Principles of Cybersecurity, 1st Edition page 273

Copyright Goodheart-Willcox Co., Inc. Chapter 8 Overview of Network Security and Network Threats 273 SYN Flood The other type of DoS attack is called a SYN fl ood. A SYN fl ood involves the hacker exploiting a vulnerability in the three-way handshake by not closing the handshake. Recall, the normal process is as follows. 1. SYN by sender 2. SYN/ACK by receiver 3. ACK by initial sender In a SYN fl ood, the attacker sends a SYN, which the target answers with a SYN/ ACK. Instead of closing the handshake with an ACK, the hacker sends another SYN, to which the target again replies, as shown in Figure 8-22. This cycle repeats over and over throughout the attack. SYN SYN/ACK SYN SYN/ACK SYN SYN/ACK SYN SYN/ACK Victim (server) Attacker (bot) Goodheart-Willcox Publisher photos: Denis Rozhnovsky/Shutterstock.com Figure 8-22. In a SYN flood, the three-way handshake is never completed with ACK. Quick Look 8.2.1 Ping and ICMP The ping command is used to check for a valid network address. It requires the target computer to respond. Wireshark can log ping requests. 1. Applying what you have learned, open the Windows Command Prompt. 2. Applying what you have learned, determine your IP address, and then exchange it with a classmate. 3. Enter the ping command and your classmate’s IP address. Notice how many times the IP address is pinged. In Windows, the default number of ping attempts is four. 4. Enter ping /? to show the options for the ping command. Notice that the -n switch is used to set the number of pings. 5. Enter ping followed by your classmate’s IP address and the switch -n 2. Notice the IP address is pinged only twice. 6. Open Wireshark. Start a new capture. Minimize Wireshark and return to the command prompt. Ping your neighbor with ten attempts. After verifying your classmate’s ping against your target is fi nished, return to Wireshark and stop the capture. 7. Applying what you have learned, fi lter the display by ICMP. 8. Look at the ICMP packets. You should fi nd the ten you sent, and the ten replies sent to your classmate, as shown. CompTIA Security+ 2.2

Previous Page Next Page

Principles of Cybersecurity, 1st Edition Page 273 (285 of 634)

Resources and Downloads

Help