Replay attacks are exactly as their name suggests. An attacker uses a packet capture tool to grab and save the packets in a conversation, then resends one side of the conversation to a host as he wishes. In the example of Freedom and Spirit, an attacker may capture a conversation between the machines in which a bank transaction is requested. The attacker may then resend all of Freedoms packets to Spirit multiple times, causing Spirit to process the same transaction many times over.
Again, this type of attack is made possible due to lax security in the protocol. As we have already discussed, every TCP/IP conversation is stamped with TCP Sequence numbers. In theory, no two conversations will generate the same set of numbers due to differences in the seed used and client/server TCP/IP stack differences, amongst other factors. In addition, many operating systems implement pseudo-random number generation for the initial sequence number. It has been proved however that in many implementations, the formula for producing these numbers is weak, and TCP sequence prediction is not as difficult as it could be.
If an attacker is able to guess the sequence (or indeed flood the network with packets containing likely sequence numbers), he may be able to control, disconnect or insert arbitrary data into a users session.
There are countermeasures against this type of attack. Secure protocols such as IPSec operate at the network layer and extend the IP protocol while maintaining compatibility with existing TCP/IP stacks by using additional protocol numbers. The ESP (Encapsulating Security Protocol) portion of IPSec handles most of the security of the protocol, such as authentication, data protection and anti-replay measures79. IPSec relies heavily on cryptography and IKE (Internet Key Exchange) to create session keys, which is outside the scope of this section. Cryptography is discussed in section 4.
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.