Pages: [1]

Author Topic: Could I be wrong?  (Read 738 times)

0 Members and 1 Guest are viewing this topic.

Offline SoulX

  • /dev/null
  • *
  • Posts: 8
  • Cookies: 4
    • View Profile
Could I be wrong?
« on: October 27, 2013, 01:48:48 am »
http://i.imgur.com/6m79bCx.jpg?1

Hello. I was reading a Security+ book when I came across this. What I know about TCP SYN flood is different from the information given in this book. I googled for answers and most of the results were the same as what I know. Could this book be wrong? The title of this book is "CompTIA Security+, Study Guide, Third Edition, Exam SYO-101".

(Sorry that I didn't upload the picture here as I do not why the picture appeared too big.)
Report to moderator   Logged

Offline Phage

  • VIP
  • Overlord
  • *
  • Posts: 1280
  • Cookies: 120
    • View Profile
Re: Could I be wrong?
« Reply #1 on: October 27, 2013, 09:17:39 am »
AFAIK the book is right. Check this page: http://en.wikipedia.org/wiki/SYN_flood
Report to moderator   Logged
"Ruby devs do, in fact, get all the girls. No girl wants a python, but EVERY girl wants rubies" - connection

"It always takes longer than you expect, even when you take into account Hofstadter’s Law."

Offline SoulX

  • /dev/null
  • *
  • Posts: 8
  • Cookies: 4
    • View Profile
Re: Could I be wrong?
« Reply #2 on: October 27, 2013, 10:17:57 am »
The link that you have sent to me is what I know. However, the thing I am confused with is  the book mentioned about server waiting for the packet in the final sequence to start the connection but the picture showed that the attack spammed ACK packets to the server. What is the last packet the book meant to open a session? Isn't it ACK packet? Unless the final packet is the one carrying an actual payload (specifically, the client's HTTP request). Sorry for my lag of knowledge as books and website doesn't 100% teaches/mention everything.
Report to moderator   Logged

Offline RedBullAddicted

  • VIP
  • Sir
  • *
  • Posts: 519
  • Cookies: 189
    • View Profile
Re: Could I be wrong?
« Reply #3 on: October 27, 2013, 10:37:14 am »
Hi SoulX,

I guess you are right about that picture in your book. It should have been SYN packets send by the client to the server and the server should respond with a SYN/ACK wainting for the final ACK to complete the TCP 3-way handshake. Thats what happens before any data gets send. The book says that the server would keep these connections open which is halfway correct :) There are retransmissions and timers (you can read about it here: http://tools.ietf.org/html/rfc2988).

Cheers,
RBA
Report to moderator   Logged
Deep into that darkness peering, long I stood there, wondering, fearing, doubting, dreaming dreams no mortal ever dared to dream before. - Edgar Allan Poe

Offline SoulX

  • /dev/null
  • *
  • Posts: 8
  • Cookies: 4
    • View Profile
Re: Could I be wrong?
« Reply #4 on: October 27, 2013, 11:01:19 am »
Thank you very much. Even the content of the book wrote about this method is through ACK and named it ACK flooding attack.
I guess my distrust to books increases. I think I should go online and check whenever I read something new to me through book as I won't know if it is correct.
Report to moderator   Logged
Pages: [1]