Predictable ISN can lead to
After knowing the ISN, wait for A to go down (say for maintenance) which is
easy to detect (say by ping), then
C sends B a counterfeit IP datagram containing its SYN and ISN; this B
receives and believes to have originated from
Model for internetwork security
Methods of defence (1)
Encryption, authentication code, digital signature,etc.
also known as denial of services.
Information resources (hardware, software and data) are deliberately made
unavailable, lost or unusable, usually through malicious destruction.
e.g: cutting a communication line, disabling a file managemen
Also known as TCP sequence number attack.
First we need to understand how the three-way TCP handshake protocol
handshake means- an assertion that indicates one partys readiness to
send or receive data. When two systems share a hard
Methods of defence (2)
Security devices, smart cards,
Lock, guards, backup of data and software, thick walls, .
Security polices and procedures
Security in layered IP
Security at the IP layer
Relaying the message to another host and it accepts as if it is trusted.
Example: transfer of password files in a networked unix systems.
Message means the payload of the IP datagram, the router performs routine
Ping O' Death Attack
Ping o' Death Attack
ICMP, an integral part of IP, is utilized to report network errors.
PING (Packet InterNet Grouper) utilizes ICMP Echo and Reply
packets to test host reachability.
ICMP messages normally consist of the IP Hea
TCP SYN Flooding
The Hacker sends a sequence of SYN packets. Each SYN packet
(about 120 /second) has a different and unreachable IP address.
This consumes all the communication channels and results in a denial
to any TCP based service.
q Authentication: Allows the receiver to validate the identity of a user, client
process or server process.
q Integrity: Provides assurance to the receiver that the transmitted data has
not been changed.
These programs are born out of the need to modify the operating systems
without access to the systems source code as well as security tools.
the security logic is encapsulated into a single program, wrappers are
simple and easy to validate.
TCP Wrapper Functions
q The TCPWrapper performs the following functions upon assuming control
Compares the incoming hostname and requested service with
previously created host.allow an hosts.deny files.
Performs a double-reverse lookup of the
1. Shift from the physical security to the protection of data and to thwart
hackers (by means of automated software tools) called
2. With the widespread use of distributed systems and the use of ne