Question

During the TCP 3-way handshaking process, each side of the communication randomly generates a sequence number,...

During the TCP 3-way handshaking process, each side of the communication randomly generates a sequence number, and then sends that random value in a message with the SYN flag turned on. If the sequence numbers were NOT randomly generated and each side had used sequence number 0 to start communication, what potential pitfalls would you expect?

Homework Answers

Answer #1

Ans-

The TCP 3-way handshake works like this:

Client ------SYN-----> Server
Client <---ACK/SYN---- Server
Client ------ACK-----> Server

In TCP, the two parties keep track of what they have sent by using a Sequence number. Effectively it ends up being a running byte count of everything that was sent. The receiving party can use the opposite speaker's sequence number to acknowledge what it has received but TCP is a bi-directional communication protocol, which means either end ought to be able to send data reliably. Both parties need to establish an ISN, and both parties need to acknowledge the other's ISN but the sequence number doesn't start at 0. It starts at the ISN (Initial Sequence Number), which is a randomly chosen value. And since TCP is a bi-directional communication, both parties can "speak", and therefore both must randomly generate an ISN as their starting Sequence Number. Which in turn means, both parties need to notify the other party of their starting ISN.

If the sequence numbers are not randomized and set properly, it is possible for malicious users to hijack the TCP session (which can be reliable connections to a bank, a store, or some other commercial entity). Each device chooses a random initial sequence number to begin counting every byte in the stream sent. How can the two devices agree on both sequence number values in about only three messages? Each segment contains a separate sequence number field and acknowledgment field. The client chooses an initial sequence number (ISN) in the first SYN sent to the server. The server ACKs the ISN by adding one to the proposed ISN (ACKs always inform the sender of the next byte expected) and sending it in the SYN sent to the client to propose its own ISN. The client’s ISN could be rejected, if, for example, the number is the same as used for the previous connection, but that is not considered here. Usually, the ACK from the client both acknowledges the ISN from the server (with server’s ISN + 1 in the acknowledgment field) and the connection is established with both sides agreeing on ISN. Note that no information is sent in the three-way handshake; it should be held until the connection is established.

This three-way handshake is the universal mechanism for opening a TCP connection. Oddly, the RFC does not insist that connections begin this way, especially with regard to setting other control bits in the TCP header (there are three others in addition to SYN and ACK and FIN). Because TCP really expects some control bits to be used during connection establishment and release, and others only during data transfer, hackers can cause a lot of damage simply by messing around with wild combinations of the six control bits, especially SYN/ACK/FIN, which asks for, uses, and releases a connection all at the same time. For example, forging an SYN within the window of an existing SYN would cause a reset.

So basically, the TCP specification requires that each side of a connection select an initial starting sequence number at random. The reason for this is to protect against two incarnations of the same connection reusing the same sequence numbers too soon that is, while there is still a chance that a segment from an earlier incarnation of a connection might interfere with a later incarnation of the connection.

Know the answer?
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Not the answer you're looking for?
Ask your own homework help question
Similar Questions
________ client-centered therapy centers on the patient's goals and ways of solving problems. Select one: a....
________ client-centered therapy centers on the patient's goals and ways of solving problems. Select one: a. Rogers' b. Freud's c. Beck d. Ellis Question 2 Not yet answered Points out of 1.00 Flag question Question text A frequently prescribed drug therapy for managing one's depression is ____________. Select one: a. Adderall b. Lithium c. Prozac d. Thorazine Question 3 Not yet answered Points out of 1.00 Flag question Question text A major goal of modern inpatient psychiatric treatment is: Select...
What tools could AA leaders have used to increase their awareness of internal and external issues?...
What tools could AA leaders have used to increase their awareness of internal and external issues? ???ALASKA AIRLINES: NAVIGATING CHANGE In the autumn of 2007, Alaska Airlines executives adjourned at the end of a long and stressful day in the midst of a multi-day strategic planning session. Most headed outside to relax, unwind and enjoy a bonfire on the shore of Semiahmoo Spit, outside the meeting venue in Blaine, a seaport town in northwest Washington state. Meanwhile, several members of...
      MK Restaurant: Branding of Thai-Style Hotpot The restaurant industry is one of the most...
      MK Restaurant: Branding of Thai-Style Hotpot The restaurant industry is one of the most competitive in Thailand. With a large number of players ranging from restaurants in five-star hotels, global fast-food chains to small stalls along the streets and everything in between, the Thais are spoiled for choice. In addition, as the world becomes globalized, consumers are familiar with international dishes and would not hesitate to try new offerings from the other side of the globe. As a...
What role could the governance of ethics have played if it had been in existence in...
What role could the governance of ethics have played if it had been in existence in the organization? Assess the leadership of Enron from an ethical perspective. THE FALL OF ENRON: A STAKEHOLDER FAILURE Once upon a time, there was a gleaming headquarters office tower in Houston, with a giant tilted "£"' in front, slowly revolving in the Texas sun. The Enron Corporation, which once ranked among the top Fortune 500 companies, collapsed in 2001 under a mountain of debt...
Discuss ethical issues that can be identified in this case and the mode of managing ethics...
Discuss ethical issues that can be identified in this case and the mode of managing ethics Enron finds itself in this case. How would you describe the ethical culture and levels of trust at Enron? Provide reasons for your assessment. THE FALL OF ENRON: A STAKEHOLDER FAILURE Once upon a time, there was a gleaming headquarters office tower in Houston, with a giant tilted "£"' in front, slowly revolving in the Texas sun. The Enron Corporation, which once ranked among...
The Business Case for Agility “The battle is not always to the strongest, nor the race...
The Business Case for Agility “The battle is not always to the strongest, nor the race to the swiftest, but that’s the way to bet ’em!”  —C. Morgan Cofer In This Chapter This chapter discusses the business case for Agility, presenting six benefits for teams and the enterprise. It also describes a financial model that shows why incremental development works. Takeaways Agility is not just about the team. There are product-management, project-management, and technical issues beyond the team’s control. Lean-Agile provides...
In February 2012, the Pepsi Next product was launched into the US market. This case study...
In February 2012, the Pepsi Next product was launched into the US market. This case study provides students with an interesting insight into PepsiCo’s new product process and some of the challenging decisions that they faced along the way. Pepsi Next Case Study Introduction Pepsi Next was launched by PepsiCo into the US market in February 2012, and has since been rolled out to various international markets (for instance, it was launched in Australia in September 2012). The new product...
Please answer the following Case analysis questions 1-How is New Balance performing compared to its primary...
Please answer the following Case analysis questions 1-How is New Balance performing compared to its primary rivals? How will the acquisition of Reebok by Adidas impact the structure of the athletic shoe industry? Is this likely to be favorable or unfavorable for New Balance? 2- What issues does New Balance management need to address? 3-What recommendations would you make to New Balance Management? What does New Balance need to do to continue to be successful? Should management continue to invest...
ADVERTISEMENT
Need Online Homework Help?

Get Answers For Free
Most questions answered within 1 hours.

Ask a Question
ADVERTISEMENT