analysisofadenialofserviceattackontcp内容摘要:
nd traffic in large backbone works with plex topology 8/17 Solution (3/5) Connection establishment improvements Remove requirement of resource allocation Calculate ISS (initial send sequence) of destination as hash value Hash value (y : ISS of destination) Drawback • Require the modification of TCP standard and consequently every TCP implementation Source IP address Destination IP address Port Source’s ISS Destination’s secret key Message H y Second message : SYNy, ACKx+1 Source IP address Destination IP address Port Source’s ISS Destination’s secret key Message H Third message : ACKy+1 y’ pare 9/17 Solution (4/5) Firewall approach Firewall as a relay • Receive packets for internal host on its behalf • Drawback Delay Li A D Firewall SYN SYN+ACK ACK SYN SYN+ACK ACK Data Data Data Data Li A D Firewall SYN SYN+ACK Fig 3. Attacker scenario Fig 4. Legitimate connection Sequence Number conversion 10/17 Solution (5/5) Firewall approach (cont’d) Firewall as a semitransparent gateway • Drawback Waste a large number of illegitimate open connections at the destination if it is under attack Li A D Fir。阅读剩余 0%
本站所有文章资讯、展示的图片素材等内容均为注册用户上传(部分报媒/平媒内容转载自网络合作媒体),仅供学习参考。
用户通过本站上传、发布的任何内容的知识产权归属用户或原始著作权人所有。如有侵犯您的版权,请联系我们反馈本站将在三个工作日内改正。