update stuff
fix list spacing issues fix char centering issues fix single quote rendering in verbatim add a tcpdump mention
This commit is contained in:
parent
ecac09a00c
commit
f5e42160d0
GPG Key ID:
19CE1EC1D9E0486D
@ -10,8 +10,10 @@
|
||||
% BALÍČKY
|
||||
|
||||
%\usepackage[czech,english]{babel} % volba při kompilaci latexem (vyžaduje texlive-lang), zakomentovano, nastavovanu prikazem \nastavjazyk
|
||||
\usepackage{lmodern} % correct vertical character centering
|
||||
\usepackage[T1]{fontenc}% definice vnitřního kódování
|
||||
\usepackage[utf8x]{inputenc} % slouží pro definici kódování (při problémech zkusit zaměnit utf8x za utf8)
|
||||
\usepackage[utf8]{inputenc} % slouží pro definici kódování (při problémech zkusit zaměnit utf8x za utf8)
|
||||
\hypersetup{pdfencoding=unicode}
|
||||
\usepackage{color} % umožňuje použití barev
|
||||
\usepackage{graphicx} % rozšíření práce s grafikou
|
||||
\usepackage{amsmath} % balíček pro pokročilejší matematiku
|
||||
@ -27,6 +29,7 @@
|
||||
\usepackage{afterpage}
|
||||
%\usepackage{layout} % zobrazí nastavení tiskového zrcadla (příkaz \layout)
|
||||
%\usepackage{times} % balíček pro použití fontu times
|
||||
\usepackage{upquote} % straight single quotes
|
||||
\usepackage{verbatim} % vysází text bez formátování, tak jak je zapsán v souboru
|
||||
%\usepackage{indentfirst} % definuje odsazení prvního řádku odstavce
|
||||
%\usepackage{makeidx} % vytvoří rejstřík
|
||||
|
||||
84
tex/text.tex
84
tex/text.tex
@ -74,49 +74,63 @@ unmatchable to anything you can get ready in in minutes to cause real
|
||||
harm today.
|
||||
|
||||
There are generally several different ways to categorise a method of
|
||||
attack.\\
|
||||
by layers, in which the attacks are performed:
|
||||
attack.
|
||||
\begin{description}
|
||||
\item[by layers, in which the attacks are performed:]\
|
||||
\begin{itemize}
|
||||
\item link layer
|
||||
\item internet layer
|
||||
\item transport layer
|
||||
\item application
|
||||
\end{itemize}
|
||||
\end{description}
|
||||
|
||||
by the nature of their distribution:
|
||||
\begin{itemize}
|
||||
\item distributed
|
||||
\item not distributed
|
||||
\end{itemize}
|
||||
\begin{description}
|
||||
\item[by the nature of their distribution:]\
|
||||
\begin{description}
|
||||
\item[distributed] the effort is collectively advanced by a group of
|
||||
remotely coordinated devices (IRC C\&C)
|
||||
\begin{enumerate}
|
||||
\item deliberate - so called \it{voluntary botnets}
|
||||
\item involuntary - hijacked devices
|
||||
\end{enumerate}
|
||||
\item[not distributed] there is a single source of badness
|
||||
\end{description}
|
||||
\end{description}
|
||||
|
||||
by the kind of remoteness necessary to successfully execute the attack:
|
||||
\begin{itemize}
|
||||
\item close-proximity (physical engagement, i.e. sabotage) requires physical
|
||||
presence in/near e.g. a datacenter, networking equipment (cutting cables,
|
||||
playing a pyro)
|
||||
\item local network access (such as over a WiFi access point or on LAN)
|
||||
\item remote, such as over the internet
|
||||
\end{itemize}
|
||||
\begin{description}
|
||||
\item [by the kind of remoteness necessary to successfully execute the
|
||||
attack:]\
|
||||
\begin{description}
|
||||
\item[close-proximity] (physical engagement, i.e. sabotage) requires physical
|
||||
presence in/near e.g. a datacenter, networking equipment (cutting cables,
|
||||
playing a pyro)
|
||||
\item[local network access] such as over a WiFi access point or on LAN
|
||||
\item[remote] such as over the internet
|
||||
\end{description}
|
||||
\end{description}
|
||||
|
||||
by sth else:
|
||||
\begin{itemize}
|
||||
\item IP fragmentation
|
||||
\item SYN flood a rapid sequence of TCP protocol SYN messages
|
||||
\item volumetric DDoS attack
|
||||
\item amplification attack (also called "reflection attack")
|
||||
\begin{description}
|
||||
\item[by sth else:]\
|
||||
\begin{itemize}
|
||||
\item memcached exploit (1:51200)
|
||||
\item DNS (~1:50), with a formula \cite{akamaidnsampl} \[R = answer size / query size\]
|
||||
\item SNMP
|
||||
\item NTP
|
||||
\item IP fragmentation
|
||||
\item SYN flood - a rapid sequence of TCP protocol SYN messages
|
||||
\item volumetric DDoS attack
|
||||
\item amplification attack (also called "reflection attack")
|
||||
\begin{itemize}
|
||||
\item memcached exploit (1:51200)
|
||||
\item DNS (\textasciitilde1:50), with a formula \cite{akamaidnsampl} \[R = answer size / query size\]
|
||||
\item SNMP
|
||||
\item NTP
|
||||
\end{itemize}
|
||||
\item exploits
|
||||
\begin{itemize}
|
||||
\item 0days
|
||||
\item simply running unpatched versions of software
|
||||
\end{itemize}
|
||||
\item physical network destruction/crippling
|
||||
\end{itemize}
|
||||
\item exploits
|
||||
\begin{itemize}
|
||||
\item 0days
|
||||
\item simply running unpatched versions of software
|
||||
\end{itemize}
|
||||
\item physical network destruction/crippling
|
||||
\end{itemize}
|
||||
\end{description}
|
||||
|
||||
\n{2}{IP fragmentation}
|
||||
An attack whereby an attacker attempts to send a fragmented payload (TCP) that
|
||||
@ -134,6 +148,12 @@ sends a \emph{segment} with a SYN control flag, TCP B (assuming also willing to
|
||||
communicate) responds with a segment with SYN and ACK control flags set and
|
||||
finally, TCP A answers with a final ACK \cite{rfc793tcp}.
|
||||
|
||||
Using \texttt{tcpdump} to capture an outgoing SYN packet on interface
|
||||
\texttt{enp0s31f6}.
|
||||
\begin{verbatim}
|
||||
tcpdump -Q out -n -N -c 1 -v -i enp0s31f6 'tcp[tcpflags] == tcp-syn'
|
||||
\end{verbatim}
|
||||
|
||||
A malicious actor is able to misuse this by posing as a legitimate
|
||||
\emph{client} (or rather many legitimate clients) and sending large number of
|
||||
SYN segments to a \emph{server} willing to establish a connection (\it{LISTEN}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user