OSI Model Routing Connection-oriented/Connectionless Network Services
Source Destination Application Layer Presentation Layer Session Layer Transport Layer Network Layer Data Link Layer Physical Layer Application Layer Presentation Layer Session Layer Transport Layer Network LayerData Link Layer Physical Layer Network
7 - Application Layer 6 - Presentation Layer 5 - Session Layer 4 - Transport Layer 3- Network Layer 2 - Data Link Layer 1- Physical Layer Supports transmission from services Uses: ftp, NFS, telnet Unit: message Provides data translation Uses: encryption, compression Unit: message Maintains connectivity until task completion Uses: RPC, netBIOS Unit: message Partitions/reconstructs message Uses/standards: TCP, UDP Unit: segment Delivers from logical device to logical device Uses/standards: IP, IPX, Appletalk Unit: packet Delivers from physical device to device Uses/standards: Ethernet, FDDI, T1 Unit: frame Transmits raw data through net equipment Uses/standards: RS-232, Unit: bit IDS firewall router bridge switch repeater
Source: receive frame from data link transmit as raw bits Wires & connections Signal levels Repeaters and hubs (amplifiers/splitters) Frame stupid
Logical link control Destination: checks frames for integrity reconstruct packet from frame(s) Media Access Control (MAC) addresses Bridges and switches (connect by MAC) Source: wraps packet within a frame forward frame to physical layer
Frame preamble 8 bytes to establish start of communication header 14 bytes including source MAC, destination MAC, frame length, frame type data (payload) 46 to 1500 bytes CRC 4 byte cyclic redundancy check MAC address - 6 bytes this machine: 00:0d:93:87:80:10 broadcast:
Packets find their way through the network Destination: packets received only if the logical device address matches the packet strip away frame header & CRC Routers select network path based on logical address of destination Source: wraps segment into a packet packet must contain network (IP) address
Bridges vs. Routers An IPv4 address consists of 4 octets. The range of an octet is 0 through 255. Class1st OctetSubnet MaskAvailable Addresses A B C D reserved for broadcast
Handles message partitioning/reconstructing Destination: gathers together segments identified by their sequence numbers Examples: TCP - Transport Control Protocol UDP - User Datagram Protocol SPX - for IPX ATP - for AppleTalk Source: accepts message from session layer partitions message into sequence of segments (will fit into frame)
Maintains the complete “conversation” Destination: listens & directs from port to service maintains service integrity (e.g. directing to proper window of web browser) Source: attaches proper port address performs encryption/decryption if needed. note: headers are added later so not encrypted typical services: SNMP, FTP, telnet, SMTP
A router connects logical networks. Its purpose is to route packets between subnets. Routing is performed according to routing tables. Four types of routers static distance vector link state label switching
Static Routing The routing table is manually configured. simple efficient routing good security (if properly configured) requires the most maintenance Distance Vector Routing The table is built from Routing Information Protocol. oldest, most popular, routing tables rely upon “advertised” hop information distance vector used to determine “best” routes vulnerable to spoofing
Link State Routing The table is built from Link State Protocol. LSP sends actual hop data. LSP frames can be requested from other routers uses some authentication (password & MD) Label Switching Routing The table is built from Multiprotocol Label Switching MPLS faster by permitting by using MAC packets include label(s) of routing info route efficiency (not just hop count) is used standards?
An issue of transport layer “etiquette” Parties must “shake hands” before communicating. TCP handshake Connection-oriented source dest. syn =, ack = syn flood attack Q: How could a firewall block incoming traffic & still allow acks? A:
Port/protocolServicePurpose 20 / tcpftp datatransfers file content 21 / tcpftptransfers ftp commands 22 / tcpsshsecure shell (remote access) 23 / tcptelnetremote computer login 25 / tcpsmtp delivery 43 / tcpwhoisInternet domain lookup 80 / tcphttpweb browser 110 / tcppoppop service 119 / tcpnntpnetwork news 143 / tcpimapimap service 161 / udpsnmpremote system management 443 / tcpsslsecure socket layer (tunnel) 445 / tcpsmbMS network file system 593 /tcpMS- RPC MS remote procedure call 1433 / tcpMS-SQLMS SQL server 1521OracleOracle SQL server Ports statically assigned Ports upper ports can be dynamically assigned Vulnerability: dynamic port assignment A defense:
7 - Application Layer 6 - Presentation Layer 5 - Session Layer 4 - Transport Layer 3- Network Layer 2 - Data Link Layer 1- Physical Layer OSI Model TCP/IP Protocols HTTPFTPTelnet TCP UDP Ethernet radio packet point- to-point IP