1 / 41

Communication protocols and network security

Device con n ection and startup. Communication protocols and network security. c omputer startup s tartup via network – bootp c onnection to the network. Content. w hen powered on the CPU sets the PC (program counter ) on a predefined value

aletha
Télécharger la présentation

Communication protocols and network security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Device connection and startup Communicationprotocolsandnetworksecurity

  2. computerstartup startupvianetwork– bootp connection to thenetwork Content

  3. whenpowered on the CPU setsthe PC (program counter) on a predefinedvalue • challenge: whatvalue is the PC set to on an Intel processor? Whatvalue on powerpc? Which on arm? • afterthat it startsexecutingcommands • normal operation • important: what is located in thememorylocationwherethe CPU starts it’s work COMPUTER STRATUP

  4. Basic I/O System – firmware • Consistsoftwosections: • codethatstartsexecuting on startup • I/O drivers • codeusesthedrivers to accessexternaldevices (harddrive, floppydrive, CD…) andloads a (special) program, thatwecallanoperatingsystem • withthisthehardware is “booted” – hasboots, boot BIOS

  5. operatingsystem (OS) is aninterfacebetweenuserprogramsandhardware, it is responsibleformanagingresources (I/O devices, files, processor time…) primarellythe OS used driversfrom BIOS to workwith I/O devices thesehadtwodisadvantages: i) theywere not “friendly”; ii) theywere not effective OS started to use it’s owndrivers OPERATING SYSTEM– CLASSIC

  6. BIOS actuallyloads a program that it thenexecutes • it finds it on thefirstblockofthe I/O device – master boot record, MBR • theloaded program doesn’t have to bean OS, butcanloadthenext (or one ofthenext) program that is an OS • option to load one ofmultiple OS • challenge: what is this program called? Find at leasttwoexamples. LOADINGoS – MODERN

  7. BIOS actuallyi) loads a program that it then - ii) executes. Whatif BIOS wouldload a program from a server on thenetworkinsteadof a harddrive (different i) butwekeepthesecond part the same). Weneed a definitionof a wayofcommunicationbetweenourcomputerand a server – weneed a protocol. Loading a program - different

  8. Advantages: • We don’t need a harddrive on thecomputer • OS is easilychangedforallcomputers, becauseweonlychange it on theserver • Disadvantages: • vulnerability • slowness • security? LOADING A PROGRAM FROM THE NETWORK

  9. www.fri.uni-lj.si = 212.235.188.25 • ServiceDNS convertsbetweenletterstringsandnumbers. • insteadof DNS servicewecanuse a mapping table in the file /etc/hosts • How do wefindthe DNS serviceserver? • Howdoes a DNS serviceserverfindother DNS servers? • it has to knowtheir IP addresses • file/etc/namedb/named.root IT’S all in thenumbers

  10. DNS serviceusesgatenumber53. • Wehave no servicethatwouldconvertbetweenthe name DNS and 53 • wehave a mapping table in the file /etc/services • challenge: how is the DNS servicereallycalled in the table mentionedabove? IT’S all in thenumbers

  11. # # Network services, Internet style # # Note that it is presently the policy of IANA to assign a single well-known # port number for both TCP and UDP; hence, most entries here have two entries # even if the protocol doesn't support UDP operations. # # The latest IANA port assignments can be gotten from # # http://www.iana.org/assignments/port-numbers # # The Well Known Ports are those from 0 through 1023. # The Registered Ports are those from 1024 through 49151 # The Dynamic and/or Private Ports are those from 49152 through 65535 # # $FreeBSD: src/etc/services,v 1.89 2002/12/17 23:59:10 eric Exp $ # From: @(#)services 5.8 (Berkeley) 5/9/91 # # WELL KNOWN PORT NUMBERS # rtmp 1/ddp #Routing Table Maintenance Protocol tcpmux 1/udp # TCP Port Service Multiplexer tcpmux 1/tcp # TCP Port Service Multiplexer # Mark Lottor <MKL@nisc.sri.com> nbp 2/ddp #Name Binding Protocol compressnet 2/udp # Management Utility compressnet 2/tcp # Management Utility ... ftp-data 20/udp # File Transfer [Default Data] ftp-data 20/tcp # File Transfer [Default Data] ftp 21/udp # File Transfer [Control] ftp 21/tcp # File Transfer [Control] ssh 22/udp # SSH Remote Login Protocol ssh 22/tcp # SSH Remote Login Protocol telnet 23/udp # Telnet telnet 23/tcp # Telnet smtp 25/udp # Simple Mail Transfer smtp 25/tcp # Simple Mail Transfer ...

  12. DNS protocolusesUDP packages. • In theheadof a packagewe mark that it is an UDP packagewhiththenumber 17. • Wehave no servicethatwouldconvertbetweenthe name UDP and 17. • Wehave a mapping table in the file /etc/protocols • challenge: whichprotocolhasthenumber 50 andwhat is it used for? What are theformatsforallthreeetcfiles? IT’S all in thenumbers

  13. worldagreementaboutnumbers • thenumbers are storedandadvertisedby IANA – The Internet Assigned Numbers Authority, www.iana.org • rootDNS servers: www.iana.org/domains/root/db/arpa.html • gates: www.iana.org/assignments/port-numbers • challenge: write a program thatproducesautomaticallythe file servicesfromthedata on the IANA server • protocols: www.iana.org/protocols/ • challenge: whatkindofdata is on www.iana.org/domains/root/db/si.html? So where do thenumberscomefrom

  14. on startupthecomputercanknow or doesn’t know some of it’s data: • name • IP address • ... • it certainlyhas to knowtheprotocolthatwillenabletheloadingofthe OS • like it has to know a wayofreadingdata form a harddrive - driver • theprotocolhandlerhas to beshortandinformative Loading os from a network

  15. To loadsuccesfullythecomputerhas to: • knowhow to find a serverfromwhichthe OS willbeloaded • knowhow to set itself as advised/demandedbytheserver • transfer the OS to itself • installthe OS and run it • The last step is the same as withloadingfrom a harddrive.. • Designdecision: steps1. and2. in oneprotocol(bootp) and step3. in a differentprotocol (eg. tftp) Loading os from a network– STEPS

  16. Defined in RFC 951, BOOTSTRAP PROTOCOL (BOOTP) • mandatory: find it on the internet andread it – literature! • challenge: findtheotherRFC documents, thatdealwithbootpandseewhattheysay. • Conversation in stepsbetweentheclientandtheserver: theclientasksandtheserveransweres • Therecanbe more serverspresentandtherecanbe more clientstrying to loadthe OS at the same time Protocolbootp

  17. In thebeginingtheclientdoesn’t knowthe IP addressoftheserver so hesends(broadcast) on the 2. layerofthelocalnetwork a desireforloadingthe OS • Theserverassignsan IP address to theclient (or doesn’t) andletshimknowwhere is theclient’s OS • not necessarily on thelocalnetwork • bootpis anapplicationthatusesconnectionlessmode – UDP protocol – on the transport layer • This is wheretheconversationends • Challenge: what is withsecurityandtrojans? CheckRCPs. bootp – some details

  18. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | op (1) | htype (1) | hlen (1) | hops (1) | +---------------+---------------+---------------+---------------+ | xid (4) | +-------------------------------+-------------------------------+ | secs (2) | flags (2) | +-------------------------------+-------------------------------+ | ciaddr (4) | +---------------------------------------------------------------+ | yiaddr (4) | +---------------------------------------------------------------+ | siaddr (4) | +---------------------------------------------------------------+ | giaddr (4) | +---------------------------------------------------------------+ | | | chaddr (16) | | | | | +---------------------------------------------------------------+ | | | sname (64) | +---------------------------------------------------------------+ | | | file (128) | +---------------------------------------------------------------+ | | | vend (64) | +---------------------------------------------------------------+ bootp – oblika paketa • op: zahteva ali odgovor • htype: vrsta medija • hlen: dolžina naslova • chaddr: odjemalčev naslov plasti 2 • hops: število skokov • xid: id zahteve • secs: koliko časa je minilo od prvega pošiljanja • flags: zastavice – samo razpošiljanje ali ne

  19. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | op (1) | htype (1) | hlen (1) | hops (1) | +---------------+---------------+---------------+---------------+ | xid (4) | +-------------------------------+-------------------------------+ | secs (2) | flags (2) | +-------------------------------+-------------------------------+ | ciaddr (4) | +---------------------------------------------------------------+ | yiaddr (4) | +---------------------------------------------------------------+ | siaddr (4) | +---------------------------------------------------------------+ | giaddr (4) | +---------------------------------------------------------------+ | | | chaddr (16) | | | | | +---------------------------------------------------------------+ | | | sname (64) | +---------------------------------------------------------------+ | | | file (128) | +---------------------------------------------------------------+ | | | vend (64) | +---------------------------------------------------------------+ bootp – Package form • ciaddr: clientaddress • yiaddr: set address • siaddr: serveraddress • giaddr: gateaddress • sname: name oftheserverwith OS • file: filecontainingOS • vend:possibleextensions • challange: recordbothpackages on thenetworkandcomment on them

  20. on FreeBSD: bootpdandbootpgw • configuration in /etc/bootptab • Challenge: findthehandbookandjust set the file then run theserverandthetransientserver software • client.test.net:\ • :ht=ether:\ • :ha=CCCCCCCCCCCC:\ • :sm=255.255.255.0:\ • :lg=192.168.1.5:\ • :ip=192.168.1.10:\ • :hn:\ • :bf=[/tftpboot/]OS:\ • :bs=auto:\ • :rp=/export/client/root/:\ • :vm=auto: • :vm=rfc1048: • Challenge: upperrecorduses a specialnotationofdata - format. Is it used somewhereelse? How is it definedexactly? Howdoesaninterface in C lookwhenyouread it? Is theupper form withouterrors?

  21. definedinRFC 1350, The TFTP Protocol (Trivial File Transfer Protocol) • mandatory: find it on the internet andread it – literature! • challenge: findtheother RFC documents, thatdealwithtftpandseewhattheysay. • verysimplifiedfunctionalityoftheftpprotocol – mainlypreservedtheoptionofdata transfer • nodirectoryprintout, authentificationandencryption, allowsverylargepackets, can’t load a file biggerthan 1TB • Challenge: what is thesyndromeofthewizard’s assistant (SAS)? Whereandhowdoesthisconcerntftp? Protocoltftp

  22. In thebeginningtheclientknowsthe IP addressoftheserverbecausehegets it throughthebootpprotocol • tftpis anapplicationthatusesconnectionless mode – UDP protocol – on the transport layer • Challange: bothbootpandtftpuse UDP protocol – why? tftp – some details

  23. clientsends a request to read(RRQ) ferverrespondswith a DATA packageanddatathatwasrequestedbytheclient; they are sentfrom a newgateandallthecommunicationwiththeclientmustfromnow on run throughthisgate (NAT port?) foreverypackagetheclientrespondswithan ACK package, afterthattheserversendsthenextpackage (previous step) – ifthere is no confirmation in a certainamountof time, theserversendsthepackageagain thespecialty is the last packagethat is smallerthanthemaximumallowedsize tftp – exampleofconversationwhenreading

  24. RRQ, WRQ: 2 bytes string 1 byte string 1 byte ------------------------------------------------ | Opcode | Filename | 0 | Mode | 0 | ------------------------------------------------ DATA: 2 bytes 2 bytes n bytes ---------------------------------- | Opcode | Block # | Data | ---------------------------------- ACK: 2 bytes 2 bytes --------------------- | Opcode | Block # | --------------------- tftp – package form • Opcode: request • Filename 0: file name • Mode 0: data format • Block #: numberofsentpackages • Challange: recordthepackages on thenetworkandcomment on them

  25. onFreeBSD: tftpd • no configuration file • filesthat are served are in thedirectory /tftpboot • exampleoftheentirecommunicationofloadingan OS on www.eventhelix.com/RealtimeMantra/Networking/Bootp.pdf • Challenge: findthehandbookandinstalla tftp serverwithanyfiles. tftpdoesn’t allowstrings like,,../’’ or ,,/../’’ in the file name– why? software

  26. Some computershavetheirowndiscandloadthe OS on theirown, butstillwant to connect to a netowork: • staticIP numberworksonly on stationarycomputers • mobilecomputersneed a differentnumberevery time • providerswant to provide more clientsthentheyhave IP addresses • Protocolbootpsendsdataforsettingthe IP addressand IP addressoftheport to theclient in thefirst step • idea!! – letsusebootpprotocol Connection to a network

  27. It is not a badidea, buttheproblems: • asidefromthe IP address, wealsoneedtheportaddress, the DNS serveraddress, proxyserveraddress… • Letsutilize/changethepurposeofthevendfield in bootpprotocol bootpprotocolforconnection to a network

  28. defined in RFC 1497, BOOTP Vendor Information Extensions • mandatory: find it on the internet andread it – literature! • challenge: findtheother RFC documents, thatdealwiththistypeofcontentandseewhattheysay. • firstvalue is the “magiccookie”with a vlueof99.130.83.99 • twotypesoffields (in lenght): • permanent: syllable1: badge [data] • Subnet Mask Field (badge: 1, data: 4 syllables): 1.255.255.255.0 • variable: syllable1: badge, syllable2: datalength, othersyllables: data • Gateway Field (badge: 3, data: N/4 addresses): 3.4.1.2.3.4 • badges128-254: localextensions • Challenge: usebootpandaddyourownextension. Vendextensions

  29. there are versionsforIPv4 andIPv6, firstIPv4 • defined in RFC 2131, Dynamic Host Configuration Protocol • mandatory: find it on the internet andreadit – literature! • challenge: findtheother RFC documents, thatdealwith DHCP andseewhattheysay. • actuallyanextensionofbootpprotocol • renamingofvendfieldintooptionsand it’s extension – RFC 2132, DHCP Options and BOOTP Vendor Extension DHCP Protocol

  30. In thebeginingtheclientdoesnt’t knowthe IP addressoftheserver • DHCP is anapplicationthatusesconnectionless mode – UDP protocol – on the transport layer • Challenge: how is securitywith DHCP protocol? Ifpossible make anattack on theclient. DHCP – some details

  31. basicidea: theclientgetsan IP address to usefor a limitedamountof time • possiblerequests: • DHCPDISCOVER: searchingfo a server • DHCPOFFER: offerfortheclient • DHCPREQUEST: clientconfirmsreceivedsettings; eventherequestforextending IP addressusage • DHCPACK, DHCPNAK: server’s confirmation/denial to theclient • DHCPDECLINE: client to serverthatthe IP address is already in use • DHCPRELEASE: clientreturningaddressbeforeexpiration • DHCPINFORM: clientonlywantsotherdata, healreadyhastheaddress • specialbadge inoptions: DHCP message type • Challenge: what is thevalueofthisbadge? DHCP – protocolcore

  32. Server Client Server (not selected) (selected) vvv | | | | Begins initialization | | | | | _____________/|\____________ | |/DHCPDISCOVER | DHCPDISCOVER \| | | | Determines | Determines configuration | configuration | | | |\ | ____________/ | | \________ | /DHCPOFFER | | DHCPOFFER\ |/ | | \ | | | Collects replies | | \| | | Selects configuration | | | | vvv DHCP – lifecycle • | | | • | _____________/|\____________ | • |/ DHCPREQUEST | DHCPREQUEST\ | • | | | • | | Commits configuration • | | | • | | _____________/| • | |/ DHCPACK | • | | | • | Initialization complete | • | | | • . . . • | | | • | Graceful shutdown | • | | | • | |\ ____________ | • | | DHCPRELEASE \| • | | | • | | Discards lease • | | | • vvv

  33. DHCP doesn’t foreseeanauthentication • Possibleattacks: • unauthorizedserversprovidethewronginformation • unauthorizedclientsgainaccess to resourcesthatsouldberestricted to them • emptyingofresourcesbyunauthorizedclients • Challenge: do at least one oftheseattachs. Whatdoes RFC 3118 refer to andhowdoes it work? DHCP hazzards

  34. onFreeBSDclientdhclientwithcofiguration file /etc/dhclient.conf • see: www.freebsd.org/doc/handbook/network-dhcp.html • Challenge: configure a clientand run it. Whatdoesrightconfigurationactuallymean? software • send host-name "andare.fugue.com"; • send dhcp-client-identifier 1:0:a0:24:ab:fb:9c; • send dhcp-lease-time 3600; • supersede domain-name "fugue.comhome.vix.com"; • prepend domain-name-servers 127.0.0.1; • request subnet-mask, broadcast-address, time-offset, routers, • domain-name, domain-name-servers, host-name; • require subnet-mask, domain-name-servers; • timeout 60; • retry 60; • reboot 10; • select-timeout 5; • initial-interval 2; • script "/etc/dhclient-script"; • media "-link0 -link1 -link2", "link0 link1"; • reject 192.33.137.209; • alias { • interface "ep0"; • fixed-address 192.5.5.213; • option subnet-mask 255.255.255.255; • } • lease { • interface "ep0"; • fixed-address 192.33.137.200; • medium "link0 link1"; • option host-name "andare.swiftmedia.com"; • option subnet-mask 255.255.255.0; • option broadcast-address 192.33.137.255; • option routers 192.33.137.250; • option domain-name-servers 127.0.0.1; • renew 2 2000/1/12 00:00:01; • rebind 2 2000/1/12 00:00:01; • expire 2 2000/1/12 00:00:01; • }

  35. onFreeBSDservernet/isc-dhcp31-serverwithconfiguration file /usr/local/etc/dhcpd.conf • Challenge: configure a serverand run it. Whatdoesthe program dhcp_probe do – installand run it. software • option domain-name "example.com”; • option domain-name-servers 192.168.4.100; • option subnet-mask 255.255.255.0; • default-lease-time 3600; • max-lease-time 86400; • ddns-update-style none; • subnet 192.168.4.0 netmask 255.255.255.0 { • range 192.168.4.129 192.168.4.254; • option routers 192.168.4.1; • } • host mailhost { • hardware ethernet 02:03:04:05:06:07; • fixed-address mailhost.example.com; • }

  36. defined in RFC 3315, Dynamic Host Configuration Protocol for IPv6 (DHCPv6) • mandatory: find it on the internet andread it – literature! • challenge: findtheother RFC documents, thatdealwith DHCP andseewhattheysay. • completelydifferentprotocolfor IPv6 • twowaysofconfiguring a computer: • statelesswhere a computercan set itself; and • statefullwhere a computer is set usingotherdevices DHCPv6 protocol

  37. In thebeginingtheclientdoesnt’t knowthe IP addressoftheserver DHCP is anapplicationthatusesconnectionless mode – UDP protocol – on the transport layer DHCPv6 – some details

  38. possiblerequests (msg-type): • SOLICIT: requestforsettings • ADVERTISE: advertisinganaddress • REQUEST: requestforsettingsparameters • CONFIRM: confirmingifanaddressgiven to a client is stillvalid • RENEW: request to renew • REBIND: request to maintain • REPLY: reply to a client • RELEASE: releaseanaddress • DECLINE: rejectanassignedaddress • RECONFIGURE: server is tellingtheclient to renewthesettings • INFORMATION-REQUEST: requestforsettingswithoitan IP address • RELAY-FORW: forwarding • RELAY-REPL: confirmationfortheforwarderthatcontainsthereply to theclient • Challenge: howdoesforwardingofrequestswork? DHCPv6 – protocolcore

  39. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | msg-type | transaction-id | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | . options . . (variable) . | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ normal message izziv:whatkindofoptions do wehave? WheredidthefieldsfromIPv4 go? What is thisDUID? DHCPv6 – Message form • 0 1 2 3 • 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 • +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ • | msg-type | hop-count | | • +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | • | | • | link-address | • | | • | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| • | | | • +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | • | | • | peer-address | • | | • | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| • | | | • +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | • . . • . options (variable number and length) .... . • | | • +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ • forwardedmessage

  40. onFreeBSDclient, serverandforwarderdhcp6withconfiguration file /usr/local/etc/dhcp6{c,s}.conf • Challenge: configure a clientand run it. Whatdoesrightconfigurationactuallymean? software • option domain-name-servers 2001:db8::35; • interface fxp0 { address-pool pool1 3600; }; • pool pool1 { range 2001:db8:1:2::1000 to 2001:db8:1:2::2000 ; }; • nastavitvenadatotekastrežnika

  41. wehaveseenhow a computercanbootof a networkand how it canconnect to a network Next time: networkmanagement Zaključek

More Related