update stuff

fix list spacing issues
fix char centering issues
fix single quote rendering in verbatim
add a tcpdump mention
This commit is contained in:
surtur 2021-05-12 17:21:01 +02:00
parent ecac09a00c
commit f5e42160d0
Signed by: wanderer
GPG Key ID: 19CE1EC1D9E0486D
2 changed files with 56 additions and 33 deletions

@ -10,8 +10,10 @@
% BALÍČKY
%\usepackage[czech,english]{babel} % volba při kompilaci latexem (vyžaduje texlive-lang), zakomentovano, nastavovanu prikazem \nastavjazyk
\usepackage{lmodern} % correct vertical character centering
\usepackage[T1]{fontenc}% definice vnitřního kódování
\usepackage[utf8x]{inputenc} % slouží pro definici kódování (při problémech zkusit zaměnit utf8x za utf8)
\usepackage[utf8]{inputenc} % slouží pro definici kódování (při problémech zkusit zaměnit utf8x za utf8)
\hypersetup{pdfencoding=unicode}
\usepackage{color} % umožňuje použití barev
\usepackage{graphicx} % rozšíření práce s grafikou
\usepackage{amsmath} % balíček pro pokročilejší matematiku
@ -27,6 +29,7 @@
\usepackage{afterpage}
%\usepackage{layout} % zobrazí nastavení tiskového zrcadla (příkaz \layout)
%\usepackage{times} % balíček pro použití fontu times
\usepackage{upquote} % straight single quotes
\usepackage{verbatim} % vysází text bez formátování, tak jak je zapsán v souboru
%\usepackage{indentfirst} % definuje odsazení prvního řádku odstavce
%\usepackage{makeidx} % vytvoří rejstřík

@ -74,39 +74,52 @@ unmatchable to anything you can get ready in in minutes to cause real
harm today.
There are generally several different ways to categorise a method of
attack.\\
by layers, in which the attacks are performed:
attack.
\begin{description}
\item[by layers, in which the attacks are performed:]\
\begin{itemize}
\item link layer
\item internet layer
\item transport layer
\item application
\end{itemize}
\end{description}
by the nature of their distribution:
\begin{itemize}
\item distributed
\item not distributed
\end{itemize}
\begin{description}
\item[by the nature of their distribution:]\
\begin{description}
\item[distributed] the effort is collectively advanced by a group of
remotely coordinated devices (IRC C\&C)
\begin{enumerate}
\item deliberate - so called \it{voluntary botnets}
\item involuntary - hijacked devices
\end{enumerate}
\item[not distributed] there is a single source of badness
\end{description}
\end{description}
by the kind of remoteness necessary to successfully execute the attack:
\begin{itemize}
\item close-proximity (physical engagement, i.e. sabotage) requires physical
\begin{description}
\item [by the kind of remoteness necessary to successfully execute the
attack:]\
\begin{description}
\item[close-proximity] (physical engagement, i.e. sabotage) requires physical
presence in/near e.g. a datacenter, networking equipment (cutting cables,
playing a pyro)
\item local network access (such as over a WiFi access point or on LAN)
\item remote, such as over the internet
\end{itemize}
\item[local network access] such as over a WiFi access point or on LAN
\item[remote] such as over the internet
\end{description}
\end{description}
by sth else:
\begin{description}
\item[by sth else:]\
\begin{itemize}
\item IP fragmentation
\item SYN flood a rapid sequence of TCP protocol SYN messages
\item SYN flood - a rapid sequence of TCP protocol SYN messages
\item volumetric DDoS attack
\item amplification attack (also called "reflection attack")
\begin{itemize}
\item memcached exploit (1:51200)
\item DNS (~1:50), with a formula \cite{akamaidnsampl} \[R = answer size / query size\]
\item DNS (\textasciitilde1:50), with a formula \cite{akamaidnsampl} \[R = answer size / query size\]
\item SNMP
\item NTP
\end{itemize}
@ -117,6 +130,7 @@ by sth else:
\end{itemize}
\item physical network destruction/crippling
\end{itemize}
\end{description}
\n{2}{IP fragmentation}
An attack whereby an attacker attempts to send a fragmented payload (TCP) that
@ -134,6 +148,12 @@ sends a \emph{segment} with a SYN control flag, TCP B (assuming also willing to
communicate) responds with a segment with SYN and ACK control flags set and
finally, TCP A answers with a final ACK \cite{rfc793tcp}.
Using \texttt{tcpdump} to capture an outgoing SYN packet on interface
\texttt{enp0s31f6}.
\begin{verbatim}
tcpdump -Q out -n -N -c 1 -v -i enp0s31f6 'tcp[tcpflags] == tcp-syn'
\end{verbatim}
A malicious actor is able to misuse this by posing as a legitimate
\emph{client} (or rather many legitimate clients) and sending large number of
SYN segments to a \emph{server} willing to establish a connection (\it{LISTEN}