threeway_handshake1

Three-way Hand Shake Denial of Service Distributed Denial of Service

1/8

This material was developed with funding from the National Science Foundation under Grant # DUE 1601612

Back

Restart

The three-way handshake is a necessary process to create a connection between computers communicating using the transmission control protocol (TCP). Computers establish this three-way handshake to communicate with each other in the same we communicate when making a phone call.

Three-way Hand Shake

2/8

Three-way Hand Shake, Denial of Service, Distributed Denial of Service

3/8

When you call Mary to have a phone conversation you must start by establishing the phone conversation connection. There is a three step process (or set of rules) we follow to do this is: Your conversation begins with you initiating the call by dialing Mary’s phone number.When Mary’s phone rings, she answers and confirms the call has reached her by saying “Hello?”.You then confirm you received her “Hello?” by sending her a message of “Hello Mary. It is Jessica. Let’s chat.” and the conversation session begins.

Later that day you visit a webpage on the internet. Much like your phone call to Mary earlier in the day, you must start by establishing the conversation connection with the other computer. The three step process (or set of rules) we follow to do this is:Your conversation begins with you initiating the connection to the web server by typing into the browser the web address of website you would like to visit.When the website’s web server receives the communication from you, the web server confirms the connection initiation by sending a “Hello?” in return.You then confirm you received the webserver’s “Hello?” by sending a message of “Hello Webserver. It is Jessica. Let’s chat.” and the conversation session begins.

4/8

Synchronization Packet (SYN) The first packet sent across the network when setting up a TCP connection.

Transmission Control Protocol (TCP) A set of rules that defines how to establish and maintain a network conversation via which application programs can exchange data.

5/8

Three Way Hand Shake A method used in a TCP/IP network to create a connection between a local host/client and server.

This three step process is called the three-way handshake. The three-way handshake is a necessary process to create a connection between computers communicating using the transmission control protocol (TCP).The computer initiating the communication sends a synchronization packet (SYN) to the receiving computer.The receiving computer then replies to the SYN with a synchronization acknowledgement packet (SYN/ACK) sent to the initiating computer.Finally the initiating computer completes the three way handshake to finalize the establishment of the connection, by sending an acknowledgement packet (ACK) to the receiving computer. Once this final ACK packet has been sent the connection between the computers has been established and they can begin their conversation session.

Threeway Hand Shake

Acknowledgement Packet (ACK) The third and final packet sent across the network when setting up a TCP connection.

Synchronization Acknowledgement Packet (SYN/ACK) The second packet sent across the network when setting up a TCP connection.

But what happens when the three way handshake never gets completed? If the originating computer, your computer in our scenario, never sends the final ACK packet, the receiving computer will await its arrival for a period of time. Eventually, however, it will get tired of waiting and will disconnect and the conversation connection will never be established. Thinking about our phone call with Mary from earlier today, imagine Mary says “Hello?” when answering your call and you never respond. For a period of time, Mary will wait to hear a response. But eventually Mary will tire of waiting and will disconnect the call and the conversation connection will never be established.

6/8

Denial of Service

7/8

Denial of Service Attack (DOS) Any type of attack where the attackers attempt to prevent legitimate users from accessing the service.

When the initiating computer does not complete the connection because it does not send the final ACK packet, the web server waits. If the initiating computer does this repeatedly in a short period of time, the web server will wait on each conversation connection session in turn. If the web server receives a large number of conversation connection session requests for which it is waiting for an ACK packet from the initiating computer, the web server will become overwhelmed and crash. This is called a denial of service attack (DOS). This type of attack is referred to a denial of service attack because the web server can no longer do its job; it can no longer provide service to legitimate computer traffic. In this case the web server can no longer provide the website homepage to those computers legitimately requesting it.

Distributed Denial of Service (DDOS) A type of Denial of Service (DoS) attack where multiple compromised systems are used to target a single system causing a DOS attack.

Zombies A computer controlled by another person without the owner's knowledge and used for illegal or illicit activities.

Distributed Denial of Service

Zombie

Malware General classification of software that is intended to damage or disable computers and computer systems.

There is a modified version of the denial of service attack called a distributed denial of service attack (DDOS). Like in a DOS attack, a DDOS attack overwhelms a receiving computer with incomplete three way handshake sessions. However, under a DDOS attack multiple initiating computers are all engaged in a denial of service attack against the same targeted receiving computer. This is traditionally executed using computers which have been infected with malware which allows a remote user to control them. Machines controlled in this way are referred to as zombies.

8/8