Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Internet! Layers, TCP, UDP, IP DDoS Reflection Attacks IPSEC, ARP

Published byAntony Davis Modified over 6 years ago

Similar presentations

Presentation on theme: "The Internet! Layers, TCP, UDP, IP DDoS Reflection Attacks IPSEC, ARP"— Presentation transcript:

1 The Internet! Layers, TCP, UDP, IP DDoS Reflection Attacks IPSEC, ARP
Sharon Goldberg CS558 Boston University Spring 2015 Most slides and images borrowed from others.

2 Internet Infrastructure
ISP ISP ISP Local and interdomain routing TCP/IP for routing and messaging BGP for routing announcements Domain Name System Find IP address from symbolic name ( Based on slides from CS155 at Stanford

3 Based on slides from CS155 at Stanford
TCP Protocol Stack Application protocol Application Application TCP protocol Transport Transport Port # IP addresses MAC address Network IP protocol IP IP protocol Network Link Network Access Link Data Link Data Link Based on slides from CS155 at Stanford

4 Data Formats Based on slides from CS155 at Stanford TCP Header
Application Application message - data message Transport (TCP, UDP) segment TCP data TCP data TCP data Network (IP) packet IP TCP data Link Layer frame ETH IP TCP data ETF IP Header Link (Ethernet) Header Link (Ethernet) Trailer Based on slides from CS155 at Stanford

5 Source: https://devcentral. f5

6 IP Prefixes & Addresses
/24 is 204 16 254 * 1

7 Based on slides from CS155 at Stanford
IP Routing Meg Office gateway Source Destination Packet Tom ISP ROUTING TABLE Destination Prefix Next Hop IP /16 /8 Typical route uses several hops IP: no ordering/delivery guarantees, connectionless, Best effort

8 IP Protocol Functions (Summary)
Based on slides from CS155 at Stanford IP Protocol Functions (Summary) Routing IP host knows location of router (gateway) IP gateway must know route to other networks Fragmentation and reassembly If max-packet-size less than the user-data-size Error reporting ICMP packet to source if packet is dropped TTL field: decremented after every hop Packet dropped f TTL=0. Prevents infinite loops.

9 The IP address space DON’T FORGET TO EXPLAIN WHAT A HILBERT CURVE IS, AND ALSO WHAT A DIRECT ALLOCATION IS!

10 NATS

11 User Datagram Protocol (protocol=17)
Based on slides from CS155 at Stanford UDP User Datagram Protocol (protocol=17) Unreliable transport on top of IP: No acks or congenstion control Used for VoIP, video, NTP (network time protocol) anything else where latency matters more than reliability

12 Problem: no src IP authentication
Based on slides from CS155 at Stanford Problem: no src IP authentication Client is trusted to embed correct source IP Easy to override using raw sockets Libnet: a library for formatting raw packets with arbitrary IP headers Anyone who owns their machine can send packets with arbitrary source IP … response will be sent back to forged source IP Implications: (solutions in DDoS lecture) Anonymous DoS attacks; Anonymous infection attacks (e.g. slammer worm)

13 UDP DoS Reflection & Amplification Attack Using protocols over UDP: like NTP, DNS etc Public DNS Server Huge response! Source IP Dest IP DNS response Tom Short query DNS Data Evillll Meg Source IP Dest IP DNS Query Tom gets hit by too many packets

14 Transmission Control Protocol
Based on slides from CS155 at Stanford TCP Transmission Control Protocol Connection-oriented, preserves order Sender Break data into packets Attach packet numbers Receiver Acknowledge receipt; lost packets are resent Reassemble packets in correct order Book 1 19 5 1 Mail each page 1 Reassemble book

15 Source: https://devcentral. f5

16 FROM : http://codeidol.com/img/csharp-network/f0209_0.jpg

17 Review: TCP Handshake C S SYN: Listening Store SNC , SNS SYN/ACK: Wait
Based on slides from CS155 at Stanford Review: TCP Handshake C S SNCrandC ANC0 SYN: Listening SNSrandS ANSSNC Store SNC , SNS SYN/ACK: Wait SNSNC+1 ANSNS ACK: Established Received packets with SN too far out of window are dropped

18 Basic Security Problems
Based on slides from CS155 at Stanford Basic Security Problems 1. Network packets pass by untrusted hosts Eavesdropping, packet sniffing Especially easy when attacker controls a machine close to victim 2. TCP state can be easy to guess Enables spoofing and session hijacking Depending on how sequence number is chosen Denial of Service (DoS) vulnerabilities Syn connection state attacks

19 Prevention: Encryption (next lecture: IPSEC)
Based on slides from CS155 at Stanford 1. Packet Sniffing Promiscuous NIC reads all packets Read all unencrypted data (e.g., “wireshark”) ftp, telnet (and POP, IMAP) may send passwords in clear Eve Network Alice Bob Prevention: Encryption (next lecture: IPSEC)

20 2. TCP Connection Spoofing
Based on slides from CS155 at Stanford 2. TCP Connection Spoofing Why random initial sequence numbers? (SNC , SNS ) Suppose init. sequence numbers are predictable Attacker can create TCP session on behalf of forged source IP TCP SYN srcIP=victim Server attacker Victim SYN/ACK dstIP=victim SN=server SNS Example commands: send spam on behalf of victim IP address ACK srcIP=victim AN=predicted SNS server thinks command is from victim IP addr command

21 Example DoS vulnerability [Watson’04]
Based on slides from CS155 at Stanford Example DoS vulnerability [Watson’04] Suppose attacker can guess seq. number for an existing connection: Attacker can send Reset packet to close connection. Results in DoS. Naively, success prob. is 1/232 (32-bit seq. #’s). Most systems allow for a large window of acceptable seq. #’s Much higher success probability. Attack is most effective against long lived connections, e.g. BGP

22 Based on slides from CS155 at Stanford
Random initial TCP SNs Unpredictable SNs prevent basic packet injection … but attacker can inject packets after eavesdropping to obtain current SN Most TCP stacks now generate random SNs Random generator should be unpredictable GPR’06: Linux RNG for generating SNs is predictable Attacker repeatedly connects to server Obtains sequence of SNs Can predict next SN Attacker can now do TCP spoofing (create TCP session with forged source IP)

23 Securing the IP/TCP stack
HTTP FTP SMTP HTTP FTP SMTP SSL/TLS TCP TCP IP/IPSEC IP At the Network Level At the Transport Level S/MIME PGP SET Kerberos SMTP HTTP UDP TCP IP At the Application Level

24 TLS Handshake

25 TLS packet format As opposed to unsecured HTTP URLs which begin with " and use port 80 by default, secure HTTPS URLs begin with " and use port 443 by default. Encrypted data TLS MAC

26 TLS covers “content” leaks “metadata”
What leaks for traffic analysis : packet lengths, Timing Source and destination addresses Protocol Other things?

27 From CAIDA

28 What is ARP?  Address Resolution Protocol (ARP) is how network devices associate MAC addresses with IP Addresses so that devices on the local network can find each other. ARP is basically a form of networking roll call. ARP, a very simple protocol, consists of merely four basic message types: An ARP Request. Computer A asks the network, "Who has this IP address?" An ARP Reply. Computer B tells Computer A, "I have that IP. My MAC address is [whatever it is]." A Reverse ARP Request (RARP). Same concept as ARP Request, but Computer A asks, "Who has this MAC address?" A RARP Reply. Computer B tells Computer A, "I have that MAC. My IP address is [whatever it is]“ FROM:

29

30

31 ARP poisoning

32 ARP poisoning

33 What is the threat model for arp poisoning?

Download ppt "The Internet! Layers, TCP, UDP, IP DDoS Reflection Attacks IPSEC, ARP"

Similar presentations

Cisco 2 - Routers Perrine. J Page 14/30/2015 Chapter 10 TCP/IP Protocol Suite The function of the TCP/IP protocol stack is to transfer information from.

Cisco 2 - Routers Perrine. J Page 14/30/2015 Chapter 10 TCP/IP Protocol Suite The function of the TCP/IP protocol stack is to transfer information from.
The Internet! Layers, TCP, UDP, IP DDoS Reflection Attacks IPSEC, ARP Sharon Goldberg CS558 Boston University Spring 2015 Most slides and images borrowed.

The Internet! Layers, TCP, UDP, IP DDoS Reflection Attacks IPSEC, ARP Sharon Goldberg CS558 Boston University Spring 2015 Most slides and images borrowed.
Chapter 7 Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Explain the need for the transport layer.  Identify.

Chapter 7 Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Explain the need for the transport layer.  Identify.
Network Services Networking for Home & Small Business.

Network Services Networking for Home & Small Business.
Slide 1 Vitaly Shmatikov CS 378 Attacks on TCP/IP.

Slide 1 Vitaly Shmatikov CS 378 Attacks on TCP/IP.
Slide 1 Attacks on TCP/IP. slide 2 Security Issues in TCP/IP uNetwork packets pass by untrusted hosts Eavesdropping (packet sniffing) uIP addresses are.

Slide 1 Attacks on TCP/IP. slide 2 Security Issues in TCP/IP uNetwork packets pass by untrusted hosts Eavesdropping (packet sniffing) uIP addresses are.
Institute of Technology Sligo - Dept of Computing Semester 2 Chapter 9 The TCP/IP Protocol Suite Paul Flynn.

Institute of Technology Sligo - Dept of Computing Semester 2 Chapter 9 The TCP/IP Protocol Suite Paul Flynn.
Lecture 8 Modeling & Simulation of Communication Networks.

Lecture 8 Modeling & Simulation of Communication Networks.
Network Protocols and Vulnerabilities Dan Boneh CS 155 Spring 2010.

Network Protocols and Vulnerabilities Dan Boneh CS 155 Spring 2010.
IST 228\Ch3\IP Addressing1 TCP/IP and DoD Model (TCP/IP Model)

IST 228\Ch3\IP Addressing1 TCP/IP and DoD Model (TCP/IP Model)
CS426Fall 2010/Lecture 331 Computer Security CS 426 Lecture 33 Network Security (1)

CS426Fall 2010/Lecture 331 Computer Security CS 426 Lecture 33 Network Security (1)
Networking Basics TCP/IP TRANSPORT and APPLICATION LAYER Version 3.0 Cisco Regional Networking Academy.

Networking Basics TCP/IP TRANSPORT and APPLICATION LAYER Version 3.0 Cisco Regional Networking Academy.
Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.

Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 3: TCP/IP Architecture.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 3: TCP/IP Architecture.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Network Services Networking for Home and Small Businesses – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Network Services Networking for Home and Small Businesses – Chapter.
Network security Further protocols and issues. Protocols: recap There are a few main protocols that govern the internet: – Internet Protocol: IP – Transmission.

Network security Further protocols and issues. Protocols: recap There are a few main protocols that govern the internet: – Internet Protocol: IP – Transmission.
Network Services Networking for Home & Small Business.

Network Services Networking for Home & Small Business.
1 7-Oct-15 OSI transport layer CCNA Exploration Semester 1 Chapter 4.

1 7-Oct-15 OSI transport layer CCNA Exploration Semester 1 Chapter 4.
Link Layer 5-1 Link layer, LAN s: outline 5.1 introduction, services 5.2 error detection, correction 5.3 multiple access protocols 5.4 LANs  addressing,

Link Layer 5-1 Link layer, LAN s: outline 5.1 introduction, services 5.2 error detection, correction 5.3 multiple access protocols 5.4 LANs  addressing,
Chapter 4 TCP/IP Overview Connecting People To Information.

Chapter 4 TCP/IP Overview Connecting People To Information.

Similar presentations

Ads by Google