SYN Attack TCP State Machine - PowerPoint PPT Presentation

1 / 8
About This Presentation
Title:

SYN Attack TCP State Machine

Description:

Configure external interfaces on routers to block packets that have source ... interfaces of routers should be disjointed and well-defined, clearly separating ... – PowerPoint PPT presentation

Number of Views:50
Avg rating:3.0/5.0
Slides: 9
Provided by: u311
Category:

less

Transcript and Presenter's Notes

Title: SYN Attack TCP State Machine


1
SYN Attack/ TCP State Machine
2
Proposed Solutions /Tradeoffs (1)
  • Configuration improvements
  • Reduce timeout period
  • Increase backlog queue disable non-essential
    devices
  • Configure external interfaces on routers to block
    packets that have source addresses from the
    internal network, and vice versa.

3
Proposed Solutions /Tradeoffs (2)
  • Infrastructure improvements
  • Address spaces reachable over the interfaces of
    routers should be disjointed and well-defined,
    clearly separating inside from outside.
  • Cryptographically sign all source IP packets.

4
Proposed Solutions /Tradeoffs (3)
  • Connection Establishment Improvements
  • Half open connections can be saved if there was
    a mechanism to re-generate sequence number.
  • One such mechanism proposed involves computing
    sequence number as a hash value with source/dest
    IP addresses, ports, ISS of originator etc with a
    secret key. When the third message is received
    value can be regenerated and connection finalized.

5
Proposed Solutions /Tradeoffs (4)
  • Firewall approach
  • Relay approach when SYN is received firewall
    will answer on the hosts behalf. Will contact
    host and establish second connection only when
    third message in the handshake is received.
  • Semi-transparent gateway when target machine
    sends back SYNACK, firewall generates ACK to
    send to target machine such that connection can
    be moved out of backlog. Firewall can timeout
    failed connections by sending RST packet.
    Legitimate connections can recovered even with
    duplicate ACK packet.

6
Proposed Solutions /Tradeoffs (5)
  • Active monitoring
  • General approach whereby agent collects
    communication channel control information that
    can be observed on a monitored network, watches
    for certain conditions to arise and react
    appropriately.
  • Attractive due to low cost and flexibility
    neither need new hardware nor software
    modifications.
  • Reactive in nature, unlike firewalls which are
    able to block out undesired traffic

7
SYNKILL
  • Program considered as an active monitor able
    to read and examine all TCP packets on the LAN,
    as well as able to generate TCP packets to inject
    into the network based on situations.
  • IP addresses are pre-filtered/classified
    categories.
  • Database of IP addresses and categories enables
    SYNKILL to differentiate potential threats as
    well as recognize authentic addresses.
  • Reacts differently to different classifications
    of addresses, and update categories of addresses
    dynamically.

8
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "SYN Attack TCP State Machine" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!