSS: maximum segment size
handshaking (exchange of control msgs) init’s sender, receiver state before data exchange
sender will not overwhelm receiver
one sender, one receiver
reliable, in-order byte steam:
no “message boundaries”
TCP congestion and flow control set window size
send & receive buffers
source port #
dest port #
Urg data pnter
Options (variable length)
URG: urgent data
(generally not used)
ACK: ACK #
PSH: push data now
(generally not used)
RST, SYN, FIN:
(as in UDP)
Recall:TCP sender, receiver establish “connection” before exchanging data segments
initialize TCP variables:
buffers, flow control info (e.g. RcvWindow)
client: connection initiator
server: contacted by client
Three way handshake:
Step 1:client host sends TCP SYN segment to server
specifies initial seq #
Step 2:server host receives SYN, replies with SYNACK segment
server allocates buffers
specifies server initial seq. #
Step 3: client receives SYNACK, replies with ACK segment, which may contain data
Step 1:client end system sends TCP FIN control segment to server
Step 2:server receives FIN, replies with ACK. Closes connection, sends FIN.
Step 3:client receives FIN, replies with ACK.
Enters “timed wait” - will respond with ACK to received FINs
Step 4:server, receives ACK. Connection closed.