Network Attacks: Protocol-Anomaly Attacks

Most network protocols were not designed with security in mind. An attacker can generate abnormal network packets that do not follow the expected format and purpose of the protocol, with the result that the attacker is able to either hack a remote host or network, or compromise a confidential network data stream.

Network-layer attacks are most frequently used to get behind firewalls and to make DoS attacks. DoS attacks are popular against big e-commerce sites. In one kind of DoS attack, the attacker computers send massive amounts of TCP SYN packets.

This is the first of three packets sent during a normal TCP handshake used to begin a communication session. The target computer responds with the expected ACK/SYN packet, which is normal, and then expects an answering ACK from the source.

But, the ACK packet never comes, letting the TCP connection in an open state, waiting for an extended period of time. When transferred millions of these packets, the attacked system is exhausted with open connections all in a waiting state. Usually, the victim computer has to reboot to clear all the open connections. If they do reboot without doing something to stop the DoS attack, it just occurs again and again.

Usually the beginning (the source) address of the malicious ACK packets is faked, so there is no way to totally block the originating IP address. This is just one type of DoS attack, and there are dozens of methods to cause them.

 

Related posts

How to Improve Your Cyber Resilience by Strengthening User Privileges

The Dark Side of Viral Content: How Negative Reviews Can Snowball

Testing Gaming Monetization: Walking the Line Between Profit and Player Experience