Professional Documents
Culture Documents
426 Fall10 Lect33
426 Fall10 Lect33
CS 426
Lecture 33
Application protocol
Application Application
TCP protocol
Transport Transport
IP protocol IP protocol
Network IP Network
IP Data
ISP 132.14.11.51
121.42.33.1
19
1 5 1
Store data
ACK (ack=y+1,seq=x+1)
Connected
• A, B trusted connection
Server A – Send packets with predictable seq
numbers
• E impersonates B to A
– Opens connection to A to get initial
seq number
E
– DoS B’s queue
– Sends packets to A that resemble
B’s transmission
– E cannot receive, but may execute
commands on A
B
Attack can be blocked if E is outside firewall.
C S
SYNC1 Listening
SYNC2
Store data
SYNC3
SYNC4
SYNC5
DoS
gateway DoS
Source Target
• Optional Reading
• Steve Bellovin: A Look Back at “
Security Problems in the TCP/I
P Protocol Suite”