Technology weaknesses

These include TCP/IP protocol weaknesses, operating system weaknesses, software weaknesses running on operating systems and network equipment weaknesses.

TCP/IP is a protocol suite, which is used to transfer data through networks. The most important part of the suite is IP, which is the user identity on a network. The main protocols associated are:

• Transmission Control Protocol (TCP)
• User Datagram Protocol (UDP)
• Internet Control Message Protocol (ICMP)

TCP ports numbers identify an application. For example:

• Port 21: FTP
• Port 23: Telnet
• Port 80: HTTP
• Port 443: HTTPS

TCP/IP was meant to provide a reliable connection between two hosts but does not provide any inbuilt security functions, such as encryption or authentication. Protocols like HTTP, FTP, TFTP, and TELNET are insecure since all the information is in clear text.

A SYN flood is a form of DoS attack in which an attacker sends a succession of SYN requests to a targeted victim in an attempt to utilize all available server resources to make the system unavailable to legitimate traffic.

This is normal behavior for TCP three-way handshake. The SYN packet is sent by a user who is then acknowledged by the server and, finally, by ACK.

In the case of SYN, flood systems are unavailable to process SYN packets. Attackers in green send a series of SYN packets and get ACK as well. Meanwhile, attackers consume all server resources, hence real users in violet do not even get SYN-ACK.

The UNIX, Linux, Macintosh, Windows, and OS/2 operating systems all have security problems. Security updates and bug fixes are released by these companies from time to time.

Network equipment such as routers, firewalls, optical equipment, and switches have security weaknesses that must be recognized and protected.

In upcoming chapters, we will discuss these kind of attacks in detail, looking at how to deal with them in a live network.