In the ever-changing and fast-paced world of cyber security, there are new attacks in development by the adversary--be it crackers (term for person who maliciously hacks), the advanced persistent threat (APT), or others. I will discuss some protocol attacks in addition to covering some basic definitions for the protocols.
The Transmission Control Protocol (TCP) is known as the connection-oriented protocol. This means a logical connection is established between two machines, and then the sent data is tracked to ensure it is received. The requested information is re-sent if a packet was dropped, corrupted, or lost. Among other things, some of the main uses of TCP include email and file transfers.
The User Datagram Protocol (UDP) is a connectionless protocol or “fire and forget.” This means the data is not tracked when it is sent through the sending system to the receiving end. Uses of UDP include video streaming and Voice over Internet Protocol (VoIP).
Like UDP, the Internet Control Message Protocol (ICMP) is also a connectionless protocol. However, it is used for passing error messages for problems on the network. One popular use of ICMP is the “ping” command, which is used to see if a distant end is reachable.
Now, on with some attacks…
The TCP SYN (synchronize) attack is based on the “three-way handshake”. The principal concept is that the client sends a SYN packet; the server then receives the SYN packet and sends back a SYN with an acknowledge (ACK) packet; lastly, the client sends an ACK packet to complete the handshake and start communications. The problem arises when multiple clients are grouped together to send SYN packets at the same time to a server with a spoofed Internet Protocol (IP) address. The server is then constantly sending its SYN/ACK packet waiting for the final ACK packet from the non-existent IP address. This causes a Denial of Service (DoS), which denies legitimate users access the server’s resources.
The UDP Flood attack is similar to the TCP-SYN attack. However, the attacker sends large amounts of UDP packets to a victim’s port, with no service, to accept the packet. This leaves the victim’s machine indefinitely sending ICMP packets stating that the destination is not reachable. The end result is a DoS for the victim’s machine.
The Smurf attack is about flooding a computer with Internet Control Message Protocol (ICMP) message replies. This attack has multiple clients sending an ICMP message with a spoofed IP address on a network’s IP broadcast address. When all of the machines on the network reply, the reply floods the computer associated with the spoofed IP address resulting in a Distributed Denial of Service (DDoS). This can also have an effect on both ways of traffic flow on the local area network.
In conclusion, I discussed some basic protocol definitions and some attacks used with these protocols. Regis University can teach you more about other cyber-attacks and strategies for mitigation.