Generic attacks (2)

• Syn flood

  • 1. attacker sends SYN packet to victim forging non-existent IP address
  • 2. victim replies with Syn/Ack but neither receives Ack nor RST from non-existent IP address
  • 3. victim keeps potential connection in a queue in Syn_Recv state, but the queue is small and takes some time to timeout and flush the queue, e.g 75 seconds
  • 4. If a few SYN packets are sent by the attacker every 10 seconds, the victim will never clear the queue and stops to respond.
  • Countermeasures: (1) Increase size of queue, (2) decrease the timeout period, (3) apply patches to OS to protect from Syn attacks, and (4) use IDS, which can respond to the Syn attack by providing RST responses.

• DNS attacks

  • primarily an UNIX /Linux problem. Go to the BIND site and download the latest version which fixes it.

Previous slide

Next slide

Back to first slide

View graphic version