26-06-2012, 11:32 AM
TCP/IP Security
TCPIP Security.pptx (Size: 1.07 MB / Downloads: 29)
Preventions
SYN cookies provide protection against the SYN flood by eliminating the resources allocated on the target host.
Limiting new connections per source per timeframe is not a general solution since the attacker can spoof the packets to have multiple sources.
Ping Of Death Attack
Sending a malformed or malicious ping to a computer.
A ping is generally 32 bytes in size (or 84 bytes when the Internet Protocol header is considered)
Sending a ping of larger size can crash the target computer.
Sending a 65,536-byte ping packet would violate the Internet Protocol(IP) and packet of such a size can be sent if it is fragmented.
When the target computer reassembles the packet, a buffer overflow can occur, which often causes a system crash.
Ping Of Death Attack : Preventions
The fix for the problem is to add checks in the reassembly process.
The check for each incoming IP fragment makes sure that the sum of "Fragment Offset" and "Total length" fields in the IP header of each IP fragment is smaller than 65,535.
If the sum is larger, then the packet is invalid, and the IP fragment is ignored. This check is performed by some Firewalls, to protect hosts that do not have the bug fixed.
Another fix for the problem is using a memory buffer larger than 65,535 bytes for the re-assembly of the packet.
DDOS Attacks
Easy to detect DOS attack
Sender IP is the same for all packets
DDOS - Distributed Denial Of Service attack
By means of a number of “zombie” computers which are infected by attacker for the attack
This network is called “Botnet”
Since sender IPs of packets are different, victim is unable to evade this attack
IP PROTOCOL
The IP protocol is used to transmitting IP datagrams between node to node and finally to destination system.
It also divides large packets into several IP fragments each having a sequence number and a common identification number.
When receiving data, the recipient reassembles the packets using the OFFSET VALUES they contain.
Working
inserting false offset information into fragmented packets.
As a result, during reassembly, there are empty or overlapping fragments that can cause the system to be unstable
Teardrop exploits an overlapping IP fragment bug
The bug causes the TCP/IP fragmentation re-assembly code to improperly handle overlapping IP fragments
A 4000 bytes of data is sent as
Legitimately (Bytes 1-1500) (Bytes 1501 – 3000) (Bytes 3001-4500)
Overlapping (Bytes 1-1500) (Bytes 1501 – 3000) (Bytes 1001-3600)
This attack has not been shown to cause any significant damage to systems problem
The primary with this is loss of data