Hacking News Session-attacks

Published on November 2nd, 2017 | Post Views: 2,547  HitsPost Views

1

Network Attacks: Protocol-Anomaly Attacks

Most network protocols were not designed with security in mind. An attacker can generate abnormal network packets that do not follow the expected format and purpose of the protocol, with the result that the attacker is able to either hack a remote host or network, or compromise a confidential network data stream.

Network-layer attacks are most frequently used to get behind firewalls and to make DoS attacks. DoS attacks are popular against big e-commerce sites. In one kind of DoS attack, the attacker computers send massive amounts of TCP SYN packets.

This is the first of three packets sent during a normal TCP handshake used to begin a communication session. The target computer responds with the expected ACK/SYN packet, which is normal, and then expects an answering ACK from the source.

But, the ACK packet never comes, letting the TCP connection in an open state, waiting for an extended period of time. When transferred millions of these packets, the attacked system is exhausted with open connections all in a waiting state. Usually, the victim computer has to reboot to clear all the open connections. If they do reboot without doing something to stop the DoS attack, it just occurs again and again.

▼Advertisment

Usually the beginning (the source) address of the malicious ACK packets is faked, so there is no way to totally block the originating IP address. This is just one type of DoS attack, and there are dozens of methods to cause them.












One Response to Network Attacks: Protocol-Anomaly Attacks

  1. Jes acca3 says:

    About this: “Usually, the victim computer has to reboot to clear all the open connections”. There’s no need to reboot the system, simply restart the network interface. If a sysadmin had to reboot a server every time it would be a problem and actually he may not be a real sysadm… You must say that in a connection-saturation attack rebooting or restarting interface doesn’t resolve the problem because you must stop the fake incoming connections! Otherwise you could pass your day rebooting a system, ehm, for no reason!

Leave a Reply

Back to Top ↑