CSC 6575: Internet Security Fall 2017 Attacks on Different OSI Layer Protocols Hackers and System Security Transport Layer Protocols Mohammad Ashiqur Rahman Department of Computer Science College of Engineering Tennessee Tech University
Agenda Assignment 1 Different Attacker Types Secure Systems - CIAA Transport Layer Protocols TCP UDP M. Ashiq Rahman, Tennessee Tech University 2
Assignment 1 Wireshark is a free and open source packet analyzer. Used for network troubleshooting, analysis, software and communications protocol development, and education. In Assignment 1, you will use Wireshark and analyze different protocol packets. Protocols we will cover: TCP/IP, ARP, DNS, HTTP Choose a non-trivial web portal for the assignment! www.csc.tntech.edu/~marahman Explain your answers and the processes (e.g., filtering and exporting data) of getting them. Submission Deadline: September 15, 2017 (Friday) Late submission is acceptable. 25% of the original marks will be deducted for each day. M. Ashiq Rahman, Tennessee Tech University 3
Different Types of Attackers Hacking: Intentional access without authorization or in excess of authorization for many reasons Elite Hackers A social status among hackers: most skilled Usually, avoid deliberately destroying information or damaging the computer systems they have exploited. Ethical Hackers Hackers who attack at the invitation of target firms for vulnerability detection or they have a code of ethics about what not to do. CREST, Mile2, SANS Institute, EC-Council, and many more White-hat hackers M. Ashiq Rahman, Tennessee Tech University 4
Different Types of Attackers (2) Script Kiddies Use pre-written attack scripts (large number) Virus Writers and Releasers Cyber Mafia: profession, organized, business Nation state Hacktivist Utilizes technology to publicize a social, ideological, religious, or political message. Anonymous M. Ashiq Rahman, Tennessee Tech University 5
Secure Systems CIAA Confidentiality Attackers cannot read messages if they intercept them Integrity If attackers change messages, this will be detected Authentication Access control Digital right management Availability System can serve legitimate users all the time What is privacy? M. Ashiq Rahman, Tennessee Tech University 6
TCP TCP is THE transport layer protocol! TCP is A transport protocol Transmission Control Protocol UDP (User Datagram Protocol) Ports Abstract destination point 16 bit positive integer for UDP and TCP Reserved/well-known ports: 1-1023 HTTP? DNS? SSH? SMTP? Registered ports: 1024-49151 Assigned by IANA for specific service upon application by a requesting entity On most systems, registered ports can be used by ordinary users. Dynamic or private ports: 49151-65535 Cannot be registered with IANA Used for private, or customized services or temporary purposes M. Ashiq Rahman, Tennessee Tech University 7
Common Ports M. Ashiq Rahman, Tennessee Tech University 8
TCP Characteristics Connection-oriented (establish, terminate, notify) Reliable (ordered, no lose, and no duplicates) Provide flow control and congestion control Byte stream Full-duplex Used by most of the applications M. Ashiq Rahman, Tennessee Tech University 9
TCP Header TCP Header 4 bits - 9 bits for flags - First 3 bits for congestion control M. Ashiq Rahman, Tennessee Tech University 10
UDP Characteristics Connection less transport layer protocol Simple format with command/response procedure Does not provide ordered delivery, flow or congestion control Message oriented protocol Message-oriented vs. stream-oriented Full-duplex UDP can be considered as fully duplex, but by itself, it is not. UDP is a fire-and-forget, best-effort protocol. The upper layers can use it in a fully duplex fashion. Used by applications like DNS, SNMP UDP Header M. Ashiq Rahman, Tennessee Tech University 11
Connection: IP Address and Port Sockets: the IP address plus a port A connection establishes between two sockets M. Ashiq Rahman, Tennessee Tech University 12
TCP Key Concepts Sequence number (SYN) Designates each packet uniquely for ordered delivery Initial sequence number is randomly generated and thereafter incremented Increment follows special procedure Possible to predict Handshake Connection setup Connection release TCP states TCP timers M. Ashiq Rahman, Tennessee Tech University 13
TCP Handshake M. Ashiq Rahman, Tennessee Tech University 14
TCP Handshake Snapshot Supposed to be 0 Increased by the packet size (725 bytes) Client s Seq # and Ack # Server s Seq # and Ack # http://packetlife.net/blog/2010/jun/7/understanding-tcp-sequence-acknowledgment-numbers/ M. Ashiq Rahman, Tennessee Tech University 15
TCP Connection: Start to End M. Ashiq Rahman, Tennessee Tech University 16
TCP State Diagram Source: Wikipedia M. Ashiq Rahman, Tennessee Tech University 17
TCP Checksum Considered as 0 during computation http://www.tcpipguide.com/free/t_tcpchecksumcalculationandt hetcppseudoheader-2.htm Provides error detection Packet dropped if invalid checksum Crafted/rogue packets can have valid checksums M. Ashiq Rahman, Tennessee Tech University 18
THANKS Acknowledgement: - Many figures are taken from different online sources. - Explicit sources are specified in the next page. - Special thanks to Ehab Al-Shaer (UNC Charlotte) and Ambareen Siraj (Tennessee Tech) M. Ashiq Rahman, Tennessee Tech University 19
Sources Introduction to network Security, Jacobson, CRC Press, 2008 [DJ] Security Assessment of the Transmission Control Protocol (TCP) : UK CPNI (Centre for the Protection of National Infrastructure) [CPNI] http://www.gont.com.ar/papers/tn-03-09-security-assessment-tcp.pdf TCP/IP Security : Chris Chambers, Justin Dolske, And Jayaraman Iyer [CDI] http://www.linuxsecurity.com/resource_files/documentation/tcpip-security.html Introduction to TCP/IP Network Attacks, Guang Yang http://seclab.cs.sunysb.edu/sekar/papers/netattacks.pdf http://www.cyberdna.uncc.edu/~ehab/courses/itis6167/ Computer Security: Art and Science, Matt Bishop, Addison Wesley, 2003 [Bishop] http://intronetworks.cs.luc.edu/1/html/tcp.html http://packetlife.net/blog/2010/jun/7/understanding-tcp-sequence-acknowledgment-numbers/ http://www.tcpipguide.com/free/t_tcpchecksumcalculationandthetcppseudoheader-2.htm M. Ashiq Rahman, Tennessee Tech University 20