Analysis 2 - Rosa Pereira

.docx

School

University Of Arizona *

*We aren’t endorsed by this school

Course

326

Subject

Information Systems

Date

May 1, 2024

Type

docx

Pages

10

Uploaded by LieutenantStar15454 on coursehero.com

1 Analysis 2: TCP, UDP and Lower-Level Protocols Rosa Pereira University of Arizona CYBV 326: Introductory Methods of Network Analysis Professor Jonathan Martinez March 24, 2024
2 The purpose of this analysis paper is to put to the test the knowledge gained in the past four weeks. The making of this paper will help us expose the knowledge and understanding learned in content previously learned in class. We will be discussing benefits and vulnerabilities related to TCP and UDP, as well as preventions that can be put in place to avoid exploits. Graceful and abrupt shutdown will be compared and contrasted in relation to TCP connection ending. Secondly, lower-level protocols such as ICMP and ARP will be analyzed, as well as respective attacks for each protocol and how these can be mitigated or avoided. Lastly, we will be researching ways in which the MAC address of a given system can be changed, the process behind it, potential exploits, and some real-life examples of exploits that use the MAC address of a given device in an unauthorized manner. TCP and UDP Vulnerabilities First, we will be diving into TCP and UPD vulnerabilities. Three examples will be provided, and for each example provided we will explain which protocol it pertains to or if it can be a vulnerability associated with both protocols mentioned. The first vulnerability to be discussed will be potential SYN flood DDoS attack, which we will associate with TCP. This attack takes place when attackers begin sending a great number of requests (SYN requests specifically) to the objective server, leading to a great consumption of (server) resources, which then prevents real connections from being established. As described by Batool et al. (2022) “The goal of attacks like TCP SYN flood is to overwhelm the target and render it unusable for genuine users” (paras. 7). One way in which this attack can be mitigated is by the implementation of SYN proxying or cookies, which change the handling of SYN packets within the server to avoid resource
3 exhaustion. Firewalls and IPS can also do a good job at mitigating this issue, this is done by blocking abnormal SYN flood traffic as it is detected. Second, UPD amplification attacks. This vulnerability includes the delivery of bogus UDP packets to the victim’s server, which can be executed by spoofing the IP address of the target address. Once the server replies to the packets sent, the replies are directed to the target server ending up in a UDP flood attack. A way in which this vulnerability can be mitigated is by simply restricting UDP services that are liable to amplification (like NTP or DNS). The application of ACLs on UDP traffic can also help mitigate the issue, access control lists help by limiting the number of replies sent to bogus requests. Lastly, we will be discussing TCP sequence number prediction attacks. This attack occurs when an attacker attempts to guess the sequence numbers found in TCP packets. Leading to TCP packet manipulation with the purpose of gaining unauthorized access to data or even session hijacking. The mitigation of this vulnerability includes the introduction of sturdy encryption protocols such as TLS which can help with the encryption of data when being exchanged. TCP sequence number randomization can make it harder for attackers to predict sequences numbers accurately, and IDPS(s) can also help monitor suspicious network traffic as it occurs. Using TCP over UDP Next, we will be discussing the advantages that TCP has over UDP and even though TCP seems like the most reliable option why is there still a need for UDP. Diving into the advantages of using TCP the first one is the reliability provided by the connection-oriented protocol, which as explained by Black (1998) “This term refers to the fact the TCP maintains status and state information about each user data stream flowing into and out of the TCP module” (p. 167). This
4 essentially means that TCP makes sure a connection is established between source and destination before the exchange of data begins, this process ensures the reliable transfer of data which makes TCP beneficial for applications that require stable connections. Flow control mechanisms prevent congestion by managing the data transmission rate between the two parties. Error detection is another benefit that we can get from TCP, this includes automatic retransmission of packets that have been corrupted (or lost for instance), in this process checksums are used to detect anomalies, the packets are sent again until transmission is successfully completed. The benefits mentioned above do not form part of UDP, making the latter mentioned the least reliable of the two. However, there are instances in which UDP can be beneficial, such as low overhead, faster data transfer, simplicity, broadcast, and multicast control. The features mentioned make UDP ideal for scenarios where lower latency, and live data transfer are preferred over reliability. Graceful vs Abrupt Shutdown Graceful shutdown and abrupt shutdown are basically two sides of a coin when it comes to TCP connection termination, both being opposites of each other when finishing a conversation. One aspect in which they are both similar is that they represent the termination of communication between source and destination. As expressed by En-Chun Kuo et al. (2018) TCP connection creation gets most of the attention, leaving connection termination behind, however this does not mean that the termination is not an interesting (and significant) pattern to explore (Section III, para. 1). To contrast graceful shutdown both the source and destination agree to end the conversation in a methodical manner, while in abrupt shutdown one side forces the connection to end without cooperation from the other side of the conversation. One important aspect about graceful shutdown is that data transfer and integrity are ensured before terminating
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help