Three-way handshake is used by a TCP client and a TCP server to establish a connection, as illustrated below:                    1st: client:port1 -> server:port2, SYN                2nd: server:port2 -> client:port1, SYNACK                3rd: client:port1 -> server:port2, ACK  When this client is performing scanning attacks, it will generated a large  number of failed connections. In each failed connection, the three-way handshake fails to complete. People commonly use SYN together with the absence of its corresponding SYNACK in this same TCP session to identify whether this connection is failed.  By investigating the failed connections, an engineer finds that in legitimate/benign cases, if the server does not return SYNACK to the client, the client will not send the ACK packet after SYNACK (e.g., the 3rd packet above). Therefore, this engineer suggests that we can count the failed connections based on the following rules  without considering SYNACK: If a client:port1 sends a SYN packet to server:port2, and an ACK is sent from client:port1 to server:port2 after that SYN packet, then this connection is established. If a client:port1 sends a SYN to server:port2, and then there is no ACK belonging to this session from client:port1 to server:port2, then this connection is failed.  Then this engineer uses these two rules to identify failed connections and use the number of failed connections to detect scanning behaviors.  If an attacker knows these two rules, how can he/she perform effective scanning attacks and meanwhile evade these two detection rules?

Database System Concepts
7th Edition
ISBN:9780078022159
Author:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Chapter1: Introduction
Section: Chapter Questions
Problem 1PE
icon
Related questions
Question

Three-way handshake is used by a TCP client and a TCP server to establish a connection, as illustrated below:
    
                1st: client:port1 -> server:port2, SYN
                2nd: server:port2 -> client:port1, SYNACK
                3rd: client:port1 -> server:port2, ACK

 When this client is performing scanning attacks, it will generated a large  number of failed connections. In each failed connection, the three-way handshake fails to complete. People commonly use SYN together with the absence of its corresponding SYNACK in this same TCP session to identify whether this connection is failed. 

By investigating the failed connections, an engineer finds that in legitimate/benign cases, if the server does not return SYNACK to the client, the client will not send the ACK packet after SYNACK (e.g., the 3rd packet above). Therefore, this engineer suggests that we can count the failed connections based on the following rules  without considering SYNACK:

  • If a client:port1 sends a SYN packet to server:port2, and an ACK is sent from client:port1 to server:port2 after that SYN packet, then this connection is established. 
    If a client:port1 sends a SYN to server:port2, and then there is no ACK belonging to this session from client:port1 to server:port2, then this connection is failed. 

Then this engineer uses these two rules to identify failed connections and use the number of failed connections to detect scanning behaviors. 

If an attacker knows these two rules, how can he/she perform effective scanning attacks and meanwhile evade these two detection rules?

AI-Generated Solution
AI-generated content may present inaccurate or offensive content that does not represent bartleby’s views.
steps

Unlock instant AI solutions

Tap the button
to generate a solution

Knowledge Booster
Network Protocols
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.
Similar questions
Recommended textbooks for you
Database System Concepts
Database System Concepts
Computer Science
ISBN:
9780078022159
Author:
Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:
McGraw-Hill Education
Starting Out with Python (4th Edition)
Starting Out with Python (4th Edition)
Computer Science
ISBN:
9780134444321
Author:
Tony Gaddis
Publisher:
PEARSON
Digital Fundamentals (11th Edition)
Digital Fundamentals (11th Edition)
Computer Science
ISBN:
9780132737968
Author:
Thomas L. Floyd
Publisher:
PEARSON
C How to Program (8th Edition)
C How to Program (8th Edition)
Computer Science
ISBN:
9780133976892
Author:
Paul J. Deitel, Harvey Deitel
Publisher:
PEARSON
Database Systems: Design, Implementation, & Manag…
Database Systems: Design, Implementation, & Manag…
Computer Science
ISBN:
9781337627900
Author:
Carlos Coronel, Steven Morris
Publisher:
Cengage Learning
Programmable Logic Controllers
Programmable Logic Controllers
Computer Science
ISBN:
9780073373843
Author:
Frank D. Petruzella
Publisher:
McGraw-Hill Education