Earn an NSA recognized IA Masters Online

The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.

http://www.msia.norwich.edu/linsec

IPv6 approach for TCP SYN Flood attack over VoIP, Part I
By: Suhas Desai

Abstract

In this paper, we describe and analyze a network based DoS attack for IP based networks. It is known as SYN flooding. It works by an attacker sending many TCP connection requests with spoofed source addresses to a victim's machine. Each request causes the targeted host to instantiate data structures out of a limited pool of resources to deny further legitimate access. The paper contributes a detailed analysis of the SYN flooding attack and existing and proposed countermeasures. SYN flooding attacks in application Performance Validation with VoIP gives improper results. To overwhelm it, IPv6 approaches have been proposed here with successful implementation it with Network Tester using Moonerv6 Phases algorithms. Agilent Network Tester practices on the same principles to make availability of IPv6 service in Networks or sensor networks.

1. Introduction

The attack exploits weaknesses in the TCP/IP (Transmission Control Protocol/Internet Protocol) protocol suite. This cannot be corrected without significant modifications to its protocols. This denial of service attacks can be launched with little effort. Presently, it is difficult to trace an attack back to its originator.

Several possible solutions to this attack have been proposed by others, and some implemented. We have proposed and developed a monitoring tool in IPv6 that classifies IP source addresses with high probability as being falsified or genuine. Our approach finds connection establishment protocol messages that are coming from forged IP addresses, and takes actions to ensure that the resulting illegitimate half-open connections are reset immediately to work over VoIP applications.

2. Background

We will provide a brief description of the features of the TCP/IP protocol suite that facilitate this attack.

2.1. Internet Protocol

The Internet Protocol (IP) is the standard network layer protocol of the Internet that provides an unreliable, connection-less, best-effort packet delivery service. IP defines the basic unit of data transfer used throughout an IP network, called a datagram. The service is unreliable, because the delivery of datagrams is not guaranteed. Datagrams may be lost, duplicated, delayed, or delivered out of order. IP is connection-less, because each packet is treated independently of others — each may travel over different paths and some may be lost while others are delivered. IP provides best-effort delivery, because packets are not discarded unless resources are exhausted or underlying networks fail. Datagrams are routed towards their destination. A set of rules characterize how hosts and gateways should process packets, how and when error messages should be generated, and when packets should be discarded.

Read Article:
http://www.linuxsecurity.com/content/view/121083/49/

LinuxSecurity.com Feature Extras:

Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.

Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.

Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple. If the feedback is good, I'll consider creating more complex guides for advanced users. Please let us know what you think and how these can be improved.

 

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.

Write Comment
Please keep the topic of messages relevant to the subject of the article. Personal verbal attacks will be deleted. Please don't use comments to plug your web site.. Such material will be removed.
Name:
Title:
Comment:
Code:*

Powered by AkoComment!