short response to these two statements:
One of the more interesting TCP-IP vulnerabilities is its ability to guarantee the location of where a packet is coming from. RIP is an essential component of a TCP/IP network. RIP is the Routing Information Protocol which is used to distribute routing information within networks, such as shortest-paths, and advertising routes out from the local network, (CHAMBERS, DOLSKE, & IYER, n.d.). The flaw in RIP is that it doesn’t have built in authentication much like TCP/IP. This attack is significant because RIP attacks change where the data may go to unlike common attacks that change where data has come from. When an attacker is able to compromise RIP addresses and send them from anywhere in the world this poses a huge security flaw. Attackers can forge RIP packets claiming that they are another host and they have the fastest route or path out of the network. This is troubling as there is a higher level DDOS attack that uses the RIPv1 protocol called Reflection Amplification Attacks. (Mimoso, 2015) says, “Reflection attacks happen when an attacker forges its victim’s IP addresses in order to establish the victim’s systems as the source of requests sent to a massive number of machines.” Because the attacker is in control of the RIP it can send many requests on behalf of a network. The recipients of the request issue an overwhelming flood of responses back to the victim’s network thus crashing that network, (Mimoso, 2015).
I chose this vulnerability because it’s very current in the landscape of DDOS attacks and Threat post by Kapersky Labs suggest that this is only going to grow into the coming years. The easiest way to stop this is to use routers with RIPv2 and above. Unfortunately, a large number of the routers that have been compromised using this deprecated technology comes from AT&T and BellSouth and they are regularly distributed in the United States.
This form of attack can best be detected by using a web application firewall (WAF). Although WAF's use various methods to counter attacks, most use signature based filtering in blocking and recognizing attacks to and from HTTP web applications. Websites using SSL (https) encryption are no more safe than sites not encrypted. The attacks would work in the same manner except its taking place in an encrypted connection. Unlike network firewalls, with customization, WAF can prevent XSS, SQL injection, session jacking and buffer overflows by inspecting every HTML, HTTPS, SOAP and XML-RPC data packet (cgisecurity). Websites using SSL (https) encryption are no more safe than sites not encrypted. The attacks would work in the same manner except its taking place in an encrypted connection.
APA FORMAT and use of resources