4.3.31 · HinglishComputer Networks

Network security — DDoS, man-in-the-middle, replay attacks, countermeasures

2,355 words11 min readRead in English

4.3.31 · Coding › Computer Networks


1. Denial-of-Service & DDoS

YEH KAAM KYUN KARTA HAI: har server ke paas ek finite resource hoti hai (jaise ki half-open TCP connections ki sankhya). Agar attacker ke requests server ko attacker se zyada kharcha karaate hain, toh attacker asymmetry se jeet jaata hai.

Recall (D)DoS ke liye Countermeasures
  • SYN cookies: server connection state ko memory allocate karne ki jagah initial sequence number mein encode karta hai → koi state nahi jab tak ACK client ka real hona prove na kare. Asymmetry remove hoti hai.
  • Rate limiting / traffic shaping, ingress filtering (BCP 38) edge pe spoofed source IPs drop karne ke liye.
  • Scrubbing centers / CDNs / Anycast volumetric floods ko absorb aur disperse karte hain.
  • CAPTCHAs / proof-of-work badhate hain taaki gir jaaye.

2. Man-in-the-Middle (MITM)

Recall MITM countermeasures
  • TLS with certificates: server apni identity ek CA-signed certificate ke zariye prove karta hai; public key domain name se bound hoti hai. Extra safety ke liye certs pin karo.
  • HSTS HTTPS force karta hai taaki attacker use HTTP mein strip na kar sake.
  • Mutual authentication, DNSSEC, dynamic ARP inspection switches pe.
  • General rule: encrypt + authenticate. Encryption akela (koi identity check nahi) phir bhi MITM allow karta hai.

3. Replay Attacks

Figure — Network security — DDoS, man-in-the-middle, replay attacks, countermeasures

4. Comparison table (80/20 core)

Attack Toodi gayi assumption Core fix
DDoS Server resources kaafi hain Rate limit / verify hone tak koi state nahi (SYN cookies, scrubbing)
MITM Mein real party se baat kar raha hoon Authentication (TLS certs, signed DH)
Replay Ek valid msg ek baar valid hota hai Freshness (nonce, timestamp, challenge)

Recall Feynman: ek 12-saal ke bachche ko explain karo

Ek dukaan (server) imagine karo. DDoS ek flash mob jaisa hai jo darwaaze par bheed laga deta hai taaki real customers andar na aa sakein — tum isse fix karte ho ek quick ticket check karke pehle kisi ko darwaaza block karne dene se. Man-in-the-middle ek cheater messenger jaisa hai jo tumhare aur tumhare dost ke beech notes le jaata hai, unhe secretly padh aur badal raha hota hai — tum use ek aisi seal se harate ho jo sirf tumhara dost verify kar sakta hai. Replay koi hai jo tumhara "mujhe ek cookie do" wala note photocopy karke kal phir se de deta hai — tum use rok dete ho har note pe aaj ka secret password likhke taaki purani copies kaam na aayein.


Flashcards

(D)DoS ko effective banane wali asymmetry kya hai?
Attacker ka cost per packet server ke forced cost se bahut kam hota hai, toh amplification .
SYN flood mein kaunsa resource exhaust hota hai aur kaise?
Half-open connection backlog: spoofed SYNs server ko timeout tak slots reserve aur hold karaate hain; rate se, held slots .
SYN-flood collapse condition aur uski derivation batao.
, Little's Law se jo backlog size se exceed kare.
SYN cookies SYN floods ko kaise defeat karte hain?
Server connection state ko memory allocate karne ki jagah initial sequence number mein encode karta hai, toh koi state nahi rakhi jaati jab tak ek valid ACK client ka real hona prove na kare.
DNS amplification spoofed source IPs kyun use karta hai?
Taaki bada reply (reflection) victim ke paas jaaye, aur visible source ek innocent resolver ho, attacker nahi.
Plain Diffie–Hellman MITM ke liye vulnerable kyun hai?
Yeh ek shared secret provide karta hai lekin koi identity proof nahi; Eve do DH exchanges run karti hai aur har party ke saath ek key share karti hai. Fix: DH public values sign/authenticate karo.
MITM ek hi kaun si property exploit karta hai aur kya fix karta hai?
Missing authentication; certificates/signatures (TLS) se fix hota hai jo identity ko keys se bind karta hai.
Encryption akela replay attack kyun nahi rokta?
Attacker genuine ciphertext bina padhe phir bhej deta hai; tumhe freshness (nonce/timestamp/sequence number) chahiye, sirf secrecy nahi.
Replay defense mein nonce aur timestamp ka role kya hai?
Nonce: ek once-only value jo ek "seen" set mein track hoti hai taaki repeats reject ho; timestamp: sirf tab accept karo agar window ke andar ho taaki purane captures expire ho jaayein.
Nonce ko MAC ke saath combine kyun karna chahiye?
Warna attacker sirf nonce change kar leta; MAC freshness ko integrity se tie karta hai.
Har attack ko uski toodi gayi assumption se map karo.
DDoS: enough resources; MITM: real party se baat ho rahi hai; Replay: ek valid message sirf ek baar valid hota hai.
Challenge–response replay ko kaise prevent karta hai?
Server ek fresh random issue karta hai; client return karta hai; ek purana response naye challenge ke against verify nahi karega.

Connections

  • Transport Layer — TCP three-way handshake (SYN flood target)
  • Diffie–Hellman key exchange aur TLS handshake (MITM defense)
  • Message Authentication Codes (MAC) & HMAC (replay + integrity)
  • Public Key Infrastructure & Certificates (authentication)
  • Little's Law (SYN-flood capacity mein use ki gayi queueing math)
  • Firewalls, NAT & Ingress Filtering (BCP 38) (anti-spoofing)

Concept Map

resource assumption broken

identity assumption broken

one-time assumption broken

works via

maximized by

maximized by

spoofs source IP fills backlog

reflection amplifies traffic

countered by

countered by

countered by

Network: trust over untrusted medium

DDoS

Man-in-the-Middle

Replay attack

Asymmetry A = cs/ca

SYN flood

DNS amplification

Authentication

Freshness

Rate/resource limits