Messages
Proposals
Get Urgent Writing Help In Your Essays, Assignments, Homeworks, Dissertation, Thesis Or Coursework & Achieve A+ Grades.
Privacy Guaranteed - 100% Plagiarism Free Writing - Free Turnitin Report - Professional And Experienced Writers - 24/7 Online Support
CIT 480: Securing Computer Systems
TCP/IP Security
Topics
1. Internet Protocol (IP) 2. IP Spoofing and Other Vulnerabilities 3. ICMP 4. Transmission Control Protocol (TCP) 5. TCP Session Hijacking 6. UDP
Internet Protocol (IP) Connectionless
– Each packet is transported independently from other packets
Unreliable – Delivery on a best effort basis – No acknowledgments
– Packets may be lost, reordered, corrupted, or duplicated
IP packets – Encapsulate TCP and UDP
packets – Encapsulated into link-layer
frames
Data link frame
IP packet
TCP or UDP packet
IP Addresses 32-bit integers that identify machine on net
Dotted decimal notation: ii.jj.kk.ll DNS translates names to IP addresses
172 . 16 . 254 . 1
10101100 00010000 11111110 00000001
1 byte
32 bits = 4 bytes
IPv6 addresses are 128-bit integers written like 2001:0db8:0000:0000:0000:ff00:0042:8329
Network Address Translation Uses public IP addr to represent private IP.
– Translates source IP in outgoing packets. – Translates dest IP in incoming packets. – Router keeps table of translations.
IP Address Geolocation
• ISPs get blocks of IP addresses from ARIN.
• ARIN database records where IP addresses are.
• Application layer and time data may help reveal details.
Check http://www.findmyip.org/ for your location.
http://www.findmyip.org/
http://www.findmyip.org/
http://www.findmyip.org/
IP Header
IP Routing
A router bridges two or more networks – Operates at the network layer. – Maintains tables to forward packets to the
appropriate network. – Forwarding decisions based solely on the
destination address.
Routing table – Maps ranges of IP addresses to LANs or other
gateway routers.
IP Routing
New MAC address at each hop
Same IP address at each hop used to route data packet.
IP Vulnerabilities 1. Unencrypted transmission
– Eavesdropping possible at any intermediate host during routing.
2. No source authentication – Sender can spoof source address, making it difficult to trace
packet back to attacker.
3. No integrity checking – Entire packet, header and payload, can be modified while en
route to destination, enabling content forgeries, redirections, and man-in-the-middle attacks.
4. No bandwidth constraints – Large number of packets can be sent to DoS target.
IP Spoofing
IP Spoofing is an attempt by an intruder to send packets from one IP address that appear to originate at another.
• If victim trusts spoofed IP, then attacker trusted.
• Tracking down attack leads to spoofed IP.
Two basic forms of IP Spoofing • Blind Spoofing can be used from any source. • Non-Blind Spoofing must be on same subnet.
Blind Spoofing
Attacker cannot see response packets, but – Some attacks, like DoS do not want to receive
response packets, and – Some responses can be guessed sufficiently
accurately to carry on conversation, such as TCP hijacking attacks.
Network Tests with ICMP
Internet Control Message Protocol (ICMP) – Used for network testing and debugging. – Simple messages encapsulated in single IP packets. – Considered a network layer protocol.
ICMP-based Network Testing Tools – ping: sends echo request messages and provides
statistics on roundtrip times and packet loss. – traceroute: sends series of ICMP packets with
increasing TTL value to discover routes.
ICMP DoS Attacks Ping of death
– ICMP specifies messages must fit a single IP packet (64KB).
– Send a ping packet that exceeds maximum size using IP fragmentation.
– Reassembled packet caused several operating systems to crash due to a buffer overflow.
Smurf – Ping a broadcast address using a spoofed source
address. Large number of responses sent to target whose address was spoofed.
Smurf Attack
Attacker Victim
Amplifying Network
echo request
echo response
echo response
echo response
Slide #17
TCP: Transmission Control Protocol
Connection-oriented Must establish connection before sending data. 3-way handshake.
Reliable byte-stream TCP decides how to divide stream into packets. ACK, timeout, retransmit, reordering.
16-bit source and destination ports. FTP(21), HTTP(80), POP(110), SMTP(25)
Slide #18
TCP Reliability 1. Breaks data into best-sized chunks. 2. After sending segment, maintains timer; if no
ACK within time limit, resends segment. 3. Sends ACK on receipt of packets. 4. Discards pkts on bad checkum of header and
data. 5. Receiver resequences TCP segments, based on
sequence numbers, allowing data to be reassembled correctly no matter what order.
6. Receiver discards duplicate segments. 7. Flow control: only sends as much data as
receiver can process.
Slide #19
TCP Header
Slide #20
TCP Connection Establishment
TCP 3-Way Handshake
SYN Floods Create many half-open connections to target
– Send SYN packet – Ignore SYN+ACK response
• (May spoof invalid source IP address for each SYN)
Target connection table fills up, resulting in DoS – 3 minute timeout for final ACK – all new TCP connections refused
Defenses – Micro-connections (allocate few resources til see ACK) – SYN cookies store state in TCP ISN, not on server
TCP Connection Termination
TCP Session Killing RST
– Need one valid TCP sequence number. – Send RST segment with spoofed IP address and valid
sequence number. – May need to send multiple RST’s in case host receives
TCP segment with your chosen sequence number before your RST segment.
FIN – Need valid TCP sequence + ACK numbers. – Send FIN+ACK segment with spoofed IP address to
terminate session. – Receive FIN packet in response, verifying kill if
successful.
TCP Session Hijacking A TCP session hijacking attack is when an attacker takes control of an existing TCP session. The attacker must be able to
– Spoof IP address of one side of connection. – Predict TCP sequence numbers.
Gives threat access to authenticated sessions. Defenses:
– Random initial TCP sequence numbers. – Use encrypted protocols like SSH, so attacker cannot
interact with system due to inability to send properly encrypted traffic.
TCP Session Hijacking Steps
1. Guess TCP sequence numbers used in current session between two hosts.
2. Create desynchronized state so neither side of connection can talk to the other.
3. Send packet with correct SN + ACK with spoofed client IP address to server, containing attack.
ACK Storm • Noisy side effect of TCP session hijacking. • Both client and server ACK unacceptable
packets with expected sequence number. • Each ACK is also unacceptable and
generates another ACK response. • If network drops packet, no response made. • ACK storms create network congestion,
leading to many dropped packets.
Covert Channels in TCP/IP Covert channels enable communication using techniques not meant for information exchange. Possible techniques include:
– Timing of packets (temporal channel). – Size of packets. – Unused header fields (header bit modulation). – Hiding data in packet body.
Covert channels may be able to be detected by – Too many packets of certain protocols (ICMP, DNS) – Too large packets from certain protocols – Multiple response packets for protocols like ICMP, DNS
Port Knocking Port knocking is a method of opening ports by making connections to a set of unused ports in a specified sequence.
– Fairly secure against brute force attacks since there are 65536k combinations, where k is the number of ports knocked
– Susceptible to replay attacks. If a port knock is sniffed, then attacker can replay the knock.
Used to hide ports from network scans. Can be used by defenders and attackers.
User Datagram Protocol (UDP)
Stateless, unreliable layer 4 protocol. – Runs on top of IP. – Trades reliability for speed.
Applications – Streaming audio/video. – TFTP (builds simple state on top of UDP.) – DNS.
Slide #30
UDP Header
Key Points 1. IP addresses seen by recipient unlike MAC
– NAT hides many IP addresses behind one.
2. IP spoofing – Blind: do not see responses. – Non-blind: use sniffer to see responses.
3. Technical DoS: ping of death, smurf, SYN flood 4. TCP session hijacking seizes authenticated session
– Guess TCP sequence numbers based on ISN. – Desynchronize existing TCP session. – Threat resynchronizes with server, seizing control.
5. Cannot hijack encrypted sessions like ssh.
References
1. Carna Botnet, Internet Census 2012, http://internetcensus2012.bitbucket.org/p aper.html, 2012.
2. Goodrich and Tammasia, Introduction to Computer Security, Pearson, 2011.
3. Richard Stevens, TCP/IP Illustrated, Vol. 1, Addison-Wesley, 1994.
http://internetcensus2012.bitbucket.org/paper.html
http://internetcensus2012.bitbucket.org/paper.html
Released under CC BY-SA 3.0 This presentation is released under the Creative Commons
Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0) license You are free:
to Share — to copy and redistribute the material in any medium to Adapt— to remix, build, and transform upon the material to use part or all of this presentation in your own classes
Under the following conditions: Attribution — You must attribute the work to James Walden, but
cannot do so in a way that suggests that he endorses you or your use of these materials.
Share Alike — If you remix, transform, or build upon this material, you must distribute the resulting work under this or a similar open license.
Details and full text of the license can be found at https://creativecommons.org/licenses/by-nc-sa/3.0/
https://creativecommons.org/licenses/by-nc-sa/3.0/
CIT 480: Securing Computer Systems
Topics
Internet Protocol (IP)
IP Addresses
Slide Number 5
Network Address Translation
IP Address Geolocation
IP Header
IP Routing
IP Routing
IP Vulnerabilities
IP Spoofing
Blind Spoofing
Network Tests with ICMP
ICMP DoS Attacks
Smurf Attack
TCP: Transmission Control Protocol
TCP Reliability
TCP Header
TCP Connection Establishment
SYN Floods
TCP Connection Termination
TCP Session Killing
TCP Session Hijacking
TCP Session Hijacking Steps
ACK Storm
Covert Channels in TCP/IP
Port Knocking
User Datagram Protocol (UDP)
UDP Header
Key Points
References
Released under CC BY-SA 3.0
Applied Sciences
Architecture and Design
Biology
Business & Finance
Chemistry
Computer Science
Geography
Geology
Education
Engineering
English
Environmental science
Spanish
Government
History
Human Resource Management
Information Systems
Law
Literature
Mathematics
Nursing
Physics
Political Science
Psychology
Reading
Science
Social Science
Home
Blog
Archive
Contact
google+twitterfacebook
Copyright © 2019 HomeworkMarket.com
| Writer | Writer Name | Amount | Client Comments & Rating |
|---|---|---|---|
ONLINE |
Instant Homework Helper |
$36 |
She helped me in last minute in a very reasonable price. She is a lifesaver, I got A+ grade in my homework, I will surely hire her again for my next assignments, Thumbs Up! |
Custom Original Solution And Get A+ Grades
Custom Original Solution And Get A+ Grades
Custom Original Solution And Get A+ Grades
| Writer | Writer Name | Offer | Chat |
|---|---|---|---|
ONLINE |
University Coursework HelpHi dear, I am ready to do your homework in a reasonable price. |
$102 | Chat With Writer |
ONLINE |
Top Essay TutorI have more than 12 years of experience in managing online classes, exams, and quizzes on different websites like; Connect, McGraw-Hill, and Blackboard. I always provide a guarantee to my clients for their grades. |
$105 | Chat With Writer |
ONLINE |
Helping HandI am an Academic writer with 10 years of experience. As an Academic writer, my aim is to generate unique content without Plagiarism as per the client’s requirements. |
$100 | Chat With Writer |
Let our expert academic writers to help you in achieving a+ grades in your homework, assignment, quiz or exam.