ARP, IP, TCP, UDP. CS 166: Introduction to Computer Systems Security 4/7/18 ARP, IP, TCP, UDP 1

Similar documents
Internet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.

ENEE 457: Computer Systems Security 11/07/16. Lecture 18 Computer Networking Basics

CIT 380: Securing Computer Systems. Network Security Concepts

ELEC5616 COMPUTER & NETWORK SECURITY

CCNA 1 Chapter 7 v5.0 Exam Answers 2013

Transport Layer. Gursharan Singh Tatla. Upendra Sharma. 1

CSc 466/566. Computer Security. 18 : Network Security Introduction

Network Security. Introduction to networks. Radboud University, The Netherlands. Autumn 2015

TSIN02 - Internetworking

Transport Layer Review

Network Technology 1 5th - Transport Protocol. Mario Lombardo -

Packet Header Formats

TSIN02 - Internetworking

6. The Transport Layer and protocols

Layer 4: UDP, TCP, and others. based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers

Unit 2.

CSE 127: Computer Security Network Security. Kirill Levchenko

Transport Layer. The transport layer is responsible for the delivery of a message from one process to another. RSManiaol

Introduction to Networking. Operating Systems In Depth XXVII 1 Copyright 2017 Thomas W. Doeppner. All rights reserved.

Networking Overview. CS Computer Security Profs. Vern Paxson & David Wagner

CCNA R&S: Introduction to Networks. Chapter 7: The Transport Layer

CSCI 1800 Cybersecurity and Interna4onal Rela4ons. Design and Opera-on of the Internet John E. Savage Brown University

Networking Technologies and Applications

TCP TCP/IP: TCP. TCP segment. TCP segment. TCP encapsulation. TCP encapsulation 1/25/2012. Network Security Lecture 6

CCNA Exploration Network Fundamentals. Chapter 04 OSI Transport Layer

Internet and Intranet Protocols and Applications

CS 161 Computer Security

Introduction to Networks and the Internet

User Datagram Protocol

Transport Layer. <protocol, local-addr,local-port,foreign-addr,foreign-port> ϒ Client uses ephemeral ports /10 Joseph Cordina 2005

Introduction to TCP/IP networking

TCP/IP Transport Layer Protocols, TCP and UDP

NWEN 243. Networked Applications. Layer 4 TCP and UDP

EITF25 Internet Techniques and Applications L7: Internet. Stefan Höst

Mobile Transport Layer Lesson 10 Timeout Freezing, Selective Retransmission, Transaction Oriented TCP and Explicit Notification Methods

interface Question 1. a) Applications nslookup/dig Web Application DNS SMTP HTTP layer SIP Transport layer OSPF ICMP IP Network layer

Introduction to Internet. Ass. Prof. J.Y. Tigli University of Nice Sophia Antipolis

ECE 435 Network Engineering Lecture 9

Transport: How Applications Communicate

Network Security. Thierry Sans

Experiential Learning Workshop on Transport & IP Routing

Internet Protocol and Transmission Control Protocol

Lecture 6. Internet Security: How the Internet works and some basic vulnerabilities. Thursday 19/11/2015

OSI Transport Layer. objectives

TCP /IP Fundamentals Mr. Cantu

NT1210 Introduction to Networking. Unit 10

TSIN02 - Internetworking

Video Streaming with the Stream Control Transmission Protocol (SCTP)

EEC-484/584 Computer Networks. Lecture 16. Wenbing Zhao

Hands-On Ethical Hacking and Network Defense

Lecture 20 Overview. Last Lecture. This Lecture. Next Lecture. Transport Control Protocol (1) Transport Control Protocol (2) Source: chapters 23, 24

05 Transmission Control Protocol (TCP)

UDP and TCP. Introduction. So far we have studied some data link layer protocols such as PPP which are responsible for getting data

Simulation of TCP Layer

Guide To TCP/IP, Second Edition UDP Header Source Port Number (16 bits) IP HEADER Protocol Field = 17 Destination Port Number (16 bit) 15 16

20-CS Cyber Defense Overview Fall, Network Basics

ECE 650 Systems Programming & Engineering. Spring 2018

CS118 Discussion 1A, Week 4. Zengwen Yuan Dodd Hall 78, Friday 10:00 11:50 a.m.

6.1 Internet Transport Layer Architecture 6.2 UDP (User Datagram Protocol) 6.3 TCP (Transmission Control Protocol) 6. Transport Layer 6-1

ICS 451: Today's plan

Just enough TCP/IP. Protocol Overview. Connection Types in TCP/IP. Control Mechanisms. Borrowed from my ITS475/575 class the ITL

TCP/IP Protocol Suite 1

EE 610 Part 2: Encapsulation and network utilities

TSIN02 - Internetworking

CSE/EE 461 Lecture 13 Connections and Fragmentation. TCP Connection Management

CSC 574 Computer and Network Security. TCP/IP Security

7. TCP 최양희서울대학교컴퓨터공학부

Business Data Networks and Security 10th Edition by Panko Test Bank

ECE 435 Network Engineering Lecture 15

network security s642 computer security adam everspaugh

TCP/IP Networking. Part 4: Network and Transport Layer Protocols

Chapter 2 - Part 1. The TCP/IP Protocol: The Language of the Internet

CSCI-GA Operating Systems. Networking. Hubertus Franke

The Transport Layer: TCP & Reliable Data Transfer

EEC-682/782 Computer Networks I

Networking Overview. CS 161: Computer Security Prof. Vern Paxson. TAs: Jethro Beekman, Mobin Javed, Antonio Lupher, Paul Pearce & Matthias Vallentin

OSI Transport Layer. Network Fundamentals Chapter 4. Version Cisco Systems, Inc. All rights reserved. Cisco Public 1

CMSC 417. Computer Networks Prof. Ashok K Agrawala Ashok Agrawala. October 25, 2018

Transport Layer Marcos Vieira

Connection-oriented (virtual circuit) Reliable Transfer Buffered Transfer Unstructured Stream Full Duplex Point-to-point Connection End-to-end service

CSCI 4250/6250 Fall 2015 Computer and Networks Security

QUIZ: Longest Matching Prefix

Different Layers Lecture 20

TCP & UDP. Transport Layer. Transport. Network. Functions. End-to-end Reliable Byte Stream. Unreliable End-to-end. C.K. Kim

The aim of this unit is to review the main concepts related to TCP and UDP transport protocols, as well as application protocols. These concepts are

Reliable Transport I: Concepts and TCP Protocol

Single Network: applications, client and server hosts, switches, access links, trunk links, frames, path. Review of TCP/IP Internetworking

Sequence Number. Acknowledgment Number. Data

Assignment - 1 Chap. 1 Wired LAN s

Outline. Connecting to the access network: DHCP and mobile IP, LTE. Transport layer: UDP and TCP

The Transport Layer. Internet solutions. Nixu Oy PL 21. (Mäkelänkatu 91) Helsinki, Finland. tel fax.

Transport Layer (TCP/UDP)

Interconnecting Networks with TCP/IP. 2000, Cisco Systems, Inc. 8-1

Concept Questions Demonstrate your knowledge of these concepts by answering the following questions in the space that is provided.

CS670: Network security

The Transport Layer. Part 1

Chapter 2 Advanced TCP/IP

ECE 435 Network Engineering Lecture 9

CS 3640: Introduction to Networks and Their Applications

Outline. What is TCP protocol? How the TCP Protocol Works SYN Flooding Attack TCP Reset Attack TCP Session Hijacking Attack

Transcription:

ARP, IP, TCP, UDP CS 166: Introduction to Computer Systems Security 4/7/18 ARP, IP, TCP, UDP 1

IP and MAC Addresses Devices on a local area network have IP addresses (network layer) MAC addresses (data link layer) IP addresses are used for high level protocols MAC addresses are used for low level protocols How to translate IP Addresses into MAC addresses? 4/7/18 ARP, IP, TCP, UDP 2

Address Resolution Protocol (ARP) Connects the network layer to the data link layer Maps IP addresses to MAC addresses Based on broadcast messages and local caching Does not support confidentiality, integrity, or authentication Defined as a part of RFC 826 4/7/18 ARP, IP, TCP, UDP 3

ARP Messages ARP broadcasts requests of type who has <IP addressc > tell <IP addressa > A B C D Machine with <IP addressc> responds <IP addressc > is at <MAC address> Requesting machine caches response Network administrator configures IP address and subnet on each machine A B C D 4/7/18 ARP, IP, TCP, UDP 4

ARP Cache The Linux, Windows and OSX command arp - a displays the ARP table Internet Address Physical Address Type 128.148.31.1 00-00-0c-07-ac-00 dynamic 128.148.31.15 00-0c-76-b2-d7-1d dynamic 128.148.31.71 00-0c-76-b2-d0-d2 dynamic 128.148.31.75 00-0c-76-b2-d7-1d dynamic 128.148.31.102 00-22-0c-a3-e4-00 dynamic Command arp a d flushes the ARP cache ARP cache entries are stored for a configurable amount of time 4/7/18 ARP, IP, TCP, UDP 5

ARP Spoofing The ARP table is updated whenever an ARP response is received Requests are not tracked ARP announcements are not authenticated Machines trust each other A rogue machine can spoof other machines 4/7/18 ARP, IP, TCP, UDP 6

ARP Normal Operation Normal operation Alice communicates with Bob IP: 192.168.1.101 MAC: 00:11:22:33:44:01 Bob ARP Cache 192.168.1.102 00:11:22:33:44:02 Data 192.168.1.101 is at 00:11:22:33:44:01 192.168.1.102 is at 00:11:22:33:44:02 IP: 192.168.1.102 MAC: 00:11:22:33:44:02 ARP Cache Alice 192.168.1.101 00:11:22:33:44:01 4/7/18 ARP, IP, TCP, UDP 7

ARP Poisoning Attack Man-in-the-middle attack ARP cache poisoning leads to eavesdropping IP: 192.168.1.103 MAC: 00:11:22:33:44:03 Eve IP: 101 MAC: 01 Bob Data 192.168.1.102 is at 00:11:22:33:44:03 192.168.1.101 is at 00:11:22:33:44:03 Data IP:.102 MAC: 02 Alice Poisoned ARP Cache Poisoned ARP Cache 192.168.1.102 00:11:22:33:44:03 192.168.1.101 00:11:22:33:44:03 4/7/18 ARP, IP, TCP, UDP 8

ARP Poisoning & ARP Spoofing Almost all ARP implementations are stateless An ARP cache updates every time that it receives an ARP reply even if it did not send any ARP request! Can poison ARP cache with gratuitous ARP replies Using static entries solves the problem but it is almost impossible to manage! 4/7/18 ARP, IP, TCP, UDP 9

From the LAN to the Internet router 192.168.0.5 GTW 192.168.0.1 SN 255.255.255.0 192.168.0.1 138.16.160.252 192.168.0.6 GTW 192.168.0.1 SN 255.255.255.0 LAN Internet 4/7/18 ARP, IP, TCP, UDP 10

Brown s IP Space Brown separates the network connecting dorms and the network connecting offices and academic buildings Dorms Class B network 138.16.0.0/16 (64K addresses) Academic buildings and offices Class B network 128.148.0.0/16 (64K addresses) CS department Several class C (/24) networks, each with 254 addresses Tstaff supported machines: 128.148.31.0/24, 128.148.33.0/24, 128.148.38.0/24 Unsupported machines:128.148.36.0/24 4/7/18 ARP, IP, TCP, UDP 11

User Datagram Protocol UDP is a stateless, unreliable datagram protocol built on top of IP, that is it lies at the transport layer UDP does not provide delivery guarantees or acknowledgments, which makes it efficient Can however distinguish data for multiple concurrent applications on a single host A lack of reliability implies applications using UDP must be ready to accept a fair amount of corrupted and lost data Most applications built on UDP will suffer if they require reliability VoIP, streaming video, and streaming audio all use UDP 4/7/18 ARP, IP, TCP, UDP 12

Transmission Control Protocol Transport layer protocol for reliable data transfer, in-order delivery of messages and ability to distinguish multiple applications on same host HTTP and SSH are built on top of TCP TCP packages a data stream it into segments transported by IP Order maintained by marking each packet with sequence number Every time TCP receives a packet, it sends out an ACK to indicate successful receipt of the packet TCP generally checks data transmitted by comparing a checksum of the data with a checksum encoded in the packet 4/7/18 ARP, IP, TCP, UDP 13

Ports TCP supports concurrent applications on the same server Ports are 16 bit numbers identifying where data is directed The TCP header includes both a source and a destination port Ports 0 through 1023 are reserved for use by known protocols E.g., HTTPS uses 443 and SSH uses 22 Ports 1024 through 49151 are known as user ports, and are used for listening to connections 4/7/18 ARP, IP, TCP, UDP 14

TCP Packet Format Bit Offset 0-3 4-7 8-15 16-18 19-31 0 Source Port Destination Port 32 Sequence Number 64 Acknowledgment Number 96 Offset Reserved Flags Window Size 128 Checksum Urgent Pointer 160 Options >= 160 Payload 4/7/18 ARP, IP, TCP, UDP 15

Establishing TCP Connections TCP connections are established through a three-way handshake. The server generally is a passive listener, waiting for a connection request The client requests a connection by sending out a SYN packet The server responds by sending a SYN/ACK packet, acknowledging the connection The client responds by sending an ACK to the server, thus establishing connection SYN Seq = x SYN-ACK Seq = y, Ack = x + 1 ACK Seq = x + 1, Ack = y + 1 4/7/18 ARP, IP, TCP, UDP 16

TCP Data Transfer During connection initialization using the three way handshake, initial sequence numbers are exchanged The TCP header includes a 16 bit checksum of the data and parts of the header, including the source and destination Acknowledgment or lack thereof is used by TCP to keep track of network congestion and control flow and such TCP connections are cleanly terminated with a 4-way handshake The client which wishes to terminate the connection sends a FIN message to the other client The other client responds by sending an ACK The other client sends a FIN The original client now sends an ACK, and the connection is terminated 4/7/18 ARP, IP, TCP, UDP 17

TCP Data Transfer and Teardown Data seq=x Fin seq=x Ack seq=x+1 Data seq=y Ack seq=x+1 Fin seq=y Ack seq=y+1 Ack seq=y+1 Client Server Client Server 4/7/18 ARP, IP, TCP, UDP 18

What We Have Learned ARP protocol ARP poisoning attack MitM attack on a LAN Transport layer protocols TCP for reliable transmission UDP when packet loss/corruption is tolerated Lack of built-in security in network protocols Security can be incorporated into application layer (SSL) 4/7/18 ARP, IP, TCP, UDP 19

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback