Internet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.

Similar documents
ARP, IP, TCP, UDP. CS 166: Introduction to Computer Systems Security 4/7/18 ARP, IP, TCP, UDP 1

Layer 4: UDP, TCP, and others. based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers

ELEC5616 COMPUTER & NETWORK SECURITY

User Datagram Protocol

Computer Networks Security: intro. CS Computer Systems Security

ICS 451: Today's plan

Ping of death Land attack Teardrop Syn flood Smurf attack. DOS Attack Methods

Introduction to Computer Networks. CS 166: Introduction to Computer Systems Security

CSC 574 Computer and Network Security. TCP/IP Security

Unit 2.

CSE/EE 461 Lecture 13 Connections and Fragmentation. TCP Connection Management

CSE 565 Computer Security Fall 2018

CSc 466/566. Computer Security. 18 : Network Security Introduction

Introduction to TCP/IP networking

Internet Protocol and Transmission Control Protocol

NWEN 243. Networked Applications. Layer 4 TCP and UDP

TSIN02 - Internetworking

TSIN02 - Internetworking

Configuring attack detection and prevention 1

CSCI-GA Operating Systems. Networking. Hubertus Franke

Transport Layer. The transport layer is responsible for the delivery of a message from one process to another. RSManiaol

Packet Header Formats

Outline. What is TCP protocol? How the TCP Protocol Works SYN Flooding Attack TCP Reset Attack TCP Session Hijacking Attack

ENEE 457: Computer Systems Security 11/07/16. Lecture 18 Computer Networking Basics

DDoS Testing with XM-2G. Step by Step Guide

Foundations of Network and Computer Security

Position of IP and other network-layer protocols in TCP/IP protocol suite

Single Network: applications, client and server hosts, switches, access links, trunk links, frames, path. Review of TCP/IP Internetworking

Different Layers Lecture 20

Your Name: Your student ID number:

Transport Layer. Gursharan Singh Tatla. Upendra Sharma. 1

Hands-On Ethical Hacking and Network Defense

Configuring attack detection and prevention 1

Network Security. Introduction to networks. Radboud University, The Netherlands. Autumn 2015

ICS 351: Networking Protocols

interface Question 1. a) Applications nslookup/dig Web Application DNS SMTP HTTP layer SIP Transport layer OSPF ICMP IP Network layer

CCNA 1 Chapter 7 v5.0 Exam Answers 2013

CSC 6575: Internet Security Fall Attacks on Different OSI Layer Protocols OSI Layer Basic Attacks at Lower Layers

CIT 380: Securing Computer Systems. Network Security Concepts

ECE4110 Internetwork Programming. Introduction and Overview

CSE/EE 461 The Network Layer. Application Presentation Session Transport Network Data Link Physical

QUIZ: Longest Matching Prefix

9th Slide Set Computer Networks

TCP : Fundamentals of Computer Networks Bill Nace

TCP /IP Fundamentals Mr. Cantu

Lecture 6. Internet Security: How the Internet works and some basic vulnerabilities. Thursday 19/11/2015

NT1210 Introduction to Networking. Unit 10

Dan Boneh, John Mitchell, Dawn Song. Denial of Service

Introduction to Networks and the Internet

ch02 True/False Indicate whether the statement is true or false.

CSCI 1800 Cybersecurity and Interna4onal Rela4ons. Design and Opera-on of the Internet John E. Savage Brown University

CS4700/CS5700 Fundamentals of Computer Networks

TSIN02 - Internetworking

Networking interview questions

TSIN02 - Internetworking

Interconnecting Networks with TCP/IP. 2000, Cisco Systems, Inc. 8-1

TCP/IP Networking. Part 4: Network and Transport Layer Protocols

Network Security. Evil ICMP, Careless TCP & Boring Security Analyses. Mohamed Sabt Univ Rennes, CNRS, IRISA Thursday, October 4th, 2018

network security s642 computer security adam everspaugh

ECE 650 Systems Programming & Engineering. Spring 2018

Guide To TCP/IP, Second Edition UDP Header Source Port Number (16 bits) IP HEADER Protocol Field = 17 Destination Port Number (16 bit) 15 16

Chapter 2 - Part 1. The TCP/IP Protocol: The Language of the Internet

EE 610 Part 2: Encapsulation and network utilities

The Internetworking Problem. Internetworking. A Translation-based Solution

Stream Control Transmission Protocol

Introduction to Internet. Ass. Prof. J.Y. Tigli University of Nice Sophia Antipolis

UDP, TCP, IP multicast

EITF25 Internet Techniques and Applications L7: Internet. Stefan Höst

CS61C Machine Structures Lecture 37 Networks. No Machine is an Island!

CSCI 4250/6250 Fall 2015 Computer and Networks Security

TCP TCP/IP: TCP. TCP segment. TCP segment. TCP encapsulation. TCP encapsulation 1/25/2012. Network Security Lecture 6

Network Security. Tadayoshi Kohno

Transport Over IP. CSCI 690 Michael Hutt New York Institute of Technology

Lecture 20 Overview. Last Lecture. This Lecture. Next Lecture. Transport Control Protocol (1) Transport Control Protocol (2) Source: chapters 23, 24

IP - The Internet Protocol. Based on the slides of Dr. Jorg Liebeherr, University of Virginia

Introduction to Network. Topics

Reliable Transport I: Concepts and TCP Protocol

Vorlesung Kommunikationsnetze

UDP and TCP. Introduction. So far we have studied some data link layer protocols such as PPP which are responsible for getting data

20-CS Cyber Defense Overview Fall, Network Basics

User Datagram Protocol (UDP):

Administrivia CSC458 Lecture 4 Bridging LANs and IP. Last Time. This Time -- Switching (a.k.a. Bridging)

CS 457 Lecture 11 More IP Networking. Fall 2011

On Distributed Communications, Rand Report RM-3420-PR, Paul Baran, August 1964

CS670: Network security

Transport Layer (TCP/UDP)

H

CS 716: Introduction to communication networks th class; 7 th Oct Instructor: Sridhar Iyer IIT Bombay

Transport: How Applications Communicate

Chapter 23 Process-to-Process Delivery: UDP, TCP, and SCTP 23.1

7. TCP 최양희서울대학교컴퓨터공학부

CS457 Transport Protocols. CS 457 Fall 2014

Networking Technologies and Applications

Table of Contents. 1 Intrusion Detection Statistics 1-1 Overview 1-1 Displaying Intrusion Detection Statistics 1-1

CHAPTER-2 IP CONCEPTS

Lecture 11: IP routing, IP protocols

TCP/IP Protocol Suite 1

INF5290 Ethical Hacking. Lecture 3: Network reconnaissance, port scanning. Universitetet i Oslo Laszlo Erdödi

CSCI 680: Computer & Network Security

Concept Questions Demonstrate your knowledge of these concepts by answering the following questions in the space that is provided.

Transcription:

Internet Layers Application Application Transport Transport Network Network Network Network Link Link Link Link Ethernet Fiber Optics Physical Layer Wi-Fi

ARP requests and responses IP: 192.168.1.1 MAC: 00:11:22:33:44:01 ARP Cache 192.168.1.105 00:11:22:33:44:02 Data 192.168.1.1 is at 00:11:22:33:44:01 192.168.1.105 is at 00:11:22:33:44:02 IP: 192.168.1.105 MAC: 00:11:22:33:44:02 ARP Cache 192.168.1.1 00:11:22:33:44:01

Poisoned ARP Caches 192.168.1.106 00:11:22:33:44:03 Data Data 192.168.1.1 00:11:22:33:44:01 192.168.1.105 is at 00:11:22:33:44:03 192.168.1.1 is at 00:11:22:33:44:03 192.168.1.105 00:11:22:33:44:02 Poisoned ARP Cache 192.168.1.105 00:11:22:33:44:03 Poisoned ARP Cache 192.168.1.1 00:11:22:33:44:03

How to prevent ARP poisoning

IP

Internet Protocol Connectionless Each packet is transported independently from other packets Unreliable Delivery on a best effort basis No acknowledgments Packets may be lost, reordered, corrupted, or duplicated IP packets Encapsulate TCP and UDP packets Encapsulated into link-layer frames Data link frame IP packet TCP or UDP packet

IP Addresses and Packets IP addresses IPv4: 32-bit addresses IPv6: 128-bit addresses E.g., 128.148.32.110 IP header includes Source address Destination address Packet length (up to 64KB) Time to live (up to 255) IP protocol version Fragmentation information Transport layer protocol information (e.g., TCP) v length fragmentation info TTL protocol source destination

IP Routing A router bridges two or more networks Operates at the network layer Maintains tables to forward packets to the appropriate network Forwarding decisions based solely on the destination address Routing table Maps ranges of addresses to LANs or other gateway routers

Internet Routes Internet Control Message Protocol (ICMP) Used for network testing and debugging Considered a network layer protocol Tools based on ICMP Ping: sends series of echo request messages and provides statistics on roundtrip times and packet loss Traceroute: sends series ICMP packets with increasing TTL value to discover routes

ICMP Attacks Ping of death ICMP specifies messages must fit a single IP packet (64KB) Send a ping packet that exceeds maximum size using IP fragmentation Reassembled packet caused several operating systems to crash due to a buffer overflow Smurf Ping a broadcast address using a spoofed source address

Smurf Attack Amplifying Network echo response echo request echo response Attacker echo response Victim

IP Vulnerabilities Unencrypted transmission Eavesdropping possible at any intermediate host during routing No source authentication Sender can spoof source address, making it difficult to trace packet back to attacker No integrity checking Entire packet, header and payload, can be modified while en route to destination, enabling content forgeries, redirections, and man-in-the-middle attacks No bandwidth constraints Large number of packets can be injected into network to launch a denial-ofservice attack Broadcast addresses provide additional leverage

TCP

Transmission Control Protocol TCP is a transport layer protocol guaranteeing reliable data transfer, inorder delivery of messages and the ability to distinguish data for multiple concurrent applications on the same host Most popular application protocols, including WWW, FTP and SSH are built on top of TCP TCP takes a stream of 8-bit byte data, packages it into appropriately sized segment and calls on IP to transmit these packets Delivery order is maintained by marking each packet with a sequence number Every time TCP receives a packet, it sends out an ACK to indicate successful receipt of the packet. TCP generally checks data transmitted by comparing a checksum of the data with a checksum encoded in the packet

Ports TCP supports multiple concurrent applications on the same server Accomplishes this by having ports, 16 bit numbers identifying where data is directed The TCP header includes space for both a source and a destination port, thus allowing TCP to route all data In most cases, both TCP and UDP use the same port numbers for the same applications Ports 0 through 1023 are reserved for use by known protocols. Ports 1024 through 49151 are known as user ports, and should be used by most user programs for listening to connections and the like Ports 49152 through 65535 are private ports used for dynamic allocation by socket libraries

TCP Packet Format Bit Offset 0-3 4-7 8-15 16-18 19-31 0 Source Port Destination Port 32 Sequence Number 64 Acknowledgment Number 96 Offset Reserved Flags Window Size 128 Checksum Urgent Pointer 160 Options >= 160 Payload

Establishing TCP Connections TCP connections are established through a three way handshake. The server generally has a passive listener, waiting for a connection request The client requests a connection by sending out a SYN packet The server responds by sending a SYN/ACK packet, indicating an acknowledgment for the connection The client responds by sending an ACK to the server thus establishing connection SYN Seq = x SYN-ACK Seq = y Ack = x + 1 ACK Seq = x + 1 Ack = y + 1

SYN Flood

SYN Cookies A SYN flood leaves half-open connections The SYN queue is a data structure which keeps track of these half-open connections We track the source IP and port of client, server IP and port, seq# of client, seq# of server Idea: we don t really need to keep all of this We just need enough to recognize the ACK of the client Can we get away without storing anything locally?

SYN Cookies: The Idea Store nothing locally ISN: Initial sequence number Encode all we need to remember in the ISN we send back to the client t: a 32-bit counter which increments every 64 seconds K: a secret key selected by server for uptime of server Limitations: MSS limited to 8 values Server ISN t mod 32 MSS hash(client IP and port server IP and port t K) 5 3 24

SYN Cookies: Details MSS: Maximum Segment Size Suggested by client, server then computes best value Details depend on whether they are on the same network, MTU on network, etc Server can have only 8 values to encode here What happens when client replies with ACK? Client will reply with ISN+1 of server in the ACK Server then subtracts 1 and checks against hash of client IP and port, server IP and port, t which matches in the lowest 5 bits, and K If match, put in SYN queue If not, ignore

SYN Cookies: Limitations Note that this will NOT prevent bandwidthsaturation attacks This technique seeks only to prevent SYN queue overflows

SYN Cookies: Implementation Standard in Linux and FreeBSD echo 1 > proc/sys/net/ipv4/tcp_syncookies

Session Hijacking Also commonly known as TCP Session Hijacking A security attack over a protected network Attempt to take control of a network session Guess sequence numbers x and y and take over Make sure the victim does not send SYN-ACK by launching DoS SYN Seq = x SYN-ACK Seq = y Ack = x + 1 ACK Seq = x + 1 Ack = y + 1

TCP Data Transfer During connection initialization using the three way handshake, initial sequence numbers are exchanged The TCP header includes a 16 bit checksum of the data and parts of the header, including the source and destination Acknowledgment or lack thereof is used by TCP to keep track of network congestion and control flow and such TCP connections are cleanly terminated with a 4-way handshake The client which wishes to terminate the connection sends a FIN message to the other client The other client responds by sending an ACK The other client sends a FIN The original client now sends an ACK, and the connection is terminated

TCP Data Transfer and Teardown Data seq=x Fin seq=x Ack seq=x+1 Ack seq=x+1 Fin seq=y Data seq=y Ack seq=y+1 Ack seq=y+1 Client Server Client Server

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback