Loading...

Messages

Proposals

Stuck in your homework and missing deadline? Get urgent help in $10/Page with 24 hours deadline

Get Urgent Writing Help In Your Essays, Assignments, Homeworks, Dissertation, Thesis Or Coursework & Achieve A+ Grades.

Privacy Guaranteed - 100% Plagiarism Free Writing - Free Turnitin Report - Professional And Experienced Writers - 24/7 Online Support

Findmyip org

21/12/2020 Client: saad24vbs Deadline: 14 Days

CIT 480: Securing Computer Systems


TCP/IP Security


Topics


1. Internet Protocol (IP) 2. IP Spoofing and Other Vulnerabilities 3. ICMP 4. Transmission Control Protocol (TCP) 5. TCP Session Hijacking 6. UDP


Internet Protocol (IP) Connectionless


– Each packet is transported independently from other packets


Unreliable – Delivery on a best effort basis – No acknowledgments


– Packets may be lost, reordered, corrupted, or duplicated


IP packets – Encapsulate TCP and UDP


packets – Encapsulated into link-layer


frames


Data link frame


IP packet


TCP or UDP packet


IP Addresses 32-bit integers that identify machine on net


Dotted decimal notation: ii.jj.kk.ll DNS translates names to IP addresses


172 . 16 . 254 . 1


10101100 00010000 11111110 00000001


1 byte


32 bits = 4 bytes


IPv6 addresses are 128-bit integers written like 2001:0db8:0000:0000:0000:ff00:0042:8329


Network Address Translation Uses public IP addr to represent private IP.


– Translates source IP in outgoing packets. – Translates dest IP in incoming packets. – Router keeps table of translations.


IP Address Geolocation


• ISPs get blocks of IP addresses from ARIN.


• ARIN database records where IP addresses are.


• Application layer and time data may help reveal details.


Check http://www.findmyip.org/ for your location.


http://www.findmyip.org/

http://www.findmyip.org/

http://www.findmyip.org/

IP Header


IP Routing


A router bridges two or more networks – Operates at the network layer. – Maintains tables to forward packets to the


appropriate network. – Forwarding decisions based solely on the


destination address.


Routing table – Maps ranges of IP addresses to LANs or other


gateway routers.


IP Routing


New MAC address at each hop


Same IP address at each hop used to route data packet.


IP Vulnerabilities 1. Unencrypted transmission


– Eavesdropping possible at any intermediate host during routing.


2. No source authentication – Sender can spoof source address, making it difficult to trace


packet back to attacker.


3. No integrity checking – Entire packet, header and payload, can be modified while en


route to destination, enabling content forgeries, redirections, and man-in-the-middle attacks.


4. No bandwidth constraints – Large number of packets can be sent to DoS target.


IP Spoofing


IP Spoofing is an attempt by an intruder to send packets from one IP address that appear to originate at another.


• If victim trusts spoofed IP, then attacker trusted.


• Tracking down attack leads to spoofed IP.


Two basic forms of IP Spoofing • Blind Spoofing can be used from any source. • Non-Blind Spoofing must be on same subnet.


Blind Spoofing


Attacker cannot see response packets, but – Some attacks, like DoS do not want to receive


response packets, and – Some responses can be guessed sufficiently


accurately to carry on conversation, such as TCP hijacking attacks.


Network Tests with ICMP


Internet Control Message Protocol (ICMP) – Used for network testing and debugging. – Simple messages encapsulated in single IP packets. – Considered a network layer protocol.


ICMP-based Network Testing Tools – ping: sends echo request messages and provides


statistics on roundtrip times and packet loss. – traceroute: sends series of ICMP packets with


increasing TTL value to discover routes.


ICMP DoS Attacks Ping of death


– ICMP specifies messages must fit a single IP packet (64KB).


– Send a ping packet that exceeds maximum size using IP fragmentation.


– Reassembled packet caused several operating systems to crash due to a buffer overflow.


Smurf – Ping a broadcast address using a spoofed source


address. Large number of responses sent to target whose address was spoofed.


Smurf Attack


Attacker Victim


Amplifying Network


echo request


echo response


echo response


echo response


Slide #17


TCP: Transmission Control Protocol


Connection-oriented Must establish connection before sending data. 3-way handshake.


Reliable byte-stream TCP decides how to divide stream into packets. ACK, timeout, retransmit, reordering.


16-bit source and destination ports. FTP(21), HTTP(80), POP(110), SMTP(25)


Slide #18


TCP Reliability 1. Breaks data into best-sized chunks. 2. After sending segment, maintains timer; if no


ACK within time limit, resends segment. 3. Sends ACK on receipt of packets. 4. Discards pkts on bad checkum of header and


data. 5. Receiver resequences TCP segments, based on


sequence numbers, allowing data to be reassembled correctly no matter what order.


6. Receiver discards duplicate segments. 7. Flow control: only sends as much data as


receiver can process.


Slide #19


TCP Header


Slide #20


TCP Connection Establishment


TCP 3-Way Handshake


SYN Floods Create many half-open connections to target


– Send SYN packet – Ignore SYN+ACK response


• (May spoof invalid source IP address for each SYN)


Target connection table fills up, resulting in DoS – 3 minute timeout for final ACK – all new TCP connections refused


Defenses – Micro-connections (allocate few resources til see ACK) – SYN cookies store state in TCP ISN, not on server


TCP Connection Termination


TCP Session Killing RST


– Need one valid TCP sequence number. – Send RST segment with spoofed IP address and valid


sequence number. – May need to send multiple RST’s in case host receives


TCP segment with your chosen sequence number before your RST segment.


FIN – Need valid TCP sequence + ACK numbers. – Send FIN+ACK segment with spoofed IP address to


terminate session. – Receive FIN packet in response, verifying kill if


successful.


TCP Session Hijacking A TCP session hijacking attack is when an attacker takes control of an existing TCP session. The attacker must be able to


– Spoof IP address of one side of connection. – Predict TCP sequence numbers.


Gives threat access to authenticated sessions. Defenses:


– Random initial TCP sequence numbers. – Use encrypted protocols like SSH, so attacker cannot


interact with system due to inability to send properly encrypted traffic.


TCP Session Hijacking Steps


1. Guess TCP sequence numbers used in current session between two hosts.


2. Create desynchronized state so neither side of connection can talk to the other.


3. Send packet with correct SN + ACK with spoofed client IP address to server, containing attack.


ACK Storm • Noisy side effect of TCP session hijacking. • Both client and server ACK unacceptable


packets with expected sequence number. • Each ACK is also unacceptable and


generates another ACK response. • If network drops packet, no response made. • ACK storms create network congestion,


leading to many dropped packets.


Covert Channels in TCP/IP Covert channels enable communication using techniques not meant for information exchange. Possible techniques include:


– Timing of packets (temporal channel). – Size of packets. – Unused header fields (header bit modulation). – Hiding data in packet body.


Covert channels may be able to be detected by – Too many packets of certain protocols (ICMP, DNS) – Too large packets from certain protocols – Multiple response packets for protocols like ICMP, DNS


Port Knocking Port knocking is a method of opening ports by making connections to a set of unused ports in a specified sequence.


– Fairly secure against brute force attacks since there are 65536k combinations, where k is the number of ports knocked


– Susceptible to replay attacks. If a port knock is sniffed, then attacker can replay the knock.


Used to hide ports from network scans. Can be used by defenders and attackers.


User Datagram Protocol (UDP)


Stateless, unreliable layer 4 protocol. – Runs on top of IP. – Trades reliability for speed.


Applications – Streaming audio/video. – TFTP (builds simple state on top of UDP.) – DNS.


Slide #30


UDP Header


Key Points 1. IP addresses seen by recipient unlike MAC


– NAT hides many IP addresses behind one.


2. IP spoofing – Blind: do not see responses. – Non-blind: use sniffer to see responses.


3. Technical DoS: ping of death, smurf, SYN flood 4. TCP session hijacking seizes authenticated session


– Guess TCP sequence numbers based on ISN. – Desynchronize existing TCP session. – Threat resynchronizes with server, seizing control.


5. Cannot hijack encrypted sessions like ssh.


References


1. Carna Botnet, Internet Census 2012, http://internetcensus2012.bitbucket.org/p aper.html, 2012.


2. Goodrich and Tammasia, Introduction to Computer Security, Pearson, 2011.


3. Richard Stevens, TCP/IP Illustrated, Vol. 1, Addison-Wesley, 1994.


http://internetcensus2012.bitbucket.org/paper.html

http://internetcensus2012.bitbucket.org/paper.html

Released under CC BY-SA 3.0  This presentation is released under the Creative Commons


Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0) license  You are free:


 to Share — to copy and redistribute the material in any medium  to Adapt— to remix, build, and transform upon the material  to use part or all of this presentation in your own classes


 Under the following conditions:  Attribution — You must attribute the work to James Walden, but


cannot do so in a way that suggests that he endorses you or your use of these materials.


 Share Alike — If you remix, transform, or build upon this material, you must distribute the resulting work under this or a similar open license.


 Details and full text of the license can be found at https://creativecommons.org/licenses/by-nc-sa/3.0/


https://creativecommons.org/licenses/by-nc-sa/3.0/

CIT 480: Securing Computer Systems

Topics

Internet Protocol (IP)

IP Addresses

Slide Number 5

Network Address Translation

IP Address Geolocation

IP Header

IP Routing

IP Routing

IP Vulnerabilities

IP Spoofing

Blind Spoofing

Network Tests with ICMP

ICMP DoS Attacks

Smurf Attack

TCP: Transmission Control Protocol

TCP Reliability

TCP Header

TCP Connection Establishment

SYN Floods

TCP Connection Termination

TCP Session Killing

TCP Session Hijacking

TCP Session Hijacking Steps

ACK Storm

Covert Channels in TCP/IP

Port Knocking

User Datagram Protocol (UDP)

UDP Header

Key Points

References

Released under CC BY-SA 3.0

Applied Sciences

Architecture and Design

Biology

Business & Finance

Chemistry

Computer Science

Geography

Geology

Education

Engineering

English

Environmental science

Spanish

Government

History

Human Resource Management

Information Systems

Law

Literature

Mathematics

Nursing

Physics

Political Science

Psychology

Reading

Science

Social Science

Home

Blog

Archive

Contact

google+twitterfacebook

Copyright © 2019 HomeworkMarket.com

Homework is Completed By:

Writer Writer Name Amount Client Comments & Rating
Instant Homework Helper

ONLINE

Instant Homework Helper

$36

She helped me in last minute in a very reasonable price. She is a lifesaver, I got A+ grade in my homework, I will surely hire her again for my next assignments, Thumbs Up!

Order & Get This Solution Within 3 Hours in $25/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 3 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 6 Hours in $20/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 6 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 12 Hours in $15/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 12 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

6 writers have sent their proposals to do this homework:

University Coursework Help
Top Essay Tutor
Helping Hand
Writer Writer Name Offer Chat
University Coursework Help

ONLINE

University Coursework Help

Hi dear, I am ready to do your homework in a reasonable price.

$102 Chat With Writer
Top Essay Tutor

ONLINE

Top Essay Tutor

I have more than 12 years of experience in managing online classes, exams, and quizzes on different websites like; Connect, McGraw-Hill, and Blackboard. I always provide a guarantee to my clients for their grades.

$105 Chat With Writer
Helping Hand

ONLINE

Helping Hand

I am an Academic writer with 10 years of experience. As an Academic writer, my aim is to generate unique content without Plagiarism as per the client’s requirements.

$100 Chat With Writer

Let our expert academic writers to help you in achieving a+ grades in your homework, assignment, quiz or exam.

Similar Homework Questions

Excel Work for tomorrow!!! - Research Paper: Full Rough Draft (all sections) - Discussion 2 - 1 3 real numbers and the number line - Tigerairways ph promo 2017 - A campaign against kfc corporation - How to cite mayo clinic - Netiquette dos and don'ts - Co-Teaching - Marketing Strategy - Match these values of r with the accompanying scatterplots - Need two pages !!! - Buddhist temple ulverston cumbria - Cell phones being allowed in school - Anz kiwisaver pir change - Discussion post #5 and 8 - Spencer supplies stock is currently selling - Brian foster chest pain shadow health - Nim game smart computer java - Goldman sachs veterans internship program - The cask of amontillado criticism - Acc 561 accounting final exam - DISCUSSION - Group Project - Issues in economics today 7th edition quiz answers - Newton's second law experiment - Maternal newborn nursing case studies - Andrew chinn tell the good news - Solve the equation by the square root property - App developers inc enters into a contract with carmen - Don t blame the eater - Moreton bay council pd online - Packed bed distillation column design - Risk Management and Mitigation Planning - 1332 geelong road mount clear - Wallace and gromit explanation text - Middle english pronunciation guide - Stump grinder hire travis perkins - Consonance examples in poetry - Clinical Field Experience B: Phonics and Word Recognition: I Do, We Do, You Do - What does consonance mean in a poem - Mcdonald's corporation case study analysis - Psychotherapy With group - Safety management system in aviation ppt - Ernest hemingway big two hearted river - Act government land rent scheme - Anth 2 journal - Organisational Theory - Evs worksheet for class 2 - St vincents potts point fees - St mark sculpture by donatello - St james episcopal church warrenton va - Multimodal dangerous goods form - My health donatelle 3rd edition pdf - The ethical emotivist would most agree most which statement - Dow corning vacuum grease data sheet - Chris21 self service login - Adat score for carer allowance - Plymouth city council safeguarding - Scott barber performance testing - Medical report about improvement system for practical issues, a computer related task or function in an area of healthcare that is relevant - Hess law of constant heat summation - The Impact of Cultural Differences on Marketing Campaigns in Multinational UK Businesses - Sliding mode control matlab simulink - 512 pendleton st farmersville tx - Combinations and permutations in python - Bench back support bracket - Complex adaptive systems nursing - Wigton wind farm prospectus - Katia panteli husband name - Slaughterhouse five quotes explained - Gantt chart is used for mcq - Retail store design and layout ppt - Swinburne cover letter template - App-Biography Viewer - What is a mid shot - Tryst with destiny speech transcript - Discrete mathematics lecture notes ppt - Royal brompton hospital fulham road parking - Inventory aggregation supply chain - Xicon passive components 800 628 0544 - Dilation from y axis - Sas proc freq example - Campaign Project: Research and Planning - Adelaide uni past exams - Bridlington relay v yorkshire electricity board 1965 - Nursing smart goals examples - Appraisal form answers for software engineer - Irish horse breeders association - Subtraction snakes and ladders - How to calculate stress from strain gauge - Age of calamitous loyalty vendor - Physics assignment - Traditional chinese warrior clothing - Assignment: Legislation Comparison Grid and Testimony/Advocacy Statement - Target corporation case study analysis - Vce biology unit 3 and 4 exam - Life cycle of a disposable coffee cup - What is the primary lever to reduce cycle inventory - Siemens clinitek status plus service manual