Term
|
Definition
| It's a bunch of layers of security that needs to be achieved before a connection can be formed. |
|
|
Term
| How does TCP work (basically) |
|
Definition
| The TCP is a finite state machine that has a bunch of different parameters that must be met in a certain order for the connection to be formed. |
|
|
Term
| Describe the 3-way handshake of TCP conneciton |
|
Definition
1)Client sends SYN packet
2)The server either accepts (sends ACK packet) or declines (sends RST packet) |
|
|
Term
| Describe the 4-way handshake disconnection of TCP |
|
Definition
1)FIN flag initialized (client -> host) (no more data)
2)Host enters CLOSE-WAIT state
3)Client sends FIN packet
4)Host sends FIN packet |
|
|
Term
| Describe the alternate way to disconnect TCP |
|
Definition
| RST packet is sent from the client |
|
|
Term
|
Definition
| When the sender's IP address is replaced with a different address |
|
|
Term
| Describe the steps for killing a TCP connection with RST |
|
Definition
| Essentially an outside computer spoofs its IP address so that it can communicate with the host in the manner it needs to. When the time is right (in the sequence of events), the RST packet (with the correct sequence number) is sent from the sniper program to create a disconnection between the client and the host. |
|
|
Term
| Describe the steps for killing a TCP connection with a FIN signal |
|
Definition
| The attacker constructs a FIN package with the correct sequence number. If the host believes this signal it then sends a CLOSE-WAIT signal. Then the client repeats this signal, which is then mirrored by the host. |
|
|
Term
| How does TCP hijacking work? |
|
Definition
1) ZZ sends a correct signal impersonating XX at the correct time
2) XX keeps sending incorrect signals
3) YY corrects XX's incorrect signalsand sends them to ZZ (because they're connected to YY output)
4) ZZ continues sending the correct signals
5) Eventually ZZ takes control of the connection and can execute commands on YY |
|
|
