Question

In: Computer Science

Using a TCP SYN spoofing attack, the attacker aims to flood the table of TCP connection...

Using a TCP SYN spoofing attack, the attacker aims to flood the table of TCP connection requests on a system so that it is unable to respond to legitimate connection requests. Consider a server system with a table for 256 connection requests. This system will retry sending the SYN-ACK packet five times when it fails to receive an ACK packet in response, at 30 second intervals, before purging the request from its table. Assume that no additional countermeasures are used against this attack and that the attacker has filled this table with an initial flood of connection requests.

[a] At what rate must the attacker continue to send TCP connection requests to this system in order to ensure that the table remains full?

[b] Assuming that the TCP SYN packet is 40 bytes in size (ignore framing overhead), how much bandwidth does the attacker consume to continue this attack?

Solutions

Expert Solution

Answer:

a)

Consider a Server Having a 256 TCP (Transmission control Protcol) requests and it sends a synchronous Acknowledgements(SYS-ACK) packets five times if it fails to receive the ACK packet in response at 30 second interrvals before the removal of requests from its table.

The Number of SYS-ACK packet is 6 because the initial request is 1 and 5 repeats .the Formula to calculate the rate at which the attacker continues to send the TCP requests

Rate Of Attacker to send TCP Requests=Number of SYN-ACK packets*Time taken to send the SYN-ACK

so by using the above formula we will put the Number of SYN-ACK packets is 6 and time interval is 30 seconds

Rate Of Attacker to send TCP Requests=6*30=180 seconds;

converitng seconds to Minutes :::::

1 minute=60 seconds

so 180 seconds=?(minutes)

so by cross multiplying and dividing we get 180/60=3 minutes

Number of Requests attacker need to send through TCP Connection

Number of Requests attacker need to send through TCP Connection= No OfConnection requests In Table/Rate Of Attacker to send TCP Requests

so therefore by Number of Requests attacker need to send through TCP Connection=256/3=85.33~~=86;

so the attacker needs 86 TCP connection requests per minute to make the table full.

b)

Assuming that the TCP SYN Packet is 40 bytes in size,required bandwidth for the attacker to continue the attack

Required Bandwidth for the Attacker to Continue the TCP SYN attack={No.of Requests attaccker send through TCP Connection*size of TCP SYN packet in bytes*No.of bits per each byte}/no.of seconds per minutes

so by subsitutuing values in the above formula we will get

Required Bandwidth for the Attacker to Continue the TCP SYN attack=86*40*8(1 byte is equal to 8 bits)/60

=27520/60==458.66 bits per second

Required Bandwidth for the Attacker to Continue the TCP SYN attack is 458.66 bits per seconds


Related Solutions

Using a TCP SYN spoofing attack, the attacker aims to flood the table of TCP connection...
Using a TCP SYN spoofing attack, the attacker aims to flood the table of TCP connection requests on a system so that it is unable to respond to legitimate connection requests. Consider a server system with a table for 256 connection requests. This system will retry sending the SYN-ACK packet five times when it fails to receive an ACK packet in response, at 30 second intervals, before purging the request from its table. Assume that no additional countermeasures are used...
In order to implement the classic DoS flood attack, the attacker must generate a sufficiently large...
In order to implement the classic DoS flood attack, the attacker must generate a sufficiently large volume of packets to exceed the capacity of the link to the target organization. Consider an attack using ICMP echo request (ping) packets that are 500 bytes in size (ignoring framing overhead). How many of these packets per second must the attacker send to flood a target organization using a 30-Mbps link? How many per second if the attacker uses a 100-Mbps link? Or...
In 17.3   TCP Connection Establishment we noted that RST packets had to have a valid SYN value,...
In 17.3   TCP Connection Establishment we noted that RST packets had to have a valid SYN value, but that “RFC 793 does not require the RST packet’s ACK value to match”. There is an exception for RST packets arriving at state SYN-SENT: “the RST is acceptable if the ACK field acknowledges the SYN”. Explain the reasoning behind this exception. (This is the one RST transition shown in the state diagram at 17.7   TCP state diagram.)
Discuss how demultiplexing is carried out using TCP and UDP. (8 marks) Please make a table,...
Discuss how demultiplexing is carried out using TCP and UDP. Please make a table, one side FULLY explaining how demultiplexing is carried out using TCP and the other side FULLY explaining how demultiplexing is carried out using UDP.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT