This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
A bridge should be able to connect LANs using different protocols at the data link layer, such as Ethernet LAN to a wireless LAN. Data layer addresses are used in order for a bridge to be able to route data. Therefore, bridges make use of MAC address to forward the data. If a specific address is not found in the bridging table, the data is sent to all hosts found on the network. This is called transparent bridging. If the address is known and found in the bridging table, it makes use of source routing bridging in order to deliver the data to the right destination.
Source: (FreeWiMAXInfo, n.d.)
However, there are many issues which are of significance when bridging connections between different LANs. One of the main issues is that different types of LANs such as Ethernet 802.3 and Wireless 802.11 contain different levels of security. In fact, Ethernet 802.3 does not have link layer encryption while in Wireless 802.11, link layer encryption is provided. This issue will have a great impact when data is transmitted from the above different LANs over a bridge. This is because the security provided by Wireless 802.11 network will not be compatible with Ethernet 802.3 network. In fact, nowadays, routers are being used to connect different types of LANs together. On the other hand, bridges are now being used to connect LANs of the same type together.
Source: (Tanenbaum, 2003) (Pg. 242)
Another issue which is significance when bridging connections between different LANs is the data rate. Different types of LANs might have different types of data rates. If a LAN is sending data at bigger amount of speed that the other LAN can handle via a bridge, the bridge will have to buffer the received data, trying not to go out of memory. This will result that bridge will not be able to handle the received data as fast as they received.
Source: (Tanenbaum, 2003) (Pg. 241)
Another major issue is that different types of LANs have different maximum frame lengths. Different frame lengths can cause several problems and there is no specific solution for this problem. In fact, frames are discarded if frames size is too large to be forwarded.
Source: (Tanenbaum, 2003) (Pg. 242)
Wireless transmissions generally make use of cellular service areas. Below, there is an example of a cell pattern with a frequency-reuse factor of 3.
Frequency reuse is a techniques used to improve capacity and efficiency in communications systems. This technique makes use of frequencies and channels. Wireless systems are making use of this technique to partition an RF radiating cell into segments of a cell.
Source: (Javvin network manager & security, n.d.)
In the above example, a band is divided into 3 bands which can have an equal bandwidth and the three subââ‚¬bands are reused in an alternating fashion. ââ‚¬Å“No neighbouring cells have the same frequency in this configuration resulting in it being the cluster with the least number of cells that is provides practical frequency reuse.ââ‚¬
Source: (Abu-Al-Saud, n.d.)
There is no actual answer of which is better to use whether low reuse factor or high reuse factor. It all depends on what the actual needs are whether the geographical area is large or small. For example if one needs less interference, therefore, high reuse factor should be used. On the other hand if one needs higher capacity of the network, low reuse factor should be used.
Source: (Wireless Information Transmission System Lab, n.d.)
UDP is a message-oriented protocol while TCP is a byte-oriented protocol. Whilst TCP guarantees delivery of data by making use of 3-way hand shake, UDP does not guarantee data delivery. However, UDP is faster and is mainly used for voice streaming.
Source: (Laynetworks - Comparative analysis - TCP - UDP, n.d.)
If an application needs to protect the boundaries of its message, UDP should be used. This is because UDP preserves message boundaries which are set by the sender and receiver. Sender can send packets which contains data size smaller than the MTU size, without the need of fragmentation. However, if the packet size is larger than the MTU size, the data has to be fragmented. If sender is called twice with sizes of 500 bytes and 1000 bytes respectively, the two packets will be sent. When both fragmented packets arrive to destination with the sizes of 100 bytes and 200 bytes, the first call will return the first 100 bytes of the 500 bytes packet, whereas the remaining bytes are thrown away. The second call will return the first 200 bytes of the 1000 bytes packet, whereas the remaining bytes are thrown away.
On the other hand, TCP does not preserve message boundaries between sends. In fact if the sender is called twice with sizes of 500 bytes and 1000 bytes respectively, the whole 1500 bytes will be sent. Keep in mind that data can be split in more packets with a specific data size. Therefore, it is not necessarily to send the two calls in two packets only.
Source: (On Time - IP Packet Types, n.d.)
From the following capture, we can see that there is a TCP SYN Flooding attack. TCP SYN Flooding attack is a specific Denial-of-Service (DoS) attack which affects hosts which run TCP server processes.
This attack will affect especially server processes which will make them incapable to handle genuine requests from legitimate client applications for TCP connection. TCP SYN flooding attacks are designed to attack services that bind to and listen on a TCP socket.
Source: (RFC 4987, 2007)
Strategies which are used to alleviate TCP SYN Flooding attacks
Firewalls and Proxies
A tactic which can be used to alleviate this attack is the Firewall-based tactic. This tactic is used to protect hosts from SYN flooding attacks. Its concept is to relieve the connection establishment procedures onto a firewall and monitor all the connection attempts until they are finished and then they are sent back to the defended hosts via proxies. With this technique, hosts have not to worry about SYN flooding attacks, since firewalls and proxies are dealing with these problems.
SYN cache is a technique used to decrease the number of state that a SYN allocates. Until the connection is established, the full state allocation is delayed. The end hosts contains some secret bits which they choose from the incoming SYN segments which are used for SYN cache implementation. These secret bits are hashed together with the IP addresses and TCP ports of a particular segment. In order to determine the location, this hash value has to be used. These values have certain limit. If the limit has been reached, the first entry is removed. The secret bits will defend a host from being attacked. The attacker is prevented from being able to attack some specific hash values for overflowing the hash value limit.
Source: (Wesley, 2006)