Lectures notes for 2010 - KTH
Lectures notes for 2010 - KTH Lectures notes for 2010 - KTH
SYN Flooding Attack It is clear that if a malacioous user simply sends a lot of SYN sgements to a target machine (with faked source IP addresses) ⇒ this machine will spend a lot of resources to set up TCP connections which subsequently never occur. As the number of TCP control blocks and other resources are finite • legitimate connection requests can’t be answered • the target machine might even crash The result is to deny service, this is one of many Denial of Services (DoS) Attacks Maguire TCP header continued 5: 10 of 77 maguire@kth.se 2010.03.21 Internetworking/Internetteknik
client active close ACKs from client Connection teardown FIN, seq=x ACK, seq: x+1 server EOF sent to application} half-close data from server ACK, seq: z+1 FIN, seq: z passive close See Forouzan figure 12.12 page 291 • Note: it takes 4 segments to complete the close. • Normally, the client performs an active close and the server performs passive close. Maguire TCP header continued 5: 11 of 77 maguire@kth.se 2010.03.21 Internetworking/Internetteknik
- Page 265 and 266: DHCP: Dynamic Host Configuration Pr
- Page 267 and 268: • Message - used by a server to p
- Page 269 and 270: DHCP’s importance • allows reus
- Page 271 and 272: Example of dhcpd.conf ### Managed b
- Page 273 and 274: Trivial File Transfer Procotol (TFT
- Page 275 and 276: Mapping names to IP addresses Host
- Page 277 and 278: Zones A zone is a subtree of the DN
- Page 279 and 280: (see Stevens, Vol. 1, figure 14.2,
- Page 281 and 282: Domain registrars Internet Corporat
- Page 283 and 284: Resource Records (RR) See Stevens,
- Page 285 and 286: Network names Conventions: • it.k
- Page 287 and 288: Example: $ORIGIN it.kth.se. @ 1D IN
- Page 289 and 290: How to give your host a name? Host
- Page 291 and 292: Configuring DNS • Configuring the
- Page 293 and 294: Load leveling [1] For example, f.ro
- Page 295 and 296: Where is f.root-servers.net ? trace
- Page 297 and 298: Dynamic Domain Name System (DDNS) R
- Page 299 and 300: Attacks upon DNS • Denial of serv
- Page 301 and 302: DNS performance - top 100 From www.
- Page 303 and 304: Web performance - continued Using P
- Page 305 and 306: This lecture we have discussed: •
- Page 307 and 308: IK1550 Internetworking/Internettekn
- Page 309 and 310: Transport layer protocols • User
- Page 311 and 312: Applications which use TCP Lots of
- Page 313 and 314: TCP header continued Reliability is
- Page 315: time client SYN, seq=x SYN, seq=y,
- Page 319 and 320: Maximum Segment Size • The Maximu
- Page 321 and 322: Window size Increasing window size
- Page 323 and 324: Silly Window Syndrome If receiver a
- Page 325 and 326: Disabling the Nagle Algorithm But s
- Page 327 and 328: Resulting bulk data flow Every segm
- Page 329 and 330: Congestion Avoidance So far we have
- Page 331 and 332: Slow start In 1989, Van Jacobson in
- Page 333 and 334: Round-Trip Time Measurement Fundame
- Page 335 and 336: Congestion Avoidance Algorithm Slow
- Page 337 and 338: Per-Route Metrics Newer TCPs keeps
- Page 339 and 340: TCP Keepalive Timer No data flows a
- Page 341 and 342: Long Fat Pipes Networks with large
- Page 343 and 344: Example of TCP behavior 1 1. Figure
- Page 345 and 346: Hypertext Transfer Protocol (HTTP)
- Page 347 and 348: HTTP Requests request-line == reque
- Page 349 and 350: HTTP Response Codes HTTP 3-digit re
- Page 351 and 352: Server Redirect Response code 302,
- Page 353 and 354: Decrease in total time to produce a
- Page 355 and 356: HTTP Statistics Statistics for indi
- Page 357 and 358: HTTP Performance Problems HTTP open
- Page 359 and 360: Web Enabled Devices emWare - thin c
- Page 361 and 362: Remote Procedure Call (RPC) Two ver
- Page 363 and 364: External Data Representation (XDR)
- Page 365 and 366: NFSspy Insert a new pointer in plac
client<br />
active<br />
close<br />
ACKs from<br />
client<br />
Connection teardown<br />
FIN, seq=x<br />
ACK, seq: x+1<br />
server<br />
EOF sent to application} half-close<br />
data from<br />
server<br />
ACK, seq: z+1<br />
FIN, seq: z<br />
passive<br />
close<br />
See Forouzan figure 12.12 page 291<br />
• Note: it takes 4 segments to complete the close.<br />
• Normally, the client per<strong>for</strong>ms an active close and the server per<strong>for</strong>ms<br />
passive close.<br />
Maguire TCP header continued 5: 11 of 77<br />
maguire@kth.se <strong>2010</strong>.03.21 Internetworking/Internetteknik