EasyManua.ls Logo

Avaya G430 - Page 53

Avaya G430
696 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
SYN attack
Specifically, a SYN attack, or SYN flood attack, is a well-known TCP/IP attack in which a
malicious attacker targets a vulnerable device and effectively denies it from establishing new
TCP connections.
The SYN attack is characterized by the following pattern:
Using a spoofed IP address, an attacker sends multiple SYN packets to a listening TCP port
on the target machine (the victim). For each SYN packet received, the target machine allocates
resources and sends an acknowledgement (SYN-ACK) to the source IP address. The TCP
connection is called a “half-open” connection at this point since the initiating side did not yet
send back an acknowledgment (termed the third ACK).
Because the target machine does not receive a response from the attacking machine, it
attempts to resend the SYN-ACK, typically five times, at 3-, 6-, 12-, 24-, and 48-second
intervals, before de-allocating the resources, 96 seconds after attempting the last resend.
Altogether, the target machine typically allocates resources for over three minutes to respond
to a single SYN attack.
When an attacker uses this technique repeatedly, the target machine eventually runs out of
memory resources since it holds numerous half-open connections. It is unable to handle any
more connections, thereby denying service to legitimate users.
Moreover, flooding the victim with TCP SYN at a high rate can cause the internal queues to
fill up, also causing a denial of service.
SYN cookies
SYN cookies refers to a well-known method of protection against a SYN attack.
SYN cookies protect against SYN attacks by employing the following strategies:
Not maintaining any state for half-open inbound TCP sessions, thus preventing the SYN
attack from depleting memory resources.
SYN cookies are able to maintain no state for half-open connections by responding to
SYN requests with a SYN-ACK that contains a specially crafted initial sequence number
(ISN), called a cookie. The value of the cookie is not a pseudo-random number generated
by the system, but the result of a hash function. The hash result is generated from the
source IP, source port, destination IP, destination port, and some secret values. The
cookie can be verified when receiving a valid third ACK that establishes the connection.
Special security features
Administering Avaya G430 Branch Gateway October 2013 53

Table of Contents

Other manuals for Avaya G430

Preview: Installation And Upgrades
Installation And Upgrades155 pages
Preview: Deploying And Upgrading
Deploying And Upgrading144 pages
Preview: Quick Start For Hardware
Quick Start For Hardware30 pages
Preview: Configuration Manual
Configuration Manual42 pages
Preview: Installing
Installing13 pages

Related product manuals