Problem
Consider the following threats to Web security and describe how each is countered by a particular feature of SSL.
a. Man-in-the-middle attack: An attacker interposes during key exchange, acting as the client to the server and as the server to the client.
b. Password sniffing: Passwords in HTTP or other application traffic are eavesdropped.
c. IP spoofing: Uses forged IP addresses to fool a host into accepting bogus data.
d. IP hijacking: An active, authenticated connection between two hosts is disrupted and the attacker takes the place of one of the hosts.
e. SYN flooding: An attacker sends TCP SYN messages to request a connection but does not respond to the final message to establish the connection fully. The attacked TCP module typically leaves the "half-open connection" around for a few minutes. Repeated SYN messages can clog the TCP module.