packets with no intention to complete the 3-way handshake protocol. They target the
half open connection TCP queue and plan to fill it up with requests so that the server
freezes.
The server is busy in utilizing all its resources in receiving, storing the SYN packets and
sending out ACK
for those packets.
Here the SYN cookie mechanism
is turned on,
so the queue is cleared when the queue is
about to get full. Queue is not a necessity but only a performance improvement in the 3
way handshake. So this is the reason why the request for a new telnet connection goes
through though the SYN flooding attack is in progress.
We then
turn of
the syn cookie mechanism at the server so that the SYN flooding attack
is successful.
Task 2: TCP RST Attacks on telnet and ssh Connections:
First we establish a
telnet
connection to the server and obtain the next sequence
number of the packet so that we can spoof the RST packet.
We get the next sequence number from the Wireshark capture of the telnet connection
from the Observer and Server
Attacker:
Then the attacker sends out TCP RST packets using the netwox tool with
number 40. The attacker sends a spoofed RST packet as though its from the Server
(10.0.2.2)
to the Oberver
(10.0.2.15)
with the next sequence number obtained from the
wireshark.
Also used Scapy to conduct the TCP RST attack
Conclusion:
The project is no full completed because there were so many errors. But I try to solve it and its
still not working. I will definitely go through you on this project.
You've reached the end of your free preview.
Want to read all 7 pages?
- Spring '19
- Transmission Control Protocol, Syn
