1 / 68

CSC 382: Computer Security

CSC 382: Computer Security. TCP/IP. Topics. TCP/IP Layering Encapsulation Internet Addresses Link Layer Protocols IP Routing TCP and UDP Application Layer Protocols. Network Example. A1. A2. A3. Router. External Router. B1. B2. B3. TCP/IP Layering. HTTP, FTP, telnet

habib
Télécharger la présentation

CSC 382: Computer Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CSC 382: Computer Security TCP/IP CSC 382: Computer Security

  2. Topics • TCP/IP Layering • Encapsulation • Internet Addresses • Link Layer Protocols • IP • Routing • TCP and UDP • Application Layer Protocols CSC 382: Computer Security

  3. Network Example A1 A2 A3 Router External Router B1 B2 B3 CSC 382: Computer Security

  4. TCP/IP Layering HTTP, FTP, telnet TCP, UDP IP, ICMP, IGMP PPP, 802.11 Ethernet CSC 382: Computer Security

  5. TCP/IP Layers • Physical • NIC, cabling, electrical signaling. • Data Link • Single hop transport of packets. • Wired protocols (ethernet, FDDI, PPP) • Wireless protocols (802.11) • Network • End to end delivery of packets. • IP: Internet Protocol CSC 382: Computer Security

  6. TCP/IP Layers • Transport • Flow of data between two hosts for application layer. • TCP: reliable data flow with acknowledgements, retransmission, and timeouts. • UDP: simpler service with no guarantees. • Application • Protocols for particular applications. • ex: FTP, HTTP, SMTP CSC 382: Computer Security

  7. Encapsulation/De-multiplexing Sending: data sent down protocol stack • Each layer prepends a header to data • Ethernet frame sent as bit stream across wire Receiving: data moves up protocol stack • NIC moves bits into memory as ethernet frame • Each layer removes its header from packet CSC 382: Computer Security

  8. Encapsulation CSC 382: Computer Security

  9. De-multiplexing CSC 382: Computer Security

  10. TCP/IP Security TCP/IP has no built-in strong security. • No confidentiality features. • Minimal availability features (ToS options). • Insecure CRC checksums for integrity. • IPsec protocol extension adds security. CSC 382: Computer Security

  11. Data Link Layer IEEE Standards • Ethernet (802.3) • Token Ring (802.5) • Wireless (802.11) Serial Protocols • SLIP and CSLIP • PPP CSC 382: Computer Security

  12. Hubs, Switches, and Routers Hubs (physical layer) • Broadcast packets received to all interfaces. Switches (link layer) • Associates MAC addresses with physical interfaces. • Sends packets only to specified interface. • May have SPAN port for network monitoring. Routers (network layer) • Connect different LANS, including different LAN technologies such as 802.11 and ethernet. CSC 382: Computer Security

  13. Data Link Layer Loopback • Looks like any other link layer device. • Full network processing is performed. • Sends packets to localhost for testing. 48-bit MAC address Maximum Transmission Unit (MTU) • 1492 or 1500 bytes, depending on ethernet std CSC 382: Computer Security

  14. Promiscuous Mode • All ethernet frames to or from any locally connected host are seen by all hosts. • NIC normally filters out frames that are not addressed to its MAC address. • In promiscuous mode, NIC processes all ethernet frames, not just ones addressed to it. • Requires administrative access on most OSes. CSC 382: Computer Security

  15. IP: Internet Protocol Unreliable, connectionless datagram service • Packets may arrived damaged, out of order, duplicated or not at all. • Transport/Application layers provide reliability. IPv4 underlies Internet. • 32-bit addresses in dotted-quad: 10.17.0.90. • IPv6 is successor with 128-bit addresses. Complexities: addressing, routing CSC 382: Computer Security

  16. IP Header CSC 382: Computer Security

  17. IP Header Protocol version: IPv4 Header length: 5-60 32-bit words Type of service (TOS): • 3-bit precedence (ignored today) • 4 TOS bits (min delay (telnet), max throughput (ftp), max reliability, min monetary cost) • unused 0 bit CSC 382: Computer Security

  18. IP Header Total length: length of IP datagram (bytes) • maximum size: 65535 bytes • large packets fragmented at data link layer. • small packets may be padded to minimum length. TTL: upper limit on number of router hops. Protocol: which protocol supplied packet data. Header checksum: IP header checksum CSC 382: Computer Security

  19. IP Fragments IP packets may be fragmented by routers for transmission across different media. • Max IP packet size: 65536 • Max Ethernet packet size: 1500 IP headers contain fragment data: • Don’t Fragment Flag: 0=allowed, 1=don’t • More Fragments Flag: 0=last, 1=more fragments • Identification: identifies single packet for reassembly. • Fragment Offset: where contents of fragment go. CSC 382: Computer Security

  20. Internet Addresses 32-bit IPv4 addresses • Dotted decimal notation: ii.jj.kk.ll Divided into two parts • Network ID • Host ID • XOR address with netmask to get Network ID. CSC 382: Computer Security

  21. Address Classes Class A: 0.0.0.0-127.255.255.255 8-bit net ID, 24-bit host ID Class B: 128.0.0.0-191.255.255.255 16-bit net ID, 16-bit host ID Class C: 192.0.0.0-223.255.255.255 24-bit net ID, 8-bit host ID Class D: 224.0.0.0-239.255.255.255 28-bit multicast group ID Class E: 240.0.0.0-255.255.255.255 Reserved for future use CSC 382: Computer Security

  22. CIDR Class addressing too inefficient • Still need to aggregate routes to limit routing table size. Example:196.1.1.0/24 • 24-bits of Net ID: 196.1.1 • Remaining 8-bits are host ID Not limited to network class sizes • Example: 192.168.128.0/22 • 4 class C networks: 192.168.{128,129,130,131}.0 CSC 382: Computer Security

  23. Network Address Translation Local network uses IETF reserved addresses. • Non-routable: no router knows how to send packets to. • RFC 1918: 10.x.y.z, 192.168.y.z, 172.16.y.z Gateway translates reserved addresses to unique, routable IP addresses. • NAT: Dynamic mapping to pool of routable IP addresses. • 10.0.0.1 -> 4.2.3.5 • 10.0.0.2 -> 4.2.3.6 • NAPT: Dynamic mapping to IP addresss/pool of src ports. • 10.0.0.1 -> 4.2.3.5:1 • 10.0.0.2 -> 4.2.3.5:2 CSC 382: Computer Security

  24. ifconfig > ifconfig eth1 192.168.99.4 netmask 255.255.255.0 up > ifconfig eth1 eth1 Link encap:Ethernet HWaddr 00:A0:C9:97:15:3D inet addr:192.168.99.4 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::2a1:feef:64ef:abcd/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:6897197 errors:0 dropped:0 overruns:0 frame:0 TX packets:6235556 errors:5 dropped:0 overruns:0 carrier:5 collisions:0 txqueuelen:1000 RX bytes:617621765 (589.0 MiB) TX bytes:2685345463 (2.5 GiB) CSC 382: Computer Security

  25. Mapping names to IP addresses Methods: /etc/hosts, LDAP, DNS • DNS offers easiest management; servers in /etc/resolv.conf. • /etc/hosts always available, even if DNS down. > cat /etc/hosts # Hosts table 127.0.0.1 localhost me 192.168.99.2 cit470server svr 192.168.99.4 cit470desktop CSC 382: Computer Security

  26. ARP: Address Resolution Protocol MAC address determines packet destination. How does network layer supply the link layer with a MAC address? ARP: Address Resolution Protocol • Maps 32-bit IP addresses to 48-bit MAC addrs • Data link layer protocol above ethernet • RARP: Reverse ARP CSC 382: Computer Security

  27. ARP Example sftp zappa.nku.edu • Obtains IP address via gethostbyname() • sftp asks TCP to connect to IP address • TCP sends connection request to brahms using an IP datagram • Sending host emits ARP broadcast, asking for MAC address of given IP address • Destination host’s ARP layer receives broadcast, answers with an ARP reply w/ IP->MAC mapping • Sending host constructs ethernet frame with destination MAC address containing IP datagram • Sending host sends IP datagram CSC 382: Computer Security

  28. ARP Cache at204m02 (10.1.0.90) > arp -a Net to Media Table: IPv4 Device IP Address Phys Addr ------ -------------------- ------------------ hme0 at_elan.lc3net 00:00:a2:cb:28:5e hme0 10.1.0.79 00:e0:cf:00:0e:92 hme0 at204m02 08:00:20:d8:e0:07 hme0 10.1.7.103 00:90:27:b6:b5:e5 hme0 10.1.0.139 00:e0:cf:00:15:bd CSC 382: Computer Security

  29. ARP Features Proxy ARP • Router can answer ARP requests on network B for a host on network A that doesn’t see broadcast. Gratuitous ARP • Host sends ARP for own IP address at boot. • No reply should be received. • Network misconfiguration if reply received. CSC 382: Computer Security

  30. IP Connectivity No Network • loopback only Single LAN • direct connectivity to hosts Single Router • Direct connectivity to local LAN • Other networks reachable through one router Multiple Routes to Other Networks CSC 382: Computer Security

  31. IP Routing CSC 382: Computer Security

  32. Routing Table Where to send an IP packet to? Use a table lookup: routing table Search Process: • Search for a matching host address. • Search for a matching network address. • Search for a default route. No route to destination: Host or network unreachable error if search fails. CSC 382: Computer Security

  33. Routing Table at204m02 (10.1.0.90) > netstat –rn Routing Table: IPv4 Destination Gateway Flags Ref Use Int ------------- -------------------- ----- ----- 10.1.0.0 10.1.0.90 U 1 4977 hme0 224.0.0.0 10.1.0.90 U 1 0 hme0 default 10.1.0.1 UG 1 66480 127.0.0.1 127.0.0.1 UH 6 798905 lo0 CSC 382: Computer Security

  34. Routing Table Destination: final destination host/network Gateway: next host in route to destination Flags U: Route is up G: Route is to a gateway (router) H: Route destination is a host (not a network) D: Route created by a redirect M: Route modified by a redirect CSC 382: Computer Security

  35. Routing Table 10.1.0.0 direct access to local subnet 224.0.0.0 multicast route default forward packets to router at IP 10.1.0.1 127.0.0.1 loopback CSC 382: Computer Security

  36. IP Routing Manual (static) routes Added with the route command. ICMP redirects can alter routes Router sends ICMP redirect when packet should’ve been sent to another router. Routing protocols Routers exchange routes with each other using special routing protocols. Full internet router tables contain ~30,000 routes. Source routing Sender includes routing info in packet header. CSC 382: Computer Security

  37. Red Hat Network Configuration • /etc/sysconfig/network • HOSTNAME=name of current host • GATEWAY=default route IP address • /etc/sysconfig/network-scripts/ifcfg-IFNAME • BOOTPROTO=dhcp|none • NETWORK=network address • NETMASK=subnet bitmask • IPADDR=IP address if BOOTPROTO=none CSC 382: Computer Security

  38. ICMP (Internet Control Message Protocol) Network layer protocol encapsulated in IP • Communicates error messages and exceptions. • Messages handled by either IP or TCP/UDP. CSC 382: Computer Security

  39. ICMP Message Types Type 0: echo (ping) reply Type 3: destination unreachable Type 4: source quench Type 5: redirect Type 8: echo (ping) request Type 9, 10: router advertisement, solicitation Type 11: time (TTL) exceeded Type 12: parameter (header) problem Type 13: timestamp Type 14: timestamp reply Type 15, 16: information request, reply CSC 382: Computer Security

  40. UDP: User Datagram Protocol Simple datagram transport layer protocol. Each application output generates one UDP datagram, which produces one IP datagram. Trades reliability for speed Sends datagrams directly to unreliable IP layer. 16-bit port numbers Identify sending and receiving processes. Applications DNS, SNMP, TFTP, streaming audio/video CSC 382: Computer Security

  41. UDP Header CSC 382: Computer Security

  42. UDP Example: TFTP Trivial File Transfer Protocol No authentication TFTP Session: sun16 > tftp at204m02 tftp> get readme.txt Received 1024 bytes in 0.2 seconds. tftp> quit CSC 382: Computer Security

  43. TFTP Packet Types Packet types • read a file (filename, ascii/binary) • write a file (filename, ascii/binary) • file data block • ACK • error CSC 382: Computer Security

  44. TFTP Packet Diagram CSC 382: Computer Security

  45. TFTP Session Trace at204m02 > snoop udp sun16 • 0.00000 sun16 -> at204m02 TFTP Read "2sun" (netascii) • 0.00498 at204m02 -> sun16 TFTP Data block 1 (512 bytes) • 0.00136 sun16 -> at204m02 TFTP Ack block 1 • 0.00010 at204m02 -> sun16 TFTP Data block 2 (300 bytes) (last block) 5 0.00119 sun16 -> at204m02 TFTP Ack block 2 CSC 382: Computer Security

  46. TFTP Security Feature: no username/password required TFTP used for diskless hosts to boot. How to protect /etc/passwd? Limit TFTP server filesystem access. Generally only can access /tftpboot directory. CSC 382: Computer Security

  47. TCP: Transmission Control Protocol Connection-oriented Must establish connection before sending data. 3-way handshake. Reliable byte-stream TCP decides how to divide stream into packets. ACK, timeout, retransmit, reordering. 16-bit source and destination ports. FTP(21), HTTP(80), POP(110), SMTP(25) CSC 382: Computer Security

  48. TCP Reliability • Breaks data into best-sized chunks. • After sending segment, maintains timer; if no ACK within time limit, resends segment. • Sends ACK on receipt of packets. • Discards pkts on bad checkum of header and data. • Receiver resequences TCP segments so data arrives in order sent. • Receiver discards duplicate segments. • Flow control: only sends as much data as receiver can process. CSC 382: Computer Security

  49. TCP Header CSC 382: Computer Security

  50. TCP Header • Sequence Number: 32-bit segment identifier. • Acknowledgment: next sequence number expected by sender of ACK • TCP is full duplex so both sides of connection have own set of sequence numbers • Header length: length of header in 32-bit words (20bytes default–60bytes w/ options) • Window size: number of bytes receiver is willing to accept (flow control) CSC 382: Computer Security

More Related