4.3.31 · D1 · HinglishComputer Networks

FoundationsNetwork security — DDoS, man-in-the-middle, replay attacks, countermeasures

2,270 words10 min read↑ Read in English

4.3.31 · D1 · Coding › Computer Networks › Network security — DDoS, man-in-the-middle, replay attacks,

Parent note Network security — DDoS, MITM, replay & countermeasures padhne se pehle, tumhe uske symbols ek nazar mein padhne aane chahiye. Yeh page har ek symbol ko scratch se build karta hai, ek aisi order mein jahan har idea sirf upar wale ideas par tika ho.


0. The stage: do dost aur ek wire

Ek simple drawing socho. Left side par ek insaan — uska naam Alice hai. Right side par Bob hai. Dono ke beech mein ek line — yeh network wire hai. Us wire par baitha hua, har cheez dekhne aur chhoone ke saath, hai Eve — attacker.

Figure — Network security — DDoS, man-in-the-middle, replay attacks, countermeasures

Parent note mein jo bhi attack hai woh sirf Eve ka usi kaam karna hai jo uski position allow karti hai. Humein symbols chahiye jo yeh describe karein ki woh kya karti hai aur hum use kaise rokte hain — yeh hi is page ka baaki hissa hai.


1. Packet aur SYN handshake vocabulary

Parent note SYN, SYN-ACK, ACK, "half-open", "backlog" baar baar use karta hai. Yeh wahan se aate hain.

From-line bahut important hai: basic network par koi bhi check nahi karta ki from-line sach hai. Jhoothi from-line likhna spoofing kehlata hai — SYN floods aur reflection ke peeche yahi ek trick hai.

Figure — Network security — DDoS, man-in-the-middle, replay attacks, countermeasures

Topic ko yeh kyun chahiye: step 2 ke baad server ne likh liya hai ki yeh half-finished connection kiske saath hai, taaki woh ACK aane par pehchaan sake. Yeh likh-rakha note half-open connection kehlata hai, aur jis shelf par yeh rakhta hai woh hai backlog queue. Poora SYN-flood attack yahi hai ki Eve us shelf ko aise greetings se bhara de jo woh kabhi khatam nahi karti.


2. Rate, count, aur Little's Law (, , )

SYN-flood formula hai . Teen Greek/Latin letters — inhe ek ek samjhein.

Figure — Network security — DDoS, man-in-the-middle, replay attacks, countermeasures

3. Cost, amplification, aur factor


4. Keys, secrets, aur do tarah ke locks

MITM aur replay dono keys par depend karte hain. Yeh minimum vocabulary hai.


5. MAC, nonce, timestamp — freshness toolkit

Topic ko yeh sab kyun chahiye: ek replay attack ek genuine, valid message dobara bhejta hai. Encryption ise rok nahi sakta — copy abhi bhi theek se decrypt hogi. Sirf ek one-time ingredient ( ya ) kal ki copy ko aaj fail karata hai. MAC us ingredient ko message se glue karta hai taaki Eve khud naya swap na kar sake: .


6. Certificates aur challenge–response


7. Sab kuch topic mein kaise jaata hai

Alice Bob Eve on a wire

Packet with spoofable source

TCP handshake SYN SYN-ACK ACK

Backlog B and timeout T

Little's Law L equals lambda W

Cost c_a and c_s

Amplification A

DDoS section

Key K

Diffie Hellman

MITM section

Certificate and CA

MAC of m

Nonce n and timestamp T_s

Replay section


Equipment checklist

Har cue padho, aawaaz mein jawab do, phir reveal karo.

Spoofed source address se attacker kya kar sakta hai?
Aisi packets bhej sakta hai jo kisi aur ki taraf se aati lagin, taaki replies (ya blame) ek victim ko jayein aur asli bhejna wala chhupa rahe.
TCP handshake teen shabdon mein batao.
SYN, SYN-ACK, ACK.
mein , , kya hain?
= SYN arrival rate, = backlog slots, = slot timeout.
Little's Law ek equation mein.
(andar items = arrival rate × har ek kitni der rehta hai).
Amplification factor kya measure karta hai?
Attacker ki ek unit effort par server ka kitna cost jalta hai; matlab ek chhhota attacker bade victim ko haara sakta hai.
ka matlab kya hai?
Concatenation — pehle ke bytes phir ke bytes.
kya prove karta hai?
Ki message key rakhne wale ne bheja aur isme badlaav nahi hua.
Encryption akele replay kyun nahi rok sakti?
Ek copied valid ciphertext abhi bhi sahi se decrypt hogi; freshness ke liye ek one-time nonce ya timestamp chahiye.
Nonce kya guarantee karta hai, aur ise enforce kaise kiya jaata hai?
Ki message sirf ek baar use ho; receiver ek "dekha hua" set rakhta hai aur koi bhi repeated reject kar deta hai.
kya accept karta hai?
Aisi messages jinka timestamp abhi se seconds ke andar ho, kisi bhi direction mein.
Plain Diffie–Hellman mein jo gap hai usse certificate kaise fill karta hai?
Authentication — yeh ek public key ko ek identity se bind karta hai, taaki tum jaano kiske saath tumne secret agree kiya.