This paper is participating in theNetwork protocols must be known and must be known”Essay campaign
preface
Feel this half year to come, nuggets of activity is one after another 🎁
Today, I see that the Creators Center has added a technical topic essay activity, about network protocol, and one of the comments is:
You guys dig a lot of gold, but I don’t know that
That really speaks for me 😢…… For me, the network protocol has always been both familiar and strange, more strange, because I’ve been listening to it but haven’t really taken the time to learn about it, and it’s really hard to write about
However, after a second thought, is not only to learn ah, so plan to take advantage of the activity, make up the network protocol related knowledge
You’ve seen HTTP and TCP/IP
- Quickly understand the HTTP protocol
- Learn about TCP/IP quickly
The content of this section is still related to TCP, which is also the homework zhang Ya mentioned in the live broadcast — the principle of TCP reset attack and actual combat reproduction
The body of the
What is a TCP reset attack
What is a TCP reset attack
TCP reset attack, also called RST attack, is an attack means by which an attacker creates and sends a forged TCP reset packet to interfere with the connection between users and websites, so as to deceive the communication parties to terminate the TCP connection
For example, after A TCP connection is established between SERVER A and server B, SERVER C sends A forged TCP packet to server B, which causes server B to disconnect the TCP connection with server A. This is an RST attack
Generally, it is performed using a single packet, only a few bytes in size
The specific principle, please continue to read
How TCP reset attacks work
Using the mechanism
Under normal circumstances, if the client receives and discovers that the incoming packet segment is incorrect for the related connection,TCPA reset message segment is sent, resulting inTCPQuick disassembly of connections
The TCP reset attack uses this mechanism to send forged reset packet segments to the communication party to deceive the communication party into closing the TCP connection in advance
So how do you forge a TCP reset packet?
Forged reset message
To summarize, forgery a TCP reset packet does several things
The characteristics of
Lethal to long connections
If the attacker forges a packet segment that is completely realistic, the receiver thinks it is valid and closes the TCP connection!
Of course, the server can create a new TCP connection to resume communication, but it can still be reset by an attacker
However, it takes time for an attacker to assemble and send forged packets. Therefore, the attack is lethal only for long connections. For short connections, information exchange is completed before the attack
Forging the correct TCP reset segment and completing the attack is not easy
In a sense, it is easy to forge TCP segments because TCP/IP does not have any built-in way to verify the identity of the server
Some special IP extension protocols (such as IPSec) do authenticate, but they are not widely used. The client can only receive segments of the message and uses higher-level protocols (such as TLS) to verify the server’s identity where possible. This method does not apply to TCP reset packets, which are part of the TCP protocol itself and cannot be authenticated using higher-level protocols
Although it is easy to forge a TCP packet segment, it is not easy to forge the correct TCP reset segment and complete the attack
Reworking the IDEA of TCP reset attack
Concept map
The general idea can be roughly divided into the following steps:
The specific implementation
To be more
The resources
- www.662p.com/article/207…
- T.zoukankan.com/ryanyangcs-…
- Fuckcloudnative. IO/posts/deplo…
- Netsecurity.51cto.com/art/202011/…