CertiGuide to Security+

WARNING: This site is intended for online use only; mass-downloading of pages degrades the server and is prohibited.
If you attempt to use tools to mass-download the site, you may be blocked permanently by automated software.
If you want to read this CertiGuide offline, please use one of the links on the left to purchase a convenient PDF copy. Thank you.

Read this whole guide offline with no ads, for a low price!

Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Need more practice? 300 additional Security+ questions!

Get It Here!

CertiGuide to Security+
9 Chapter 1: General Security Concepts (Domain 1.0; 30%)
9 1.4 Attacks

1.4.4 Man in the Middle

1.4.6 TCP/IP Hijacking

1.4.5 Replay

Replay attacks are exactly as their name suggests. An attacker uses a packet capture tool to grab and save the packets in a conversation, then resends one side of the conversation to a host as he wishes. In the example of Freedom and Spirit, an attacker may capture a conversation between the machines in which a bank transaction is requested. The attacker may then resend all of Freedom’s packets to Spirit multiple times, causing Spirit to process the same transaction many times over.

Replay

A replay attack is one that involves capturing and saving the packets in a conversation, resending one side (generally the client side) of the conversation at a later time, in order to accomplish something malicious such as identifying themselves as another user, or process the same transaction more times than it legitimately occurred.

Again, this type of attack is made possible due to lax security in the protocol. As we have already discussed, every TCP/IP conversation is stamped with TCP Sequence numbers. In theory, no two conversations will generate the same set of numbers due to differences in the seed used and client/server TCP/IP stack differences, amongst other factors. In addition, many operating systems implement pseudo-random number generation for the initial sequence number. It has been proved however that in many implementations, the formula for producing these numbers is weak, and TCP sequence prediction is not as difficult as it could be.

If an attacker is able to guess the sequence (or indeed flood the network with packets containing likely sequence numbers), he may be able to control, disconnect or insert arbitrary data into a user’s session.

There are countermeasures against this type of attack. Secure protocols such as IPSec operate at the network layer and extend the IP protocol while maintaining compatibility with existing TCP/IP stacks by using additional protocol numbers. The ESP (Encapsulating Security Protocol) portion of IPSec handles most of the security of the protocol, such as authentication, data protection and anti-replay measures⁷⁹. IPSec relies heavily on cryptography and IKE (Internet Key Exchange) to create session keys, which is outside the scope of this section. Cryptography is discussed in section 4.

__________________

79. http://www.windowsecurity.com/articles/Securing_Data_in_Transit_with_IPSec.html

1.4.4 Man in the Middle

1.4.6 TCP/IP Hijacking

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!

Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.