Question

Using a TCP SYN spoofing attack, the attacker aims to flood the table of TCP connection requests on a system so that it is unable to respond to legitimate connection requests. Consider a server system with a table for 256 connection requests. This system will retry sending the SYN-ACK packet five times when it fails to receive an ACK packet in response, at 30 second intervals, before purging the request from its table. Assume that no additional countermeasures are used against this attack and that the attacker has filled this table with an initial flood of connection requests.

[a] At what rate must the attacker continue to send TCP connection requests to this system in order to ensure that the table remains full?

[b] Assuming that the TCP SYN packet is 40 bytes in size (ignore framing overhead), how much bandwidth does the attacker consume to continue this attack?

Answer 1

Answer:

a)

Consider a Server Having a 256 TCP (Transmission control Protcol) requests and it sends a synchronous Acknowledgements(SYS-ACK) packets five times if it fails to receive the ACK packet in response at 30 second interrvals before the removal of requests from its table.

The Number of SYS-ACK packet is 6 because the initial request is 1 and 5 repeats .the Formula to calculate the rate at which the attacker continues to send the TCP requests

Rate Of Attacker to send TCP Requests=Number of SYN-ACK packets*Time taken to send the SYN-ACK

so by using the above formula we will put the Number of SYN-ACK packets is 6 and time interval is 30 seconds

Rate Of Attacker to send TCP Requests=6*30=180 seconds;

converitng seconds to Minutes :::::

1 minute=60 seconds

so 180 seconds=?(minutes)

so by cross multiplying and dividing we get 180/60=3 minutes

Number of Requests attacker need to send through TCP Connection

Number of Requests attacker need to send through TCP Connection= No OfConnection requests In Table/Rate Of Attacker to send TCP Requests

so therefore by Number of Requests attacker need to send through TCP Connection=256/3=85.33~~=86;

so the attacker needs 86 TCP connection requests per minute to make the table full.

b)

Assuming that the TCP SYN Packet is 40 bytes in size,required bandwidth for the attacker to continue the attack

Required Bandwidth for the Attacker to Continue the TCP SYN attack={No.of Requests attaccker send through TCP Connection*size of TCP SYN packet in bytes*No.of bits per each byte}/no.of seconds per minutes

so by subsitutuing values in the above formula we will get

Required Bandwidth for the Attacker to Continue the TCP SYN attack=86*40*8(1 byte is equal to 8 bits)/60

=27520/60==458.66 bits per second

Required Bandwidth for the Attacker to Continue the TCP SYN attack is 458.66 bits per seconds