1 / 61

Advanced Networks and Computer Security

Advanced Networks and Computer Security. Dr. Udo Pooch Texas A&M University. Introduction to Network Protocols. Lesson Objectives Describe the functions of a firewall Explain the limitations of firewalls Identify well known ports used for different network services

donny
Télécharger la présentation

Advanced Networks and Computer Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Advanced Networks and Computer Security Dr. Udo Pooch Texas A&M University

  2. Introduction to Network Protocols • Lesson Objectives • Describe the functions of a firewall • Explain the limitations of firewalls • Identify well known ports used for different network services • Describe the functionality of a packet filtering firewall • Illustrate potential problems with packet filtering (ftp connections, etc.) • Describe the functionality of application-level gateways • Summarize the strengths and weaknesses of the different categories of firewalls

  3. Agenda • Review of the Internet Suite • Protocol Model • Core Protocols • Management Protocols • Application Protocols • Protocols in Operation • Routing Protocols

  4. Layered Architectures-Principles- • Separation of Functions • Clearly Defined Interfaces • Peer to Peer Protocols • Provide Services Up, • Request Services Down

  5. Message Message Pkts Packets Pkts Packets Layering TRANSPORT NETWORK 10010111001 10010111001 {Bits} {Bits} LINK PHYSICAL {Signal}

  6. Packet Formats Data Application “Header” Presentation “Header” Data Data Session Header (?) Stream Packets Transport Header Data Data Network Header Link Header Data Data Framing

  7. Protocols and Services-a better model n+1 n+1 n n n-1 n-1

  8. (Partial) TCP/IP Stack FTP TELNET DNS TCP UDP IP ICMP ARP DIX Ethernet or ...

  9. Application Presentation Session Transport Network Data/Link Physical Example: OSI & the Internet NFS XDR RPC UDP IP DIX Ethernet IEEE 802.3

  10. TCP/IP Architecture • Theme: Communication over unreliable, heterogeneous infrastructure • Universal Service • Standards, not Implementations

  11. Universal Service • Virtual Network • Arbitrary Connectivity • IP -- One address end-to-end • Meaning of Hosts

  12. References TCP/IP • Overall -- Douglas Comer • Internetworking with TCP/IP, Vol I, 3d ed. • Internetworking with TCP/IP, Vol II • Internetworking with TCP/IP, Vol III (Sockets), 2d ed • Internetworking with TCP/IP, Vol III (TLI) • Unix Programming -- W. Richard Stevens • Unix Network Programming (new 2 volume set) • Advanced Unix Network Programming • Stevens & Wright • TCP/IP Illustrated Vol I • TCP/IP Illustrated Vol II • TCP/IP Illustrated Vol III • http://www.qnx.com/~mphunter/tcpip_resources.html

  13. Core Protocols • ARP -- Address Resolution Protocol • IP -- Internet Protocol • ICMP -- Internet Control Message Protocol • UDP -- User Datagram Protocol • TCP -- Transmission Control Protocol • DNS -- Domain Name System • FTP -- File Transfer Protocol • TELNET -- Connectivity Application

  14. ARP • Address Resolution Protocol {translate network layer address to physical address} • Part of general resolution procedure: name {e.g., neuron.cs.tamu.edu} DNS IP Address {e.g., 128.194.133.1} ARP Ethernet address {e.g., 08:00:20:08:58:78}

  15. IP and ICMP • IP is the “Duct Tape” for the Internet • More details later • ICMP is an Internal protocol to IP • ICMP provides several services to network managers • ping • traceroute

  16. IP Functionality • Presents single, virtual network to user • Connectionless Delivery • Packet Routing • Interface to Lower Layers

  17. Special Address Conventions • This host • Host on this net • Limited broadcast • Directed broadcast • Loopback all 0’s all 0’s host all 1’s net all 1’s 127 anything (usually 1)

  18. 0 4 8 16 19 24 31 VERS HLEN SERVICE TYPE TOTAL LENGTH IDENTIFICATION FLAGS FRAGMENT OFFSET TIME TO LIVE PROTOCOL HEADER CHECKSUM SOURCE IP ADDRESS DESTINATION IP ADDRESS IP OPTIONS (IF ANY) PADDING DATA ... IP Header

  19. IP Packet Handling (rcv) Sockets Transport Layer (TCP or UDP) Other IP Link {DIX Type or 802.3 DSAP} Physical receiving

  20. IP Packet Handling (xmit) Local or Non-Local ? sending Search Routing Table ARP Found! Missing! Send locally... ICMP Error

  21. “Internetworking” • Bridges • Transparent bridges • Source Routing - Transparent Bridges • Routers (Network Layer) • Brouters 3 2 2 2 1 1 1 1

  22. Network Layer maintains two kinds of information Routing Tables (Where to send packets) Route Propagation Data (how to participate in routing protocols) Which protocol(s) to use? May use more than one in the same router Considerations What your neighbors are doing Network Size Organizations Involved Routing Protocols

  23. IP Routing • Making Decisions • Gathering Information • ICMP • CIDR

  24. Routing Protocols “How visibile is the network structure?” • Interior (Intradomain) Protocols • RIP -- a distance-vector algorithm • OSPF -- link state • Differences • Exterior (Interdomain) Protocols • Requirement:s (policy as well as path) • Evolution: EGP -> BGP -> BGP4 • TREE --> MESH

  25. Routing Information Protocol (RIP) • Known as a routing table update protocol • Developed by Xerox and gained widespread acceptance by the proliferation of TCP/IP’s implementation of it in UNIX. • Other protocols (AppleTalk, NetWare) adopted RIP as their standard routing update protocol. • Known as a distance vector protocol. • Vector is an adjacent router and the distance is how far away (hops) the network is. • One hop is considered one router traversed. • Devised for relatively stable, small-to-medium size networks (less than 16 routers in diameter) .

  26. Border Gateway Protocol (BGP) • Autonomous Systems • stub, multi-homed, transit • Path Advertisement instead of Reachability • Route Aggregation!!!

  27. ICMP • Reachability • Redirection • Information • “Are you there?”

  28. Ping • ICMP Echo Request/Echo Reply • Options for: • Routing • Timing • Size

  29. Traceroute • Echo Request/Reply with a twist: traceroute to falcon.ece.utexas.edu (128.83.196.10), 30 hops max, 40 byte packets 1 exit_133 (128.194.133.254) 2 ms 2 ms 2 ms 2 exit_128 (128.194.128.254) 2 ms 3 ms 2 ms 3 FDDI-T3.TAMU.EDU (128.194.1.13) 3 ms 3 ms 3 ms 4 FDDI-WAN.TAMU.EDU (165.91.128.17) 5 ms 4 ms 6 ms 5 sprint-gw-h1-0.the.net (129.117.16.161) 20 ms 5 ms 5 ms 6 ut8-h1-0.the.net (129.117.16.241) 8 ms 9 ms 21 ms 7 129.117.20.12 (129.117.20.12) 7 ms 11 ms 7 ms 8 ens.gw.utexas.edu (128.83.7.132) 16 ms 23 ms 21 ms 9 ece-e0.gw.utexas.edu (128.83.249.251) 12 ms 9 ms 9 ms 10 * * *

  30. 0 16 31 SOURCE PORT DESTINATION PORT MESSAGE LENGTH CHECKSUM DATA ... UDP • Your basic datagram • No acknowledgements, no reliability • Why use it?

  31. Managing Connections • Addressing • Identifying duplicate TPDUs • Three-way handshakes • Flow control • Crash recovery (largely ignored)

  32. TCP • Reliable, sequenced stream of bytes • Virtual circuit • Buffered transfer • Unstructured • Full Duplex • Positive Acknowledgements w/ Retransmission • Sliding Windows

  33. TCP Features • A protocol, not a package • Ports (Well Known Ports) • Out of Band, or URGENT, data • Timeouts • RTT Estimation (Karn’s Algorithm) • Congestion • Slow-Start Methodolgy • Limitations

  34. 0 4 10 16 24 31 SOURCE PORT DESTINATION PORT SEQUENCE NUMBER ACKNOWLEDGEMENT NUMBER HLEN RESERVED CODE BITS WINDOW CHECKSUM URGENT POINTER OPTIONS (IF ANY) PADDING DATA ... TCP Header

  35. Three Way Handshake SYN, SYN/ACK, ACK May be viewed as two Simplex connections Window management Advertising Zero Window Size Nagle’s algorithm Silly Window Syndrome TCP Connection Management

  36. Decode Example - 1 33 cfl02 -> h-207-200-71-52.netscape.com TCP D=80 S=1977 Syn Seq=1011631 Len=0 Win=0 0: 0000 ef03 efb0 00a0 2435 5343 0800 4500 ........$5SC..E. 16: 002c 6f03 0000 3c06 f2c2 80c2 8547 cfc8 .,o...<......G.. 32: 4734 07b9 0050 000f 6faf 0000 0000 6002 G4...P..o.....`. 48: 0000 036d 0000 0204 05a0 0000 ...m........

  37. Decode Example - 2 36 h-207-200-71-52.netscape.com -> cfl02 TCP D=1977 S=80 Syn Ack=1011632 Seq=1144453529 Len=0 Win=49152 0: 00a0 2435 5343 0000 ef03 efb0 0800 4500 ..$5SC........E. 16: 002c 914c 4000 3206 9a79 cfc8 4734 80c2 .,.L@.2..y..G4.. 32: 8547 0050 07b9 4436 f999 000f 6fb0 6012 .G.P..D6ù...o.`. 48: c000 0577 0000 0204 05b4 15f8 ...w.......ø

  38. Decode Example - 3 37 cfl02 -> h-207-200-71-52.netscape.com TCP D=80 S=1977 Ack=1144453530 Seq=1011632 Len=0 Win=2880 0: 0000 ef03 efb0 00a0 2435 5343 0800 4500 ........$5SC..E. 16: 0028 6f04 0000 3c06 f2c5 80c2 8547 cfc8 .(o...<......G.. 32: 4734 07b9 0050 000f 6fb0 4436 f99a 5010 G4...P..o.D6ù.P. 48: 0b40 d1f4 0000 0204 05a0 0000 .@..........

  39. Decode Example - 4 56 cfl02 -> h-207-200-71-52.netscape.com TCP D=80 S=1977 Ack=1144453530 Seq=1011632 Len=374 Win=2880 0: 0000 ef03 efb0 00a0 2435 5343 0800 4500 ........$5SC..E. 16: 019e 6f08 0000 3c06 f14b 80c2 8547 cfc8 ..o...<..K...G.. 32: 4734 07b9 0050 000f 6fb0 4436 f99a 5018 G4...P..o.D6..P. 48: 0b40 a905 0000 4745 5420 2f65 7363 6170 .@....GET /escap 64: 6573 2f73 6561 7263 682f 696d 6167 6573 es/search/images 80: 2f68 6f72 697a 6f6e 7461 6c62 6172 2e67 /horizontalbar.g 96: 6966 2048 5454 502f 312e 300d 0a49 662d if HTTP/1.0..If- 112: 4d6f 6469 6669 6564 2d53 696e 6365 3a20 Modified-Since: 128: 5765 646e 6573 6461 792c 2031 362d 4170 Wednesday, 16-Ap 144: 722d 3937 2030 303a 3430 3a31 3620 474d r-97 00:40:16 GM 160: 543b 206c 656e 6774 683d 3534 0d0a 5265 T; length=54..Re 176: 6665 7265 723a 2068 7474 703a 2f2f 686f ferer: http://ho 192: 6d65 2e6e 6574 7363 6170 652e 636f 6d2f me.netscape.com/ 208: 6573 6361 7065 732f 7365 6172 6368 2f6e escapes/search/n 224: 7473 7263 6872 6e64 2d31 2e68 746d 6c0d tsrchrnd-1.html. 240: 0a43 6f6e 6e65 6374 696f 6e3a 204b 6565 .Connection: Kee 256: 702d 416c 6976 650d 0a55 7365 722d 4167 p-Alive..User-Ag 272: 656e 743a 204d 6f7a 696c 6c61 2f32 2e30 ent: Mozilla/2.0 288: 2028 5769 6e31 363b 2049 290d 0a48 6f73 (Win16; I)..Hos 304: 743a 2068 6f6d 652e 6e65 7473 6361 7065 t: home.netscape 320: 2e63 6f6d 0d0a 4163 6365 7074 3a20 696d .com..Accept: im 336: 6167 652f 6769 662c 2069 6d61 6765 2f78 age/gif, image/x 352: 2d78 6269 746d 6170 2c20 696d 6167 652f -xbitmap, image/ 368: 6a70 6567 2c20 696d 6167 652f 706a 7065 jpeg, image/pjpe 384: 670d 0a43 6f6f 6b69 653a 204e 4554 5343 g..Cookie: NETSC 400: 4150 455f 4944 3d31 3030 3065 3031 302c APE_ID=1000e010, 416: 3132 3336 3139 6130 0d0a 0d0a 123619a0....

  40. Decode Example - 5 58 h-207-200-71-52.netscape.com -> cfl02 TCP D=1977 S=80 Ack=1012006 Seq=1144453530 Len=280 Win=49152 0: 00a0 2435 5343 0000 ef03 efb0 0800 4500 ..$5SC........E. 16: 0140 92eb 4000 3206 97c6 cfc8 4734 80c2 .@..@.2.....G4.. 32: 8547 0050 07b9 4436 f99a 000f 7126 5018 .G.P..D6ù...q&P. 48: c000 3e23 0000 4854 5450 2f31 2e31 2032 ..>#..HTTP/1.1 2 64: 3030 204f 4b0d 0a53 6572 7665 723a 204e 00 OK..Server: N 80: 6574 7363 6170 652d 456e 7465 7270 7269 etscape-Enterpri 96: 7365 2f33 2e30 0d0a 4461 7465 3a20 5375 se/3.0..Date: Su 112: 6e2c 2032 3420 4175 6720 3139 3937 2030 n, 24 Aug 1997 0 128: 383a 3135 3a33 3820 474d 540d 0a43 6f6e 8:15:38 GMT..Con 144: 7465 6e74 2d74 7970 653a 2069 6d61 6765 tent-type: image 160: 2f67 6966 0d0a 4c61 7374 2d6d 6f64 6966 /gif..Last-modif 176: 6965 643a 2054 7565 2c20 3135 2041 7072 ied: Tue, 15 Apr 192: 2031 3939 3720 3233 3a34 303a 3136 2047 1997 23:40:16 G 208: 4d54 0d0a 436f 6e74 656e 742d 6c65 6e67 MT..Content-leng 224: 7468 3a20 3534 0d0a 4163 6365 7074 2d72 th: 54..Accept-r 240: 616e 6765 733a 2062 7974 6573 0d0a 436f anges: bytes..Co 256: 6e6e 6563 7469 6f6e 3a20 6b65 6570 2d61 nnection: keep-a 272: 6c69 7665 0d0a 0d0a 4749 4638 3961 0b00 live....GIF89a.. 288: 1400 9100 00ff ffff 6699 9900 0000 0000 ........f....... 304: 002c 0000 0000 0b00 1400 0002 0f8c 8f01 .,.............. 320: cbed 0fa3 9cb4 da8b b3de 9c17 003b .............;

  41. Decode Example - 6 59 cfl02 -> h-207-200-71-52.netscape.com TCP D=80 S=1977 Ack=1144453810 Seq=1012006 Len=0 Win=2880 0: 0000 ef03 efb0 00a0 2435 5343 0800 4500 ........$5SC..E. 16: 0028 6f09 0000 3c06 f2c0 80c2 8547 cfc8 .(o...<......G.. 32: 4734 07b9 0050 000f 7126 4436 fab2 5010 G4...P..q&D6..P. 48: 0b40 cf66 0000 0204 05a0 0000 .@.f........

  42. Decode Example - 7 60 h-207-200-71-52.netscape.com -> cfl02 TCP D=1977 S=80 Fin Ack=1012006 Seq=1144453810 Len=0 Win=49152 0: 00a0 2435 5343 0000 ef03 efb0 0800 4500 ..$5SC........E. 16: 0028 92ec 4000 3206 98dd cfc8 4734 80c2 .(..@.2.....G4.. 32: 8547 0050 07b9 4436 fab2 000f 7126 5011 .G.P..D6ú...q&P. 48: c000 1aa5 0000 6915 9192 0000 ......i.....

  43. Decode Example - 8 61 cfl02 -> h-207-200-71-52.netscape.com TCP D=80 S=1977 Ack=1144453811 Seq=1012006 Len=0 Win=2880 0: 0000 ef03 efb0 00a0 2435 5343 0800 4500 ........$5SC..E. 16: 0028 6f0a 0000 3c06 f2bf 80c2 8547 cfc8 .(o...<......G.. 32: 4734 07b9 0050 000f 7126 4436 fab3 5010 G4...P..q&D6ú.P. 48: 0b40 cf65 0000 0204 05a0 0000 .@.e........

  44. Domain Name System • A heirarchial, distributed database • A service primarily aimed at mapping names to IP addresses • Partitioned for ease of administration

  45. . gov edu com utexas tamu ibm austin cs mac1 solar mac1 DNS Structure (partial)

  46. DNS -- How it Works • DNS Servers in a logical tree • DNS clients on every host • Iterative Queries • Recursive Queries

  47. Information Gathering System Start up Address Management Management Protocols

  48. Decent Books • Network Management Standards 2d ed • Uyless Black • The Simple Book, 2d ed • Marshall T. Rose • Communication Networks Management, 2d ed • Kornel Terplan • Internetworking with TCP/IP, Vol I, 3d ed • Douglas E. Comer

  49. Management Information Protocols • SNMP - Simple Network Management Protocol • Internet • CMIP - Common Management Information Protocol • ISO • TMN - Telecommunications Management Network • ITU-T

  50. Internet Management Model Managed Entities Agent Network Management Proxy Agent Managed Entities

More Related