Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 22 Network Security CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Hesham El-Rewini.

Published byJune Lane Modified over 8 years ago

Similar presentations

Presentation on theme: "Lecture 22 Network Security CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Hesham El-Rewini."— Presentation transcript:

1 Lecture 22 Network Security CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Hesham El-Rewini

2 Network Performance Gilder’s Law – George Gilder projected that the total bandwidth of communication systems triples every twelve months Ethernet: 10Mbps  10Gbps (1000 times) CPU clock frequency: 25MHz  2.5GHz (100 times) Metcalfe's Law – Robert Metcalfe projected that the value of a network is proportional to the square of the number of nodes Phone, Internet 2 CS 450/650 – Lecture 22: Network Security

3 Internet Internet is the collection of networks and routers – form a single cooperative virtual network – spans the entire globe The Internet relies on the combination of the Transmission Control Protocol and the Internet Protocol or TCP/IP – The majority of Internet traffic is carried using TCP/IP packets 3 CS 450/650 – Lecture 22: Network Security

4 ISO OSI Network Model Application Presentation Session Transport Network Data Link Physical Application Presentation Session Transport Network Data Link Physical LAN Internet 4 CS 450/650 – Lecture 22: Network Security

5 smtp sftp ssh Transmission Control Protocol (TCP) Internet Protocol (IP) Ethernet Token ring TCP/IP 5 CS 450/650 – Lecture 22: Network Security

6 Physical Header IP Header TCP Header message TCP/IP Packets 6 CS 450/650 – Lecture 22: Network Security

7 Addressing MAC (Media Access Control) address – Every host connected to a network has a network interface card (NIC) with a unique physical address IP address – IPv4  32 bits (192.168.48.6) – IPv6  128 bits 7 CS 450/650 – Lecture 22: Network Security

8 Routing Routers Routing Tables 8 CS 450/650 – Lecture 22: Network Security

9 IP Protocol Best-effort packet delivery service Datagram (IPv4) Service TypeVERSHLENTOTAL LENGTH IDENTIFICATIONFLAGSFRAGMENT OFFSET TIME TO LIVEPROTOCOLHEADER CHECKSUM SOURCE ADDRESS DESTINATION ADDRESS PADDINGOPTIONS (IF ANY) DATA 9 CS 450/650 – Lecture 22: Network Security

10 Internet Control Message Protocol Transmit error messages and unusual situations Different types of ICMP have slightly different format TypeCodeCHECKSUM Unused (must be zero) DATA: Header and 1 st 64 bits of offending datagram ICMP time-exceeded message 10 CS 450/650 – Lecture 22: Network Security

11 ICMP (Echo request/reply) Transmit error messages and unusual situations Different types of ICMP have slightly different format TypeCodeCHECKSUM Sequence number DATA (optional) ICMP Echo Request/Reply Message Identifier 11 CS 450/650 – Lecture 22: Network Security

12 Ping of Death Attack Denial of service attack (1st in 1996) Some systems did not handle oversized IP datagrams properly An attacker construct an ICMP echo request containing 65,510 data octets and send it to victim Total size of resulting datagram would be larger than 65,535 octet limit specified by IP – System would crash 12 CS 450/650 – Lecture 22: Network Security

13 SMURF Attacker send echo request message to broadcast address Attacker also spoofs source address in the request Intermediary Attacker Victim 13 CS 450/650 – Lecture 22: Network Security

14 UDP (User Datagram Protocol) From one application to another – multiple destinations Port  positive integer – unique destination CHECKSUM (optional) DATA LENGTH DESTINATION PORTSOURCE PORT 14 CS 450/650 – Lecture 22: Network Security

15 Attacks on UDP Fraggle Trinoo 15 CS 450/650 – Lecture 22: Network Security

16 Fraggle (similar to smurf) UDP port 7 is used for echo service An attacker can create a stream of user datagram with random source port and a spoofed source address Destination port is 7 and destination source is a broadcast address at some intermediate site The attack can get worse if the source port = 7 Could be prevented by filtering out UDP echo requests destined for broadcast addresses 16 CS 450/650 – Lecture 22: Network Security

17 spoofed source Victim’s host broadcast destination random source port destination Port = 7 spoofed source Victim’s host broadcast destination source Port = 7 destination Port = 7 Stream of UDP datagrams Fraggle attack 17 CS 450/650 – Lecture 22: Network Security

18 Trinoo Distributed denial of service In smurf and fraggle, trafic comes from a single intermediate node Trinoo allows attacker to flood the victim from hundreds intermediate sites simultaneously Two programs: – master and – daemon installed in many different stolen accounts 18 CS 450/650 – Lecture 22: Network Security

19 attacker master daemon Large number of UDP packets to random ports Trinoo attack 19 CS 450/650 – Lecture 22: Network Security

20 TCP Reliable delivery TCP messages are sent inside IP datagrams CODE BITSHLENRESVWINDOW URGENT POINTER SEQUENCE NUMBER PADDINGOPTIONS (IF ANY) DATA CHECKSUM DESTINATION PORTSOURCE PORT Acknowledgment 20 CS 450/650 – Lecture 22: Network Security

21 TCP Overview TCP segments are sent inside IP datagrams TCP divides a stream of data into chunks that fit in IP datagrams It ensures that each datagram arrives at its destination It then reassembles the datagrams to produce the original message 21 CS 450/650 – Lecture 22: Network Security

22 TCP Overview (cont.) TCP uses an acknowledgment-and retransmission scheme TCP sending software keeps a record of each datagram and waits for an acknowledgment – If no acknowledgment is received during the timeout interval, the datagram is retransmitted 22 CS 450/650 – Lecture 22: Network Security

23 Host A Host B Establishing a TCP Connection Using a 3-way handshake Host AHost B Closing a TCP Connection (one way A to B) Message 1 (SYN + SEQ) Message 2 (SYN + SEQ + ACK) Message 3 (ACK) Message 1 (FIN + SEQ) Message 2 (ACK) TCP communication 23 CS 450/650 – Lecture 22: Network Security

24 Attacks on TCP SYN Flood – Half-opened connection table LAND – Spoofed source address = destination address – Source port = destination port – Certain implementations  freezing TRIBE Flood Network (TFN) – Similar to trinoo but more than one attack – UDP flood, smurf, SYN floods, and others 24 CS 450/650 – Lecture 22: Network Security

25 Probes and Scans Ping scan and traceroute – What machines exist on a given network and how they are arranged Remote OS fingerprinting – What OS each detected host is running – Different OS respond to invalid packets differently – Example: FIN to connection that has not been opened 25 CS 450/650 – Lecture 22: Network Security

26 Probes and Scans Port Scanning – Which ports are open?  port scanner Open a TCP connection and close it immediately Use half opened connections 26 CS 450/650 – Lecture 22: Network Security

Download ppt "Lecture 22 Network Security CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Hesham El-Rewini."

Similar presentations

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Umut Girit 200535027.  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.

Umut Girit  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.
CISCO NETWORKING ACADEMY Chabot College ELEC 99.05 Transport Layer (4)

CISCO NETWORKING ACADEMY Chabot College ELEC Transport Layer (4)
CCNA – Network Fundamentals

CCNA – Network Fundamentals
CSCI 4550/8556 Computer Networks

CSCI 4550/8556 Computer Networks
Transmission Control Protocol (TCP)

Transmission Control Protocol (TCP)
Intermediate TCP/IP TCP Operation.

Intermediate TCP/IP TCP Operation.
CISCO NETWORKING ACADEMY PROGRAM (CNAP)

CISCO NETWORKING ACADEMY PROGRAM (CNAP)
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
UDP & TCP Where would we be without them!. UDP User Datagram Protocol.

UDP & TCP Where would we be without them!. UDP User Datagram Protocol.
Chapter 7 – Transport Layer Protocols

Chapter 7 – Transport Layer Protocols
Copyright 1999, S.D. Personick. All Rights Reserved. Telecommunications Networking II Lecture 32 Transmission Control Protocol (TCP) Ref: Tanenbaum pp:521-545.

Copyright 1999, S.D. Personick. All Rights Reserved. Telecommunications Networking II Lecture 32 Transmission Control Protocol (TCP) Ref: Tanenbaum pp:
© 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.1 Computer Networks and Internets with Internet Applications, 4e By Douglas.

© 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.1 Computer Networks and Internets with Internet Applications, 4e By Douglas.
1 CCNA 2 v3.1 Module 10. 2 Intermediate TCP/IP CCNA 2 Module 10.

1 CCNA 2 v3.1 Module Intermediate TCP/IP CCNA 2 Module 10.
TCP. Learning objectives Reliable Transport in TCP TCP flow and Congestion Control.

TCP. Learning objectives Reliable Transport in TCP TCP flow and Congestion Control.
WXES2106 Network Technology Semester 1 2004/2005 Chapter 8 Intermediate TCP CCNA2: Module 10.

WXES2106 Network Technology Semester /2005 Chapter 8 Intermediate TCP CCNA2: Module 10.
Transport Layer TCP and UDP IS250 Spring 2010

Transport Layer TCP and UDP IS250 Spring 2010
Gursharan Singh Tatla Transport Layer 16-May-2011 1

Gursharan Singh Tatla Transport Layer 16-May
CS 356 Systems Security Spring 2015 Dr. Indrajit Ray

CS 356 Systems Security Spring Dr. Indrajit Ray
What Can IP Do? Deliver datagrams to hosts – The IP address in a datagram header identify a host IP treats a computer as an endpoint of communication Best.

What Can IP Do? Deliver datagrams to hosts – The IP address in a datagram header identify a host IP treats a computer as an endpoint of communication Best.

Similar presentations

Ads by Google