Implementación de mecanismos de defensa en una red de computadores que mitiguen los ataques basados en el protocolo tcp

Abstract

TCP (Transmission Control Protocol) is a protocol used for data transmission, where the configuration of its connection it uses a 3-way link, which is why it is considered a secure protocol; however when the state of the TCB (Transmission Control Block) by waiting for acknowledgment (ACK) changes to semi-open it is vulnerable to TCP SYN flood attacks. These attacks consist of sending large amounts of requests for incomplete connections, collapsing network traffic and causing considerable damage, such as denial of services. In order to determine the solution to be implemented in relation to these attacks, a virtual scenario was developed. With the help of the HPING3 tool it was possible to carry out the exploration of the three types of flood attacks TCP SYN: direct attack - based on spoofing and distributed, which allowed to determine the necessary controls that should be used for the mitigation of the vulnerabilities of the TCP protocol. The solution is based on configuring parameters in the client host's kernel, controlling in this way that flooding of SYN packet requests does not affect the client's performance. As distributed attacks have greater strength, it is necessary to provide more consistent protection, for which access control lists that were assigned in the Router interfaces were implemented. For effect of the virtual scenario, tools such as GNS3 were used to simulate the network connections and VirtualBox for the virtualization of the host that intervened.