TCP/IP and its vulnerabilities. Techniques of attacks

Name:
Professor’s Name:
Course:
Due Date:
TCP/IP AND ITS VULNERABILITIES
Introduction
The acronyms TCP refers to Transmission Control Protocol and IP refers to Internet Protocol. Internet protocol deals directly with the routing packets of data across computers or routers. However, the TCP ensures the delivery of data packets through a reliable channel across computers. There exists various vulnerabilities or rather design weakness as far as the security and privacy of the TCP/IP is concerned. In essence, some of these vulnerabilities relate to protocol design whereas the remaining attributable to software defects responsible for implementing the protocols. The different protocol weaknesses could be attributable to either the design of the protocol or the configuration, deployment as well as the daily operation of the DNS servers. Basically all the major Operating systems (OS) have utilized improvements especially in their implementation of what is referred to as the protocol stack that helps in mitigating different attacks. However, there have been different nature of enhancements of the TCP/IP that have been developed where several involve intensive use of encryption that requires the use of more computing power (Acharya et al., 69).
Techniques of attacks
There are several techniques associated with the arsenal of the TCP/IP attacker. However, successful attacks appear as a combination of some basic techniques which include: sniffing, buffer overflow, spoofing, poisoning, illegal packets, fingerprinting a system, storms, denial of service, and distributed denial of service. In this case, sniffing refers to the eavesdropping on the network whereby, sniffing defines the action by a certain machine on making copies of a network packet as sent by another different machine. The problem is possibly triggered by the near-universal choice of Ethernet which is a broadcast media and appears as the physical as well as data link layers. Sniffing is applicable in the monitoring of the health of various networks including capturing the existing passwords applicable in the telnet as well as FTP connections. The nature of the equipment applicable to the LAN facilitates sniffer capabilities. This is since the sniffer requires running on either the victim machine having the traffic of interest or another host machine within the subnet same as the victim. In this way, the NIC is capable of capturing the frames that specifically resembles its own MAC address. The nature of the volume of such frames presents a real challenge for the attacker to perform any processing.
Buffer overflow is a class of programming errors that occur in the TCP/IP server programs. The majority of such server programs operate under the privileges of a superuser. Some of the servers that serve as victims of such bugs include FTP servers, bind which is a ubiquitous DNS server program, send mail server and the Web server. Then spoofing attack refers to the aspect of altering packets for the purposes of rendering these packets structurally legitimate but in real sense the information it contains is not authentic. Such spoofed packets are always injected into the network. Poisoning refers to the ill-definition of the messages that provide information updates. Illegal packets are those packets that contain unexpected values within some fields. While fingerprinting a system is where the attacker seeks to remotely scan and control the entire LANs system. Storms refer to the flow of packets at an abnormally higher rate, they are always created through generation of few packets on a compromised host. Denial of service (DoS) focuses on preventing legitimate clients from obtaining services. On the other hand distributed denial of service (DDoS) is launched through coordinated set of hosts referred to as zombies.
Spoofing of the IP Address
The layer of the IP on the typical OS has trusted coordination with the source address as presented in an IP packet. There is an assumption that the nature of the packet as received is officially sent from the assigned source address. However, there is a lack of specification from the IP protocol in the process of validating the genuineness of such an address. This allows for easy replacement of the IP address of the sender with any different address. The spoofer circumvents the IP layer, therefore, capable of communicating directly to the raw device on the network. This technique can easily be used by attacker to silence the host from sending any form of packet. However, network monitoring software can be used in the detection of spoofing activities and also comparing the various processes that account logs between devices on personal internal network (Albanese et al., 169).
Fragment attacks on IP
The normal behavior of IP fragments is usually non-overlapping; however, malicious fragmentation entails various fragments that present illegal offsets. In this case, the value of a fragment-offset provides the index position of the data of the fragment as a reassembled packet. However, the pair representing carefully structured but malformed IP packets causes ...