In TCP/IP protocol, the protocol uses SYN/ACK handshake to establish connection between two hosts. The communication host who initiating a connection sends a packet with SYN flag to the target host. Target host on receiving this packet, sends another packet with ACK flag set to indicate that the connection request is accepted. The reply will also be with a SYN flag to open a connection to the first host. The first host on receiving this SYN/ACK flagged packet, opens a reverse channel. This is the part of 3-way handshake protocol for establishing a communication channel.
To illustrate this, the protocol messages would be:
Host 1 --> Host 2: SYN
Host 2 --> Host 1: SYN / ACK
Host 1 --> Host 2: ACK
An attacker who wants to launch a Denial of Service (DoS) attack uses this property of the communication hosts, ie; if the ACK flagged packet from the Host 1 is not received, Host 2 waits for some time leaving the connection half-opened and memory allocated for the first received SYN message.
An attacker send thousands of packets to the target system. The target system then sends the ACK and SYN flagged messages and waits to receive the last ACK message from Host1. The attacker then sends no ACK flagged packets making Host 2 wait to wait for receiving ACK message. Eventaully, as large number of messages are waiting for the final ACK message, system will be running out of memory to accept more packets. Thus by flooding the memory, the target system accepts no new connection and DoS is successfully done.
There are a few countermeasures available. Users can use firewalls to filter out receiving repeated packets with SYN flag. Also, a Network based IDS (Intrusion Detection System) can efficiently counter this attacker by analyzing the packet signatures.
On this blog, I will be posting topics related to Information Security. This may cover Cryptography, Security Management, Network Security, Risk Management, Compliances, ISO 17799, ISO 27001, Security Developments, Application Security, Software Security, Laws and Regulations applicable to Information transmission and storage etc..
Subscribe to:
Post Comments (Atom)
Microsoft Passport - A Single Sign-on System
Microsoft passport is a facility from MS which offers single sign on capabilities. With SSO, user don't need to remember each password f...
No comments:
Post a Comment