Cyber Security Network Transport
🚚 Cyber Security Network Transport (Layer 4) In-Depth
👉 Most real-world hacking, scanning, and DDoS attacks target this layer.
What is the Transport Layer?
The Transport Layer is responsible for:
End-to-end communication
Data segmentation & reassembly
Port numbers
Flow control
Error control
📌 In simple words:
Transport Layer decides how data is delivered safely and in order
Key Responsibilities (Security View)
1️⃣ Port Addressing
Ports identify applications/services.
| Port | Service |
|---|---|
| 80 | HTTP |
| 443 | HTTPS |
| 21 | FTP |
| 22 | SSH |
| 25 | SMTP |
📌 Hackers use port scanning to find vulnerable services.
2️⃣ Segmentation & Reassembly
Large data → split into segments
Segments sent separately
Reassembled at destination
⚠️ Attackers exploit segmentation to confuse firewalls.
3️⃣ Flow Control
Prevents sender from overwhelming receiver.
🛡 Prevents system crash & buffer overflow
4️⃣ Error Control
Ensures data arrives correctly using:
Acknowledgements (ACK)
Retransmission
Transport Layer Protocols
🔵 TCP (Transmission Control Protocol)
Connection-oriented
Reliable
Slower but secure
✔ Used for: Web, Email, File transfer
🟠 UDP (User Datagram Protocol)
Connectionless
Faster
No guarantee of delivery
✔ Used for: Video calls, DNS, gaming
TCP vs UDP (Cyber Security View)
| Feature | TCP | UDP |
|---|---|---|
| Connection | Yes | No |
| Reliability | High | Low |
| Speed | Slower | Faster |
| Used In | HTTPS, SSH | DNS, VoIP |
| Attacks | SYN Flood | UDP Flood |
TCP Three-Way Handshake (Very Important)
1️⃣ SYN
2️⃣ SYN-ACK
3️⃣ ACK
📌 This process creates a session
⚠️ Attackers exploit this using SYN Flood attacks
🔴 Transport Layer Attacks (In-Depth)
1️⃣ Port Scanning
Finding open ports to identify services.
🛠 Example:
TCP Scan
UDP Scan
📌 First step of hacking
2️⃣ SYN Flood Attack
Attacker sends many SYN requests but never completes handshake.
🎯 Result:
Server resources exhausted
Legit users blocked
🛡 Defense:
SYN cookies
Rate limiting
Firewalls
3️⃣ UDP Flood Attack
Sending massive UDP packets.
🎯 Result:
Bandwidth exhaustion
🛡 Defense:
Traffic filtering
IDS/IPS
4️⃣ Session Hijacking
Taking over an active TCP session.
🎯 Used to:
Steal login sessions
Bypass authentication
🛡 Defense:
Encryption (TLS)
Secure session handling
5️⃣ Replay Attacks
Captured packets resent to gain access.
🛡 Defense:
Timestamps
Nonces
Encryption
Transport Layer Firewalls
Filters traffic based on:
Port number
Protocol (TCP/UDP)
Connection state
📌 Faster than application firewalls but less intelligent
Transport Layer vs Network Layer (Quick View)
| Network Layer | Transport Layer |
|---|---|
| IP Address | Port Number |
| Routing | End-to-end delivery |
| Routers | Firewalls |
| IP Spoofing | Port Scanning |
📌 Hackers move Layer 3 → Layer 4
Important Commands (Layer 4 Focus)
🎯 Why Transport Layer is CRITICAL in Cyber Security
✔ Controls applications
✔ Main target of DDoS
✔ Basis of scanning & exploitation
✔ Determines service exposure
📌 Open port = open risk
