• If a client:port1 sends a SYN packet to server:port2, and an ACK is sent from client:port1 to server:port2 after that SYN packet, then this connection is established. If a client:port1 sends a SYN to server:port2, and then there is no ACK belonging to this session from client:port1 to server:port2, then this connection is failed. Then this engineer uses these two rules to identify failed connections and use the number of failed connections to detect scanning behaviors. If an attacker knows these two rules, how can he/she perform effective scanning attacks and meanwhile evade these two detection rules?

Database System Concepts
7th Edition
ISBN:9780078022159
Author:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Chapter1: Introduction
Section: Chapter Questions
Problem 1PE
icon
Related questions
Question
• If a client:port1 sends a SYN packet to server:port2, and an ACK is sent from
client:port1 to server:port2 after that SYN packet, then this connection is
established.
If a client:port1 sends a SYN to server:port2, and then there is no ACK
belonging to this session from client:port1 to server:port2, then this
connection is failed.
Then this engineer uses these two rules to identify failed connections and use the
number of failed connections to detect scanning behaviors.
If an attacker knows these two rules, how can he/she perform effective scanning
attacks and meanwhile evade these two detection rules?
Transcribed Image Text:• If a client:port1 sends a SYN packet to server:port2, and an ACK is sent from client:port1 to server:port2 after that SYN packet, then this connection is established. If a client:port1 sends a SYN to server:port2, and then there is no ACK belonging to this session from client:port1 to server:port2, then this connection is failed. Then this engineer uses these two rules to identify failed connections and use the number of failed connections to detect scanning behaviors. If an attacker knows these two rules, how can he/she perform effective scanning attacks and meanwhile evade these two detection rules?
Three-way handshake is used by a TCP client and a TCP server to establish a
connection, as illustrated below:
1st: client:port1 -> server:port2, SYN
2nd: server:port2 -> client:port1, SYNACK
3rd: client:port1 -> server:port2, ACK
When this client is performing scanning attacks, it will generated a large number of
failed connections. In each failed connection, the three-way handshake fails to
complete. People commonly use SYN together with the absence of its corresponding
SYNACK in this same TCP session to identify whether this connection is failed.
By investigating the failed connections, an engineer finds that in legitimate/benign
cases, if the server does not return SYNACK to the client, the client will not send the
ACK packet after SYNACK (e.g., the 3rd packet above). Therefore, this engineer
suggests that we can count the failed connections based on the following rules
without considering SYNACK:
Transcribed Image Text:Three-way handshake is used by a TCP client and a TCP server to establish a connection, as illustrated below: 1st: client:port1 -> server:port2, SYN 2nd: server:port2 -> client:port1, SYNACK 3rd: client:port1 -> server:port2, ACK When this client is performing scanning attacks, it will generated a large number of failed connections. In each failed connection, the three-way handshake fails to complete. People commonly use SYN together with the absence of its corresponding SYNACK in this same TCP session to identify whether this connection is failed. By investigating the failed connections, an engineer finds that in legitimate/benign cases, if the server does not return SYNACK to the client, the client will not send the ACK packet after SYNACK (e.g., the 3rd packet above). Therefore, this engineer suggests that we can count the failed connections based on the following rules without considering SYNACK:
Expert Solution
steps

Step by step

Solved in 4 steps

Blurred answer
Knowledge Booster
Hyperlinks
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.
Similar questions
  • SEE MORE QUESTIONS
Recommended textbooks for you
Database System Concepts
Database System Concepts
Computer Science
ISBN:
9780078022159
Author:
Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:
McGraw-Hill Education
Starting Out with Python (4th Edition)
Starting Out with Python (4th Edition)
Computer Science
ISBN:
9780134444321
Author:
Tony Gaddis
Publisher:
PEARSON
Digital Fundamentals (11th Edition)
Digital Fundamentals (11th Edition)
Computer Science
ISBN:
9780132737968
Author:
Thomas L. Floyd
Publisher:
PEARSON
C How to Program (8th Edition)
C How to Program (8th Edition)
Computer Science
ISBN:
9780133976892
Author:
Paul J. Deitel, Harvey Deitel
Publisher:
PEARSON
Database Systems: Design, Implementation, & Manag…
Database Systems: Design, Implementation, & Manag…
Computer Science
ISBN:
9781337627900
Author:
Carlos Coronel, Steven Morris
Publisher:
Cengage Learning
Programmable Logic Controllers
Programmable Logic Controllers
Computer Science
ISBN:
9780073373843
Author:
Frank D. Petruzella
Publisher:
McGraw-Hill Education