Professional Documents
Culture Documents
Nguyn Hng Sn
TCP/IP Security
Hot ng ca TCP
Byte stream
3-way handshake
TCP re-transmissions
TCP congestion control
TCP timers
SYN Flood
Nhn SYN+ACK segment, client khng chu gi li
ACK segment
Ngay khi kt ni n port cho trc ht timeout,
mt SYN request tip tc c gi n port
IP Spoofing (1/7)
Dng a ch IP ngun gi mo thit lp kt ni mt chiu vi host
xa thc thi m c.
Ch th: Hosts A, B v X, host X c kim sot bi k tn cng.
B chy server program cho php A thc thi lnh t xa
X mun m mt kt ni n B, mo nhn l A
IP Spoofing (2/7)
X (posing as A) > B : SY N
(sequence num : M)
B > A : SY N + ACK
(sequence num : N, acknowledgment num : M +1)
IP Spoofing (3/7)
Problem 1: As ability to communicate with B?
Problem 2: Xs ability to make a guess at the sequence?
IP Spoofing (4/7)
SYN ood attack trn A
X gi B mt s SYN packets (yu cu kt ni)
Khi B p ng X bng cc gi SYN+ACK, X gi RST packets cho B
X c th nhn mt s cc ch s tun t c to ra t b pht sinh s ngu nhin
ca B
Spoong Set: Tp nh cc s tun t khi u (ISN) m host nn nhn c th dng
k tip.
Flood my nn nhn vi cc Packet dng cc ISN trong spoong set.
10
IP Spoofing (5/7)
Kch thc ca Spoofing Set
Ty vo cht lng ca PRNG c dng ti host nn nhn
Michal Zalewski : Vi bng thng mng kh dng ngy nay, cc hacker c th tn cng
gi mo a ch IP thnh cng nu spoofing set cha khng qu 5000 s.
Vi s tun t 32 bit th spoong set nh th no? (4,294,967,296 s c th)
11
IP Spoofing (6/7)
Pseudo-random number generator c thit k km + Birthday paradox
Xc sut tn ti t nht mt cp sinh vin c cng ngy sinh nht trong lp c s s 20
sinh vin?
Birthday paradox: Given a group of 23 or more randomly chosen people, the
probability that at least two of them will have the same birthday is more than 50%
Mt spoong Set c kch thc k v t l xc sut mt s trong spoofing set c mt
gi tr c bit, xc sut c t nht hai s trong spoofing set s c cng gi tr c xc
nh bi cng thc:
12
IP Spoofing (7/7)
t = 232 ng vi s tun t 32 bit. Spoong set c k = 10 000.
13
Hijacking Attack
Hijacking Attack
Attacker cn to v gi mt TCP segment c th chp nhn bi ch.
15
Hijacking Attack
Session hijacking lin quan 3 bc duy tr mt tn cng:
Tracking the session: hacker nhn dng session ang m v d
on ch s tun t ca gi k tip.
18
19
20
microseconds
22
25
26
Echo-Chargen Attack
Chargen (Character Generator) service l giao thc dng cho mc ch
kim th v o lng
Mt host kt ni n server h tr Chargen protocol, dng TCP hay UDP
port 19.
Khi TCP connection ny c m trn port 19, server gi mt s k t bt
k n hosts cho n khi host kt thc kt ni.
27
Smurf Attack
Smurf attack l loi denial-of-service attack, floods h thng nn nhn dng
spoofed broadcast ping Echo-Reply messages
28
Teardrop Attack
OS b nghn bi cc mnh do
khng bit cch ti lp
denial-of-service attacks.
Cc OS hin i cu hnh loi
b trng hp ny v reboot
29
Traffic Redirection
Nu mt router b xm nhp, n b iu khin qung co n cc lng ging: ti l con
ng ngn nht n mi ch.
30
33
34
35
Transport Mode
Tunnel Mode
36
37
38
39
NHN XT
40