Assume Your Laptop sends a TCP SYN packet to the wwwdepauled

Assume Your Laptop sends a TCP SYN packet to the www.depaul.edu server. When this TCP SYN packet goes through the NAT router, what changes will this router make to this packet?

Solution

a SYN flood works by sending a large number of SYN packets to a server in order to tie up all of its available state, preventing it from accepting any new connections from legitimate clients. This attack is especially effective when the attacker can use spoofed source addresses in their SYN packets, as this makes it more difficult for the victim to install filters to remove the attack traffic. However, the attack still works if source addresses are not spoofed, provided that the attacker has enough zombies available to make it impractical for the victim to install filters for all of them. Related to this, we looked at the “SYN cookie” defense, which prevents the attack from succeeding if the attacker uses spoofed source addresses.

Here are some of the methods used by NATs to allow peers to execute port forecast:

     The NAT assigns to sequential internal ports sequential external ports.

If the isolated peer has the in order of one mapping, then it can guess the value of succeeding mappings. The TCP connection will take place in two steps, at first the peers make a connection to a third party and learn their mapping. For the second step, both peers can then conjecture what the NAT port mapping will be for all consequent relatives, which solves port prediction. This method requires making at slightest two consecutive connections for each peer and necessitate the use of a third party. This method does not work correctly in case of Carrier-grade NAT with a lot of subscribers behind each IP addresses, as only a limited amount of ports is obtainable and allocating nonstop ports to a same internal host might be impractical or impossible.

·         The NAT uses the port conservation portion scheme: the NAT maps the cause port of the internal look closely to the same public port.

In this case, port forecast is trivial, and the peers simply have to swap over the port to which they are bounce through a different declaration channel (such as UDP, or DHT) before making the outbound connections of the TCP instant open. This method requires only one correlation per peer and does not require a third festivity to execute port forecast.

·         The NAT uses \"endpoint independent mapping\": two successive TCP associations coming from the same internal endpoint are mapped to the equal community endpoint.

With this solution, the peers will first connect to a third party server that will save their port mapping value and give to both peers the port mapping value of the other peer. In a subsequent step, both peers will reuse the same local endpoint to perform a TCP instant open with each other. This lamentably requires the use of the SO_REUSEADDR on the TCP sockets, and such use violates the TCP typical and can lead to data corruption. It should only be used if the submission can look after itself touching such data corruption.