TCP/IP security. CS642: Computer Security. Professor Ristenpart h9p:// rist at cs dot wisc dot edu

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "TCP/IP security. CS642: Computer Security. Professor Ristenpart h9p://www.cs.wisc.edu/~rist/ rist at cs dot wisc dot edu"

Transcription

1 TCP/IP security CS642: Computer Security Professor Ristenpart h9p:// rist at cs dot wisc dot edu University of Wisconsin CS 642

2

3 Moving up the network stack Internet protocol and ICMP IP spoofing, fragmentakon TCP Denial of Service IP traceback, filtering University of Wisconsin CS 642

4 Internet Alice ISP1 ISP2 backbone Bob Local area network (LAN) Ethernet Internet TCP/IP BGP (border gateway protocol) DNS (domain name system)

5 Internet threat models ISP1 ISP2 backbone (1) Malicious hosts (2) Subverted routers or links (3) Malicious ISPs or backbone

6 Internet protocol stack ApplicaKon Transport Network Link HTTP, FTP, SMTP, SSH, etc. TCP, UDP IP, ICMP, IGMP 802x (802.11, Ethernet) ApplicaKon Transport Network Link Network Link ApplicaKon Transport Network Link

7 IP protocol (IPv4) ConnecKonless no state Unreliable no guarantees ICMP (Internet Control Message Protocol) error messages, etc. o\en used by tools such as ping, traceroute

8 Internet protocol stack user data ApplicaKon TCP IP Appl hdr user data Ethernet TCP hdr Appl hdr user data TCP segment IP hdr TCP hdr Appl hdr user data IP datagram ENet hdr IP hdr TCP hdr Appl hdr user data ENet tlr Ethernet frame to 1500 bytes

9 IPv4 ENet hdr IP hdr data ENet tlr Ethernet frame containing IP datagram 4- bit version 8- bit Kme to live (TTL) 4- bit hdr len 16- bit idenkficakon 8- bit type of service 8- bit protocol 3- bit flags 32- bit source IP address 32- bit desknakon IP address opkons (opkonal) 16- bit total length (in bytes) 13- bit fragmentakon offset 16- bit header checksum

10 Classless Inter- Domain roukng (CIDR) /16 a.b.c.d / x x indicates number of bits used for a roukng prefix IP addresses with same /x prefix share some porkon of route

11 From h9p://en.wikipedia.org/wiki/ipv4

12 CIDR addressing ISP1 ISP backbone Prefixes used to setup hierarchical roukng: - An organizakon assigned a.b.c.d/x - It manages addresses prefixed by a.b.c.d/x

13 RouKng ISP1 ISP backbone Autonomous systems (AS) are organizakonal building blocks - CollecKon of IP prefixes under single roukng policy - wisc.edu Within AS, might use RIP (RouKng InformaKon Protocol) Between AS, use BGP (Border Gateway Protocol)

14 Security issues with IP ISP1 ISP backbone RouKng has issues, we ll get to that later What else? - Anyone can talk to anyone - No source address authenkcakon in general

15 Denial of Service (DoS) a9acks ISP1 Backbone ISP Goal: prevent legikmate users from accessing vickm ( ) ICMP ping flood

16 ICMP (Internet Control Message Protocol) IP hdr ICMP hdr ICMP message 8- bit type 8- bit code 4- byte more of header (depends on type) 16- bit checksum message

17 ICMP (Internet Control Message Protocol) IP hdr ICMP hdr ICMP message 8- bit type (0 or 8) 16- bit idenkfier 8- bit code = 0 opkonal data 16- bit checksum 16- bit sequence number Echo request (used by ping)

18 Denial of Service (DoS) a9acks ISP1 Backbone ISP Goal is to prevent legikmate users from accessing vickm ( ) ICMP ping flood - A9acker sends ICMP pings as fast as possible to vickm - When will this work as a DoS? - How can this be prevented? Ingress filtering near vickm A9acker resources > vickm s

19 Denial of Service (DoS) a9acks ISP1 Backbone ISP ISP3 How can a9acker avoid ingress filtering? A9acker can send packet with fake source IP spoofed packet Packet will get routed correctly Replies will not Send IP packet with source: from dest: Filter based on source may be incorrect

20 DoS refleckon a9acks ISP1 Backbone ISP ISP Note a valid packet sends a reply to A9acker can bounce an a9ack against off Frame Single- packet exploit ( in foreign country)

21 Denial of Service (DoS) a9acks ISP1 Backbone ISP DoS works be9er when there is asymmetry between vickm and a9acker - A9acker uses few resources to cause vickm to consume lots of resources

22 Denial of Service (DoS) a9acks ISP1 Backbone ISP2 DoS works be9er when there is asymmetry between vickm and a9acker - A9acker uses few resources to cause vickm to consume lots of resources Old example: Smurf a9ack Router allows a9acker to send broadcast ICMP ping on network. A9acker spoofs SRC address to be

23 Denial of Service (DoS) a9acks ISP1 Short DNS request Backbone ISP Longer DNS reply More recent: DNS refleckon a9acks Send DNS request w/ spoofed target IP (~65 byte request) DNS replies sent to target (~512 byte response) ISP3 DoS works be9er when there is asymmetry between vickm and a9acker - A9acker uses few resources to cause vickm to consume lots of resources

24 Denial of Service (DoS) a9acks ISP1 Backbone ISP DoS works be9er when there is asymmetry between vickm and a9acker - A9acker uses few resources to cause vickm to consume lots of resources Big asymmetry: ping of death A single packet that causes crash on remote system Early on: ping packet with size > 65,535

25 IPv4 fragmenkng ENet hdr IP hdr data ENet tlr Ethernet frame containing IP datagram IP allows datagrams of size from 20 bytes up to bytes Some link layers only allow MTU of 1500 bytes IP figures out MTU of next link, and fragments packet if necessary into smaller chunk

26 IPv4 fragmenkng ENet hdr IP hdr data ENet tlr Ethernet frame containing IP datagram 4- bit version 8- bit Kme to live (TTL) 4- bit hdr len 16- bit idenkficakon 8- bit type of service 8- bit protocol 3- bit flags 32- bit source IP address 32- bit desknakon IP address opkons (opkonal) 16- bit total length (in bytes) 13- bit fragmentakon offset 16- bit header checksum

27 IPv4 fragmenkng ENet hdr IP hdr data ENet tlr Ethernet frame containing IP datagram 16- bit idenkficakon 3- bit flags 13- bit fragmentakon offset Source- specified unique number idenkfying datagram Flags: 0 b1 b2 Fragment offset in 8- byte units where b1 = May Fragment (0) / Don t Fragment (1) where b1 = Last Fragment (0) / More Fragments (1)

28 FragmentaKon a9acks ISP1 Backbone ISP ISP FragmentaKon abused in lots of vulnerabilikes: Ping of death: allows sending 65,536 byte packet, overflows buffer. Teardrop DoS: mangled fragmentakon crashes reconstruckon code (Set offsets so that two packets have overlapping data)

29 FragmentaKon a9acks ISP1 Backbone ISP ISP FragmentaKon abused in lots of vulnerabilikes: Ping of death: allows sending 65,536 byte packet, overflows buffer. Teardrop DoS: mangled fragmentakon crashes reconstruckon code (Set offsets so that two packets have overlapping data) Avoiding IDS systems: IDS scans packets for exploit strings; add random data into packets, overwrite later during reconstruckon due to overlapping fragments

30 How to prevent spoofing? ISP1 Backbone ISP ISP

31 Dealing with spoofing: IP traceback Spoofed IPs means we cannot know where packets came from IP traceback is problem of determining the originakon of one or more packets

32 IP traceback ISP1 Backbone ISP ISP3 IP traceback approaches: Logging each router keeps logs of packets going by Input debugging feature of routers allowing filtering egress port traffic based on ingress port. Associate egress with ingress Controlled flooding mount your own DoS on links seleckvely to see how it affects malicious flood Marking router probabiliskcally marks packets with info ICMP traceback router probabiliskcally sends ICMP packet with info to desknakon

33 Dealing with spoofing: BCP 38 Spoofed IPs means we cannot know where packets came from BCP 38 (RFC 2827): upstream ingress filtering to drop spoofed packets

34 BCP ISP1 Backbone ISP ISP3 Before forwarding on packets, check at ingress that source IP legikmate

35 BCP ISP1 Backbone ISP ISP h9p://spoofer.cmand.org/summary.php

36 Botnets and DDoS ISP1 Backbone ISP2 ISP April 27, 2007 ConKnued for weeks, with varying levels of intensity Government, banking, news, university websites Government shut down internakonal Internet conneckons

37 Internet protocol stack ApplicaKon Transport Network Link HTTP, FTP, SMTP, SSH, etc. TCP, UDP IP, ICMP, IGMP 802x (802.11, Ethernet) ApplicaKon Transport Network Link Network Link ApplicaKon Transport Network Link

38 UDP (user datagram protocol) IP hdr UDP hdr data 16- bit source port number 16- bit UDP length 16- bit desknakon port number 16- bit UDP checksum length = header len + data len

39 TCP (transport control protocol) ConnecKon- oriented state inikalized during handshake and maintained Reliability is a goal generates segments Kmeout segments that aren t ack d checksums headers, reorders received segments if necessary flow control

40 TCP (transport control protocol) IP hdr TCP hdr data 4- bit hdr len 16- bit source port number 6- bits reserved 16- bit TCP checksum 32- bit sequence number 32- bit acknowledgement number 6- bits flags opkons (opkonal) data (opkonal) 16- bit desknakon port number 16- bit window size 16- bit urgent pointer

41 TCP (transport control protocol) IP hdr TCP hdr data TCP flags: URG ACK PSH RST SYN FIN urgent pointer valid acknowledgement number valid pass data to app ASAP reset conneckon synchronize sequence # s finished sending data

42 TCP handshake Client C SYN seqc, 0 Server S SYN/ACK seqs, seqc+1 ACK seqc + 1, seqs + 1 SYN = syn flag set ACK = ack flag set x,y = x is sequence #, y is acknowledge #

43 TCP teardown Client C FIN seqc, seqs Server S ACK seqc+1 FIN seqs + 1, seqc +1 ACK seqs + 2 SYN = syn flag set ACK = ack flag set x,y = x is sequence #, y is acknowledge #

44 TCP SYN floods ISP1 Backbone ISP ISP Send lots of TCP SYN packets to maintains state for each SYN packet for some amount window of Kme If sets SRC IP to be , what does receive?

45 TCP handshake Client C SYN seqc, 0 Server S SYN/ACK seqs, secc+1 ACK seqc + 1, seqs + 1 How are secc and seqs selected? IniKal sequence numbers must vary over Kme so that different conneckons don t get confused

46 Predictable sequence numbers ISP1 Backbone ISP ISP3 4.4BSD used predictable inikal sequence numbers (ISNs) At system inikalizakon, set ISN to 1 Increment ISN by 64,000 every half- second What can a clever a9acker do? (assume spoofing possible)

47 Predictable sequence numbers ISP1 Backbone ISP ISP3 ConnecKon b/w and Forge a FIN packet from to Forge some applicakon- layer packet from to src: dst: seq#( ) FIN src: dst: seq#( ) rsh rm rf /

48 Predictable sequence numbers ISP1 Backbone ISP ISP3 Fix idea 1: Random ISN at system startup Increment by 64,000 each half second Be9er fix: Random ISN for every conneckon SKll issues: Any FIN accepted with seq# in receive window: 2 17 a9empts

49 TCP/IP security: other issues CongesKon control abuse can allow cheaper DoS No crypto We ll talk about IPsec and TLS later BGP roukng we ll talk about later DNS (mapping from IP to domain names) We ll talk about later

50 More about DoS ISP1 Backbone ISP ISP DoS is skll a big problem How big?

51 Backsca9er ISP1 Backbone ISP ISP3 Can we measure the level of DoS a9acks on Internet? If we can measure spurious packets at , we might infer something about DoS at

52 Types of responses to floods Packet sent Response from victim TCP SYN (to open port) TCP SYN/ACK TCP SYN (to closed port) TCP RST (ACK) TCP ACK TCP RST (ACK) TCP DATA TCP RST (ACK) TCP RST no response TCP NULL TCP RST (ACK) ICMP ECHO Request ICMP Echo Reply ICMP TS Request ICMP TS Reply UDP pkt (to open port) protocol dependent UDP pkt (to closed port) ICMP Port Unreach Table 1: A sample of victim responses to typical attacks. From Moore et al., Inferring Internet Denial- of- Service AcKvity

53 Internet telescopes ISP1 Backbone ISP ISP / / Setup some computers to watch traffic sent to darknets Darknet = unused routable space : 400 SYN a9acks per week 2008: 4425 SYN a9acks per 24 hours

54 PrevenKng DoS: Prolexic approach Lots of SYNs Lots of SYN/ACKs Filtering box Few ACKs Just need a beefy box to help with filtering. Companies pay Prolexic to do it for them

55

56 Hierarchical addressing Class A 0 7 bits nekd 24 bit hoskd Class B bits nekd 16 bits hoskd Class C bits nekd 8 bits hoskd Class D bits mulkcast group ID Class E bits reserved for future use

57 Anonymous single- packet a9acks ISP1 Backbone ISP ISP contains a buffer overflow in web server src: dst: HTTP/1.1 GET AAAAAAAAAAA. src: dst: HTTP/1.1 GET exploit buffer Untraceable packet of death Untraceable single- packet exploit + payload

58 IP traceback Management Network Router Distributed Post-mortem Preventative/ overhead overhead overhead capability capability reactive Ingress filtering Moderate Low Moderate N/A N/A Preventative Link testing Input debugging High Low High Good Poor Reactive Controlled flooding Low High Low Poor Poor Reactive Logging High Low High Excellent Excellent Reactive ICMP Traceback Low Low Low Good Excellent Reactive Marking Low Low Low Good Excellent Reactive From Savage et al., PracKcal Network Support for IP Traceback

Outline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg

Outline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg Outline Network Topology CSc 466/566 Computer Security 18 : Network Security Introduction Version: 2012/05/03 13:59:29 Department of Computer Science University of Arizona collberg@gmail.com Copyright

More information

Guide to Network Defense and Countermeasures Third Edition. Chapter 2 TCP/IP

Guide to Network Defense and Countermeasures Third Edition. Chapter 2 TCP/IP Guide to Network Defense and Countermeasures Third Edition Chapter 2 TCP/IP Objectives Explain the fundamentals of TCP/IP networking Describe IPv4 packet structure and explain packet fragmentation Describe

More information

Announcements. No question session this week

Announcements. No question session this week Announcements No question session this week Stretch break DoS attacks In Feb. 2000, Yahoo s router kept crashing - Engineers had problems with it before, but this was worse - Turned out they were being

More information

Networks: IP and TCP. Internet Protocol

Networks: IP and TCP. Internet Protocol Networks: IP and TCP 11/1/2010 Networks: IP and TCP 1 Internet Protocol Connectionless Each packet is transported independently from other packets Unreliable Delivery on a best effort basis No acknowledgments

More information

Network layer: Overview. Network layer functions IP Routing and forwarding

Network layer: Overview. Network layer functions IP Routing and forwarding Network layer: Overview Network layer functions IP Routing and forwarding 1 Network layer functions Transport packet from sending to receiving hosts Network layer protocols in every host, router application

More information

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP Overview Securing TCP/IP Chapter 6 TCP/IP Open Systems Interconnection Model Anatomy of a Packet Internet Protocol Security (IPSec) Web Security (HTTP over TLS, Secure-HTTP) Lecturer: Pei-yih Ting 1 2

More information

Ethernet. Ethernet. Network Devices

Ethernet. Ethernet. Network Devices Ethernet Babak Kia Adjunct Professor Boston University College of Engineering ENG SC757 - Advanced Microprocessor Design Ethernet Ethernet is a term used to refer to a diverse set of frame based networking

More information

IP address format: Dotted decimal notation: 10000000 00001011 00000011 00011111 128.11.3.31

IP address format: Dotted decimal notation: 10000000 00001011 00000011 00011111 128.11.3.31 IP address format: 7 24 Class A 0 Network ID Host ID 14 16 Class B 1 0 Network ID Host ID 21 8 Class C 1 1 0 Network ID Host ID 28 Class D 1 1 1 0 Multicast Address Dotted decimal notation: 10000000 00001011

More information

What is a DoS attack?

What is a DoS attack? CprE 592-YG Computer and Network Forensics Log-based Signature Analysis Denial of Service Attacks - from analyst s point of view Yong Guan 3216 Coover Tel: (515) 294-8378 Email: guan@ee.iastate.edu October

More information

Overview of TCP/IP. TCP/IP and Internet

Overview of TCP/IP. TCP/IP and Internet Overview of TCP/IP System Administrators and network administrators Why networking - communication Why TCP/IP Provides interoperable communications between all types of hardware and all kinds of operating

More information

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. Course Name: TCP/IP Networking Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. TCP/IP is the globally accepted group of protocols

More information

Chapter 8 Security Pt 2

Chapter 8 Security Pt 2 Chapter 8 Security Pt 2 IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross,

More information

CS5008: Internet Computing

CS5008: Internet Computing CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is

More information

Network reconnaissance and IDS

Network reconnaissance and IDS Network reconnaissance and IDS CS642: Computer Security Professor Ristenpart h9p://www.cs.wisc.edu/~rist/ rist at cs dot wisc dot edu University of Wisconsin CS 642 Let s play over the network Target

More information

How do I get to www.randomsite.com?

How do I get to www.randomsite.com? Networking Primer* *caveat: this is just a brief and incomplete introduction to networking to help students without a networking background learn Network Security. How do I get to www.randomsite.com? Local

More information

Security: Attack and Defense

Security: Attack and Defense Security: Attack and Defense Aaron Hertz Carnegie Mellon University Outline! Breaking into hosts! DOS Attacks! Firewalls and other tools 15-441 Computer Networks Spring 2003 Breaking Into Hosts! Guessing

More information

CSCE 465 Computer & Network Security

CSCE 465 Computer & Network Security CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Vulnerability Analysis 1 Roadmap Why vulnerability analysis? Example: TCP/IP related vulnerabilities

More information

IP addressing and forwarding Network layer

IP addressing and forwarding Network layer The Internet Network layer Host, router network layer functions: IP addressing and forwarding Network layer Routing protocols path selection RIP, OSPF, BGP Transport layer: TCP, UDP forwarding table IP

More information

Transport Layer Protocols

Transport Layer Protocols Transport Layer Protocols Version. Transport layer performs two main tasks for the application layer by using the network layer. It provides end to end communication between two applications, and implements

More information

A Very Incomplete Diagram of Network Attacks

A Very Incomplete Diagram of Network Attacks A Very Incomplete Diagram of Network Attacks TCP/IP Stack Reconnaissance Spoofing Tamper DoS Internet Transport Application HTTP SMTP DNS TCP UDP IP ICMP Network/Link 1) HTML/JS files 2)Banner Grabbing

More information

8.2 The Internet Protocol

8.2 The Internet Protocol TCP/IP Protocol Suite HTTP SMTP DNS RTP Distributed applications Reliable stream service TCP UDP User datagram service Best-effort connectionless packet transfer Network Interface 1 IP Network Interface

More information

FIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others

FIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others FIREWALLS FIREWALLS Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others FIREWALLS: WHY Prevent denial of service attacks: SYN flooding: attacker

More information

A1.1.1.11.1.1.2 1.1.1.3S B

A1.1.1.11.1.1.2 1.1.1.3S B CS Computer 640: Network AdityaAkella Lecture Introduction Networks Security 25 to Security DoS Firewalls and The D-DoS Vulnerabilities Road Ahead Security Attacks Protocol IP ICMP Routing TCP Security

More information

2057-15. First Workshop on Open Source and Internet Technology for Scientific Environment: with case studies from Environmental Monitoring

2057-15. First Workshop on Open Source and Internet Technology for Scientific Environment: with case studies from Environmental Monitoring 2057-15 First Workshop on Open Source and Internet Technology for Scientific Environment: with case studies from Environmental Monitoring 7-25 September 2009 TCP/IP Networking Abhaya S. Induruwa Department

More information

CIT 380: Securing Computer Systems

CIT 380: Securing Computer Systems CIT 380: Securing Computer Systems Scanning CIT 380: Securing Computer Systems Slide #1 Topics 1. Port Scanning 2. Stealth Scanning 3. Version Identification 4. OS Fingerprinting 5. Vulnerability Scanning

More information

Chapter 8 Network Security

Chapter 8 Network Security [Computer networking, 5 th ed., Kurose] Chapter 8 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 84Securing 8.4 e-mail 8.5 Securing TCP connections: SSL 8.6 Network

More information

Attack and Defense Techniques

Attack and Defense Techniques Network Security Attack and Defense Techniques Anna Sperotto, Ramin Sadre Design and Analysis of Communication Networks (DACS) University of Twente The Netherlands Attack Taxonomy Many different kind of

More information

Introduction to TCP/IP

Introduction to TCP/IP Introduction to TCP/IP Raj Jain The Ohio State University Columbus, OH 43210 Nayna Networks Milpitas, CA 95035 Email: Jain@ACM.Org http://www.cis.ohio-state.edu/~jain/ 1 Overview! Internetworking Protocol

More information

Abstract. Introduction. Section I. What is Denial of Service Attack?

Abstract. Introduction. Section I. What is Denial of Service Attack? Abstract In this report, I am describing the main types of DoS attacks and their effect on computer and network environment. This report will form the basis of my forthcoming report which will discuss

More information

IP Network Layer. Datagram ID FLAG Fragment Offset. IP Datagrams. IP Addresses. IP Addresses. CSCE 515: Computer Network Programming TCP/IP

IP Network Layer. Datagram ID FLAG Fragment Offset. IP Datagrams. IP Addresses. IP Addresses. CSCE 515: Computer Network Programming TCP/IP CSCE 515: Computer Network Programming TCP/IP IP Network Layer Wenyuan Xu Department of Computer Science and Engineering University of South Carolina IP Datagrams IP is the network layer packet delivery

More information

Solution of Exercise Sheet 5

Solution of Exercise Sheet 5 Foundations of Cybersecurity (Winter 15/16) Prof. Dr. Michael Backes CISPA / Saarland University saarland university computer science Protocols = {????} Client Server IP Address =???? IP Address =????

More information

TECHNICAL NOTE 06/02 RESPONSE TO DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS

TECHNICAL NOTE 06/02 RESPONSE TO DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS TECHNICAL NOTE 06/02 RESPONSE TO DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS 2002 This paper was previously published by the National Infrastructure Security Co-ordination Centre (NISCC) a predecessor

More information

Chapter 3: Review of Important Networking Concepts. Magda El Zarki Dept. of CS UC Irvine elzarki@uci.edu http://www.ics.uci.

Chapter 3: Review of Important Networking Concepts. Magda El Zarki Dept. of CS UC Irvine elzarki@uci.edu http://www.ics.uci. Chapter 3: Review of Important Networking Concepts Magda El Zarki Dept. of CS UC Irvine elzarki@uci.edu http://www.ics.uci.edu/~magda 1 Networking Concepts Protocol Architecture Protocol Layers Encapsulation

More information

CS155: Computer and Network Security

CS155: Computer and Network Security CS155: Computer and Network Security Programming Project 3 Spring 2005 Shayan Guha sguha05@stanford.edu (with many slides borrowed from Matt Rubens) Project Overview 1) Use standard network monitoring

More information

DHCP, ICMP, IPv6. Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley DHCP. DHCP UDP IP Eth Phy

DHCP, ICMP, IPv6. Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley DHCP. DHCP UDP IP Eth Phy , ICMP, IPv6 UDP IP Eth Phy UDP IP Eth Phy Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley Some materials copyright 1996-2012 J.F Kurose and K.W. Ross, All Rights

More information

Lecture 6: Network Attacks II. Course Admin

Lecture 6: Network Attacks II. Course Admin Lecture 6: Network Attacks II CS 336/536: Computer Network Security Fall 2014 Nitesh Saxena Adopted from previous lectures by Keith Ross, and Gene Tsudik Course Admin HW/Lab 1 We are grading (should return

More information

Attack and Defense Techniques

Attack and Defense Techniques Network Security Attack and Defense Techniques Anna Sperotto (with material from Ramin Sadre) Design and Analysis of Communication Networks (DACS) University of Twente The Netherlands Attacks! Many different

More information

Chapter 4 Network Layer

Chapter 4 Network Layer Chapter 4 Network Layer A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you can add, modify, and delete

More information

Lecture Computer Networks

Lecture Computer Networks Prof. Dr. H. P. Großmann mit M. Rabel sowie H. Hutschenreiter und T. Nau Sommersemester 2012 Institut für Organisation und Management von Informationssystemen Thomas Nau, kiz Lecture Computer Networks

More information

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology Port Scanning and Vulnerability Assessment ECE4893 Internetwork Security Georgia Institute of Technology Agenda Reconnaissance Scanning Network Mapping OS detection Vulnerability assessment Reconnaissance

More information

Network Security. Chapter 3. Cornelius Diekmann. Version: October 21, 2015. Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik

Network Security. Chapter 3. Cornelius Diekmann. Version: October 21, 2015. Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik Network Security Chapter 3 Cornelius Diekmann Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik Version: October 21, 2015 IN2101, WS 15/16, Network Security 1 Security Policies and

More information

CYBER ATTACKS EXPLAINED: PACKET CRAFTING

CYBER ATTACKS EXPLAINED: PACKET CRAFTING CYBER ATTACKS EXPLAINED: PACKET CRAFTING Protect your FOSS-based IT infrastructure from packet crafting by learning more about it. In the previous articles in this series, we explored common infrastructure

More information

Networking Attacks: Link-, IP-, and TCP-layer attacks. CS 161: Computer Security Prof. David Wagner

Networking Attacks: Link-, IP-, and TCP-layer attacks. CS 161: Computer Security Prof. David Wagner Networking Attacks: Link-, IP-, and TCP-layer attacks CS 161: Computer Security Prof. David Wagner February 28, 2013 General Communication Security Goals: CIA! Confidentiality: No one can read our data

More information

Networking Overview. (as usual, thanks to Dave Wagner and Vern Paxson)

Networking Overview. (as usual, thanks to Dave Wagner and Vern Paxson) Networking Overview (as usual, thanks to Dave Wagner and Vern Paxson) Focus For This Lecture Sufficient background in networking to then explore security issues in next few lectures Networking = the Internet

More information

IP - The Internet Protocol

IP - The Internet Protocol Orientation IP - The Internet Protocol IP (Internet Protocol) is a Network Layer Protocol. IP s current version is Version 4 (IPv4). It is specified in RFC 891. TCP UDP Transport Layer ICMP IP IGMP Network

More information

TCP/IP Security Problems. History that still teaches

TCP/IP Security Problems. History that still teaches TCP/IP Security Problems History that still teaches 1 remote login without a password rsh and rcp were programs that allowed you to login from a remote site without a password The.rhosts file in your home

More information

ACHILLES CERTIFICATION. SIS Module SLS 1508

ACHILLES CERTIFICATION. SIS Module SLS 1508 ACHILLES CERTIFICATION PUBLIC REPORT Final DeltaV Report SIS Module SLS 1508 Disclaimer Wurldtech Security Inc. retains the right to change information in this report without notice. Wurldtech Security

More information

Security Technology White Paper

Security Technology White Paper Security Technology White Paper Issue 01 Date 2012-10-30 HUAWEI TECHNOLOGIES CO., LTD. 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without

More information

Denial of Service. Tom Chen SMU tchen@engr.smu.edu

Denial of Service. Tom Chen SMU tchen@engr.smu.edu Denial of Service Tom Chen SMU tchen@engr.smu.edu Outline Introduction Basics of DoS Distributed DoS (DDoS) Defenses Tracing Attacks TC/BUPT/8704 SMU Engineering p. 2 Introduction What is DoS? 4 types

More information

1. Firewall Configuration

1. Firewall Configuration 1. Firewall Configuration A firewall is a method of implementing common as well as user defined security policies in an effort to keep intruders out. Firewalls work by analyzing and filtering out IP packets

More information

Security vulnerabilities in the Internet and possible solutions

Security vulnerabilities in the Internet and possible solutions Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in

More information

Internet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering

Internet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering Internet Firewall CSIS 4222 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 27: Internet Routing Ch 30: Packet filtering & firewalls

More information

OLD VULNERABILITIES IN NEW PROTOCOLS? HEADACHES ABOUT IPV6 FRAGMENTS

OLD VULNERABILITIES IN NEW PROTOCOLS? HEADACHES ABOUT IPV6 FRAGMENTS OLD VULNERABILITIES IN NEW PROTOCOLS? HEADACHES ABOUT IPV6 FRAGMENTS Eric Vyncke (@evyncke) Cisco Session ID: ARCH W01 Session Classification: Advanced Agenda Status of WorldWide IPv6 Deployment IPv6 refresher:

More information

CS 43: Computer Networks IP. Kevin Webb Swarthmore College November 5, 2013

CS 43: Computer Networks IP. Kevin Webb Swarthmore College November 5, 2013 CS 43: Computer Networks IP Kevin Webb Swarthmore College November 5, 2013 Reading Quiz IP datagram format IP protocol version number header length (bytes) type of data max number remaining hops (decremented

More information

Internet Protocol: IP packet headers. vendredi 18 octobre 13

Internet Protocol: IP packet headers. vendredi 18 octobre 13 Internet Protocol: IP packet headers 1 IPv4 header V L TOS Total Length Identification F Frag TTL Proto Checksum Options Source address Destination address Data (payload) Padding V: Version (IPv4 ; IPv6)

More information

Introduction to Cisco IOS Flexible NetFlow

Introduction to Cisco IOS Flexible NetFlow Introduction to Cisco IOS Flexible NetFlow Last updated: September 2008 The next-generation in flow technology allowing optimization of the network infrastructure, reducing operation costs, improving capacity

More information

Internet Firewall CSIS 3230. Internet Firewall. Spring 2012 CSIS 4222. net13 1. Firewalls. Stateless Packet Filtering

Internet Firewall CSIS 3230. Internet Firewall. Spring 2012 CSIS 4222. net13 1. Firewalls. Stateless Packet Filtering Internet Firewall CSIS 3230 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 8.8: Packet filtering, firewalls, intrusion detection Ch

More information

Introduction to IP networking

Introduction to IP networking DD2395 p2 2011 Introduction to IP networking Olof Hagsand KTH CSC 1 Example: Packet transfer www.server.org An end host requests a web-page from a server via a local-area network The aim of this lecture

More information

Understanding Layer 2, 3, and 4 Protocols

Understanding Layer 2, 3, and 4 Protocols 2 Understanding Layer 2, 3, and 4 Protocols While many of the concepts well known to traditional Layer 2 and Layer 3 networking still hold true in content switching applications, the area introduces new

More information

TCP Performance Management for Dummies

TCP Performance Management for Dummies TCP Performance Management for Dummies Nalini Elkins Inside Products, Inc. Monday, August 8, 2011 Session Number 9285 Our SHARE Sessions Orlando 9285: TCP/IP Performance Management for Dummies Monday,

More information

Lecture 5: Network Attacks I. Course Admin

Lecture 5: Network Attacks I. Course Admin Lecture 5: Network Attacks I CS 336/536: Computer Network Security Fall 2013 Nitesh Saxena Adopted from previous lectures by Keith Ross Course Admin HW/Lab 1 Due Coming Monday 11am Lab sessions are active

More information

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall.

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall. Firewalls 1 Firewalls Idea: separate local network from the Internet Trusted hosts and networks Firewall Intranet Router DMZ Demilitarized Zone: publicly accessible servers and networks 2 1 Castle and

More information

Technical Support Information Belkin internal use only

Technical Support Information Belkin internal use only The fundamentals of TCP/IP networking TCP/IP (Transmission Control Protocol / Internet Protocols) is a set of networking protocols that is used for communication on the Internet and on many other networks.

More information

co Characterizing and Tracing Packet Floods Using Cisco R

co Characterizing and Tracing Packet Floods Using Cisco R co Characterizing and Tracing Packet Floods Using Cisco R Table of Contents Characterizing and Tracing Packet Floods Using Cisco Routers...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1

More information

Cisco Configuring Commonly Used IP ACLs

Cisco Configuring Commonly Used IP ACLs Table of Contents Configuring Commonly Used IP ACLs...1 Introduction...1 Prerequisites...2 Hardware and Software Versions...3 Configuration Examples...3 Allow a Select Host to Access the Network...3 Allow

More information

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1 Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 roadmap 1 What is network security? 2 Principles of cryptography 3 Message integrity, authentication

More information

Network and Services Discovery

Network and Services Discovery A quick theorical introduction to network scanning January 8, 2016 Disclaimer/Intro Disclaimer/Intro Network scanning is not exact science When an information system is able to interact over the network

More information

The International Conference for High Performance Computing, Networking, Storage and Analysis

The International Conference for High Performance Computing, Networking, Storage and Analysis The International Conference for High Performance Computing, Networking, Storage and Analysis SC12 9500 attendees 350+ corporate exhibitors in 150,000 ft2 of space 7 days of tutorials, workshops, technical

More information

Classful IP Addressing. Classless Addressing: CIDR. Routing & Forwarding: Logical View of a Router. IP Addressing: Basics

Classful IP Addressing. Classless Addressing: CIDR. Routing & Forwarding: Logical View of a Router. IP Addressing: Basics Switching and Forwarding Switching and Forwarding Generic Router rchitecture Forwarding Tables: ridges/layer Switches; VLN Routers and Layer 3 Switches Forwarding in Layer 3 (Network Layer) Network Layer

More information

Algorithms and Techniques Used for Auto-discovery of Network Topology, Assets and Services

Algorithms and Techniques Used for Auto-discovery of Network Topology, Assets and Services Algorithms and Techniques Used for Auto-discovery of Network Topology, Assets and Services CS4983 Senior Technical Report Brian Chown 0254624 Faculty of Computer Science University of New Brunswick Canada

More information

Brocade NetIron Denial of Service Prevention

Brocade NetIron Denial of Service Prevention White Paper Brocade NetIron Denial of Service Prevention This white paper documents the best practices for Denial of Service Attack Prevention on Brocade NetIron platforms. Table of Contents Brocade NetIron

More information

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall Chapter 10 Firewall Firewalls are devices used to protect a local network from network based security threats while at the same time affording access to the wide area network and the internet. Basically,

More information

CS155 - Firewalls. Simon Cooper <sc@sgi.com> CS155 Firewalls 22 May 2003

CS155 - Firewalls. Simon Cooper <sc@sgi.com> CS155 Firewalls 22 May 2003 CS155 - Firewalls Simon Cooper CS155 Firewalls 22 May 2003 1 Why Firewalls? Need for the exchange of information; education, business, recreation, social and political Need to do something

More information

VLAN und MPLS, Firewall und NAT,

VLAN und MPLS, Firewall und NAT, Internet-Technologien (CS262) VLAN und MPLS, Firewall und NAT, 15.4.2015 Christian Tschudin Departement Mathematik und Informatik, Universität Basel 6-1 Wiederholung Unterschied CSMA/CD und CSMA/CA? Was

More information

Gary Hecht Computer Networking (IP Addressing, Subnet Masks, and Packets)

Gary Hecht Computer Networking (IP Addressing, Subnet Masks, and Packets) Gary Hecht Computer Networking (IP Addressing, Subnet Masks, and Packets) The diagram below illustrates four routers on the Internet backbone along with two companies that have gateways for their internal

More information

Firewall Implementation

Firewall Implementation CS425: Computer Networks Firewall Implementation Ankit Kumar Y8088 Akshay Mittal Y8056 Ashish Gupta Y8410 Sayandeep Ghosh Y8465 October 31, 2010 under the guidance of Prof. Dheeraj Sanghi Department of

More information

IP and OSI Network Layer 3. Security Problems. Agenda. IP Related Protocols. L91B - Security Problems in TCP/IP. L91B - Security Problems in TCP/IP

IP and OSI Network Layer 3. Security Problems. Agenda. IP Related Protocols. L91B - Security Problems in TCP/IP. L91B - Security Problems in TCP/IP IP and OSI Network Layer 3 Layer 3 Protocol = IP Layer 3 Routing Protocols = RIP, OSPF, EIGRP, BGP IP Host A IP Host B Security Problems Router 1 IP Router 2 IP IP 3 3 3 3 3 3 TCP/IP Level M M 2065, D.I.

More information

Host Fingerprinting and Firewalking With hping

Host Fingerprinting and Firewalking With hping Host Fingerprinting and Firewalking With hping Naveed Afzal National University Of Computer and Emerging Sciences, Lahore, Pakistan Email: 1608@nu.edu.pk Naveedafzal gmail.com Abstract: The purpose

More information

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015) s (March 4, 2015) Abdou Illia Spring 2015 Test your knowledge Which of the following is true about firewalls? a) A firewall is a hardware device b) A firewall is a software program c) s could be hardware

More information

Network layer" 1DT066! Distributed Information Systems!! Chapter 4" Network Layer!! goals: "

Network layer 1DT066! Distributed Information Systems!! Chapter 4 Network Layer!! goals: 1DT066! Distributed Information Systems!! Chapter 4" Network Layer!! Network layer" goals: "! understand principles behind layer services:" " layer service models" " forwarding versus routing" " how a

More information

CSE331: Introduction to Networks and Security. Lecture 12 Fall 2006

CSE331: Introduction to Networks and Security. Lecture 12 Fall 2006 CSE331: Introduction to Networks and Security Lecture 12 Fall 2006 Announcements Midterm I will be held Friday, Oct. 6th. True/False Multiple Choice Calculation Short answer Short essay Project 2 is on

More information

Defending Computer Networks Lecture 6: TCP and Scanning. Stuart Staniford Adjunct Professor of Computer Science

Defending Computer Networks Lecture 6: TCP and Scanning. Stuart Staniford Adjunct Professor of Computer Science Defending Computer Networks Lecture 6: TCP and Scanning Stuart Staniford Adjunct Professor of Computer Science Logis;cs HW1 due tomorrow First quiz will be Tuesday September 23 rd. Half hour quiz at start

More information

Frequent Denial of Service Attacks

Frequent Denial of Service Attacks Frequent Denial of Service Attacks Aditya Vutukuri Science Department University of Auckland E-mail:avut001@ec.auckland.ac.nz Abstract Denial of Service is a well known term in network security world as

More information

Firewalls N E T W O R K ( A N D D ATA ) S E C U R I T Y 2 01 5 / 2 01 6 P E D R O B R A N D Ã O M A N U E L E D U A R D O C O R R E I A

Firewalls N E T W O R K ( A N D D ATA ) S E C U R I T Y 2 01 5 / 2 01 6 P E D R O B R A N D Ã O M A N U E L E D U A R D O C O R R E I A Firewalls N E T W O R K ( A N D D ATA ) S E C U R I T Y 2 01 5 / 2 01 6 P E D R O B R A N D Ã O M A N U E L E D U A R D O C O R R E I A Slides are based on slides by Dr Lawrie Brown (UNSW@ADFA) for Computer

More information

IP Address Classes (Some are Obsolete) 15-441 Computer Networking. Important Concepts. Subnetting 15-441 15-641. Lecture 8 IP Addressing & Packets

IP Address Classes (Some are Obsolete) 15-441 Computer Networking. Important Concepts. Subnetting 15-441 15-641. Lecture 8 IP Addressing & Packets Address Classes (Some are Obsolete) 15-441 15-441 Computer Networking 15-641 Class A 0 Network ID Network ID 8 16 Host ID Host ID 24 32 Lecture 8 Addressing & Packets Peter Steenkiste Fall 2013 www.cs.cmu.edu/~prs/15-441-f13

More information

Denial of Service (DoS) attacks and countermeasures. Pier Luigi Rotondo IT Specialist IBM Rome Tivoli Laboratory

Denial of Service (DoS) attacks and countermeasures. Pier Luigi Rotondo IT Specialist IBM Rome Tivoli Laboratory Denial of Service (DoS) attacks and countermeasures Pier Luigi Rotondo IT Specialist IBM Rome Tivoli Laboratory Definitions of DoS/DDoS attacks Denial of Service is the prevention of authorised access

More information

Protocol Rollback and Network Security

Protocol Rollback and Network Security CSE 484 / CSE M 584 (Spring 2012) Protocol Rollback and Network Security Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee,

More information

Firewall Firewall August, 2003

Firewall Firewall August, 2003 Firewall August, 2003 1 Firewall and Access Control This product also serves as an Internet firewall, not only does it provide a natural firewall function (Network Address Translation, NAT), but it also

More information

IP Subnetting and Addressing

IP Subnetting and Addressing Indian Institute of Technology Kharagpur IP Subnetting and Addressing Prof Indranil Sengupta Computer Science and Engineering Indian Institute of Technology Kharagpur Lecture 6: IP Subnetting and Addressing

More information

CS 457 Lecture 19 Global Internet - BGP. Fall 2011

CS 457 Lecture 19 Global Internet - BGP. Fall 2011 CS 457 Lecture 19 Global Internet - BGP Fall 2011 Decision Process Calculate degree of preference for each route in Adj-RIB-In as follows (apply following steps until one route is left): select route with

More information

Implementing Secure Converged Wide Area Networks (ISCW)

Implementing Secure Converged Wide Area Networks (ISCW) Implementing Secure Converged Wide Area Networks (ISCW) 1 Mitigating Threats and Attacks with Access Lists Lesson 7 Module 5 Cisco Device Hardening 2 Module Introduction The open nature of the Internet

More information

Dos & DDoS Attack Signatures (note supplied by Steve Tonkovich of CAPTUS NETWORKS)

Dos & DDoS Attack Signatures (note supplied by Steve Tonkovich of CAPTUS NETWORKS) Dos & DDoS Attack Signatures (note supplied by Steve Tonkovich of CAPTUS NETWORKS) Signature based IDS systems use these fingerprints to verify that an attack is taking place. The problem with this method

More information

Networking Test 4 Study Guide

Networking Test 4 Study Guide Networking Test 4 Study Guide True/False Indicate whether the statement is true or false. 1. IPX/SPX is considered the protocol suite of the Internet, and it is the most widely used protocol suite in LANs.

More information

The Transport Layer and Implica4ons for Network Monitoring. CS 410/510 Spring 2014

The Transport Layer and Implica4ons for Network Monitoring. CS 410/510 Spring 2014 The Transport Layer and Implica4ons for Network Monitoring CS 410/510 Spring 2014 Review Preliminaries: Three Principles of Informa4on Security The Three A s Review: Network Protocol Stacks Review: Network

More information

Session Hijacking Exploiting TCP, UDP and HTTP Sessions

Session Hijacking Exploiting TCP, UDP and HTTP Sessions Session Hijacking Exploiting TCP, UDP and HTTP Sessions Shray Kapoor shray.kapoor@gmail.com Preface With the emerging fields in e-commerce, financial and identity information are at a higher risk of being

More information

TCP/IP Fundamentals. OSI Seven Layer Model & Seminar Outline

TCP/IP Fundamentals. OSI Seven Layer Model & Seminar Outline OSI Seven Layer Model & Seminar Outline TCP/IP Fundamentals This seminar will present TCP/IP communications starting from Layer 2 up to Layer 4 (TCP/IP applications cover Layers 5-7) IP Addresses Data

More information

UNDERSTANDING FIREWALLS TECHNICAL NOTE 10/04

UNDERSTANDING FIREWALLS TECHNICAL NOTE 10/04 UNDERSTANDING FIREWALLS TECHNICAL NOTE 10/04 REVISED 23 FEBRUARY 2005 This paper was previously published by the National Infrastructure Security Co-ordination Centre (NISCC) a predecessor organisation

More information

CS 356 Lecture 16 Denial of Service. Spring 2013

CS 356 Lecture 16 Denial of Service. Spring 2013 CS 356 Lecture 16 Denial of Service Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter

More information

DDoS Mitigation Techniques

DDoS Mitigation Techniques DDoS Mitigation Techniques Ron Winward, ServerCentral CHI-NOG 03 06/14/14 Consistent Bottlenecks in DDoS Attacks 1. The server that is under attack 2. The firewall in front of the network 3. The internet

More information

Denial Of Service. Types of attacks

Denial Of Service. Types of attacks Denial Of Service The goal of a denial of service attack is to deny legitimate users access to a particular resource. An incident is considered an attack if a malicious user intentionally disrupts service

More information