Socket Security

Question 1

What are sockets?

Answer 1

Endpoints for communication over TCP/IP networks.

Question 2

How will IPv6 improve socket security?

Answer 2

Mitigates some TCP/IP vulnerabilities.

Question 3

What is server hijacking?

Answer 3

A local user intercepts/manipulates data meant for a server they didn’t start.

Question 4

How does a server use a socket?

Answer 4

Creates and binds it to a port for communication.

Question 5

What is a port in socket programming?

Answer 5

A 16-bit unsigned integer (0-65535) for network communication.

Question 6

What is the bind function’s purpose?

Answer 6

Associates a socket with a specific address and port.

Question 7

What is the sockaddr_in structure used for?

Answer 7

Specifies IPv4 socket address details.

Question 8

What does sin_addr in sockaddr_in do?

Answer 8

Defines the IP address to bind the socket to.

Question 9

What is INADDR_ANY?

Answer 9

Binds a socket to all network interfaces (IP 0).

Question 10

What issue arises with INADDR_ANY?

Answer 10

Multiple sockets can bind to the same port, causing conflicts.

Question 11

How do socket libraries resolve binding conflicts?

Answer 11

Prioritize the most specific IP binding.

Question 12

What is an example of specific binding?

Answer 12

Binding to 172.100.92.45 over INADDR_ANY.

Question 13

What is a solution to binding conflicts?

Answer 13

Bind to every available IP on the server.

Question 14

What is SO_EXCLUSIVEADDRUSE?

Answer 14

A Windows NT SP4 option to prevent port reuse.

Question 15

How does Windows 2003 handle socket security?

Answer 15

Uses DACLs on sockets, reducing need for SO_EXCLUSIVEADDRUSE.

Question 16

Why is Linux immune to this binding issue?

Answer 16

Port reuse requires SO_REUSEADDR, otherwise blocked.

Question 17

What is DCCP?

Answer 17

Datagram Congestion Control Protocol, UDP with congestion control.

Question 18

Why is managing multiple streams suboptimal?

Answer 18

Congestion control applied per stream, not across a group.

Question 19

What is a problem with apps using one stream per object?

Answer 19

Inefficient congestion control for related streams.

Question 20

What protocols support groups of streams?

Answer 20

SCTP and SST (Structured Stream Transport).

Question 21

What is SCTP?

Answer 21

Stream Control Transmission Protocol, defined in RFC 4960.

Question 22

What is a feature of SCTP?

Answer 22

Supports groups of related streams and multiple network paths.

Question 23

What is SCTP’s security feature?

Answer 23

Uses a 4-way handshake to protect against SYN flooding.

Question 24

What platforms support SCTP?

Answer 24

FreeBSD, Mac OSX, Windows, Linux.

Question 25

What was SCTP designed for?

Answer 25

Telephony over IP, also used for reliable server pooling.

Question 26

What is SST?

Answer 26

Structured Stream Transport, supports related stream groups.

Question 27

How does TCP establish a connection?

Answer 27

Via a three-way handshake: SYN, SYN-ACK, ACK.

Question 28

What is a passive open in TCP?

Answer 28

Server binds and listens on a port for connections.

Question 29

What is an active open in TCP?

Answer 29

Client initiates connection with a SYN packet.

Question 30

What is the TCP window attack?

Answer 30

Client sets a small or zero window size, slowing server data transfer.

Question 31

How does the TCP window attack work?

Answer 31

Forces server to send small data chunks with high overhead.

Question 32

What is the impact of a TCP window attack?

Answer 32

Blocks app, consumes worker threads due to slow data sending.

Question 33

How can apps detect TCP window attacks?

Answer 33

Check send call returns for slow client processing.

Question 34

What should apps do with slow clients?

Answer 34

Close and shutdown the socket.

Question 35

What is silly window syndrome?

Answer 35

A TCP issue where small window sizes cause inefficient data transfer.

Question 36

Why are TCP/IP stacks vulnerable?

Answer 36

Handle window size negotiation, exploitable by malicious clients.

Question 37

What is a firewall-friendly app design tip?

Answer 37

Use one connection for efficiency and simpler firewall rules.

Question 38

Why avoid multiple connections?

Answer 38

Increases firewall rule complexity and misconfiguration risks.

Question 39

Why avoid server-to-client connections?

Answer 39

Poses security risks, like FTP’s connect-back mechanism.

Question 40

What is FTP’s security issue?

Answer 40

Server connects back to client on a high port, risking attacks.

Question 41

What ports are vulnerable in FTP-like setups?

Answer 41

High ports (>1024), like MS SQL (1433) or Terminal Services (3389).

Question 42

How does SCTP improve over TCP?

Answer 42

4-way handshake reduces SYN flood risks.

Question 43

What is reliable server pooling?

Answer 43

A protocol using SCTP for accessing multiple pooled servers.

Question 44

Why check send call returns?

Answer 44

Detects slow or malicious clients exploiting window attacks.

Question 45

What is the benefit of fewer firewall rules?

Answer 45

Reduces misconfiguration and attack opportunities.

Question 46

Why is SO_REUSEADDR significant in Linux?

Answer 46

Must be explicitly set to allow port reuse, enhancing security.

Question 47

What is a DACL on a socket?

Answer 47

Discretionary Access Control List, controlling socket access.

Question 48

How does SST differ from TCP?

Answer 48

Supports structured groups of streams, unlike TCP’s single stream.

Question 49

What is the role of SYN in TCP?

Answer 49

Initiates connection from client to server.

Question 50

What is SYN-ACK in TCP?

Answer 50

Server’s response to client’s SYN, acknowledging connection.

Question 51

What is ACK in TCP?

Answer 51

Client’s final confirmation to establish the connection.

Question 52

Why is a 4-way handshake safer?

Answer 52

Adds an extra step, reducing SYN flood vulnerabilities.

Question 53

What is a high port in networking?

Answer 53

Ports above 1024, often used for client connections.

Question 54

Why is FTP’s connect-back risky?

Answer 54

Allows attacks on any server using high ports if firewall permits.

Question 55

What is the overhead in TCP window attacks?

Answer 55

40 bytes of TCP/IP headers for small data chunks.

Question 56

How can apps manage related streams better?

Answer 56

Use protocols like SCTP or SST for group-level control.

Question 57

Why is binding to specific IPs safer?

Answer 57

Prevents unintended data routing to less specific bindings.

Question 58

What is the default sin_addr value?

Answer 58

INADDR_ANY, listening on all interfaces.

Question 59

Why is server hijacking a threat?

Answer 59

Allows local users to intercept sensitive server data.

Question 60

What is the range of a port number?

Answer 60

0 to 65535, represented as a 16-bit unsigned integer.