Hakin9 Conversion Test

Page 48

Attack

Blind Attack Against the Path-MTU Discovery Mechanism Fernando Gont

Difficulty

This article describes a blind attack against TCP’s Path-MTU Discovery mechanism that allows an off-path attacker to affect the performance of a TCP connection established between two remote end-points, sometimes to the extent of provoking a Denial of Service (DoS) on the attacked system.

T

he main function of the IP protocol in the Internet Architecture is to mask the differences that may exist between different network technologies, so that they can inter-operate. In order to meet this goal, the IP protocol imposes almost no requirements on the underlying network technologies, and provides its users with a basic data transfer service, that serves as a building block for creating more advanced data transfer services. One of the most popular and dominant network technologies of the last decades is called packet switching, and consists of the transfer of small chunks of data that are referred to as packets. There are a wide variety of parameters that characterize each packet-switching network technology. One of these parameters is the maximum packet size that can be transferred with that network technology. This parameter is usually referred to as MTU (Maximum Transmission Unit). When two or more systems are directly connected to each other with some packet-switching network technology, each of the systems will have full knowledge of the characteristics of the network technology being employed. Among these characteristics is the MTU of the

48

hakin9 1/2008

network, and as a consequence, neither of the involved systems will transmit packets that are larger than the MTU of the network that connects them. However, when two systems are connected to each other through one or more routers, these systems will have no knowledge of the characteristics of the intervening networks, including their MTUs.

What you will learn... • • •

How the Path-MTU Discovery mechanism works How to perform a blind performance-degrading attack against a TCP connection Which counter-measures can be deployed to defend a network against this attack

What you should know... • • • •

Principles of operation of the TCP and IP protocols Basic knowledge of computer networks Basic knowledge of cryptographic signatures Basic knowledge of TCP/IP security mechanisms

www.hakin9.org/en

Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.