analysisofadenialofserviceattackontcp(編輯修改稿)
2024-11-29 18:11 本頁面
【文章內(nèi)容簡介】 nd traffic in large backbone works with plex topology 8/17 Solution (3/5) ? Connection establishment improvements ? Remove requirement of resource allocation ? Calculate ISS (initial send sequence) of destination as hash value ? Hash value (y : ISS of destination) ? Drawback ? Require the modification of TCP standard and consequently every TCP implementation Source IP address Destination IP address Port Source’s ISS Destination’s secret key Message H y Second message : SYNy, ACKx+1 Source IP address Destination IP address Port Source’s ISS Destination’s secret key Message H Third message : ACKy+1 y’ pare 9/17 Solution (4/5) ? Firewall approach ? Firewall as a relay ? Receive packets for internal host on its behalf ? Drawback ? Delay Li A D Firewall SYN SYN+ACK ACK SYN SYN+ACK ACK Data Data Data Data Li A D Firewall SYN SYN+ACK Fig 3. Attacker scenario Fig 4. Legitimate connection Sequence Number conversion 10/17 Solution (5/5) ? Firewall approach (cont’d) ? Firewall as a semitransparent gateway ? Drawback ? Waste a large number of illegitimate open connections at the destination if it is under attack Li A D Fir
教學(xué)課件相關(guān)推薦
鄂ICP備17016276號-1