CIS 551 / TCOM 401 Computer and Network Security

Similar documents
CIS 551 / TCOM 401 Computer and Network Security. Spring 2006 Lecture 16

Computer and Network Security

CIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 8

Lecture 8. Basic Internetworking (IP) Outline. Basic Internetworking (IP) Basic Internetworking (IP) Service Model

Lecture 8. Reminder: Homework 3, Programming Project 2 due on Thursday. Questions? Tuesday, September 20 CS 475 Networks - Lecture 8 1

CS475 Networks Lecture 8 Chapter 3 Internetworking. Ethernet or Wi-Fi).

Internet Protocol. Outline Introduction to Internet Protocol Header and address formats ICMP Tools CS 640 1

IP - The Internet Protocol. Based on the slides of Dr. Jorg Liebeherr, University of Virginia

Recap. Recap. Internetworking. First mile problem. Internet. End Users. Last mile problem. Direct link networks Packet switching.

Internetworking Part 2

The Internet. Overview. Network building blocks

The Internet Protocol (IP)

McGraw-Hill The McGraw-Hill Companies, Inc., 2000

Computer and Network Security

OSI Network Layer. Network Fundamentals Chapter 5. Version Cisco Systems, Inc. All rights reserved. Cisco Public 1

CSE/EE 461 The Network Layer. Application Presentation Session Transport Network Data Link Physical

Outline. Routing. Introduction to Wide Area Routing. Classification of Routing Algorithms. Introduction. Broadcasting and Multicasting

Internetworking Part 2

Interconnecting Networks with TCP/IP

ECE 4450:427/527 - Computer Networks Spring 2017

IP Protocols. ALTTC/Oct

Vorlesung Kommunikationsnetze

Interconnecting Networks with TCP/IP. 2000, Cisco Systems, Inc. 8-1

TSIN02 - Internetworking

CS 457 Networking and the Internet. Problems. Mechanisms 9/21/16. Fall 2016 Indrajit Ray

ARP, IP. Chong-Kwon Kim. Each station (or network interface) should be uniquely identified Use 6 byte long address

Lecture 17 Overview. Last Lecture. Wide Area Networking (2) This Lecture. Internet Protocol (1) Source: chapters 2.2, 2.3,18.4, 19.1, 9.

Configuring IP Services

Layer 4: UDP, TCP, and others. based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers

ECE4110 Internetwork Programming. Introduction and Overview

DDoS Testing with XM-2G. Step by Step Guide

Introduction to Internetworking

Network Layer/IP Protocols

CHAPTER-2 IP CONCEPTS

Agenda L2 versus L3 Switching IP Protocol, IP Addressing IP Forwarding ARP and ICMP IP Routing First Hop Redundancy

Chapter 3 Internetworking

Introduction to Internetworking

Internet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.

Introduction to routing in the Internet

EC441 Fall 2018 Introduction to Computer Networking Chapter4: Network Layer Data Plane

TCP /IP Fundamentals Mr. Cantu

TCP/IP THE TCP/IP ARCHITECTURE

Applied Networks & Security

The Internetworking Problem. Internetworking. A Translation-based Solution

CS 356: Computer Network Architectures. Lecture 10: IP Fragmentation, ARP, and ICMP. Xiaowei Yang

CompSci 356: Computer Network Architectures. Lecture 8: Spanning Tree Algorithm and Basic Internetworking Ch & 3.2. Xiaowei Yang

CS 348 Computer Networks. IP and Routing. Indian Institute of Technology, Bombay

CPSC 826 Internetworking. The Network Layer: Routing & Addressing Outline. The Network Layer

Networking Basics. EC512 Spring /15/2015 EC512 - Prof. Thomas Skinner 1

The Internet Protocol. IP Addresses Address Resolution Protocol: IP datagram format and forwarding: IP fragmentation and reassembly

CS 457 Lecture 11 More IP Networking. Fall 2011

ET4254 Communications and Networking 1

CSCI-1680 Network Layer: IP & Forwarding Rodrigo Fonseca

Introduction to routing in the Internet

Guide to Networking Essentials, 6 th Edition. Chapter 5: Network Protocols

Internet Protocol (IP)

ICS 351: Networking Protocols

RMIT University. Data Communication and Net-Centric Computing COSC 1111/2061. Lecture 2. Internetworking IPv4, IPv6

Network Layer: Control/data plane, addressing, routers

Internet. Organization Addresses TCP/IP Protocol stack Forwarding. 1. Use of a globally unique address space based on Internet Addresses

ECE 158A: Lecture 7. Fall 2015

ICS 451: Today's plan

ECPE / COMP 177 Fall Some slides from Kurose and Ross, Computer Networking, 5 th Edition

Data Communication Prof. A. Pal Department of Computer Science & Engineering Indian Institute of Technology, Kharagpur Lecture 34 TCP/ IP I

Inter-networking. Problem. 3&4-Internetworking.key - September 20, LAN s are great but. We want to connect them together. ...

CSE 565 Computer Security Fall 2018

Review of Internet Architecture and Protocols

Lecture 3: Packet Forwarding

Internetworking - We are heterogeneity to our network (variable network technologies, bandwidth, MTU, latency, etc. etc.)

CS155b: E-Commerce. Lecture 3: Jan 16, How Does the Internet Work? Acknowledgements: S. Bradner and R. Wang

INTERNET SYSTEM. Internet Protocol. Kent State University Dept. of Computer Science. CS 4/55231 Internet Engineering. Large Scale Networking

Topics for This Week

CS 458 Internet Engineering Spring First Exam

Network Layer. The Network Layer. Contents Connection-Oriented and Connectionless Service. Recall:

Network Layer. Recall: The network layer is responsible for the routing of packets The network layer is responsible for congestion control

TSIN02 - Internetworking

Network Layer: Internet Protocol

COMP/ELEC 429/556 Introduction to Computer Networks

ECPE / COMP 177 Fall Some slides from Kurose and Ross, Computer Networking, 5 th Edition

Lecture 11: Fragmentation & Addressing. CSE 123: Computer Networks Stefan Savage

IP: Addressing, ARP, Routing

CSE/EE 461 Lecture 13 Connections and Fragmentation. TCP Connection Management

Administrivia CSC458 Lecture 4 Bridging LANs and IP. Last Time. This Time -- Switching (a.k.a. Bridging)

IPv6 is Internet protocol version 6. Following are its distinctive features as compared to IPv4. Header format simplification Expanded routing and

Introduction to Networks and the Internet

CS 455 Internet Architecture, Page 3 ffl By 1985, the ARPANET was heavily used and congested; the National Science Foundation (NSF) initiated the NSFN

IP : Internet Protocol

Communications Software. CSE 123b. CSE 123b. Spring Lecture 2: Internet architecture and. Internetworking. Stefan Savage

(Chapters 2 3 in Huitema) E7310/Internet basics/comnet 1

The Interconnection Structure of. The Internet. EECC694 - Shaaban

Chapter 19 Network Layer: Logical Addressing

Security+ Guide to Network Security Fundamentals, Fourth Edition. Network Attacks Denial of service Attacks

Configuring IP Services

Network Security. Evil ICMP, Careless TCP & Boring Security Analyses. Mohamed Sabt Univ Rennes, CNRS, IRISA Thursday, October 4th, 2018

Packet Header Formats

NetFlow Layer 2 and Security Monitoring Exports

Computer Network Fundamentals Spring Week 4 Network Layer Andreas Terzis

Network Security. Introduction to networks. Radboud University, The Netherlands. Autumn 2015

Computer Networks Principles Network Layer - IP

Lecture 2: Basic routing, ARP, and basic IP

Transcription:

CIS 551 / TCOM 401 Computer and Network Security Spring 2008 Lecture 12 2/28/08 CIS/TCOM 551 1

Announcements Reminder: Project 2 is due Friday, March 7th at 11:59 pm 2/28/08 CIS/TCOM 551 2

Internet Protocol Interoperability FTP HTTP NV TFTP TCP Overlays (running at hosts) UDP IP Virtual Network Infrastructure (runs globally) Networks (run locally) Ethernet ATM FDDI 2/28/08 CIS/TCOM 551 3

Internetworks Router (Gateway) 2/28/08 CIS/TCOM 551 4

Internetworks H1 H2 H3 Ethernet Ethernet H7 R3 H8 R1 H4 Point-to-Point Link (e.g., ISDN) FDDI Token Ring R2 H5 H6 2/28/08 CIS/TCOM 551 5

IP Encapsulation H1 TCP R1 R2 R3 H8 TCP IP IP IP IP IP ETH ETH FDDI FDDI PPP PPP ETH ETH Example of protocol layers used to transmit from H1 to H8 in network shown on previous slide. 2/28/08 CIS/TCOM 551 6

IP Service Model Choose minimal service model All nets can implement Tin cans and a string extremum Features: Best-effort datagram delivery Reliability, etc. as overlays (as in TCP/IP) Packet format standardized 2/28/08 CIS/TCOM 551 7

IPv4 Packet Format 0 4 8 16 19 31 Version Hlen TOS Length Ident Flags Offset TTL Protocol Checksum SourceAddr DestinationAddr Options (variable length) Pad DATA 2/28/08 CIS/TCOM 551 8

Fields of IPv4 Header Version Version of IP, example header is IPv4 First field so easy to implement case statement Hlen Header length, in 32-bit words TOS Type of Service (rarely used) Priorities, delay, throughput, reliability Length Length of datagram, in bytes 16 bits, hence max. of 65,536 bytes Fields for fragmentation and reassembly Identifier Flags Offset 2/28/08 CIS/TCOM 551 9

Header fields, continued TTL Time to live (in reality, hop count) 64 is the current default (128 also used) Protocol e.g., TCP (6), UDP(17), etc. Checksum Checksum of header (not CRC) If header fails checksum, discard the whole packet SourceAddr, DestinationAddr 32 bit IP addresses - global, IP-defined Options length can be computed using Hlen 2/28/08 CIS/TCOM 551 10

IP Datagram Delivery Every IP packet (datagram) contains the destination IP address The network part of the address uniquely identifies a single network that is part of the larger Internet. All hosts and routers that share the same network part of their address are connected to the same physical network. Routers can exchange packets on any network they re attached to. 2/28/08 CIS/TCOM 551 11

IP addresses Hierarchical, not flat as in Ethernet 7 24 0 Network Host A 1 0 14 16 Network Host B 1 1 0 21 8 Network Host C Written as four decimal numbers separated by dots: 158.130.14.2 2/28/08 CIS/TCOM 551 12

Network Classes Class # of nets # of hosts per net A 126 ~16 million B 8192 65534 C ~2 million 254 2/28/08 CIS/TCOM 551 13

IP Forwarding algorithm If (Network # dest == Network # interface) then deliver to destination over interface else if (Network # dest in forwarding table) deliver packet to NextHop router else deliver packet to default router Forwarding tables Contain (Network #, NextHop) pairs Additional information Built by routing protocol that learns the network topology, adapts to changes 2/28/08 CIS/TCOM 551 14

Subnetting Problem: IP addressing scheme leads to fragmentation A class B network with only 300 machines on it wastes > 65,000 addresses Need a way to divide up a single network address space into multiple smaller subnetworks. Idea: One IP network number allocated to several physical networks. The multiple physical networks are called subnets Should be close together (why?) Useful when a large company (or university!) has many physical networks. 2/28/08 CIS/TCOM 551 15

Subnet Numbers Solution: Subnetting All nodes are configured with subnet mask Allows definition of a subnet number All hosts on a physical subnetwork share the same subnet number Subnet Mask (255.255.255.0) 111111111111111111111111 00000000 Subnetted Address: Network number Subnet ID Host ID 2/28/08 CIS/TCOM 551 16

Example of Subnetting Subnet mask: 255.255.255.128 Subnet #: 128.96.34.0 H1 128.96.34.15 128.96.34.1 R1 128.96.34.130 128.96.34.129 128.96.33.1 R1 Subnet mask: 255.255.255.128 Subnet #: 128.96.34.128 H2 128.96.34.139 H3 128.96.33.14 Subnet mask: 255.255.255.0 Subnet #: 128.96.33.0 2/28/08 CIS/TCOM 551 17

Subnets, continued Mask is bitwise-anded with address This is done at routers Router tables in this model: <Subnet #, Subnet Mask, NextHop> Subnetting allows a set of physical networks to look like a single logical network from elsewhere 2/28/08 CIS/TCOM 551 18

Forwarding Algorithm D = destination IP address for each forwarding table entry (SubnetNumber, SubnetMask, NextHop) D1 = SubnetMask & D if D1 = SubnetNumber if NextHop is an interface deliver datagram directly to destination else deliver datagram to NextHop (router) Deliver datagram to default router (if above fails) 2/28/08 CIS/TCOM 551 19

ARP - Address Resolution Protocol Problem: Need mapping between IP and link layer addresses. Solution: ARP Every host maintains IP Link layer mapping table (cache) Timeout associated with cached info (15 min.) Sender Broadcasts Who is IP addr X? Broadcast message includes sender s IP & Link Layer address Receivers Any host with sender in cache refreshes time-out Host with IP address X replies IP X is Link Layer Y Target host adds sender (if not already in cache) 2/28/08 CIS/TCOM 551 20

ICMP: Internet Control Message Protocol Collection of error & control messages Sent back to the source when Router or Host cannot process packet correctly Error Examples: Destination host unreachable Reassembly process failed TTL reached 0 IP Header Checksum failed Control Example: Redirect tells source about a better route 2/28/08 CIS/TCOM 551 21

Domain Name System System for mapping mnemonic names for computers into IP addresses. zeta.cis.upenn.edu 158.130.12.244 Domain Hierarchy Name Servers 13 Root servers map top-level domains such as ".com" or ".net" (Why 13? Early UDP protocol supported only 512 bytes ) Name Resolution Protocol for looking up hierarchical domain names to determine the IP address Protocol runs on UDP port 53 2/28/08 CIS/TCOM 551 22

Domain Name Hierarchy edu com gov mil org net cornell upenn cisco yahoo nasa nsf arpa navy cis seas wharton 2/28/08 CIS/TCOM 551 23

Hierarchy of Name Servers Root Name Server Cornell Name Server Upenn Name Server CIS Name Server SEAS Name Server Wharton Name Server 2/28/08 CIS/TCOM 551 24

Records on Name Servers < Name, Type, Class, TTL, RDLength, RDATA > Name of the node Types: A Host to address mappings NS Name server address mappings CNAME Aliases MX Mail exchange server mappings others Class IN for IP addresses 2/28/08 CIS/TCOM 551 25

Name resolution client www.upenn.edu 128.91.34.233 Local Name server www.upenn.edu 204.74.112.1 www.upenn.edu 207.142.131.234 www.upenn.edu Root Name server 198.41.0.4 edu Name server 204.74.112.1 128.91.34.233 upenn Name server 207.142.131.234 2/28/08 CIS/TCOM 551 26

DNS Vulnerabilities See "Corrupted DNS Resolution Paths: The rise of a malicious resolution authority" by Dagon et al. Rogue DNS Servers Compromised DNS servers that answer incorrectly DNS Cache Poisoning Request: subdomain.example.com IN A Reply: Answer: (no response) Authority section: example.com. 3600 IN ns.wikipedia.org. Additional section: ns.wikipedia.org IN A w.x.y.z 2/28/08 CIS/TCOM 551 27

Reflected denial of service ICMP message with an "echo request" is called 'ping' Broadcast a ping request For sender s address put target s address All hosts reply to ping, flooding the target with responses Hard to trace Hard to prevent Turn off ping? (Makes legitimate use impossible) Limit with network configuration by restricting scope of broadcast messages Sometimes called a "smurf attack" 2/28/08 CIS/TCOM 551 28

(Distributed) Denial of Service Coordinate multiple subverted machines to attack Flood a server with bogus requests TCP SYN packet flood > 600,000 packets per second Detection & Assessment? 12,800 attacks at 5000 hosts! (in 3 week period during 2001) IP Spoofing (forged source IP address) http://www.cs.ucsd.edu/users/savage/papers/usenixsec01.pdf Feb. 6 2007: 6 of 13 root servers suffered DDoS attack Oct. 21 2002: 9 of 13 root servers were swampted Prompted changes in the architecture Prevention? Filtering? Decentralized file storage? 2/28/08 CIS/TCOM 551 29

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback