Most Common Types Of TCP Attacks

by on 15/08/11 at 6:30 am

TCP attacks are amongst the simplest and most common types of hacking incidents you might run into.

Whenever 2 machines want to communicate over the Internet, they usually follow a standard sequence:

First, a SYN packet is sent to initiate the conversation. Then, a series of numbered ACK packets are sent between the 2 parties until one of the machines sends a FIN packet to end the conversation. (This is only a very basic general overview. The reality is somewhat more complex.)

Just using this simple mechanism, hackers on your internal network can use IP spoofing and packet sniffing to run a series of simple-but-effective attacks. Below, I’ve outlined a few of the most common:

  • SYN flood attacks: When you send a SYN packet, the target server must open a connection and keep it alive until wither the conversation ends or the connection times out. If a hacker can send many SYN packets using different spoofed IP addresses until the target machine is unable to accept any more connections.
  • Christmas Tree Attack: This is an older type of attack which is much less common than it used to be. The idea behind these 2 attacks would be to send out intentionally malformed packets with illegal combinations of flags in such a way as to trigger a crash. (Like pressing down on the gas and the brakes at the same time) Since these attacks are easy to detect, most networks are now able to detect and prevent them.
  • Connection-Killing FIN Attacks: If a hacker is able to listen in on a connection between 2 machines, the hacker can issue a false packet with a FIN flag, a forged sender address, and forged sequence number. This attack can be used to close off a connection for either the local or remote computer.
  • Connection Hijacking Attacks: After a conversation has started, a hacker can use a packet sniffer to guess the sequence number for the next packet, and send a forged ACK packet on behalf of the victim. When the victim sends their legitimate packet, their response will be ignored since the sequence number will not be invalid. To the victim, it will simply appear as though the connection is hanging. However, the hacker will be able to keep the conversation going while pretending to be the victim.

These are just 4 examples of why you want to avoid connecting to the Internet over non-trustworthy networks such as public WiFi hotspots or Hotel Internet. And if your organization has many travelling laptop users, you should make sure that they always connect to their business applications using a VPN connection.

Related posts:

  1. How Connection-Killing Attacks or FIN Attacks Work
  2. How Does A SYN Flood Attack Work?
  3. How DDoS Attacks Get Around IP Address Filters
  4. How Do Network Intrusion Detection Systems Handle Attacks?
  5. Protect Yourself From “Dark Clouds” and EDoS Attacks When Hosting Servers In The Cloud

Leave a Reply