Vulnerabilities at Transport Layer
1 Answer

1. TCP seq number prediction: a hacker can predict the sequence number is incremented by a constant amount per second & half that amount each time a connection is inhibited, i.e session hijacking + TCP injection

2.TCP blind spoofing: Attacker guess both sequence no. and port no. If guessed correct TCP injection attack.

3. SYN flood: (It works by exploiting the 3-way handshake) The idea behind an SYN flooding is to flood the target system with connection requests from spoofed source addresses.

  • Multiple SYN packets are spoofed using source address that does not exist.
  • After receiving the fake ‘SYN’ packets, the server replies with SYN-ACK packet to the source address that is unreachable.
  • This situation creates a lot of half-opened sessions due to the fact that the expected Ack packets are not received by the server to properly initiate a session.This can cause the server to be overloaded or eventually crash.
  • The server will not allow any further connection to be established & genuine/legitimate user connection requests will be dropped thus leading to DOS.


  • Firewall (act as a proxy between server and client)
  • Reduce the duration of time required for a connection to timeout.
  • Increase the no. of connection requests that can be accepted by the host at one time.
  • Install vendor-specific updates & patches

4.Port scanning: Port scanning is the art of scanning the target system to obtain a list of open ports that are listening for communications i.e port scanning is carried out to determine a list of open ports on a remote host that have certain services.

  • In port scanning, the attacker connects to various TCP & UDP ports & tries to determine which ports are in listening mode.
  • This technique of information gathering is crucial for an attacker because it helps the determine the list of open ports on the target system, the services running on them & any vulnerability that might exist.

5.Connection Hijacking:

  • An attacher can allow normal authentication to proceed between the two hosts & then seize contrast of the connection, there are two types to do so

a) During TCP, 3-Way handshake,

b) In Middle of an established connection.

  • When two hosts are desynchronized enough, they will ignore packets from each other an attacher can than inject forged packets with the correct sequence no. Attacher might also modify or add commands to the communication.

enter image description here

Please log in to add an answer.