In: Computer Science
Which of the following steps is not part of a sequence prediction (aka blind injection ) TCP attack?
a.Attacker generally mounts a SYN flood on the victim to keep it from responding |
b.The initial TCP connection request sent from the attacker to the victim is not spoofed. |
c.The attacker guesses the next ISN of the victim |
d.The third-party to this attack can t respond to the victim s TCP ACK because it s SYN flooded |
The correct option is b.The initial TCP connection request sent from the attacker to the victim is not spoofed.
Explanation:
The sequence of prediction is shown below:
If the intruder is X will predict the ISNs, then X can be impersonated T:
X -> S: SYN(ISNx). SRC = T
S -> T:SYN(ISNs). ACK(ISNx)
X ->: ACK(ISNs), SRC = T
X -> S: ACK(ISNs), SRC = T, data is nasty.
So, the sequence prediction consists of the flooding of SYN.
Therefore, the option a. and b. are the part of sequence prediction.
Every operating system uses its own algorithms to generate the ISNs.
The attacker try to figure out the algorithm which is used to generate the ISNs to generate the future ISNs. These are generated by the source host.
Hence, the attacker can guess the future ISNs.
Therefore, the option c. is also a part of sequence prediction.
Therefore, the option b. is not the part of sequence prediction.