Question

In: Computer Science

Using a TCP SYN spoofing attack, the attacker aims to flood the table of TCP connection...

Using a TCP SYN spoofing attack, the attacker aims to flood the table of TCP connection requests on a system so that it is unable to respond to legitimate connection requests. Consider a server system with a table for 256 connection requests. This system will retry sending the SYN-ACK packet five times when it fails to receive an ACK packet in response, at 30 second intervals, before purging the request from its table. Assume that no additional countermeasures are used against this attack and that the attacker has filled this table with an initial flood of connection requests.

[a] At what rate must the attacker continue to send TCP connection requests to this system in order to ensure that the table remains full?

[b] Assuming that the TCP SYN packet is 40 bytes in size (ignore framing overhead), how much bandwidth does the attacker consume to continue this attack?

Solutions

Expert Solution

Answer:

a)

Consider a Server Having a 256 TCP (Transmission control Protcol) requests and it sends a synchronous Acknowledgements(SYS-ACK) packets five times if it fails to receive the ACK packet in response at 30 second interrvals before the removal of requests from its table.

The Number of SYS-ACK packet is 6 because the initial request is 1 and 5 repeats .the Formula to calculate the rate at which the attacker continues to send the TCP requests

Rate Of Attacker to send TCP Requests=Number of SYN-ACK packets*Time taken to send the SYN-ACK

so by using the above formula we will put the Number of SYN-ACK packets is 6 and time interval is 30 seconds

Rate Of Attacker to send TCP Requests=6*30=180 seconds;

converitng seconds to Minutes :::::

1 minute=60 seconds

so 180 seconds=?(minutes)

so by cross multiplying and dividing we get 180/60=3 minutes

Number of Requests attacker need to send through TCP Connection

Number of Requests attacker need to send through TCP Connection= No OfConnection requests In Table/Rate Of Attacker to send TCP Requests

so therefore by Number of Requests attacker need to send through TCP Connection=256/3=85.33~~=86;

so the attacker needs 86 TCP connection requests per minute to make the table full.

b)

Assuming that the TCP SYN Packet is 40 bytes in size,required bandwidth for the attacker to continue the attack

Required Bandwidth for the Attacker to Continue the TCP SYN attack={No.of Requests attaccker send through TCP Connection*size of TCP SYN packet in bytes*No.of bits per each byte}/no.of seconds per minutes

so by subsitutuing values in the above formula we will get

Required Bandwidth for the Attacker to Continue the TCP SYN attack=86*40*8(1 byte is equal to 8 bits)/60

=27520/60==458.66 bits per second

Required Bandwidth for the Attacker to Continue the TCP SYN attack is 458.66 bits per seconds


Related Solutions

Using a TCP SYN spoofing attack, the attacker aims to flood the table of TCP connection...
Using a TCP SYN spoofing attack, the attacker aims to flood the table of TCP connection requests on a system so that it is unable to respond to legitimate connection requests. Consider a server system with a table for 256 connection requests. This system will retry sending the SYN-ACK packet five times when it fails to receive an ACK packet in response, at 30 second intervals, before purging the request from its table. Assume that no additional countermeasures are used...
In order to implement the classic DoS flood attack, the attacker must generate a sufficiently large...
In order to implement the classic DoS flood attack, the attacker must generate a sufficiently large volume of packets to exceed the capacity of the link to the target organization. Consider an attack using ICMP echo request (ping) packets that are 500 bytes in size (ignoring framing overhead). How many of these packets per second must the attacker send to flood a target organization using a 30-Mbps link? How many per second if the attacker uses a 100-Mbps link? Or...
In 17.3   TCP Connection Establishment we noted that RST packets had to have a valid SYN value,...
In 17.3   TCP Connection Establishment we noted that RST packets had to have a valid SYN value, but that “RFC 793 does not require the RST packet’s ACK value to match”. There is an exception for RST packets arriving at state SYN-SENT: “the RST is acceptable if the ACK field acknowledges the SYN”. Explain the reasoning behind this exception. (This is the one RST transition shown in the state diagram at 17.7   TCP state diagram.)
Explain the following threats: SYN flood, Smurf and Port Scanning
Explain the following threats: SYN flood, Smurf and Port Scanning
In order to implement a DNS amplification attack, the attacker must trigger the creation of a...
In order to implement a DNS amplification attack, the attacker must trigger the creation of a sufficiently large volume of DNS response packets from the intermediary to exceed the capacity of the link to the target organization. Consider an attack where the DNS response packets are 1000 bytes in size (ignoring framing overhead). a. How many of these packets per second must the attacker trigger to flood a target organization using a 30-Mbps link? A 100-Mbps link? Or a 1-Gbps...
Consider the TCP connection mechanism.    i. What mechanism is used to set up a TCP...
Consider the TCP connection mechanism.    i. What mechanism is used to set up a TCP connection? ii. Why is the mechanism needed? iii. Outline how the mechanism works with a diagram. iv.CLASSFULL AND CLASSLESS IP
Consider a distributed variant of the attack in the previous problem. Assume the attacker has compromised...
Consider a distributed variant of the attack in the previous problem. Assume the attacker has compromised a number of broadband-connected residential PCs to use as zombie systems. Also assume each such system has an average uplink capacity of 512 kbps. * a. What is the maximum number of 500-byte ICMP echo request (ping) packets a single zombie PC can send per second? * b. How many such zombie systems would the attacker need to flood a target organization using a...
What role does TCP play during HTTP requests? Is TCP a connection-oriented protocol? Explain in details....
What role does TCP play during HTTP requests? Is TCP a connection-oriented protocol? Explain in details. Also, show your knowledge about layers.
Use the annual flood data (annual maximum series) in the table below to perform a flood...
Use the annual flood data (annual maximum series) in the table below to perform a flood frequency analysis using the U.S. Water Resources Council Guidelines. The map skew for this location is - 0.2 Year Discharge (cfs) 1935 1955 1936 4050 1937 3570 1938 2060 1939 1300 1940 1390 1941 1720 1942 6280 1943 1360 1944 7440 1945 5320 1946 1400 1947 3240 1948 2710 1949 4520 1950 4840 1951 8320 1952 13900 1953 71500 1954 6250 1955 2260 1956...
Write a Java program that establishes a TCP connection with a mail server through the socket...
Write a Java program that establishes a TCP connection with a mail server through the socket interface, and sends an email message. Your program sends SMTP commands to local mail server, receives and processes SMTP commands from local mail server. It sends email message to one recipient at a time. The email message contains a typical message header and a message body. Here is a skeleton of the code you'll need to write: import java.io.*; import java.net.*; public class EmailSender...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT