ENEE 457: Computer Systems Security 11/07/16. Lecture 18 Computer Networking Basics

Similar documents
CSE 4/589 Midterm Review. Hengtong Zhang SUNY Buffalo 10/30/2018

ARP, IP, TCP, UDP. CS 166: Introduction to Computer Systems Security 4/7/18 ARP, IP, TCP, UDP 1

NT1210 Introduction to Networking. Unit 10

10 minutes survey (anonymous)

Computer Networking Introduction

Lecture 12: Transport Layer TCP again

Chapter 3 outline. 3.5 connection-oriented transport: TCP segment structure reliable data transfer flow control connection management

CMPE 150/L : Introduction to Computer Networks. Chen Qian Computer Engineering UCSC Baskin Engineering Lecture 9

Chapter III: Transport Layer

CS 4390 Computer Networks. Pointers to Corresponding Section of Textbook

TCP (Part 2) Session 10 INST 346 Technologies, Infrastructure and Architecture

CSC 401 Data and Computer Communications Networks

Chapter 3 Transport Layer

Chapter 3 Transport Layer

CIT 380: Securing Computer Systems. Network Security Concepts

Internet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.

Chapter 3 Transport Layer

Chapter 3- parte B outline

TCP reliable data transfer. Chapter 3 outline. TCP sender events: TCP sender (simplified) TCP: retransmission scenarios. TCP: retransmission scenarios

CS118 Discussion 1A, Week 4. Zengwen Yuan Dodd Hall 78, Friday 10:00 11:50 a.m.

Chapter III: Transport Layer

Protocol Layers & Wireshark TDTS11:COMPUTER NETWORKS AND INTERNET PROTOCOLS

NWEN 243. Networked Applications. Layer 4 TCP and UDP

Computer Networks. (Intensive Learning Experience) July 03, 2018

Different Layers Lecture 20

TCP: Overview RFCs: 793,1122,1323, 2018, 2581

Chapter 1 Introduction

CMPE 150/L : Introduction to Computer Networks. Chen Qian Computer Engineering UCSC Baskin Engineering Lecture 10

Different Layers Lecture 21

CSc 466/566. Computer Security. 18 : Network Security Introduction

Chapter 3 Transport Layer

Layer 4: UDP, TCP, and others. based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers

Client/Server Computing

Introduction to computer networking

CSC 401 Data and Computer Communications Networks

Experiential Learning Workshop on Transport & IP Routing

Experiential Learning Workshop on Basics of Transport/Network Layer

ECE 650 Systems Programming & Engineering. Spring 2018

TCP/IP Networking. Part 4: Network and Transport Layer Protocols

Routers. Session 12 INST 346 Technologies, Infrastructure and Architecture

Module 2 Overview of Computer Networks

Module 2 Overview of. Computer Networks

Protocol Layers, Security Sec: Application Layer: Sec 2.1 Prof Lina Battestilli Fall 2017

Transport layer. UDP: User Datagram Protocol [RFC 768] Review principles: Instantiation in the Internet UDP TCP

Transport layer. Review principles: Instantiation in the Internet UDP TCP. Reliable data transfer Flow control Congestion control

CMPE 80N: Introduction to Networking and the Internet

CS4700/CS5700 Fundamentals of Computer Networks

Internet and Intranet Protocols and Applications

User Datagram Protocol

Chapter 2 Application Layer. Lecture 4: principles of network applications. Computer Networking: A Top Down Approach

CSE/EE 461 Lecture 13 Connections and Fragmentation. TCP Connection Management

Network Security. Thierry Sans

Scribe Notes -- October 31st, 2017

UDP, TCP, IP multicast

CS 43: Computer Networks The Link Layer. Kevin Webb Swarthmore College November 28, 2017

Video Streaming with the Stream Control Transmission Protocol (SCTP)

TSIN02 - Internetworking

TSIN02 - Internetworking

TSIN02 - Internetworking

Computer Network Programming. The Transport Layer. Dr. Sam Hsu Computer Science & Engineering Florida Atlantic University

Network Security. Introduction to networks. Radboud University, The Netherlands. Autumn 2015

Network Technology 1 5th - Transport Protocol. Mario Lombardo -

Introduction to Networking. Operating Systems In Depth XXVII 1 Copyright 2017 Thomas W. Doeppner. All rights reserved.

rdt3.0: channels with errors and loss

interface Question 1. a) Applications nslookup/dig Web Application DNS SMTP HTTP layer SIP Transport layer OSPF ICMP IP Network layer

EEC-484/584 Computer Networks. Lecture 16. Wenbing Zhao

QUIZ: Longest Matching Prefix

E&CE 358: Tutorial 1. Instructor: Sherman (Xuemin) Shen TA: Miao Wang

ch02 True/False Indicate whether the statement is true or false.

CS 204: Advanced Computer Networks

ELEC5616 COMPUTER & NETWORK SECURITY

Unit 2.

Pipelined protocols: overview

Announcements. CS 5565 Network Architecture and Protocols. Outline for today. The Internet: nuts and bolts view. The Internet: nuts and bolts view

Operating Systems and Networks. Network Lecture 8: Transport Layer. Adrian Perrig Network Security Group ETH Zürich

Part VI. Appendixes. Appendix A OSI Model and Internet Protocols Appendix B About the CD

CS 3516: Advanced Computer Networks

Operating Systems and Networks. Network Lecture 8: Transport Layer. Where we are in the Course. Recall. Transport Layer Services.

Internet Protocol and Transmission Control Protocol

Computer Networks Security: intro. CS Computer Systems Security

Computer Communication Networks Midterm Review

network security s642 computer security adam everspaugh

Lecture 20 Overview. Last Lecture. This Lecture. Next Lecture. Transport Control Protocol (1) Transport Control Protocol (2) Source: chapters 23, 24

Communicating over the Network

Chapter 2 - Part 1. The TCP/IP Protocol: The Language of the Internet

Transport Layer (TCP/UDP)

CS419: Computer Networks. Lecture 10, Part 2: Apr 11, 2005 Transport: TCP mechanics (RFCs: 793, 1122, 1323, 2018, 2581)

ECE 650 Systems Programming & Engineering. Spring 2018

Lecture-4. TCP/IP-Overview:

Switching Networks (Fall 2010) EE 586 Communication and. August 27, Lecture 2. (modified by Cheung for EE586; based on K&R original) 1-1

Internet Routing. Review of Networking Principles. What s the Internet: nuts and bolts view. Communication links

Internet Routing. Review of Networking Principles

19: Networking. Networking Hardware. Mark Handley

Closed book. Closed notes. No electronic device.

ICS 351: Networking Protocols

Networking and Internetworking 1

Introduction to the Application Layer. Computer Networks Term B14

The Transport Layer: TCP & Reliable Data Transfer

Jaringan Komputer. The Transport Layer

CSE 565 Computer Security Fall 2018

Transcription:

ENEE 457: Computer Systems Security 11/07/16 Lecture 18 Computer Networking Basics Charalampos (Babis) Papamanthou Department of Electrical and Computer Engineering University of Maryland, College Park

Computer Networking: The general problem Lots of devices, hosts want to communicate with each other To exchange data To access remote services Goal: Universal Communication (from any host to any host) How do we design the cloud? Network

First approach: N^2 links Connect every host with each other Does not work, too costly, plus hosts come and go, too difficult to manage In particular, the complexity is quadratic

Second approach: Share resources Share resources through intermediate routers and switches (that is how internet works)

Two ways for that: Circuit and Packet switching Circuit switching Legacy phone network Single route through sequence of hardware devices established when two nodes start communication Data sent along route Route maintained until communication ends Packet switching Internet Data split into packets Packets transported independently through network Each packet handled on a best efforts basis Packets may follow different routes

Packet switching Packets in a flow may not follow the same path (depends on routing as we will see later) à packets may be reordered Host C Host A Host D Node 1 Node 2 Node 3 Node 5 Host B Node 4 Node 6 Node 7 Host E

What is the internet? Network of Networks based on packet switching Millions of connected computing devices that can communicate with each other Desktops, laptops, smartphones, servers Communication links fiber, copper, radio, satellite Packet switches forward packets (chunks of data) between ISPs Protocols HTTP, TCP, IP mobile network home network global ISP regional ISP institutional network

Layered organization of Internet Internet is complex, with many pieces hosts routers links of various media applications protocols hardware, software Question: is there any hope of having an organizing structure of the internet?. or at least our discussion of networks

Internet Protocol Stack Application layer: supporting network applications FTP, SMTP, HTTP Transport layer: process-process data transfer TCP, UDP Network layer: routing of datagrams from source to destination IP, routing protocols Link layer: data transfer between neighboring network elements Ethernet, 802.111 (WiFi), Physical layer: bits on the wire application transport network link physical

Examples application e-mail remote terminal access Web file transfer streaming multimedia Internet telephony application layer protocol SMTP [RFC 2821] Telnet [RFC 854] HTTP [RFC 2616] FTP [RFC 959] HTTP (e.g., YouTube), RTP [RFC 1889] SIP, RTP, proprietary (e.g., Skype) underlying transport protocol TCP TCP TCP TCP TCP or UDP TCP or UDP

More examples Application layer E.g., contains all useful network applications e.g., FTP, HTTP, SSH, telnet Transport layer E.g., contains protocols defining the properties of the connection (e.g., connection oriented/connectionless) uses 16-bit addresses (ports) e.g., TCP, UDP, DSCP (implements congestion control) Network layer E.g., contains protocols defining how to route between logical addresses (e.g., IPs) uses 32-bit internet protocol (IP) addresses in IPv4 128-bit IP addresses in IPv6 Best efforts e.g., IPv4, IPv6, IPsec (providing security) Link layer E.g., contains protocols defining how to route between physical addresses (e.g., MAC addresses) depending on the physical medium (Ethernet, WiFi, optical fiber) uses 48-bit media access control (MAC) addresses Local area network: Packets called frames e.g., IEEE 802.11 (for wireless) Physical layer: How to physically send the information

Internet Packet Encapsulation Application Packet Application Layer TCP Header TCP Data Transport Layer IP Header IP Data Network Layer Frame Header Frame Data Frame Footer Link Layer

Travelling of an email message Given the email address and the email program, the application layer will figure out The destination IP (through a DNS query) The destination port (e.g., for HTTP it is 80) Then various TCP or UDP segments will be created. If it is TCP, then ordering should be included. If it is UDP, losses can be tolerated Then various IP segments will be created, which will be sent at best-effort basis. This segment will indicate what kind of routing we are doing Finally, a data link layer frame will be created for routing in a LAN by MAC address Given an IP, every computer can send an ARP request to figure out what the MAC address of the next local machine. Note that while the packet travels, the IP address of the packet never changes, but the MAC address does change depending on where I need to send next in the local network

Routers and Switches Routers are used to route across networks, where I do not know the MAC address of the machine I am trying to send Switches are used to route within LANs where I do know the MAC of the machine it should go E.g.: When I am sending a an email from ece.umd.edu to eecs.mit.edu My message will be routed through local switches in my building/office to the router of my building/office. At that point, the router will see that there is no local machine that it knows that can handle this message, but, based on the IP, it will find another router that can handle this message Eventually, the message will get to the router of mit.edu And through local switches and other routers will reach the destination

DNS protocol It runs at the application layer It maps http addresses to IP addresses More on DNS on Wednesday (invited talk by my postdoc, who worked on developing a new standard for DNS sec, the secure version of DNS)

ARP (address resolution protocol) The address resolution protocol (ARP) connects the network layer to the data layer by converting IP addresses to MAC addresses ARP works by broadcasting requests and caching responses for future use The protocol begins with a computer broadcasting a message of the form who has <IP address1> tell <IP address2> When the machine with <IP address1> or an ARP server receives this message, its broadcasts the response <IP address1> is <MAC address> The requestor s IP address <IP address2> is contained in the link header The Linux and Windows command arp - a displays the ARP table Internet Address Physical Address Type 128.148.31.1 00-00-0c-07-ac-00 dynamic 128.148.31.15 00-0c-76-b2-d7-1d dynamic 128.148.31.71 00-0c-76-b2-d0-d2 dynamic 128.148.31.75 00-0c-76-b2-d7-1d dynamic 128.148.31.102 00-22-0c-a3-e4-00 dynamic 128.148.31.137 00-1d-92-b6-f1-a9 dynamic

ARP Spoofing The ARP table is updated whenever an ARP response is received Requests are not tracked ARP announcements are not authenticated Machines trust each other A rogue machine can spoof other machines

ARP Poisoning (ARP Spoofing) According to the standard, almost all ARP implementations are stateless An arp cache updates every time that it receives an arp reply even if it did not send any arp request! It is possible to poison an arp cache by sending gratuitous arp replies Using static entries solves the problem but it is almost impossible to manage!

Transport layer protocols TCP : reliable transport between sending and receiving process flow control: sender wonʼt overwhelm receiver congestion control: throttle sender when network overloaded does not provide: timing, minimum throughput guarantee, security connection-oriented: setup required between client and server processes UDP : unreliable data transfer between sending and receiving process does not provide: reliability, flow control, congestion control, timing, throughput guarantee, security, orconnection setup, Q: why bother? Why is there a UDP? Application Layer 2-19

Sniffing Network Packets with Wireshark

Network Security Problems The internet was not designed with security in mind Bad guys can Launch DOS attacks Can sniff packets Can change the origin destination addresses To have security when you use networking, you need to use TLS at the application layer Confidentiality Integrity Authentication

Transport Vs Network Layer Network Layer: Communication between computers (e.g., from IP1 to IP2) Transport Layer: Communication between processes (e.g., serving an HTTP request) UDP (unreliable, best-effort) TCP (reliable)

TCP protocol TCP creates reliable transportation over an unreliable network

TCP seq. # s and ACKs Seq. # s: byte stream number of first byte in segment s data It can be used as a pointer for placing the received data in the receiver buffer ACKs: seq # of next byte expected from other side User types C Host A Host B host ACKs receipt of C, echoes back C host ACKs receipt of echoed C simple telnet scenario time

Example: Unidirectional Communication Byte numbers 101 102 103 104 105 106 107 108 109 110 111 H E L L O Seq. # s: ACKs: W O R L D byte stream number of first byte in segment s data It can be used as a pointer for placing the received data in the receiver buffer seq # of next byte expected from other side Seq no: 101 ACK no: 12 Data: HEL Length: 3 Seq no: 12 ACK no: 104 Data: Length: 0 Seq no: 104 ACK no: 12 Data: LO W Length: 4 Seq no: 12 ACK no: 108 Data: Length: 0

Bidirectional communication Byte numbers 101 102 103 104 105 106 107 108 109 110 111 H E L L O W O R L D Seq no: 101 ACK no: 12 Data: HEL Length: 3 12 13 14 15 16 17 18 G O O D B U Y Seq no: ACK no: Data: GOOD Length: 4 12 104 Seq no: ACK no: Data: LO W Length: 4 104 16 Seq no: ACK no: Data: BU Length: 2 16 108

Timeout If an ACK is not received before RTO (retransmission timeout), a timeout is declared Seq no: 101 ACK no: 12 Data: HEL Length: 3 What if timeout is too big? What is timeout is too small? RTO Timeout event: Retransmit segment Seq no: 101 ACK no: 12 Data: HEL Length: 3 Seq no: 12 ACK no: Data: Length: 0 Ideally, a timeout should occur right after an ACK is received

TCP 3-way handshake client state LISTEN SYNSENT ESTAB choose init seq num, x send TCP SYN msg received SYNACK(x) indicates server is live; send ACK for SYNACK; this segment may contain client-to-server data SYNbit=1, Seq=x SYNbit=1, Seq=y ACKbit=1; ACKnum=x+1 ACKbit=1, ACKnum=y+1 choose init seq num, y send TCP SYNACK msg, acking SYN received ACK(y) indicates client is live server state LISTEN SYN RCVD ESTAB

Closing a TCP connection client state server state ESTAB ESTAB clientsocket.close() FIN_WAIT_1 FIN_WAIT_2 can no longer send but can receive data wait for server close FINbit=1, seq=x ACKbit=1; ACKnum=x+1 can still send data CLOSE_WAIT TIMED_WAIT timed wait for 2*max segment lifetime FINbit=1, seq=y ACKbit=1; ACKnum=y+1 can no longer send data LAST_ACK CLOSED CLOSED

SYN-Flooding attack After the received receives a SYN message, it allocates space for the connection In particular it stores IP of sender Port of the application Maximum segment size for this connection Outgoing sequence number (note that I need this sequence number so that when I receive an ack I know that it refers to a specific TCP segment) The attack goes as follows: The attacker spoofs a bunch of IPs sends a lot of SYNs I reply with a lot of SYN-ACKs (hence I need to store all this information for each connection) But no ACKs will never come back (since the IPs are random) Hence I am keeping all these connections open for no reason exhausting my memory

Syn-Flooding attack

How to solve this problem: Syn Cookies Do not assign state until you get back the ACK But how to you store your generated sequence number? Just outsource it on the SYN-ACK message by using a MAC

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback