Presentation is loading. Please wait.

Presentation is loading. Please wait.

Android Network Stack and Enhancement (3G/WiFi, IPV4/IPV6, SIP/VoIP) Mar-11-2011 (Fri) Geunsik Lim (Nick: 인베인 ) leemgs.at.gmail.com blog.naver.com/invain.

Similar presentations


Presentation on theme: "Android Network Stack and Enhancement (3G/WiFi, IPV4/IPV6, SIP/VoIP) Mar-11-2011 (Fri) Geunsik Lim (Nick: 인베인 ) leemgs.at.gmail.com blog.naver.com/invain."— Presentation transcript:

1 Android Network Stack and Enhancement (3G/WiFi, IPV4/IPV6, SIP/VoIP) Mar (Fri) Geunsik Lim (Nick: 인베인 ) leemgs.at.gmail.com blog.naver.com/invain 본 문서는 비상업적 용도에 한해서 자유롭게 수정 및 재배포 가능하며, 자료출처를 명시해야만 합니다.

2 CONTENTS 1. Computer Network 2. Understanding Linux Network Internals 3. Network Terminology (3G/WiFi, IPV4/IPV6, SIP/VoIP) 4. Differences Between IPv4 and IPv6 5. Network Information Management on Android Phone 6. Traffic Monitoring using tcpdump/netstat (including DNS Resolver) 7. Android Phone Attack using structural vulnerability 8. Connections between Network Instruments and Android Platform 9. References 10. Conclusion 11. Appendix: Network Scheduler for QoS, Network App for Study Android Network Technology Session

3 3/38 7 th Korea Android Technical Conference (www.kandroid.org) What is Computer Network? A computer network, often simply referred to as a network, is a collection of computers and devices interconnected by communications channels that facilitate communications among users and allows users to share resources. A computer network allows sharing of resources and information among interconnected devices. * Source: wikipedia

4 4/38 7 th Korea Android Technical Conference (www.kandroid.org) Overlay Network IP Layer SONET/SDH Layer Optical Layer Site Layer An overlay network is a virtual computer network that is built on top of another network. Nodes in the overlay are connected by virtual or logical links, each of which corresponds to a path, perhaps through many physical links, in the underlying network. For example, many peer-to-peer networks are overlay networks because they are organized as nodes of a virtual system of links run on top of the Internet. The Internet was initially built as an overlay on the telephone network.

5 5/38 7 th Korea Android Technical Conference (www.kandroid.org) Overview of Network Stack TCP/IP Models (4Layer) Application (SIP, HTTP, FTP, DNS, DHCP, IMAP, SMTP, SSH, XMPP, RTP, RTSP, H323) Transport (TCP/UDP) Internetwork (IPv4,IPv6, ICMP, IGMP, ARP) Link Layer or Host-to- network (Ethernet,Token Ring) Message Segment Datagram/ Packet Frame The OSI model remains an important reference point for networking discussions even though it never took off for a variety of reasons. The TCP/IP model covers most of the protocols used by computers today. Application Network Process to Application Presentation Data Representation & Encryption Session Internet Communication Transport End-to-End Connections a& Reliability Network Path Determination & Logical Addressing(IP) Physical Media, Signal and Binary Transmission data frames bits packets Data link Physical Addressing (MAC & LLC) segments Data unit Layers Host Layers Media Layers OSI Model (7Layer) Data unit Layers

6 6/38 7 th Korea Android Technical Conference (www.kandroid.org) As we have seen, each layer provides a variety of protocols. Each protocol is handled by a different set of kernel functions. Thus, as the packet travels back up the stack, each protocol must figure out which protocol is being used by the next-higher layer, and invoke the proper kernel function to handle the packet. Headers compiled by layers: (a...d) on Host X as we travel down the stack; on Router RT X. /web/site1.html Src port=5000 Dst port=80 Src IP= Dst IP= Transport Protocol=TCP Src IP=00:20:e1:77:00:02 Dst IP=00:21:e6:32:00:01 Internet Protocol /web/site1.html Src port=5000 Dst port=80 Src IP= Dst IP= Transport Protocol=TCP /web/site1.html Src port=5000 Dst port=80 /web/site1.html Link Layer Payload Network Layer Payload Transport Layer Payload Link Layer Header Network Header Transport Header Message ABCDABCD Understanding Linux Network Internals  Combination of each layer by kernel functions

7 7/38 7 th Korea Android Technical Conference (www.kandroid.org) Understanding Linux Network Internals  Android Linux Networking Architecture Application Layer(INET) Berkeley Socket Interface Protocol Layer Network Device Driver Interface/ queuing Discipline Physical Device Driver Physical Device and Media User space Kernel space PF_INET Device Drivers Link BSD Socket Interface PF_INET PING TELNET tftptcpdump PF_PACKET dev_queue_xmit Neighboring UDPTCP..... L4 L3(ptype_base) IPV4 ARP… Network Transport Application User space Kernel space

8 8/38 7 th Korea Android Technical Conference (www.kandroid.org) Understanding Linux Network Internals  /proc files used by the IPv4 routing subsystem error_burst error_cost flush gc_elasticity gc_interval gc_min_interval_ms gc_thresh gc_timeout min_delay max_delay max_size min_adv_mss min_pmtu mtu_expires redirect_load redirect_number redirect_silence secret_interval accept_redirects accept_source_route forwarding mc_forwarding rp_filter secure_redirects send_redirects log_martians / proc sys net Ipv4/v6 conf route net all default wlan0lormnet0 ip_forward icmp_echo_ignore_boradcasts route rt_acct rt_cache ip_mr_cache ip_mr_vif stat rt_cache inet_init inetdev_init ip_rt_init ip_mr_init fib_proc_init devinet_init

9 9/38 7 th Korea Android Technical Conference (www.kandroid.org) The device driver stores in the net_device structure the time its most recent frame was received, and netif_rx stores the time the frame was received in the buffer itself. The local CPU ID is needed to retrieve the data structure associated with that CPU in a per-CPU vector, such as the following code in netif_rx: queue = &_ _get_cpu_var(softnet_data); Understanding Linux Network Internals  CPU's ingress queues rmnet0rmnet1Rmnet n DMADone RxComplete... CPU 1CPU 0 softnet_data input_pkt_queuecompletion_queue net_dev_max_backlog (300) input_pkt_queue completion_queue...

10 10/38 7 th Korea Android Technical Conference (www.kandroid.org) 3G: 3 세대 이동통신 기술 ( 아날로그 셀룰러폰이 1 세대, 디지털 PCS 가 2 세대이다.) 을 위한 ITU 규격이다. 3G 는 장치가 정지해 있거나 또는 걷는 정도의 속도로 움직일 때에는 최고 384 Kbps 까지, 그리고 차에서는 128 Kbps, 그리고 고정 장착되어 있는 경우에는 2Mbps 까지 전송 속도를 높일 수 있다. Wi-Fi: 무선 이더넷 호환성 협회 즉, WECA 에서 b 무선 이더넷 표준에 대해 제공하고 있는 로고이다. 호환성을 가진 PC 카드 및 컴퓨터는 Wi-Fi 로고를 사용할 수 있다. WECA 의 임무는 Wi-Fi 제품의 상호 운용 성을 보증하고, Wi-Fi 가 전 세계의 무선랜 표준이 되도록 추진하는데 있다. (/system/etc/apns-conf.xml ) IPv4(Internet Protocol version 4): Internet Protocol 4 번째 판이며, 전 세계적으로 사용된 첫 번째 인터넷 프 로토콜이다. IETF RFC 791(1981 년 9 월 ) 에 기술되어 있다. IPv4 는 패킷 교환 네트워크 상에서 데이터를 교 환하기 위한 프로토콜이다. IPv6(Internet Protocol version 6): Internet Protocol 스택 중 네트워크 계층의 프로토콜로써 version 6 Internet Protocol 로 제정된 차세대 인터넷 프로토콜 을 말한다. IPv6 와 기존 IPv4 사이의 가장 큰 차이점은 바 로 IP 주소의 길이가 128 비트로 늘어 났다는 점이다. VoIP (Voice over IP): IP 를 사용하여 음성정보를 전달하는 일련의 설비들을 위한 IP 전화기술이다. 기존 IP 네트웍을 그대로 활용해 전화서비스를 통합 구현함으로써 전화 사용자들이 시내전화 요금만으로 인터넷, 인트라넷 환경에서 시외 및 국제전화 서비스를 받을 수 있음. (H.323, SIP, RTP, SDP, IMS, MGCP) SIP(Session Initiation Protocol): IETF 에서 정의한 시그널링 프로토콜로 음성과 화상 통화 같은 멀티미디어 세션을 제어하기 위해 널리 사용되며, 하나 이상의 참가자들이 함께 세션을 만들고, 수정하고 종료할 수 있게 한다. (2002 년 7 월 RFC 3261 표준 ) 3G/WiFi, IPV4/IPV6, SIP/VoIP

11 11/38 7 th Korea Android Technical Conference (www.kandroid.org) Differences Between IPv4 and IPv6 1/2 The IPv4 address space is 2^32, or 4,294,967,296, possible addresses (a little over 4 billion). In contrast, the IPv6 address space is 2^128, or 340,282,366,920,938,463,463,374,607,431,768,211,456 (3.4 × 10^38) possible addresses. IPv6 Internet IPv6 Internet IPv4 Internet IPv4 Internet IPv6 host IPv6 host Native IPv6 6to4 Server/relay 6to4 Server/relay 6to4 tunnel 6to4 router IPv6 island Native IPv6 6to4 tunnel

12 12/38 7 th Korea Android Technical Conference (www.kandroid.org) Differences Between IPv4 and IPv6 2/2 40 Octets 20 Octets Destination Address Source Address Payload Length Next Header Hop Limit Flow Label Version Traffic Class OptionsPadding Destination Address Source Address Time to Live Protocol Header Checksum Identification Flags Fragment Offset Total Length Version IHL Type of Service Field’s name kept from IPv4 to Ipv6 Field not kept in IPv6 Name and position changed in IPv6 New field in IPv6 Payload Upper Layer Hop by HopMain header IN H/W Engine Out Process the Hop-by-Hop EH Process the Hop-by-Hop EH CPU Router Network Scheduler LEGEND * IHL: internet header length * Details: RFC3697

13 13/38 7 th Korea Android Technical Conference (www.kandroid.org) Android Manifest.{permission | permission_group} for Network TypeNameDescription StringACCESS_NETWORK_STATEAllows applications to access information about networks StringACCESS_WIFI_STATEAllows applications to access information about Wi-Fi networks StringCHANGE_NETWORK_STATEAllows applications to change network connectivity state StringCHANGE_WIFI_MULTICAST_ STATE Allows applications to enter Wi-Fi Multicast mode StringCHANGE_WIFI_STATEAllows applications to change Wi-Fi connectivity state StringINTERNETAllows applications to open network sockets. StringUSE_SIPAllows an application to use SIP service StringRECORD_AUDIOAllows an application to record audio * Source: Android Manifest.permission_group for Network TypeNameDescription StringNETWORKUsed for permissions that provide access to networking servic es. Android Manifest.permission for Network

14 14/38 7 th Korea Android Technical Conference (www.kandroid.org) How to Get Network Information ( 1/3) Collect network information with Connectiovity Manager (android.net.ConnectivityManager) Permission - manifest.xml Method to get Network Info public int getNetworkInfo() { int result = 3; ConnectivityManager connectivityManager; NetworkInfo networkInfo; connectivityManager = (ConnectivityManager) this.getSystemService(Context.CONNECTIVITY_SERVICE); networkInfo = connectivityManager.getActiveNetworkInfo(); if (networkInfo == null) { result = 2; } else { if (networkInfo.getType() == 0) result = 0; // 3G MOBILE else result = 1; // WIFI NETWORK } return result; }

15 15/38 7 th Korea Android Technical Conference (www.kandroid.org) How to Get Network Information ( 2/3) Method to get WiFi Information public void getWifiInfo() { WifiManager wifimanager; wifimanager = (WifiManager) getSystemService(Context.WIFI_SERVICE); WifiInfo info = wifimanager.getConnectionInfo(); String ssid = info.getSSID(); tvWifi.setText("SSID : " + ssid ); currwifi = "SSID : " + ssid; if (!currwifi.equals(prevwifi)) { strwifi = strwifi + "SSID : " + ssid + "\n"; prevwifi = currwifi; } tvWifi.setText(strwifi); } * WiFiManager wifi = (WifiManager) getSystemService(WIFI_SERVICE); * DhcpInfo info = wifi.getDhcpInfo(); * SSID: Service Set IDentifier

16 16/38 7 th Korea Android Technical Conference (www.kandroid.org) How to Get Network Information ( 3/3) Method to get SIP/VoIP Information according to SipManager (on Gingerbread) public static SipManager newInstance(Context context) { return (isApiSupported(context) ? new SipManager(context) : null); } private SipManager(Context context) { mContext = context; createSipService(); } private void createSipService() { IBinder b = ServiceManager.getService(Context.SIP_SERVICE); mSipService = ISipService.Stub.asInterface(b); Permission - manifest.xml public SipAudioCall makeAudioCall (SipProfile localProfile, SipProfile peerProfile, SipAudioCall.Listener listener, int timeout) throws SipException { SipAudioCall call = new SipAudioCall(mContext, localProfile); call.setListener(listener); SipSession s = createSipSession(localProfile, null); … call.makeCall(peerProfile, s, timeout); return call; } * SipAudioCall * SipManagerCreation

17 17/38 7 th Korea Android Technical Conference (www.kandroid.org) *#*#4636#*#* for general settings like GSM/CDMA - IMEI (International Mobile Equipment Identity) - Phone number (if known) - Current network - Ping test - Signal strength - Location (signal latency & Cell ID) - Neighboring Cell IDs - Roaming state - GSM service status - GPRS service status - Current network type - Message waiting status - Call redirect status - Call status *#*#8255#*#* for Gtalk service monitor - Google Talk host address & port - Your Google JID (presumably Jabber ID, as GTalk is based on Jabber IRC) - Your Device ID (presumably hashed from something) - GTalk connection status - GTalk heartbeat status Hidden Secret Code IMEI

18 18/38 7 th Korea Android Technical Conference (www.kandroid.org) Network Protocols for Android * RAW protocol: This protocol is one of the common computer languages that documents are translated into and then sent to a networked printer. The printer interprets the protocol and prints the document.

19 19/38 7 th Korea Android Technical Conference (www.kandroid.org) Traffic Monitoring using tcpdump 1/2 Cross Compiling tcpdump source on Linux Distribution Get the latest source for libpcap and tcpdump from 1. Compile libpcap source rhel6$> tar zxvf libpcap tar.gz rhel6$> cd libpcap-1.1.1/ rhel6$> CC=arm-kandroid-gcc ac_cv_linux_vers=2./configure --host=arm-linux -- with-pcap=linux rhel6$> make 2. Compile tcpdump source rhel6$> cd.. rhel6$> tar zxvf tcpdump tar.gz rhel6$> cd tcpdump-4.1.1/ rhel6$> CC=arm-kandroid-gcc ac_cv_linux_vers=2./configure --host=arm-linux -- with-pcap=linux rhel6$> vi./Makefile a. remove the -O2 flag and add the -static flag to the linker (LD_FLAGS += -static) b. If you get the following error: undefined reference to `__isoc99_sscanf‘, add #define _GNU_SOURCE in the faulty.c files. rhel6$> make

20 20/38 7 th Korea Android Technical Conference (www.kandroid.org) Traffic Monitoring using tcpdump 2/2 3. Copy to the android-rootfs based on NFS rhel6$> sudo cp tcpdump /opt/android-rootfs/ 4. Run tcpdump rhel6#us> sudo./adb devices ????????????no permissions rhel6#us> sudo./adb kill-server rhel6#us> sudo./adb shell android#> cd /data/local android#> chmod 777 tcpdump-arm android#>./tcpdump-arm -i rmnet0 not port 23 (ignoring telnet traffic on port 23)

21 21/38 7 th Korea Android Technical Conference (www.kandroid.org) Android market - Search – Download “Shark for Root (native)” software Tcpdump source in Android Official Repository #> vi./mydroid-froyo/.repo/manifest.xml./out/target/product/harmony/obj/EXECUTABLES/tcpdump_intermediates/tcpdump./out/target/product/harmony/obj/EXECUTABLES/tcpdump_intermediates/LINKED/tcpdump./out/target/product/harmony/symbols/system/bin/tcpdump./out/target/product/harmony/system/xbin/tcpdump Git Repository manifest Binary Files Android App

22 22/38 7 th Korea Android Technical Conference (www.kandroid.org) rhel6$> adb shell tcpdump -i any -p -s 0 -w /sdcard/data.pcap... do whatever you want to capture, then “Ctrl+C” to stop it... rhel6$> adb pull /sdcard/data.pcap. rhel6$> sudo yum install wireshark # or ethereal, if you're still old version rhel6$> wireshark./capture.pcap # or ethereal... look at your packets and be wise... Network Monitoring with wireshark on Host PC 1/3 OptionDescription -i any listen on any network interface -pdisable promiscuous mode (doesn't work anyway) -s 0capture the entire packet -wwrite packets to a file (rather than printing to stdout)

23 23/38 7 th Korea Android Technical Conference (www.kandroid.org) Network Monitoring with wireshark on Host PC 2/3

24 24/38 7 th Korea Android Technical Conference (www.kandroid.org) Utilize Shark for Root / Shark Reader software locally on Android Phone. Network Monitoring with wireshark on Host PC 3/3

25 25/38 7 th Korea Android Technical Conference (www.kandroid.org) * Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node PID/Program name Path unix 2 [ ACC ] STREAM LISTENING /qmuxd /data/radio/qmux_connect_socket unix 2 [ ACC ] STREAM LISTENING /com.kt.iwlan /data/data/com.kt.iwlan/sock_kaf unix 2 [ ] DGRAM /lgospd /data/misc/lgosp/ipc_diag unix 2 [ ] DGRAM /com.kt.wifisv /data/misc/wifi/kaf/kafif_svr unix 2 [ ] DGRAM /com.lge.osp /data/misc/lgosp/ipc_usbctrl unix 2 [ ] DGRAM /com.lge.osp /data/misc/lgosp/ipc_usbdata unix 2 [ ] DGRAM /lgospd /data/misc/lgosp/ipc_fs_access unix 2 [ ] DGRAM /com.lge.osp /data/misc/lgosp/ipc_gr * * * * * Middle Omission * * * * * unix 2 [ ] STREAM /app_process unix 3 [ ] STREAM CONNECTED /adbd unix 3 [ ] STREAM CONNECTED /adbd unix 3 [ ] STREAM CONNECTED /rild /dev/socket/rild unix 3 [ ] STREAM CONNECTED /com.android.ph unix 3 [ ] STREAM CONNECTED /zygote /dev/socket/zygote unix 3 [ ] STREAM CONNECTED /system_server unix 3 [ ] STREAM CONNECTED /lgesystemd /dev/socket/lgesystemd unix 3 [ ] STREAM CONNECTED /system_server unix 3 [ ] STREAM CONNECTED /vold /dev/socket/vold unix 3 [ ] STREAM CONNECTED /system_server unix 3 [ ] STREAM CONNECTED /netd /dev/socket/netd unix 3 [ ] STREAM CONNECTED /system_server unix 3 [ ] STREAM CONNECTED /dbus-daemon /dev/socket/dbus unix 3 [ ] STREAM CONNECTED /system_server unix 3 [ ] STREAM CONNECTED /installd /dev/socket/installd unix 3 [ ] STREAM CONNECTED /system_server unix 2 [ ] DGRAM /system_server unix 3 [ ] STREAM CONNECTED /qmuxd /data/radio/qmux_connect_socket unix 3 [ ] STREAM CONNECTED /dbus-daemon unix 3 [ ] STREAM CONNECTED /dbus-daemon unix 2 [ ] DGRAM /lgospd unix 2 [ ] DGRAM /lgospd unix 2 [ ] DGRAM /lgospd unix 3 [ ] STREAM CONNECTED 924 1/init unix 3 [ ] STREAM CONNECTED 923 1/init Unix Socket Connection Information

26 26/38 7 th Korea Android Technical Conference (www.kandroid.org) Network Monitoring with netstat command 1/2 /sys/class/net/ /address /sys/class/net/ /statistics/{rx|tx}_packets /proc/net/dev RMNetslow, broken data but reliable connection PPP(point-to-point protocol)fast, high speed data but somewhat unstable connection RMNET(Mobile network interface in Linux kernel-speak) is what Google use for Android to connect to the internet to transmit the message to the MMSC server. The interface names "rmnet0”correspond respectively to EDGE/3G and Wi-Fi.

27 27/38 7 th Korea Android Technical Conference (www.kandroid.org) Network Monitoring with netstat command 2/2 cat /proc/devices cat /proc/meminfo cat /proc/mounts cat /proc/net/arp cat /proc/net/if_inet6 cat /proc/net/ipv6_route cat /proc/net/route cat /proc/net/wireless cat /proc/version df -ah getprop dalvik.vm.execution-mode getprop dalvik.vm.heapsize getprop gsm.version.baseband getprop ro.build.fingerprint getprop ro.product.version getprop ro.sf.lcd_density ifconfig -a ip -f inet6 addr ip -f inet6 route show ip addr ip route show lsmod netcfg netstat -apnW netstat -rpnW ps route -A inet6 -n route -n uname -a Under the Hood of App Inventor for Android

28 28/38 7 th Korea Android Technical Conference (www.kandroid.org) DNS Resolver (RFC 3484 ) 2/2 * RFC * ANDROID-RFC "RFC 3484 support for Android", 2010, Bionic uses a NetBSD-derived resolver library which has been modified in the following ways: 1. don't implement the name-server-switch feature (a.k.a. ) 2. read /system/etc/resolv.conf instead of /etc/resolv.conf (./bionic/libc/netbsd/net/getaddrinfo.c) 3. read the list of servers from system properties(getprop/setprop). the code looks for 'net.dns1', 'net.dns2', etc.. Each property should contain the IP address of a DNS server. These properties are set/modified by other parts of the Android system (e.g. the dhcpd daemon). The implementation also supports per-process DNS server list, using the properties 'net.dns1. ', 'net.dns2. ', etc... Where stands for the numerical ID of the current process. 4. when performing a query, use a properly randomized Query ID (instead of a incremented one), for increased security. 5. when performing a query, bind the local client socket to a random port for increased security. 6. get rid of *many* unfortunate thread-safety issues in the original code * Sources: Android Official Repository

29 29/38 7 th Korea Android Technical Conference (www.kandroid.org) DNS Resolver (RFC 3484 ) 2/2 # getprop [ro.secure]: [1] [ro.allow.mock.location]: [0] [ro.debuggable]: [0] [persist.service.adb.enable]: [1] [ro.factorytest]: [0]..... Middle Omission [net.dns1]: [ ] [net.dns2]: [ ] [gsm.current.phone-type]: [1] [gsm.operator.numeric]: [22110] [gsm.operator.alpha]: [Kandroid Broadband IT] [gsm.operator.iso-country]: [it] [gsm.operator.isroaming]: [false] [gsm.version.baseband]: [ H_ ] [EXTERNAL_STORAGE_STATE]: [mounted] [gsm.network.type]: [UMTS] [gsm.data.network.type]: [UMTS] [gsm.sim.change]: [false] [gsm.cb.max.channel]: [15]

30 30/38 7 th Korea Android Technical Conference (www.kandroid.org) PORT STATE SERVICE 21/tcp filtered ftp 22/tcp filtered ssh 23/tcp filtered telnet 79/tcp filtered finger 80/tcp filtered http 135/tcp filtered msrpc 137/tcp filtered netbios-ns 138/tcp filtered netbios-dgm 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds 707/tcp filtered unknown 903/tcp filtered iss-console-mgr 1025/tcp filtered NFS-or-IIS 1433/tcp filtered ms-sql-s 1521/tcp filtered oracle 3306/tcp filtered mysql 3389/tcp filtered ms-term-serv 4444/tcp filtered krb /tcp filtered UPnP 5900/tcp filtered vnc 6101/tcp filtered VeritasBackupExec 6667/tcp filtered irc 8080/tcp filtered http-proxy 17300/tcp filtered kuang2 KRNIC /APNIC. [ ISP Organization Information ] Org Name : Korea Android Freetel Corp. Service Name 7THWING Org Address : seoul-city kandroid-dong Org Detail Address: 306 [ ISP IPv4 Admin Contact Information ] Name : HONG, GILDONG Phone : [ ISP IPv4 Tech Contact Information ] Name : HONG, GILDONG Phone : [ ISP Network Abuse Contact Information ] Name : YANG, DEOLPOOL Phone : Case Study: Android Phone Attack with DDoS 1/2 PING-based Distributed Denial of Service (DDoS) attacks while true; do ping -l s 10 -f xx.xx & ; sleep 2; done & 05:26: IP > : ICMP echo request, id 51001, seq 45, length 64 05:26: IP > : ICMP echo reply, id 51001, seq 45, length 64 05:26: IP > : ICMP echo request, id 51001, seq 46, length 64 05:26: IP > : ICMP echo reply, id 51001, seq 46, length 64 05:26: IP > : ICMP echo request, id 51001, seq 47, length # for CPU Load 100% XXX.XXX (rmnet0) rcvbuf is not enough to hold preload  OOM Demo:

31 31/38 7 th Korea Android Technical Conference (www.kandroid.org)  DDoS Attacks (Distributed Denial-of-Service Attack): 분산되어 있는 다수의 시스템들이 하나의 표적 시스템을 공격하여 DoS [e.g :crash, halt, freeze] 를 발생시키는 공격기법 1. Buffer OverFlow(BOF) Attack: 컴퓨터의 한정된 메모리 공간과 처리속도 문제를 이용한 OverFlow 공격 기법 2. SYN Flooding: Three-Way Hand Shaking 연결에서 표적시스템의 응답에 침묵을 하는 방법 3. UDP Flooding: 공격자가 서비스를 수신할 IP 주소를 표적 시스템의 IP 주소로 변경하여 Traffic 과부하 방법 4. Smurf Attack : 공격자가 Src IP 주소를 표적시스템의 IP 주소로 바꾸어 ICMP Echo broadcast 하여 Traffic 과부하 발생시키는 방법 5. Teardrop Attack: 눈물방울공격으로 불리며, 대량의 패킷을 아주 작은 조각으로 분리하여 전송하여 수신측에서 패킷을 재조립하는 과정에서 패킷 순서정보에 대한 결합 로드를 주어 시스템 다운 공격 방법 (http://www.ietf.org/rfc/rfc3128.txt) Case Study: Android Phone Attack with DDoS 2/2

32 32/38 7 th Korea Android Technical Conference (www.kandroid.org) Connections between Network and Android  Network Instruments-based Android Diagram WiFi package (android.n et.wifi) VPN Package (android.n et.vpn) SIP Package (android.net.sip) SIP Stack (NIST-SIP) RTP Package (android.net.rtp) RTP Package (android.net.rtp) JNI RTP(C++) Telephony.SIP Package (com.android.internal.telephony.sip) System/Functional Libraries Application Framework Application Phone APK Phone APK SIP (Setting/Receiver/Caller) Dialer Phone App NetworkAudio/Video bionic (framework/base/voip/java/android/net) external/nist-sip/* /com/android/phone/sip (arpa/inet) Setting (WiFi/VPN) Setting (WiFi/VPN) /com/android/settings/

33 33/38 7 th Korea Android Technical Conference (www.kandroid.org) Connections between Network and Android  SIP Architecture PSTN SoftPhone User SIP Phone Phone RADIUS Server (FreeRADIUS) Directory (OpenLDAP) SIP proxy/registrar IPBX PBX (private branch exchange) SIP-PSTN Gateway Access router kandroid’s network internet

34 34/38 7 th Korea Android Technical Conference (www.kandroid.org) SIP Proxy LAN IP PBX IP Phone Signaling Voice Stream Connections between Network and Android  SIP Connection Flow SIP/SDP INVITE SIP ACK SIP: BYE Status: 200OK RTP/RTSP Stream Status: 200OK Status: 100 Trying Status: 183 Session Progress SIP Phone ASIP Phone B

35 35/38 7 th Korea Android Technical Conference (www.kandroid.org) Connections between Network and Android  Session and Audio Control SIP Manager SIP AUDIO Call SIP Session Simple Session Description Audio Stream (RTP Stream Inheritance) Audio Group Audio Codec android.net.sip android.net.rtp Audio control SDP SIP Session Management SIP Object Creation & Call API Service SipService SipSessionGroup SipHelper SipStack SipSessionSipAudioCall SimpleSession Descriptioin SipBroadCase Receiver SipPhoneFactory SipPhone SipCall SipConnection SipAudioCallLi stener action_sip_ad d_profile SIP Manager PhoneFactory RTP Creating a SIP Manager Making an Audio Call Receiving Calls Classes and Interfaces Registering with a SIP Server Initiating SIP sessions. Initiating and receiving calls. Registering and unregistering with a SIP provider. Verifying session connectivity.

36 36/38 7 th Korea Android Technical Conference (www.kandroid.org) Conclusion 1.Many peer-to-peer networks are overlay networks because they are organized as nodes of a virtual system of links run on top of the Internet. 2.The device driver stores in the ‘net_device’ structure the time its most recent frame was received, and ‘netif_rx’ stores the time the frame was received in the buffer itself. 3.We can manipulate to understand a lot of packets among the android mobile phone with tcpdump / wireshark. Utilize Shark for Root / Shark Reader software locally on Android Phone. 4.RMNET is what Google use for Android to connect to the internet to transmit the message. 5.Bionic uses a NetBSD-derived resolver(RFC3484) library which has been modified for mobile platform. 6.Android 2.3(API level 9) Provides access to Session Initiation Protocol (SIP) functionality, such as making and answering VOIP calls using SIP. To control how Android Market filters your application from devices that do not support SIP, remember to add the following to the application's manifest. RMNetslow, broken data but reliable connection PPP(point-to-point protocol)fast, high speed data but somewhat unstable connection

37 37/38 7 th Korea Android Technical Conference (www.kandroid.org) How to reduce Google mail content ? Actually Google mail client of android phone read too many network packet ( e.g: imap header, imap body, images, linked contents) To reduce the contents of packet ASAP for good network traffic, We have to consider lighet-weight mail client directly with only imap header ). Whenever we find new wireless network address(APN) because of movement of the users, Why do we always repeat load/unload sequence of wireless kernel module for WiFi? Think best behavior of kernel functions for effective battery saving and performance improvement. Our phone acquired too many network protocols, For example, We don't need unnecessary network protocol like RAW. Do we always wait for the connection completion of WiFi over 5seconds at New street? We have to find improved approach for the fast connection with tiny DNS resolver and Weighted based APN sorting Think Time for Healthy Network Traffic

38 38/38 7 th Korea Android Technical Conference (www.kandroid.org) 1.TCP/IP Illustrated Book - Volume 1: The Protocols, Addison-Wesley, Volume 2: The Implementation, Addison-Wesley, Volume 3: TCP for Transactions, HTTP, NNTP, and the UNIX Domain Protocols, Addison-Wesley, UNIX Network Programming Book - Volume 1, Second Edition: Networking APIs: Sockets and XTI, Prentice Hall, Volume 2, Second Edition: Interprocess Communications, Prentice Hall, Android Developers Google Groups, 4.D. Andersen, H. Balakrishnan, M. Kaashoek, and R. Morris. Resilient Overlay Networks. In Proc. ACM SOSP, Oct "Basic Components of a Local Area Network (LAN)". NetworkBits.net. Retrieved Android Developer Document, - android.net - android.net.sip - android.net.wifi - SIP Demo 7.Understanding Linux Network Internals. Author: Christian Benvenuti. Publisher: O'Reilly. 8.XDA Forums, References

39 39/38 7 th Korea Android Technical Conference (www.kandroid.org) Any Questions?

40 40/38 7 th Korea Android Technical Conference (www.kandroid.org) Appendix: The WRR network scheduler for Linux WRR(Weighted Round Robin) is a network scheduling module for Linux written by Christian Worm Mortensen. It has the ability to shape an internet connection without buying some expensive QoS solution from the ISP. It can even run on the firewall; thus making more efficient use of the firewall machine. WRR worked on 2.4 kernels from and newer and on most (if not all) 2.6 kernels until If you need similar traffic shaping for or later, consider using DRR (Deficit Round Robin) which has similar (but not identical) functionality. I have not yet myself switched to DRR so I will not (currently) provide any guidelines. ☞ release This release is for (tested). It will not work for older kernels. If you need support for older kernels, please use an older release below. It contains no new features but contains a one-line fix for an API change in Please do not try unless you are brave as it seems to have compatibility issues. Jabber: IRC: M0ffe at freenode, Undernet and Slashnet.

41 41/38 7 th Korea Android Technical Conference (www.kandroid.org) Appendix: Open Source based Applications 1/2 labs/wiki/NetMeter NetMeter allows to trouble-shoot performance problems by letting the user see network and CPU usage over time. NetCounter is a network traffic counter for the Android platform. GPLv3 license # for Proxy-based network users invain$sl6> vi ~/.subversion/servers [global] http-proxy-host = http-proxy-port = 8080

42 42/38 7 th Korea Android Technical Conference (www.kandroid.org) Android network tester ester/ Fast Network Tester for Android Appendix: Open Source based Applications 2/2 Free SIP/VoIP client for Android (GPLV3) Autorization Username : your-iptel-ID Password : your-iptel-pass Server of Proxy : sip.iptel.org Domain : iptel.org Port : 5060(default) Protocol : UDP(default) sip: sip:


Download ppt "Android Network Stack and Enhancement (3G/WiFi, IPV4/IPV6, SIP/VoIP) Mar-11-2011 (Fri) Geunsik Lim (Nick: 인베인 ) leemgs.at.gmail.com blog.naver.com/invain."

Similar presentations


Ads by Google