代写 CS 6823 –Network Security
- 首页 >> WebCS 6823 –Network Security
Lab 1 Overview
Task 1: SYN Flood Attacks
Test telnet during a SYN Flood, with SYN Flood protections ON and OFF
There are two SYN Flood protection methods:
SYN Cookies
Reserve TCP Connections for “proven destinations”
Task 2: TCP RST Attack
Guess the correct SEQ/ACK Number to perform a RST Attack
5% bonus for fully automating the attack
Task 3: TCP Session Hijacking
Guess the correct SEQ/ACK, 5% for automating the attack
Task 4:
Reverse shell. Same as Task 3, but add a reverse shell exploit
SYN flood defense: SYN cookies (1)
When SYN segment arrives, host B calculates function (hash) based on:
Apache example: Source and destination IP addresses and port numbers, and a secret number
Host B uses resulting “cookie” for its initial seq # (ISN) in SYNACK
Host B does not allocate anything to half-open connection:
Does not remember A’s ISN
Does not remember cookie
SYN flood defense: SYN cookies (2)
If SYN is legitimate
Host A returns ACK
Host B computes same function, verifies function = ACK # in ACK segment
Host B creates socket for connection
Legit connection established without the need for half-open connections
If SYN-flood attack with spoofed IP address
No ACK comes back to B for connection.
No problem: B is not waiting for an ACK
TCP RST Attack
Attacker can break the TCP connection by sending a TCP RST
Must match the SEQ and ACK Numbers
Session hijacking
Take control of one side of a TCP connection
Marriage of sniffing and spoofing
Session hijacking: The details
Attacker is on segment where traffic passes from Alice to Bob
Attacker sniffs packets
Sees TCP packets between Bob and Alice and their sequence numbers
Attacker jumps in, sending TCP packets to Bob; source IP address = Alice’s IP address
Bob now obeys commands sent by attacker, thinking they were sent by Alice
Principal defense: encryption w/ auth protocol
Attacker does not have keys to encrypt and insert meaningful traffic