TCP/IP: ICMP, UDP. Network Security Lecture 5

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "TCP/IP: ICMP, UDP. Network Security Lecture 5"

Transcription

1 TCP/IP: ICMP, UDP Network Security Lecture 5

2 Recap and overview Looking at security of TCP/IP IP, Ethernet, ARP Sniffing the network and forging packets tcpdump, wireshark Today: ICMP and UDP Eike Ritter Network Security - Lecture 5 1

3 Internet Control Message Protocol Used to exchange control/error messages about the delivery of IP datagrams Encapsulated in IP datagrams Messages can be Requests Responses Error messages RFC 792 Eike Ritter Network Security - Lecture 5 2

4 ICMP message format Type Code Checksum Data Type: ICMP type Code: ICMP subtype Checksum: Error checking code -Computed on the ICMP header and data (with checksum field set to 0) Eike Ritter Network Security - Lecture 5 3

5 ICMP types Echo request/reply (type: 8, 0) Network connectivity (ping) Destination unreachable (type: 3) Inform host of the impossibility to deliver traffic to a specific destination Destination network, host, protocol, port unreachable Destination network, host unknown Fragmentation required and DF flag set Source route failed Source quench (type: 4) Congestion control Eike Ritter Network Security - Lecture 5 4

6 ICMP types cont d Time exceeded (type: 11) Report expired datagrams(ttl = 0) Redirect (type: 5) Inform hosts of better routes (gateways) Address mask request/reply (type: 17, 18) Used to obtain network mask at boot time Eike Ritter Network Security - Lecture 5 5

7 ICMP Echo request/reply Type = 0 or 8 Code = 0 Checksum Identifier Sequence number Optional data Eike Ritter Network Security - Lecture 5 6

8 ICMP echo request Eike Ritter Network Security - Lecture 5 7

9 ICMP encapsulation Eike Ritter Network Security - Lecture 5 8

10 ping $ ping PING ( ) 56(84) bytes of data. 64 bytes from : icmp_seq=1 ttl=52 time=8.16 ms 64 bytes from : icmp_seq=2 ttl=52 time=8.24 ms 64 bytes from : icmp_seq=3 ttl=52 time=8.02 ms 64 bytes from : icmp_seq=4 ttl=52 time=8.02 ms 64 bytes from : icmp_seq=5 ttl=52 time=8.16 ms 64 bytes from : icmp_seq=6 ttl=52 time=8.02 ms ping statistics packets transmitted, 6 received, 0% packet loss, time 25082ms rtt min/avg/max/mdev = 8.021/8.106/8.245/0.125 ms Eike Ritter Network Security - Lecture 5 9

11 ICMP echo-based attacks: scanning Attacker wants to know which hosts in a subnet are up and running Sends a ping message to all possible hosts in that subnet (pingsweep) Collects replies from hosts that are alive $ nmap -sp /24 Starting Nmap 5.00 ( ) at :48 PST Host is up (0.0024s latency). Host is up ( s latency). Host is up (0.0065s latency). Host is up ( s latency). Nmap done: 256 IP addresses (4 hosts up) scanned in 2.54 seconds Eike Ritter Network Security - Lecture 5 10

12 ICMP echo-based attacks: smurf Broadcast ping message Echo request directed to broadcast address of network All hosts on that subnet respond with echo reply Do you see a problem with this scenario? Consider IP spoofing Eike Ritter Network Security - Lecture 5 11

13 ICMP echo-based attacks: smurf From: To: Attacker: Victim: Eike Ritter Network Security - Lecture 5 12

14 ICMP echo-based attacks: smurf Defenses Ignore ICMP echo requests destined to the broadcast address Linux: $ sysctl net.ipv4.icmp_echo_ignore_broadcasts Eike Ritter Network Security - Lecture 5 13

15 Gateway: ICMP redirect (2) Datagram to Gateway: Destination Gateway (1) Datagram to (3) ICMP redirect message: use as gateway to communicate with 1.1.1/24 Host: (4) Destination Gateway Flags UG UGHD Eike Ritter Network Security - Lecture 5 14

16 ICMP redirect Type = 5 Code = 0, 1, 2, or 3 Checksum IP Address IP header + First 8 bytes of original datagram On receiving an ICMP redirect message, host checks that: The new gateway must be directly reachable (same subnet) The redirect must be from the current gateway for the destination The redirect cannot tell the host to act as the new gateway The route that is added must be indirect Eike Ritter Network Security - Lecture 5 15

17 ICMP redirect-based attacks ICMP redirect can be abused to re-route traffic to specific router or to a specific host Hijack traffic Denial-of-service attack How? The attacks works by sending a spoofed ICMP redirect message that appears to come from the host s default gateway Eike Ritter Network Security - Lecture 5 16

18 ICMP redirect attack Address Hwaddress Role :50:56:00:00:01 Gateway :50:56:00:00:02 Linux host :50:56:00:00:64 Windows host C:\windows\system32> route print -4 IPv4 Route Table ============================================================================ Active Routes: Network Destination Netmask Gateway Interface Metric On-link On-link On-link ============================================================================ # tcpdump n 00:50:56:00:00:02 > 00:50:56:00:00:64, IP > : ICMP redirect to host , length 68 Eike Ritter Network Security - Lecture 5 17

19 ICMP redirect attack cont d C:\Windows\system32> route print -4 IPv4 Route Table ============================================================================ Active Routes: Network Destination Netmask Gateway Interface Metric On-link On-link On-link ============================================================================ C:\Windows\system32> ping :50:56:00:00:64 > 00:50:56:00:00:02, IP > : ICMP echo request 00:50:56:00:00:64 > 00:50:56:00:00:02, IP > : ICMP echo request Eike Ritter Network Security - Lecture 5 18

20 ICMP destination unreachable Used by gateway to inform host that destination is unreachable Different subtypes Network unreachable Host unreachable Protocol unreachable Port unreachable Fragmentation needed and DF flag set Destination host unknown Destination network unknown Eike Ritter Network Security - Lecture 5 19

21 ICMP unreachable attack From To: Destination unreachable Gateway: Attacker: Victim: Eike Ritter Network Security - Lecture 5 20

22 ICMP time exceeded Type = 11 Code = 0 or 1 Checksum Unused IP header + First 8 bytes of original datagram Sent when TTL becomes 0 (code: 0) The reassembling of a fragment times out (code: 1) Eike Ritter Network Security - Lecture 5 21

23 traceroute Use ICMP time exceeded messages to determine the path used to deliver a datagram A series of IP datagramsare sent to the destination Each datagram has an increasing TTL field value (start value: 1) Router decrements TTL; if it is 0, sends back a ICMP unreachable message Useful for network analysis and debugging Eike Ritter Network Security - Lecture 5 22

24 traceroute cont d $ traceroute traceroute to ( ), 30 hops max, 40 byte pkts 1 rita-rw ( ) ms ms ms 2 bes ( ) ms ms ms 3 hscn-gw ( ) ms ms ms 4 cs-ac00b7e1-2.bham.ac.uk ( ) ms ms ms 5 cs-lb00b1e5-8b2e5-8.bham.ac.uk ( ) ms ms ms 6 fw-sr00.bham.ac.uk ( ) ms ms ms ( ) ms ms ms ( ) ms ms ms 9 so warr-sbr1.ja.net ( ) ms ms ms 10 so read-sbr1.ja.net ( ) ms ms ms 11 as0.lond-sbr3.ja.net ( ) ms ms ms 12 po1.lond-ban3.ja.net ( ) ms ms ms 13 google.lond-ban3.ja.net ( ) ms ms ms ( ) ms ms ( ) ms ( ) ms ms ( ) ms 16 lhr14s02-in-f104.1e100.net ( ) ms ms ms Eike Ritter Network Security - Lecture 5 23

25 UDP Based on IP Provides a connectionless, unreliable, best-effortdatagram delivery service delivery, integrity, non-duplication, ordering, and bandwidth are not guaranteed Introduces the abstraction of ports Allows one to address different message destinations for the same IP address Commonly used for Multimedia Services based on request/reply schema (e.g., DNS, NFS, RPC) RFC 768 Eike Ritter Network Security - Lecture 5 24

26 UDP message format UDP source port UDP message length UDP dest port Checksum Data Eike Ritter Network Security - Lecture 5 25

27 UDP message Eike Ritter Network Security - Lecture 5 26

28 UDP encapsulation UDP header UDP data IP header IP data Frame header Frame data Eike Ritter Network Security - Lecture 5 27

29 UDP encapsulation Eike Ritter Network Security - Lecture 5 28

30 UDP spoofing Essentially, it is IP spoofing UDP request Spoofed UDP reply UDP reply Client: Attacker: Server: Eike Ritter Network Security - Lecture 5 29

31 UDP hijacking Variation of UDP spoofing attack UDP reply to spoofed request Trusted client: Attacker: Server: Eike Ritter Network Security - Lecture 5 30

32 UDP spoofing Vulnerable protocols DNS RPC NFS NIS Eike Ritter Network Security - Lecture 5 31

33 UDP portscan Used to determine which UDP services are available A zero-length UDP packet is sent to each port If an ICMP error message port unreachable is received the service is assumed to be unavailable Note that the sending rate of ICMP messages can be limited (depending on the OS): the scan can be slow Linux: $ sysctl net.ipv4.icmp_ratelimit (number of jiffies to wait before sending another message) Eike Ritter Network Security - Lecture 5 32

34 UDP portscan $ sudo nmap -su Starting Nmap 5.00 ( ) at :17 PST Interesting ports on : Not shown: 997 closed ports PORT STATE SERVICE 111/udp open filtered rpcbind 137/udp open filtered netbios-ns 2049/udp open filtered nfs MAC Address: 00:0C:29:27:25:40 (VMware) Nmap done: 1 IP address (1 host up) scanned in seconds Eike Ritter Network Security - Lecture 5 33

35 UDP portscan $ sudo tcpdump -n host > : UDP, length > : ICMP udp port 1433 unreachable, length > : UDP, length > : ICMP udp port unreachable, length > : UDP, length > : UDP, length > : ICMP udp port unreachable, length > : UDP, length > : ICMP udp port unreachable, length > : UDP, length > : ICMP udp port 1033 unreachable, length > : UDP, length > : ICMP udp port unreachable, length 36 Eike Ritter Network Security - Lecture 5 34

36 NEXT ON Eike Ritter Network Security - Lecture 5 35

37 Take away points ICMP has good functionalities to debug and control network. Some of them can be abused by attackers ICMP scanning (pingsweep) ICMP smurf attack ICMP redirection UDP Format Portscan nmap Eike Ritter Network Security - Lecture 5 36

38 Next time TCP Eike Ritter Network Security - Lecture 5 37

Subnetting,Supernetting, VLSM & CIDR

Subnetting,Supernetting, VLSM & CIDR Subnetting,Supernetting, VLSM & CIDR WHAT - IP Address Unique 32 or 128 bit Binary, used to identify a system on a Network or Internet. Network Portion Host Portion CLASSFULL ADDRESSING IP address space

More information

IP Network Layer. Datagram ID FLAG Fragment Offset. IP Datagrams. IP Addresses. IP Addresses. CSCE 515: Computer Network Programming TCP/IP

IP Network Layer. Datagram ID FLAG Fragment Offset. IP Datagrams. IP Addresses. IP Addresses. CSCE 515: Computer Network Programming TCP/IP CSCE 515: Computer Network Programming TCP/IP IP Network Layer Wenyuan Xu Department of Computer Science and Engineering University of South Carolina IP Datagrams IP is the network layer packet delivery

More information

IP addressing and forwarding Network layer

IP addressing and forwarding Network layer The Internet Network layer Host, router network layer functions: IP addressing and forwarding Network layer Routing protocols path selection RIP, OSPF, BGP Transport layer: TCP, UDP forwarding table IP

More information

Technical Support Information Belkin internal use only

Technical Support Information Belkin internal use only The fundamentals of TCP/IP networking TCP/IP (Transmission Control Protocol / Internet Protocols) is a set of networking protocols that is used for communication on the Internet and on many other networks.

More information

Network Layer IPv4. Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS. School of Computing, UNF

Network Layer IPv4. Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS. School of Computing, UNF Network Layer IPv4 Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS School of Computing, UNF IPv4 Internet Protocol (IP) is the glue that holds the Internet together.

More information

What is a DoS attack?

What is a DoS attack? CprE 592-YG Computer and Network Forensics Log-based Signature Analysis Denial of Service Attacks - from analyst s point of view Yong Guan 3216 Coover Tel: (515) 294-8378 Email: guan@ee.iastate.edu October

More information

How do I get to www.randomsite.com?

How do I get to www.randomsite.com? Networking Primer* *caveat: this is just a brief and incomplete introduction to networking to help students without a networking background learn Network Security. How do I get to www.randomsite.com? Local

More information

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Auxiliary Protocols

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Auxiliary Protocols Auxiliary Protocols IP serves only for sending packets with well-known addresses. Some questions however remain open, which are handled by auxiliary protocols: Address Resolution Protocol (ARP) Reverse

More information

Outline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg

Outline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg Outline Network Topology CSc 466/566 Computer Security 18 : Network Security Introduction Version: 2012/05/03 13:59:29 Department of Computer Science University of Arizona collberg@gmail.com Copyright

More information

Denial of Service (DoS) attacks and countermeasures. Pier Luigi Rotondo IT Specialist IBM Rome Tivoli Laboratory

Denial of Service (DoS) attacks and countermeasures. Pier Luigi Rotondo IT Specialist IBM Rome Tivoli Laboratory Denial of Service (DoS) attacks and countermeasures Pier Luigi Rotondo IT Specialist IBM Rome Tivoli Laboratory Definitions of DoS/DDoS attacks Denial of Service is the prevention of authorised access

More information

Unix System Administration

Unix System Administration Unix System Administration Chris Schenk Lecture 08 Tuesday Feb 13 CSCI 4113, Spring 2007 ARP Review Host A 128.138.202.50 00:0B:DB:A6:76:18 Host B 128.138.202.53 00:11:43:70:45:81 Switch Host C 128.138.202.71

More information

An Analysis of Security Mechanisms in the OSI Model

An Analysis of Security Mechanisms in the OSI Model An Analysis of Security Mechanisms in the OSI Model Karlo Rodriguez DTEC 6865 Merriam Webster s Dictionary defines security as measures taken to guard against espionage or sabotage, crime, attack, or escape.

More information

Internet Architecture and Philosophy

Internet Architecture and Philosophy Internet Architecture and Philosophy Conceptually, TCP/IP provides three sets of services to the user: Application Services Reliable Transport Service Connectionless Packet Delivery Service The underlying

More information

Attack Lab: Attacks on TCP/IP Protocols

Attack Lab: Attacks on TCP/IP Protocols Laboratory for Computer Security Education 1 Attack Lab: Attacks on TCP/IP Protocols Copyright c 2006-2010 Wenliang Du, Syracuse University. The development of this document is funded by the National Science

More information

Mobile IP Network Layer Lesson 02 TCP/IP Suite and IP Protocol

Mobile IP Network Layer Lesson 02 TCP/IP Suite and IP Protocol Mobile IP Network Layer Lesson 02 TCP/IP Suite and IP Protocol 1 TCP/IP protocol suite A suite of protocols for networking for the Internet Transmission control protocol (TCP) or User Datagram protocol

More information

Dynamic Host Configuration Protocol (DHCP) 02 NAT and DHCP Tópicos Avançados de Redes

Dynamic Host Configuration Protocol (DHCP) 02 NAT and DHCP Tópicos Avançados de Redes Dynamic Host Configuration Protocol (DHCP) 1 1 Dynamic Assignment of IP addresses Dynamic assignment of IP addresses is desirable for several reasons: IP addresses are assigned on-demand Avoid manual IP

More information

Chapter 13 Internet Protocol (IP)

Chapter 13 Internet Protocol (IP) Chapter 13 Internet Protocol (IP) Introduction... 13-5 IP Packets... 13-5 Addressing... 13-7 Subnets... 13-8 Assigning an IP Address... 13-9 Multihoming... 13-11 Local Interfaces... 13-11 Address Resolution

More information

Lecture 8. IP Fundamentals

Lecture 8. IP Fundamentals Lecture 8. Internet Network Layer: IP Fundamentals Outline Layer 3 functionalities Internet Protocol (IP) characteristics IP packet (first look) IP addresses Routing tables: how to use ARP Layer 3 functionalities

More information

Computer Networks. Lecture 3: IP Protocol. Marcin Bieńkowski. Institute of Computer Science University of Wrocław

Computer Networks. Lecture 3: IP Protocol. Marcin Bieńkowski. Institute of Computer Science University of Wrocław Computer Networks Lecture 3: IP Protocol Marcin Bieńkowski Institute of Computer Science University of Wrocław Computer networks (II UWr) Lecture 3 1 / 24 In previous lectures We learned about layer 1

More information

netkit lab MPLS VPNs with overlapping address spaces 1.0 S.Filippi, L.Ricci, F.Antonini Version Author(s)

netkit lab MPLS VPNs with overlapping address spaces 1.0 S.Filippi, L.Ricci, F.Antonini Version Author(s) netkit lab MPLS VPNs with overlapping address spaces Version Author(s) 1.0 S.Filippi, L.Ricci, F.Antonini E-mail Web Description silvia.filippi@kaskonetworks.it http://www.kaksonetworks.it/ A lab showing

More information

Computer Networks/DV2 Lab

Computer Networks/DV2 Lab Computer Networks/DV2 Lab Room: BB 219 Additional Information: http://www.fb9dv.uni-duisburg.de/ti/en/education/teaching/ss08/netlab Equipment for each group: - 1 Server computer (OS: Windows 2000 Advanced

More information

Transport and Network Layer

Transport and Network Layer Transport and Network Layer 1 Introduction Responsible for moving messages from end-to-end in a network Closely tied together TCP/IP: most commonly used protocol o Used in Internet o Compatible with a

More information

1000 CCNA Certification Exam Preparation Questions and Answers:

1000 CCNA Certification Exam Preparation Questions and Answers: 1000 CCNA Certification Exam Preparation Questions and Answers: One Thousand Practice Questions for Passing the CCNA Exams - Pass On Your First Try 1 Copyright 2009 Notice of rights All rights reserved.

More information

Overview of TCP/IP. TCP/IP and Internet

Overview of TCP/IP. TCP/IP and Internet Overview of TCP/IP System Administrators and network administrators Why networking - communication Why TCP/IP Provides interoperable communications between all types of hardware and all kinds of operating

More information

Host Discovery with nmap

Host Discovery with nmap Host Discovery with nmap By: Mark Wolfgang moonpie@moonpie.org November 2002 Table of Contents Host Discovery with nmap... 1 1. Introduction... 3 1.1 What is Host Discovery?... 4 2. Exploring nmap s Default

More information

Abstract. Introduction. Section I. What is Denial of Service Attack?

Abstract. Introduction. Section I. What is Denial of Service Attack? Abstract In this report, I am describing the main types of DoS attacks and their effect on computer and network environment. This report will form the basis of my forthcoming report which will discuss

More information

Network Scanning. What is a Network scanner? Why are scanners needed? How do scanners do? Which scanner does the market provide?

Network Scanning. What is a Network scanner? Why are scanners needed? How do scanners do? Which scanner does the market provide? Network Scanning What is a Network scanner? Why are scanners needed? How do scanners do? Which scanner does the market provide? Where will our research go? Page : 1 Function - attacker view What hosts

More information

Unverified Fields - A Problem with Firewalls & Firewall Technology Today

Unverified Fields - A Problem with Firewalls & Firewall Technology Today Unverified Fields - A Problem with Firewalls & Firewall Technology Today Ofir Arkin The Sys-Security Group ofir.arkin@sys-security.com October 2000 1 Introduction The following problem (as discussed in

More information

DHCP, ICMP, IPv6. Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley DHCP. DHCP UDP IP Eth Phy

DHCP, ICMP, IPv6. Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley DHCP. DHCP UDP IP Eth Phy , ICMP, IPv6 UDP IP Eth Phy UDP IP Eth Phy Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley Some materials copyright 1996-2012 J.F Kurose and K.W. Ross, All Rights

More information

Security Technology White Paper

Security Technology White Paper Security Technology White Paper Issue 01 Date 2012-10-30 HUAWEI TECHNOLOGIES CO., LTD. 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without

More information

FIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others

FIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others FIREWALLS FIREWALLS Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others FIREWALLS: WHY Prevent denial of service attacks: SYN flooding: attacker

More information

CIT 380: Securing Computer Systems

CIT 380: Securing Computer Systems CIT 380: Securing Computer Systems Scanning CIT 380: Securing Computer Systems Slide #1 Topics 1. Port Scanning 2. Stealth Scanning 3. Version Identification 4. OS Fingerprinting 5. Vulnerability Scanning

More information

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology Port Scanning and Vulnerability Assessment ECE4893 Internetwork Security Georgia Institute of Technology Agenda Reconnaissance Scanning Network Mapping OS detection Vulnerability assessment Reconnaissance

More information

Gary Hecht Computer Networking (IP Addressing, Subnet Masks, and Packets)

Gary Hecht Computer Networking (IP Addressing, Subnet Masks, and Packets) Gary Hecht Computer Networking (IP Addressing, Subnet Masks, and Packets) The diagram below illustrates four routers on the Internet backbone along with two companies that have gateways for their internal

More information

Lecture 5: Network Attacks I. Course Admin

Lecture 5: Network Attacks I. Course Admin Lecture 5: Network Attacks I CS 336/536: Computer Network Security Fall 2013 Nitesh Saxena Adopted from previous lectures by Keith Ross Course Admin HW/Lab 1 Due Coming Monday 11am Lab sessions are active

More information

Network Security. Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT)

Network Security. Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT) Network Security ICMP, TCP, DNS, Scanning Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT) Agenda A couple of examples of network protocols that

More information

Firewall Testing. Cameron Kerr Telecommunications Programme University of Otago. May 16, 2005

Firewall Testing. Cameron Kerr Telecommunications Programme University of Otago. May 16, 2005 Firewall Testing Cameron Kerr Telecommunications Programme University of Otago May 16, 2005 Abstract Writing a custom firewall is a complex task, and is something that requires a significant amount of

More information

Denial Of Service. Types of attacks

Denial Of Service. Types of attacks Denial Of Service The goal of a denial of service attack is to deny legitimate users access to a particular resource. An incident is considered an attack if a malicious user intentionally disrupts service

More information

Instructor Notes for Lab 3

Instructor Notes for Lab 3 Instructor Notes for Lab 3 Do not distribute instructor notes to students! Lab Preparation: Make sure that enough Ethernet hubs and cables are available in the lab. The following tools will be used in

More information

Tomás P. de Miguel DIT-UPM. dit UPM

Tomás P. de Miguel DIT-UPM. dit UPM Tomás P. de Miguel DIT- 15 12 Internet Mobile Market Phone.com 15 12 in Millions 9 6 3 9 6 3 0 1996 1997 1998 1999 2000 2001 0 Wireless Internet E-mail subscribers 2 (January 2001) Mobility The ability

More information

Firewalking. A Traceroute-Like Analysis of IP Packet Responses to Determine Gateway Access Control Lists

Firewalking. A Traceroute-Like Analysis of IP Packet Responses to Determine Gateway Access Control Lists Firewalking A Traceroute-Like Analysis of IP Packet Responses to Determine Gateway Access Control Lists Cambridge Technology Partners Enterprise Security Services David Goldsmith Senior Security Architect

More information

Host Fingerprinting and Firewalking With hping

Host Fingerprinting and Firewalking With hping Host Fingerprinting and Firewalking With hping Naveed Afzal National University Of Computer and Emerging Sciences, Lahore, Pakistan Email: 1608@nu.edu.pk Naveedafzal gmail.com Abstract: The purpose

More information

Stateful Distributed Firewalls

Stateful Distributed Firewalls Stateful Distributed Firewalls A thesis submitted in partial fulfilment of the requirements for the Degree of Master of Science in Computer Science in the University of Canterbury by T. W. Verwoerd University

More information

Hands On Activities: TCP/IP Network Monitoring and Management

Hands On Activities: TCP/IP Network Monitoring and Management Hands On Activities: TCP/IP Network Monitoring and Management 1. TCP/IP Network Management Tasks TCP/IP network management tasks include Examine your physical and IP network address Traffic monitoring

More information

Introduction to IP networking

Introduction to IP networking DD2395 p2 2011 Introduction to IP networking Olof Hagsand KTH CSC 1 Example: Packet transfer www.server.org An end host requests a web-page from a server via a local-area network The aim of this lecture

More information

Computer Networks/DV2 Lab

Computer Networks/DV2 Lab Computer Networks/DV2 Lab Room: BB 219 Additional Information: http://www.fb9dv.uni-duisburg.de/ti/en/education/teaching/ss13/netlab Equipment for each group: - 1 Server computer (OS: Windows Server 2008

More information

Chapter 4 Network Layer

Chapter 4 Network Layer Chapter 4 Network Layer A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you can add, modify, and delete

More information

CSE 127: Computer Security. Network Security. Kirill Levchenko

CSE 127: Computer Security. Network Security. Kirill Levchenko CSE 127: Computer Security Network Security Kirill Levchenko December 4, 2014 Network Security Original TCP/IP design: Trusted network and hosts Hosts and networks administered by mutually trusted parties

More information

Lecture 6: Network Attacks II. Course Admin

Lecture 6: Network Attacks II. Course Admin Lecture 6: Network Attacks II CS 336/536: Computer Network Security Fall 2014 Nitesh Saxena Adopted from previous lectures by Keith Ross, and Gene Tsudik Course Admin HW/Lab 1 We are grading (should return

More information

HW/Lab 2: Network Mapping and Attacks. CS 336/536: Computer Network Security DUE at 10/19/2015 (11am)

HW/Lab 2: Network Mapping and Attacks. CS 336/536: Computer Network Security DUE at 10/19/2015 (11am) HW/Lab 2: Network Mapping and Attacks CS 336/536: Computer Network Security DUE at 10/19/2015 (11am) This HW/Lab assignment covers Lecture 5 and Lecture 6. Please review these thoroughly before starting

More information

CYBER ATTACKS EXPLAINED: PACKET CRAFTING

CYBER ATTACKS EXPLAINED: PACKET CRAFTING CYBER ATTACKS EXPLAINED: PACKET CRAFTING Protect your FOSS-based IT infrastructure from packet crafting by learning more about it. In the previous articles in this series, we explored common infrastructure

More information

Chapter 8 Security Pt 2

Chapter 8 Security Pt 2 Chapter 8 Security Pt 2 IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross,

More information

ICMP Usage in Scanning 1

ICMP Usage in Scanning 1 ICMP Usage in Scanning 1 Or Understanding some of the ICMP Protocol s Hazards Ofir Arkin The Sys-Security Group Founder ITCon Information Technology Consultants 2 Senior Security Analyst ofir.arkin@sys-security.com

More information

Raritan Valley Community College Academic Course Outline. CISY 253 - Advanced Computer Networking

Raritan Valley Community College Academic Course Outline. CISY 253 - Advanced Computer Networking Raritan Valley Community College Academic Course Outline CISY 253 - Advanced Computer Networking I. Basic Course Information A. Course number and Title: CISY 253- Advanced Computer Networking (TCP/IP)

More information

51-30-60 DATA COMMUNICATIONS MANAGEMENT. Gilbert Held INSIDE

51-30-60 DATA COMMUNICATIONS MANAGEMENT. Gilbert Held INSIDE 51-30-60 DATA COMMUNICATIONS MANAGEMENT PROTECTING A NETWORK FROM SPOOFING AND DENIAL OF SERVICE ATTACKS Gilbert Held INSIDE Spoofing; Spoofing Methods; Blocking Spoofed Addresses; Anti-spoofing Statements;

More information

Virtual Private Network Using Peer-to-Peer Techniques

Virtual Private Network Using Peer-to-Peer Techniques Virtual Private Network Using Peer-to-Peer Techniques Peer-to-Peer VPN Daniel Kasza Massachusetts Academy of Math and Science Abstract The low performance of traditional, client-server model based, virtual

More information

IP Address Classes (Some are Obsolete) 15-441 Computer Networking. Important Concepts. Subnetting 15-441 15-641. Lecture 8 IP Addressing & Packets

IP Address Classes (Some are Obsolete) 15-441 Computer Networking. Important Concepts. Subnetting 15-441 15-641. Lecture 8 IP Addressing & Packets Address Classes (Some are Obsolete) 15-441 15-441 Computer Networking 15-641 Class A 0 Network ID Network ID 8 16 Host ID Host ID 24 32 Lecture 8 Addressing & Packets Peter Steenkiste Fall 2013 www.cs.cmu.edu/~prs/15-441-f13

More information

The Internet. Internet Technologies and Applications

The Internet. Internet Technologies and Applications The Internet Internet Technologies and Applications Aim and Contents Aim: Review the main concepts and technologies used in the Internet Describe the real structure of the Internet today Contents: Internetworking

More information

Working with Snort Rules

Working with Snort Rules C HAPTER 3 Working with Snort Rules L ike viruses, most intruder activity has some sort of signature. Information about these signatures is used to create Snort rules. As mentioned in Chapter 1, you can

More information

ICS 351: Today's plan

ICS 351: Today's plan ICS 351: Today's plan Quiz, on overall Internet function, linux and IOS commands, network monitoring, protocols IPv4 addresses: network part and host part address masks IP interface configuration IPv6

More information

TCP/IP Network Essentials. Linux System Administration and IP Services

TCP/IP Network Essentials. Linux System Administration and IP Services TCP/IP Network Essentials Linux System Administration and IP Services Layers Complex problems can be solved using the common divide and conquer principle. In this case the internals of the Internet are

More information

1. Firewall Configuration

1. Firewall Configuration 1. Firewall Configuration A firewall is a method of implementing common as well as user defined security policies in an effort to keep intruders out. Firewalls work by analyzing and filtering out IP packets

More information

IP address format: Dotted decimal notation: 10000000 00001011 00000011 00011111 128.11.3.31

IP address format: Dotted decimal notation: 10000000 00001011 00000011 00011111 128.11.3.31 IP address format: 7 24 Class A 0 Network ID Host ID 14 16 Class B 1 0 Network ID Host ID 21 8 Class C 1 1 0 Network ID Host ID 28 Class D 1 1 1 0 Multicast Address Dotted decimal notation: 10000000 00001011

More information

QualNet 4.5 Network Emulation Interface Model Library

QualNet 4.5 Network Emulation Interface Model Library QualNet 4.5 Network Emulation Interface Model Library February 2008 Scalable Network Technologies, Inc. 6701 Center Drive West, Suite 520 Los Angeles, CA 90045 Phone: 310-338-3318 Fax: 310-338-7213 http://www.scalable-networks.com

More information

Brocade NetIron Denial of Service Prevention

Brocade NetIron Denial of Service Prevention White Paper Brocade NetIron Denial of Service Prevention This white paper documents the best practices for Denial of Service Attack Prevention on Brocade NetIron platforms. Table of Contents Brocade NetIron

More information

Exercises TCP/IP Networking. Solution. With Solutions

Exercises TCP/IP Networking. Solution. With Solutions Exercises TCP/IP Networking Solution. With Solutions Jean-Yves Le Boudec Fall 2010 Exercises marked with a were given at exams in the past. 1 Module 1: TCP/IP Architecture Exercise 1.1 Elaine is setting

More information

Firewall Stateful Inspection of ICMP

Firewall Stateful Inspection of ICMP The feature addresses the limitation of qualifying Internet Control Management Protocol (ICMP) messages into either a malicious or benign category by allowing the Cisco IOS firewall to use stateful inspection

More information

20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7

20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7 20-CS-6053-00X Network Security Spring, 2014 An Introduction To Network Security Week 1 January 7 Attacks Criminal: fraud, scams, destruction; IP, ID, brand theft Privacy: surveillance, databases, traffic

More information

L3DSR Overcoming Layer 2 Limitations of Direct Server Return Load Balancing

L3DSR Overcoming Layer 2 Limitations of Direct Server Return Load Balancing L3DSR Overcoming Layer 2 Limitations of Direct Server Return Load Balancing Jan Schaumann, Systems Architect ! E2A7 437A 7AB8 6EA1 7E1D! F6DC BF09 CDC9 E157 FAB8! Traditional or

More information

Introduction To Computer Networking

Introduction To Computer Networking Introduction To Computer Networking Alex S. 1 Introduction 1.1 Serial Lines Serial lines are generally the most basic and most common communication medium you can have between computers and/or equipment.

More information

Additional Information: A link to the conference website is available at: http://www.curtin.edu.my/cutse2008/index.html

Additional Information: A link to the conference website is available at: http://www.curtin.edu.my/cutse2008/index.html Citation: Veeramani, S. and Gopal, Lenin. 2008. Network monitoring tool, in Curtin University of Technology (ed), Curtin University of Technology Science and Engineering International Conference CUTSE

More information

Scapy. On-the-fly Packet Generation by codemonk@u-sys.org. Dienstag, 10. Januar 12

Scapy. On-the-fly Packet Generation by codemonk@u-sys.org. Dienstag, 10. Januar 12 Scapy On-the-fly Packet Generation by codemonk@u-sys.org 1 Overview Repetition of network basics Python Basics Scapy Basics Example: SYN Scan Hands-on: Traceroute Promiscuous Scan ARP Spoofing 2 Layers

More information

Internet Protocols. Background CHAPTER

Internet Protocols. Background CHAPTER CHAPTER 3 Internet Protocols Background The Internet protocols are the world s most popular open-system (nonproprietary) protocol suite because they can be used to communicate across any set of interconnected

More information

IP Filter/Firewall Setup

IP Filter/Firewall Setup CHAPTER 9 IP Filter/Firewall Setup 9.1 Introduction The IP Filter/Firewall function helps protect your local network against attack from outside. It also provides a way of restricting users on the local

More information

Introduction to Analyzer and the ARP protocol

Introduction to Analyzer and the ARP protocol Laboratory 6 Introduction to Analyzer and the ARP protocol Objetives Network monitoring tools are of interest when studying the behavior of network protocols, in particular TCP/IP, and for determining

More information

Scaling the Network: Subnetting and Other Protocols. Networking CS 3470, Section 1

Scaling the Network: Subnetting and Other Protocols. Networking CS 3470, Section 1 Scaling the Network: Subnetting and Other Protocols Networking CS 3470, Section 1 Today CIDR Subnetting Private IP addresses ICMP, IMAP, and DHCP Protocols 2 Packet Encapsulation ** Creative Commons: http://en.wikipedia.org/wiki/file:udp_encapsulation.svg

More information

Introduction to Network Security Lab 1 - Wireshark

Introduction to Network Security Lab 1 - Wireshark Introduction to Network Security Lab 1 - Wireshark Bridges To Computing 1 Introduction: In our last lecture we discussed the Internet the World Wide Web and the Protocols that are used to facilitate communication

More information

Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst

Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst INTEGRATED INTELLIGENCE CENTER Technical White Paper William F. Pelgrin, CIS President and CEO Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst This Center for Internet Security

More information

Network-Oriented Software Development. Course: CSc4360/CSc6360 Instructor: Dr. Beyah Sessions: M-W, 3:00 4:40pm Lecture 2

Network-Oriented Software Development. Course: CSc4360/CSc6360 Instructor: Dr. Beyah Sessions: M-W, 3:00 4:40pm Lecture 2 Network-Oriented Software Development Course: CSc4360/CSc6360 Instructor: Dr. Beyah Sessions: M-W, 3:00 4:40pm Lecture 2 Topics Layering TCP/IP Layering Internet addresses and port numbers Encapsulation

More information

Linux MDS Firewall Supplement

Linux MDS Firewall Supplement Linux MDS Firewall Supplement Table of Contents Introduction... 1 Two Options for Building a Firewall... 2 Overview of the iptables Command-Line Utility... 2 Overview of the set_fwlevel Command... 2 File

More information

IP Filter/Firewall Setup

IP Filter/Firewall Setup IP Filter/Firewall Setup Introduction The IP Filter/Firewall function helps protect your local network against attack from outside. It also provides a method of restricting users on the local network from

More information

Network Security TCP/IP Refresher

Network Security TCP/IP Refresher Network Security TCP/IP Refresher What you (at least) need to know about networking! Dr. David Barrera Network Security HS 2014 Outline Network Reference Models Local Area Networks Internet Protocol (IP)

More information

Ethernet and IP A slightly less introductory networking class. Drew Saunders Networking Systems Stanford University

Ethernet and IP A slightly less introductory networking class. Drew Saunders Networking Systems Stanford University Ethernet and IP A slightly less introductory networking class Drew Saunders Networking Systems Stanford University Goals of Class Slightly more in-depth knowledge of Ethernet. Internet Protocol, TCP, UDP,

More information

Internet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering

Internet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering Internet Firewall CSIS 4222 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 27: Internet Routing Ch 30: Packet filtering & firewalls

More information

Firewalls and Intrusion Detection

Firewalls and Intrusion Detection Firewalls and Intrusion Detection What is a Firewall? A computer system between the internal network and the rest of the Internet A single computer or a set of computers that cooperate to perform the firewall

More information

Understanding TCP/IP. Introduction. What is an Architectural Model? APPENDIX

Understanding TCP/IP. Introduction. What is an Architectural Model? APPENDIX APPENDIX A Introduction Understanding TCP/IP To fully understand the architecture of Cisco Centri Firewall, you need to understand the TCP/IP architecture on which the Internet is based. This appendix

More information

Denial of Service. Tom Chen SMU tchen@engr.smu.edu

Denial of Service. Tom Chen SMU tchen@engr.smu.edu Denial of Service Tom Chen SMU tchen@engr.smu.edu Outline Introduction Basics of DoS Distributed DoS (DDoS) Defenses Tracing Attacks TC/BUPT/8704 SMU Engineering p. 2 Introduction What is DoS? 4 types

More information

Strategies to Protect Against Distributed Denial of Service (DD

Strategies to Protect Against Distributed Denial of Service (DD Strategies to Protect Against Distributed Denial of Service (DD Table of Contents Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks...1 Introduction...1 Understanding the Basics

More information

Frequent Denial of Service Attacks

Frequent Denial of Service Attacks Frequent Denial of Service Attacks Aditya Vutukuri Science Department University of Auckland E-mail:avut001@ec.auckland.ac.nz Abstract Denial of Service is a well known term in network security world as

More information

Firewall Stateful Inspection of ICMP

Firewall Stateful Inspection of ICMP The feature categorizes Internet Control Management Protocol Version 4 (ICMPv4) messages as either malicious or benign. The firewall uses stateful inspection to trust benign ICMPv4 messages that are generated

More information

Guideline for setting up a functional VPN

Guideline for setting up a functional VPN Guideline for setting up a functional VPN Why do I want a VPN? VPN by definition creates a private, trusted network across an untrusted medium. It allows you to connect offices and people from around the

More information

2057-15. First Workshop on Open Source and Internet Technology for Scientific Environment: with case studies from Environmental Monitoring

2057-15. First Workshop on Open Source and Internet Technology for Scientific Environment: with case studies from Environmental Monitoring 2057-15 First Workshop on Open Source and Internet Technology for Scientific Environment: with case studies from Environmental Monitoring 7-25 September 2009 TCP/IP Networking Abhaya S. Induruwa Department

More information

CS 457 Lecture 19 Global Internet - BGP. Fall 2011

CS 457 Lecture 19 Global Internet - BGP. Fall 2011 CS 457 Lecture 19 Global Internet - BGP Fall 2011 Decision Process Calculate degree of preference for each route in Adj-RIB-In as follows (apply following steps until one route is left): select route with

More information

Passive Network Traffic Analysis: Understanding a Network Through Passive Monitoring Kevin Timm,

Passive Network Traffic Analysis: Understanding a Network Through Passive Monitoring Kevin Timm, Passive Network Traffic Analysis: Understanding a Network Through Passive Monitoring Kevin Timm, Network IDS devices use passive network monitoring extensively to detect possible threats. Through passive

More information

Chapter 28 Denial of Service (DoS) Attack Prevention

Chapter 28 Denial of Service (DoS) Attack Prevention Chapter 28 Denial of Service (DoS) Attack Prevention Introduction... 28-2 Overview of Denial of Service Attacks... 28-2 IP Options... 28-2 LAND Attack... 28-3 Ping of Death Attack... 28-4 Smurf Attack...

More information

Network Models OSI vs. TCP/IP

Network Models OSI vs. TCP/IP Network Models OSI vs. TCP/IP Network Models Using a formal model allows us to deal with various aspects of Networks abstractly. We will look at two popular models OSI reference model TCP/IP model Both

More information

IPv6 Security Analysis

IPv6 Security Analysis CENTER FOR CONVERGENCE AND EMERGING NETWORK TECHNOLOGIES CCENT School of Information Studies Syracuse University IPv6 Security Analysis TECHNICAL REPORT: T.R. 2014-002 Authored by: Jose Gonzalo Bejar (revised

More information

Stateful Firewalls. Hank and Foo

Stateful Firewalls. Hank and Foo Stateful Firewalls Hank and Foo 1 Types of firewalls Packet filter (stateless) Proxy firewalls Stateful inspection Deep packet inspection 2 Packet filter (Access Control Lists) Treats each packet in isolation

More information

Layer Four Traceroute (and related tools) A modern, flexible path-discovery solution with advanced features for network (reverse) engineers

Layer Four Traceroute (and related tools) A modern, flexible path-discovery solution with advanced features for network (reverse) engineers Layer Four Traceroute (and related tools) A modern, flexible path-discovery solution with advanced features for network (reverse) engineers So, what is path discovery and why is it important? Path discovery

More information

Scanning Tools. Scan Types. Network sweeping - Basic technique used to determine which of a range of IP addresses map to live hosts.

Scanning Tools. Scan Types. Network sweeping - Basic technique used to determine which of a range of IP addresses map to live hosts. Scanning Tools The goal of the scanning phase is to learn more information about the target environment and discover openings by interacting with that target environment. This paper will look at some of

More information