EBK COMPUTER NETWORKING
7th Edition
ISBN: 8220102955479
Author: Ross
Publisher: PEARSON
expand_more
expand_more
format_list_bulleted
Question
Chapter 8, Problem P21P
Program Plan Intro
TCP:
TCP stands for Transmission Control Protocol which is a standard that establishes and maintain a network conversion with the use of application programs. If one uses TCP, one need to use a minimum of two Round trip time, one round trip to set up the connection for TCP and another round trip for the client to send the request and for the server to send the reply back.
SSL:
SSL stands for Secure Socket Layer and is a security protocol that establishes link between the web browser and the web server in an online communication.
Given Information:
Alice and Bob are communicating over an SSL session. An attacker, who does not have any of the shared keys, inserts a bogus TCP segment into a packet stream with correct TCP checksum and sequence numbers and correct IP addresses and port numbers.
Expert Solution & Answer
Want to see the full answer?
Check out a sample textbook solution
Students have asked these similar questions
if initial values of the sequence number used by both TCP SYN and SYC/ACK packets are always constant values(e.g., both are 0) it will make the TCP session vulnerable to TCP session hijacking attacks.
true or false?
Most modern TCP implementations use pseudo-random number generators (PRNG) to determine starting sequence numbers for TCP sessions. With such generators, it is difficult to compute the ith number generated, given only the (i - 1)st number generated. Explain what network security risks are created if an attacker is able to break such a PRNG so that he can in fact easily compute the ith number generated, given only the (i - 1) st number generated.
Using a TCP SYN spoofing attack, the attacker aims to flood the table of TCP connection requests on a system so that it is unable to respond to legitimate connection requests. Consider a server system with a table for 256 connection requests. This system will retry sending the SYN-ACK packet five times when it fails to receive an ACK packet in response, at 30 second intervals, before purging the request from its table. Assume that no additional countermeasures are used against this attack and that the attacker has filled this table with an initial flood of connection requests.
a. At what rate must the attacker continue to send TCP connection requests to this system in order to ensure that the table remains full?
b. Assuming that the TCP SYN packet is 40 bytes in size (ignoring framing overhead), how much bandwidth does the attacker consume to continue this attack?
Chapter 8 Solutions
EBK COMPUTER NETWORKING
Ch. 8 - Prob. R1RQCh. 8 - Prob. R2RQCh. 8 - Prob. R3RQCh. 8 - Prob. R4RQCh. 8 - Prob. R5RQCh. 8 - Prob. R6RQCh. 8 - Prob. R7RQCh. 8 - Prob. R8RQCh. 8 - Prob. R9RQCh. 8 - Prob. R10RQ
Ch. 8 - Prob. R11RQCh. 8 - Prob. R12RQCh. 8 - Prob. R13RQCh. 8 - Prob. R14RQCh. 8 - Prob. R15RQCh. 8 - Prob. R16RQCh. 8 - Prob. R17RQCh. 8 - Prob. R18RQCh. 8 - Prob. R19RQCh. 8 - Prob. R20RQCh. 8 - Prob. R21RQCh. 8 - Prob. R22RQCh. 8 - Prob. R23RQCh. 8 - Prob. R24RQCh. 8 - Prob. R25RQCh. 8 - Prob. R26RQCh. 8 - Prob. R27RQCh. 8 - Prob. R28RQCh. 8 - Prob. R29RQCh. 8 - Prob. R30RQCh. 8 - Prob. R31RQCh. 8 - Prob. R32RQCh. 8 - Prob. R33RQCh. 8 - Prob. P1PCh. 8 - Prob. P2PCh. 8 - Prob. P3PCh. 8 - Prob. P4PCh. 8 - Prob. P5PCh. 8 - Prob. P6PCh. 8 - Prob. P8PCh. 8 - Prob. P12PCh. 8 - Prob. P13PCh. 8 - Prob. P14PCh. 8 - Prob. P18PCh. 8 - Prob. P20PCh. 8 - Prob. P21PCh. 8 - Prob. P22PCh. 8 - Prob. P23P
Knowledge Booster
Similar questions
- A vulnerability of TCP is that many TCP SYN segments can be sent from many different remote addresses. These addresses can be spoofed---that is, IP datagrams containing TCP SYN segments can be sent with a fake IP address in the header. What problem does this cause in the server? а. Every TCP SYN segment requires the operating system to reserve resources like buffer space in memory related to a connection that is never going to be completed. Eventually the resources will become oversubscribed, and depleted, so no other clients can establish a connection with the server, effectively creating a denial-of-service (DoS) attack. O b. The SYN segments will have the wrong port number in the header, so the TCP segment will get delivered to the wrong process. с. The server doesn't know what IP address to send a SYN/ACK packet to so the connection can be established.arrow_forwardConsider a TCP session between Hosts A and B. Assuming that Host A sends a 10byte segment with sequence number 5, what will be the sequence number of the acknowledgment sent from B to Aarrow_forwardIn this problem we investigate whether either UDP or TCP provides a degree of end-point authentication. a. Consider a server that receives a request within a UDP packet and responds to that request within a UDP packet (for example, as done by a DNS server). If a client with IP address X spoofs its address with address Y, where will the server send its response? b. Suppose a server receives a SYN with IP source address Y, and after responding with a SYNACK, receives an ACK with IP source address Y with the correct acknowledgment number. Assuming the server chooses a random initial sequence number and there is no "man-in-the-middle," can the server be certain that the client is indeed at Y (and not at some other address X that is spoofing Y)?arrow_forward
- The figure below is a Wireshark capture of a TCP three-way handshake starting an http session. Calculate the initial SampleRTT from this capture, knowing that the Time column (2nd on the left) is in seconds. 1 0.000000 2 0.040617 3 0.040650 TCP 66 53587 > httpp [SYN] Seq=0 win=8192 L 66 http > 53587 [SYN, ACK] Seq=0 Ack=1 54 53587 > http [ACK] Seq=1 Ack=1 win= TCP TCP Subsequent SampleRTTs are 30 ms, 40 ms, 100 ms, and 50 ms . Consider a = 0.125 and B = 0.25. The initial EstimatedRTT = initial Sample RTT. The initial DevRTT= (Initial Sample RTT)/2. What are the EstimatedRTT, DevRTT, and Timeout (RTO) calculated after the last SampleRTT? O Estimated RTT = 48.6 ms, DevRTT = 11.7 ms, Timeout (RTO ) = 95.5 ms Estimated RTT = 47.0 ms, DevRTT = 18.2 ms, Timeout (RTO) = 119.7 ms O Estimated RTT = 60.0 ms, DevRTT = 20.1 ms , Timeout (RTO) = 80.4 ms Estimated RTT = 28.1 ms, DevRTT = 29.6 ms, Timeout (RTO) = 146.7 msarrow_forwardTCP is a connection-oriented protocol. This means that... O a. both of the endpoints communicating over TCP keep information about the state of the connection. O b. a TCP sender can start sending data to the receiver before the three-way handshake takes place. O c. there is a direct physical connection between the two endpoints of a TCP session. O d. both endpoints of a TCP session have to connect to a third party before data can be sent or received.arrow_forwardSuppose an idle TCP connection exists between sockets A and B. A third party has eavesdropped and knows the current sequence number at both ends. (a) Suppose the third party sends A a forged packet ostensibly from B and with 100 bytes of new data. What happens? (Hint: Look up in Request for Comments 793 what TCP does when it receives an ACK that is not an "acceptable ACK.") (b) Suppose the third party sends each end such a forged 100-byte data packet ostensibly from the other end. What happens now? What would happen if A later sent 200 bytes of data to B?arrow_forward
- TCP sessions are full-duplex, which means that data can be sent in either direction during the lifetime of the session. Consider a session in which the connection is established, the client sends 100 data segments, all of them are ACKed, and all of the ACKS are received by the sender, then the session is ended by both sides closing the connect. How many segments in total have the SYN bit of the header set to 1? а. 4 O b. 2 с. O d. 1 е. 209arrow_forwardA vulnerability of TCP is that many TCP SYN segments can be sent from many different remote addresses. These addresses can be spoofed---that is, IP datagrams containing TCP SYN segments can be sent with a fake IP address in the header. What problem does this cause in the server? a. The SYN segments will have the wrong port number in the header, so the TCP segment will get delivered to the wrong process. O b. Every TCP SYN segment requires the operating system to reserve resources like buffer space in memory related to a connection that is never going to be completed. Eventually the resources will become oversubscribed, and depleted, so no other clients can establish a connection with the server, effectively creating a denial-of-service (DoS) attack. с. The server doesn't know what IP address to send a SYN/ACK packet to so the connection can be established.arrow_forwardToday's TCP implementations employ PRNGs to generate session start sequence numbers. So, with just the I - 1)st number created, it's impossible to calculate the (ith). How can an attacker readily calculate the ith number produced by a PRNG using just the I - 1)st number?arrow_forward
- TCP sessions are full-duplex, which means that data can be sent in either direction during the lifetime of the session. Consider a session in which the connection is established, the client sends 100 data segments, all of them are ACKed, and all of the ACKS are received by the sender, then the session is ended by both sides closing the connect. How many segments in total have the SYN bit of the header set to 1? а. 209 O b. 2 6 с. d. 4 О е. 1arrow_forwardIf we have a UDP packet that sent from port 42,768 to port 42,773 containing a message of exactly bytes "HELO" (coded in 8-bit ASCII). What will be the value in the checksum field.arrow_forwardThree-way handshake is used by a TCP client and a TCP server to establish a connection, as illustrated below: 1st: client:port1 -> server:port2, SYN 2nd: server:port2 -> client:port1, SYNACK 3rd: client:port1 -> server:port2, ACK When this client is performing scanning attacks, it will generated a large number of failed connections. In each failed connection, the three-way handshake fails to complete. People commonly use SYN together with the absence of its corresponding SYNACK in this same TCP session to identify whether this connection is failed. By investigating the failed connections, an engineer finds that in legitimate/benign cases, if the server does not return SYNACK to the client, the client will not send the ACK packet after SYNACK (e.g., the 3rd packet above). Therefore, this engineer suggests that we can count the failed connections based on the following rules without considering SYNACK: If a client:port1 sends…arrow_forward
arrow_back_ios
SEE MORE QUESTIONS
arrow_forward_ios
Recommended textbooks for you
Database System ConceptsComputer ScienceISBN:9780078022159Author:Abraham Silberschatz Professor, Henry F. Korth, S. SudarshanPublisher:McGraw-Hill Education
Starting Out with Python (4th Edition)Computer ScienceISBN:9780134444321Author:Tony GaddisPublisher:PEARSON
Digital Fundamentals (11th Edition)Computer ScienceISBN:9780132737968Author:Thomas L. FloydPublisher:PEARSON
C How to Program (8th Edition)Computer ScienceISBN:9780133976892Author:Paul J. Deitel, Harvey DeitelPublisher:PEARSON
Database Systems: Design, Implementation, & Manag...Computer ScienceISBN:9781337627900Author:Carlos Coronel, Steven MorrisPublisher:Cengage Learning
Programmable Logic ControllersComputer ScienceISBN:9780073373843Author:Frank D. PetruzellaPublisher:McGraw-Hill Education
Database System Concepts
Computer Science
ISBN:9780078022159
Author:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:McGraw-Hill Education
Starting Out with Python (4th Edition)
Computer Science
ISBN:9780134444321
Author:Tony Gaddis
Publisher:PEARSON
Digital Fundamentals (11th Edition)
Computer Science
ISBN:9780132737968
Author:Thomas L. Floyd
Publisher:PEARSON
C How to Program (8th Edition)
Computer Science
ISBN:9780133976892
Author:Paul J. Deitel, Harvey Deitel
Publisher:PEARSON
Database Systems: Design, Implementation, & Manag...
Computer Science
ISBN:9781337627900
Author:Carlos Coronel, Steven Morris
Publisher:Cengage Learning
Programmable Logic Controllers
Computer Science
ISBN:9780073373843
Author:Frank D. Petruzella
Publisher:McGraw-Hill Education