CIT 480: Securing Computer Systems. TCP/IP Security

Size: px
Start display at page:

Download "CIT 480: Securing Computer Systems. TCP/IP Security"

Transcription

1 CIT 480: Securing Computer Systems TCP/IP Security

2 Topics 1. Internet Protocol (IP) 2. IP Spoofing and Other Vulnerabilities 3. ICMP 4. Transmission Control Protocol (TCP) 5. TCP Session Hijacking 6. UDP

3 Internet Protocol (IP) Connectionless Each packet is transported independently from other packets Unreliable Delivery on a best effort basis No acknowledgments Packets may be lost, reordered, corrupted, or duplicated IP packets Encapsulate TCP and UDP packets Encapsulated into link-layer frames Data link frame IP packet TCP or UDP packet

4 IP Addresses 32-bit integers that identify machine on net Dotted decimal notation: ii.jj.kk.ll DNS translates names to IP addresses byte 32 bits = 4 bytes IPv6 addresses are 128-bit integers written like 2001:0db8:0000:0000:0000:ff00:0042:8329

5

6 Network Address Translation Uses public IP addr to represent private IP. Translates source IP in outgoing packets. Translates dest IP in incoming packets. Router keeps table of translations.

7 IP Address Geolocation ISPs get blocks of IP addresses from ARIN. ARIN database records where IP addresses are. Application layer and time data may help reveal details. Check for your location.

8 IP Header

9 IP Routing A router bridges two or more networks Operates at the network layer. Maintains tables to forward packets to the appropriate network. Forwarding decisions based solely on the destination address. Routing table Maps ranges of IP addresses to LANs or other gateway routers.

10 IP Routing Same IP address at each hop used to route data packet. New MAC address at each hop

11 IP Vulnerabilities 1. Unencrypted transmission Eavesdropping possible at any intermediate host during routing. 2. No source authentication Sender can spoof source address, making it difficult to trace packet back to attacker. 3. No integrity checking Entire packet, header and payload, can be modified while en route to destination, enabling content forgeries, redirections, and man-in-the-middle attacks. 4. No bandwidth constraints Large number of packets can be sent to DoS target.

12 IP Spoofing IP Spoofing is an attempt by an intruder to send packets from one IP address that appear to originate at another. If victim trusts spoofed IP, then attacker trusted. Tracking down attack leads to spoofed IP. Two basic forms of IP Spoofing Blind Spoofing can be used from any source. Non-Blind Spoofing must be on same subnet.

13 Blind Spoofing Attacker cannot see response packets, but Some attacks, like DoS do not want to receive response packets, and Some responses can be guessed sufficiently accurately to carry on conversation, such as TCP hijacking attacks.

14 Network Tests with ICMP Internet Control Message Protocol (ICMP) Used for network testing and debugging. Simple messages encapsulated in single IP packets. Considered a network layer protocol. ICMP-based Network Testing Tools ping: sends echo request messages and provides statistics on roundtrip times and packet loss. traceroute: sends series of ICMP packets with increasing TTL value to discover routes.

15 ICMP DoS Attacks Ping of death ICMP specifies messages must fit a single IP packet (64KB). Send a ping packet that exceeds maximum size using IP fragmentation. Reassembled packet caused several operating systems to crash due to a buffer overflow. Smurf Ping a broadcast address using a spoofed source address. Large number of responses sent to target whose address was spoofed.

16 Smurf Attack Amplifying Network echo response echo request echo response Attacker echo response Victim

17 TCP: Transmission Control Protocol Connection-oriented Must establish connection before sending data. 3-way handshake. Reliable byte-stream TCP decides how to divide stream into packets. ACK, timeout, retransmit, reordering. 16-bit source and destination ports. FTP(21), HTTP(80), POP(110), SMTP(25) Slide #17

18 TCP Reliability 1. Breaks data into best-sized chunks. 2. After sending segment, maintains timer; if no ACK within time limit, resends segment. 3. Sends ACK on receipt of packets. 4. Discards pkts on bad checkum of header and data. 5. Receiver resequences TCP segments, based on sequence numbers, allowing data to be reassembled correctly no matter what order. 6. Receiver discards duplicate segments. 7. Flow control: only sends as much data as receiver can process. Slide #18

19 TCP Header Slide #19

20 TCP Connection Establishment TCP 3-Way Handshake Slide #20

21 SYN Floods Create many half-open connections to target Send SYN packet Ignore SYN+ACK response (May spoof invalid source IP address for each SYN) Target connection table fills up, resulting in DoS 3 minute timeout for final ACK all new TCP connections refused Defenses Micro-connections (allocate few resources til see ACK) SYN cookies store state in TCP ISN, not on server

22 TCP Connection Termination

23 TCP Session Killing RST Need one valid TCP sequence number. Send RST segment with spoofed IP address and valid sequence number. May need to send multiple RST s in case host receives TCP segment with your chosen sequence number before your RST segment. FIN Need valid TCP sequence + ACK numbers. Send FIN+ACK segment with spoofed IP address to terminate session. Receive FIN packet in response, verifying kill if successful.

24 TCP Session Hijacking A TCP session hijacking attack is when an attacker takes control of an existing TCP session. The attacker must be able to Spoof IP address of one side of connection. Predict TCP sequence numbers. Gives threat access to authenticated sessions. Defenses: Random initial TCP sequence numbers. Use encrypted protocols like SSH, so attacker cannot interact with system due to inability to send properly encrypted traffic.

25 TCP Session Hijacking Steps 1. Guess TCP sequence numbers used in current session between two hosts. 2. Create desynchronized state so neither side of connection can talk to the other. 3. Send packet with correct SN + ACK with spoofed client IP address to server, containing attack.

26 ACK Storm Noisy side effect of TCP session hijacking. Both client and server ACK unacceptable packets with expected sequence number. Each ACK is also unacceptable and generates another ACK response. If network drops packet, no response made. ACK storms create network congestion, leading to many dropped packets.

27 Covert Channels in TCP/IP Covert channels enable communication using techniques not meant for information exchange. Possible techniques include: Timing of packets (temporal channel). Size of packets. Unused header fields (header bit modulation). Hiding data in packet body. Covert channels may be able to be detected by Too many packets of certain protocols (ICMP, DNS) Too large packets from certain protocols Multiple response packets for protocols like ICMP, DNS

28 Port Knocking Port knocking is a method of opening ports by making connections to a set of unused ports in a specified sequence. Fairly secure against brute force attacks since there are k combinations, where k is the number of ports knocked Susceptible to replay attacks. If a port knock is sniffed, then attacker can replay the knock. Used to hide ports from network scans. Can be used by defenders and attackers.

29 User Datagram Protocol (UDP) Stateless, unreliable layer 4 protocol. Runs on top of IP. Trades reliability for speed. Applications Streaming audio/video. TFTP (builds simple state on top of UDP.) DNS.

30 UDP Header Slide #30

31 Key Points 1. IP addresses seen by recipient unlike MAC NAT hides many IP addresses behind one. 2. IP spoofing Blind: do not see responses. Non-blind: use sniffer to see responses. 3. Technical DoS: ping of death, smurf, SYN flood 4. TCP session hijacking seizes authenticated session Guess TCP sequence numbers based on ISN. Desynchronize existing TCP session. Threat resynchronizes with server, seizing control. 5. Cannot hijack encrypted sessions like ssh.

32 References 1. Carna Botnet, Internet Census 2012, aper.html, Goodrich and Tammasia, Introduction to Computer Security, Pearson, Richard Stevens, TCP/IP Illustrated, Vol. 1, Addison-Wesley, 1994.

33 Released under CC BY-SA 3.0 This presentation is released under the Creative Commons Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0) license You are free: to Share to copy and redistribute the material in any medium to Adapt to remix, build, and transform upon the material to use part or all of this presentation in your own classes Under the following conditions: Attribution You must attribute the work to James Walden, but cannot do so in a way that suggests that he endorses you or your use of these materials. Share Alike If you remix, transform, or build upon this material, you must distribute the resulting work under this or a similar open license. Details and full text of the license can be found at https://creativecommons.org/licenses/by-nc-sa/3.0/

Networks: IP and TCP. Internet Protocol

Networks: IP and TCP. Internet Protocol Networks: IP and TCP 11/1/2010 Networks: IP and TCP 1 Internet Protocol Connectionless Each packet is transported independently from other packets Unreliable Delivery on a best effort basis No acknowledgments

More information

TCP/IP Concepts Review. Ed Crowley

TCP/IP Concepts Review. Ed Crowley TCP/IP Concepts Review Ed Crowley 1 Objectives At the end of this unit, you will be able to: Describe the TCP/IP protocol stack For each level, explain roles and vulnerabilities Explain basic IP addressing

More information

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP Overview Securing TCP/IP Chapter 6 TCP/IP Open Systems Interconnection Model Anatomy of a Packet Internet Protocol Security (IPSec) Web Security (HTTP over TLS, Secure-HTTP) Lecturer: Pei-yih Ting 1 2

More information

TCP/IP Concepts Review. A CEH Perspective

TCP/IP Concepts Review. A CEH Perspective TCP/IP Concepts Review A CEH Perspective 1 Objectives At the end of this unit, you will be able to: Describe the TCP/IP protocol stack For each level, explain roles and vulnerabilities Explain basic IP

More information

Internet Protocol (IP)

Internet Protocol (IP) TCP/IP CIS 218/238 Internet Protocol (IP) The Internet Protocol (IP) is responsible for ensuring that data is transferred between two Intenret hosts based on a 32 bit address. To be ROUTABLE, a protocol

More information

Hands-On Ethical Hacking and Network Defense - Second Edition. Chapter 2 - TCP/IP Concepts Review

Hands-On Ethical Hacking and Network Defense - Second Edition. Chapter 2 - TCP/IP Concepts Review Objectives After reading this chapter and completing the exercises, you will be able to: Overview of TCP/IP Describe the TCP/IP protocol stack Explain the basic concepts of IP addressing Explain the binary,

More information

TCP/IP Concepts Review. A CEH Perspective

TCP/IP Concepts Review. A CEH Perspective TCP/IP Concepts Review A CEH Perspective 1 Objectives At the end of this unit, you will be able to: Describe the TCP/IP protocol stack For each level, explain roles and vulnerabilities Explain basic IP

More information

Networking Test 4 Study Guide

Networking Test 4 Study Guide Networking Test 4 Study Guide True/False Indicate whether the statement is true or false. 1. IPX/SPX is considered the protocol suite of the Internet, and it is the most widely used protocol suite in LANs.

More information

- TCP and UDP - Transport Layer Protocols

- TCP and UDP - Transport Layer Protocols 1 Transport Layer Protocols - TCP and UDP - The Transport layer (OSI Layer-4) does not actually transport data, despite its name. Instead, this layer is responsible for the reliable transfer of data, by

More information

Outline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg

Outline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg Outline Network Topology CSc 466/566 Computer Security 18 : Network Security Introduction Version: 2012/05/03 13:59:29 Department of Computer Science University of Arizona collberg@gmail.com Copyright

More information

TCP/IP Tutorial. Transmission Control Protocol Internet Protocol

TCP/IP Tutorial. Transmission Control Protocol Internet Protocol TCP/IP Tutorial Transmission Control Protocol Internet Protocol 1 TCP/IP & OSI In OSI reference model terminology -the TCP/IP protocol suite covers the network and transport layers. TCP/IP can be used

More information

Guide to Network Defense and Countermeasures Third Edition. Chapter 2 TCP/IP

Guide to Network Defense and Countermeasures Third Edition. Chapter 2 TCP/IP Guide to Network Defense and Countermeasures Third Edition Chapter 2 TCP/IP Objectives Explain the fundamentals of TCP/IP networking Describe IPv4 packet structure and explain packet fragmentation Describe

More information

NETWORK SECURITY. Ch. 8: Defense Mechanism - Firewall

NETWORK SECURITY. Ch. 8: Defense Mechanism - Firewall NETWORK SECURITY Ch. 8: Defense Mechanism - Firewall Firewall A firewall is a hardware, software, or a combination of both that monitors and filters traffic packets that attempt to either enter or leave

More information

Session Hijacking Exploiting TCP, UDP and HTTP Sessions

Session Hijacking Exploiting TCP, UDP and HTTP Sessions Session Hijacking Exploiting TCP, UDP and HTTP Sessions Shray Kapoor shray.kapoor@gmail.com Preface With the emerging fields in e-commerce, financial and identity information are at a higher risk of being

More information

Chapter 8 Security Pt 2

Chapter 8 Security Pt 2 Chapter 8 Security Pt 2 IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross,

More information

CS5008: Internet Computing

CS5008: Internet Computing CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is

More information

TCP/IP and OSI model. TCP/IP Protocol (2) B.2

TCP/IP and OSI model. TCP/IP Protocol (2) B.2 TCP/IP Protocol TCP/IP Transmission Control Protocol/Internetworking Protocol (TCP/IP) standard for the Internet five layers = physical = data link = network = transport = application B.1 TCP/IP and OSI

More information

Today s outline. CSE 127 Computer Security. NAT, Firewalls IDS DDoS. Basic Firewall Concept. TCP/IP Protocol Stack. Packet Filtering.

Today s outline. CSE 127 Computer Security. NAT, Firewalls IDS DDoS. Basic Firewall Concept. TCP/IP Protocol Stack. Packet Filtering. CSE 127 Computer Security Fall 2011 More on network security Todays outline NAT, Firewalls IDS DDoS Chris Kanich (standing in for Hovav) [some slides courtesy Dan Boneh & John Mitchell] TCP/IP Protocol

More information

CSCE 465 Computer & Network Security

CSCE 465 Computer & Network Security CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Vulnerability Analysis 1 Roadmap Why vulnerability analysis? Example: TCP/IP related vulnerabilities

More information

IP Network Layer. Datagram ID FLAG Fragment Offset. IP Datagrams. IP Addresses. IP Addresses. CSCE 515: Computer Network Programming TCP/IP

IP Network Layer. Datagram ID FLAG Fragment Offset. IP Datagrams. IP Addresses. IP Addresses. CSCE 515: Computer Network Programming TCP/IP CSCE 515: Computer Network Programming TCP/IP IP Network Layer Wenyuan Xu Department of Computer Science and Engineering University of South Carolina IP Datagrams IP is the network layer packet delivery

More information

Internet Protocols. Supporting Protocols and Framing. Updated: 9/30/14

Internet Protocols. Supporting Protocols and Framing. Updated: 9/30/14 Internet Protocols Supporting Protocols and Framing Updated: 9/30/14 Supporting Protocols ARP / RARP BOOTP ICMP DHCP NAT IP Supporting Protocols IP protocol only deals with the data transfer (best-effort)

More information

Transport Layer Protocols

Transport Layer Protocols Transport Layer Protocols Version. Transport layer performs two main tasks for the application layer by using the network layer. It provides end to end communication between two applications, and implements

More information

ICMP Protocol and Its Security

ICMP Protocol and Its Security Lecture Notes (Syracuse University) ICMP Protocol and Its Security: 1 ICMP Protocol and Its Security 1 ICMP Protocol (Internet Control Message Protocol Motivation Purpose IP may fail to deliver datagrams

More information

Ethernet. Ethernet. Network Devices

Ethernet. Ethernet. Network Devices Ethernet Babak Kia Adjunct Professor Boston University College of Engineering ENG SC757 - Advanced Microprocessor Design Ethernet Ethernet is a term used to refer to a diverse set of frame based networking

More information

1. Firewall Configuration

1. Firewall Configuration 1. Firewall Configuration A firewall is a method of implementing common as well as user defined security policies in an effort to keep intruders out. Firewalls work by analyzing and filtering out IP packets

More information

How do I get to www.randomsite.com?

How do I get to www.randomsite.com? Networking Primer* *caveat: this is just a brief and incomplete introduction to networking to help students without a networking background learn Network Security. How do I get to www.randomsite.com? Local

More information

CIT 480: Securing Computer Systems. Firewalls

CIT 480: Securing Computer Systems. Firewalls CIT 480: Securing Computer Systems Firewalls Topics 1. What is a firewall? 2. Types of Firewalls 1. Packet filters (stateless) 2. Stateful firewalls 3. Proxy servers 4. Application layer firewalls 3. Configuring

More information

TCP/IP: ICMP, UDP. Network Security Lecture 5

TCP/IP: ICMP, UDP. Network Security Lecture 5 TCP/IP: ICMP, UDP Network Security Lecture 5 Recap and overview Looking at security of TCP/IP IP, Ethernet, ARP Sniffing the network and forging packets tcpdump, wireshark Today: ICMP and UDP Eike Ritter

More information

Firewalls and Intrusion Detection Systems. Advanced Computer Networks

Firewalls and Intrusion Detection Systems. Advanced Computer Networks Firewalls and Intrusion Detection Systems Advanced Computer Networks Firewalls & IDS Outline Firewalls Stateless packet filtering Stateful packet filtering Access Control Lists Application Gateways Intrusion

More information

Module 6. Internetworking. Version 2 CSE IIT, Kharagpur

Module 6. Internetworking. Version 2 CSE IIT, Kharagpur Module 6 Internetworking Lesson 2 Internet Protocol (IP) Specific Instructional Objectives At the end of this lesson, the students will be able to: Explain the relationship between TCP/IP and OSI model

More information

CIT 480: Securing Computer Systems. Firewalls

CIT 480: Securing Computer Systems. Firewalls CIT 480: Securing Computer Systems Firewalls Topics 1. What is a firewall? 2. Types of Firewalls 1. Packet filters (stateless) 2. Stateful firewalls 3. Proxy servers 4. Application layer firewalls 3. Configuring

More information

IP - The Internet Protocol

IP - The Internet Protocol Orientation IP - The Internet Protocol IP (Internet Protocol) is a Network Layer Protocol. IP s current version is Version 4 (IPv4). It is specified in RFC 891. TCP UDP Transport Layer ICMP IP IGMP Network

More information

RARP: Reverse Address Resolution Protocol

RARP: Reverse Address Resolution Protocol SFWR 4C03: Computer Networks and Computer Security January 19-22 2004 Lecturer: Kartik Krishnan Lectures 7-9 RARP: Reverse Address Resolution Protocol When a system with a local disk is bootstrapped it

More information

Internet Control Message Protocol (ICMP)

Internet Control Message Protocol (ICMP) Internet Control Message Protocol (ICMP) Relates to Lab 2: A short module on the Internet Control Message Protocol (ICMP). 1 Overview The IP (Internet Protocol) relies on several other protocols to perform

More information

Internet Protocols (IP)

Internet Protocols (IP) Internet Protocols (IP) (1) Internet Protocols Internet Architecture and Philosophy A TCP/IP internet provides three sets of services as shown in the following figure Connectionless Delivery System The

More information

Denial of Service Attacks

Denial of Service Attacks 2 Denial of Service Attacks : IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 13 August 2013 its335y13s2l06, Steve/Courses/2013/s2/its335/lectures/malicious.tex,

More information

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. Course Name: TCP/IP Networking Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. TCP/IP is the globally accepted group of protocols

More information

20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7

20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7 20-CS-6053-00X Network Security Spring, 2014 An Introduction To Network Security Week 1 January 7 Attacks Criminal: fraud, scams, destruction; IP, ID, brand theft Privacy: surveillance, databases, traffic

More information

TCP: Transmission Control Protocol RFC 793,1122,1223. Prof. Lin Weiguo Copyleft 2009~2015, College of Computing, CUC

TCP: Transmission Control Protocol RFC 793,1122,1223. Prof. Lin Weiguo Copyleft 2009~2015, College of Computing, CUC TCP: Transmission Control Protocol RFC 793,1122,1223 Prof. Lin Weiguo Copyleft 2009~2015, College of Computing, CUC Nov. 2015 TCP/IP Protocol Stack Application Layer FTP, Telnet, HTTP, Transport Layer

More information

8.2 The Internet Protocol

8.2 The Internet Protocol TCP/IP Protocol Suite HTTP SMTP DNS RTP Distributed applications Reliable stream service TCP UDP User datagram service Best-effort connectionless packet transfer Network Interface 1 IP Network Interface

More information

What is a DoS attack?

What is a DoS attack? CprE 592-YG Computer and Network Forensics Log-based Signature Analysis Denial of Service Attacks - from analyst s point of view Yong Guan 3216 Coover Tel: (515) 294-8378 Email: guan@ee.iastate.edu October

More information

TCP context and interfaces

TCP context and interfaces Linux Networking: tcp David Morgan TCP context and interfaces Computer A Computer B application process application process data data data data TCP process TCP process a network 1 TCP purposes and features

More information

9025- TCP/IP Networking. History and Standards. Review of Numbering Systems. Local Signaling. IP Addressing

9025- TCP/IP Networking. History and Standards. Review of Numbering Systems. Local Signaling. IP Addressing 9025- TCP/IP Networking History and Standards ARPA NCP TCP, IP, ARPANET PARC Collaborative Network Requirements One Protocol? Peer-to-Peer Protocols Documentation and RFCs RFC Categories Where to Find

More information

Attack Lab: Attacks on TCP/IP Protocols

Attack Lab: Attacks on TCP/IP Protocols Laboratory for Computer Security Education 1 Attack Lab: Attacks on TCP/IP Protocols Copyright c 2006-2010 Wenliang Du, Syracuse University. The development of this document is funded by the National Science

More information

Lecture 19 Overview. Last Lecture. This Lecture. Next Lecture. Internet Protocol (2) Transport Control Protocol (1) Source: chapters 23, 24

Lecture 19 Overview. Last Lecture. This Lecture. Next Lecture. Internet Protocol (2) Transport Control Protocol (1) Source: chapters 23, 24 Lecture 19 Overview Last Lecture Internet Protocol (2) This Lecture Transport Control Protocol (1) Generic transport layer Connection management Source: chapters 23, 24 Next Lecture Transport Control Protocol

More information

Module 11: TCP/IP Transport and Application Layers

Module 11: TCP/IP Transport and Application Layers Module 11: TCP/IP Transport and Application Layers 11.1 TCP/IP Transport Layer 11.1.1 Introduction to the TCP/IP transport layer The primary duties of the transport layer are to transport and regulate

More information

CYBER ATTACKS EXPLAINED: PACKET CRAFTING

CYBER ATTACKS EXPLAINED: PACKET CRAFTING CYBER ATTACKS EXPLAINED: PACKET CRAFTING Protect your FOSS-based IT infrastructure from packet crafting by learning more about it. In the previous articles in this series, we explored common infrastructure

More information

TCP/IP Security Problems. History that still teaches

TCP/IP Security Problems. History that still teaches TCP/IP Security Problems History that still teaches 1 remote login without a password rsh and rcp were programs that allowed you to login from a remote site without a password The.rhosts file in your home

More information

Protocols. Packets. What's in an IP packet

Protocols. Packets. What's in an IP packet Protocols Precise rules that govern communication between two parties TCP/IP: the basic Internet protocols IP: Internet Protocol (bottom level) all packets shipped from network to network as IP packets

More information

I. Internet Control Message Protocol (ICMP) Week 10

I. Internet Control Message Protocol (ICMP) Week 10 I. Internet Control Message Protocol (ICMP) Week 10 described in RFC 792 helper protocol for IP, but more like a 3 ½ layer protocol (like ARP as a 2 ½ layer protocol) since a helper protocol for IP, uses

More information

Lecture 3: The Transport Layer: UDP and TCP

Lecture 3: The Transport Layer: UDP and TCP Lecture 3: The Transport Layer: UDP and TCP Prof. Shervin Shirmohammadi SITE, University of Ottawa Prof. Shervin Shirmohammadi CEG 4185 3-1 The Transport Layer Provides efficient and robust end-to-end

More information

IP address format: Dotted decimal notation: 10000000 00001011 00000011 00011111 128.11.3.31

IP address format: Dotted decimal notation: 10000000 00001011 00000011 00011111 128.11.3.31 IP address format: 7 24 Class A 0 Network ID Host ID 14 16 Class B 1 0 Network ID Host ID 21 8 Class C 1 1 0 Network ID Host ID 28 Class D 1 1 1 0 Multicast Address Dotted decimal notation: 10000000 00001011

More information

Lecture 10 - Network Security

Lecture 10 - Network Security Lecture 10 - Network Security Networks and Security Jacob Aae Mikkelsen IMADA December 9, 2013 December 9, 2013 1 / 38 Network layer security: IPsec IP Security Protocol: IPsec Network layer security:

More information

CS 520: Network Architecture I Winter Lecture 12: The Internet Control Message Protocol and Layering.

CS 520: Network Architecture I Winter Lecture 12: The Internet Control Message Protocol and Layering. CS 520: Network Architecture I Winter 2007 Lecture 12: The Internet Control Message Protocol and Layering. The previous lecture completed a discussion of the IP address space and the latest attempts to

More information

Unix System Administration

Unix System Administration Unix System Administration Chris Schenk Lecture 08 Tuesday Feb 13 CSCI 4113, Spring 2007 ARP Review Host A 128.138.202.50 00:0B:DB:A6:76:18 Host B 128.138.202.53 00:11:43:70:45:81 Switch Host C 128.138.202.71

More information

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015) s (March 4, 2015) Abdou Illia Spring 2015 Test your knowledge Which of the following is true about firewalls? a) A firewall is a hardware device b) A firewall is a software program c) s could be hardware

More information

Transportation Protocols: UDP, TCP & RTP

Transportation Protocols: UDP, TCP & RTP Transportation Protocols: UDP, TCP & RTP Transportation Functions UDP (User Datagram Protocol) Port Number to Identify Different Applications Server and Client as well as Port TCP (Transmission Control

More information

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks

More information

Slides from TCP/IP - Forouzan. Chapter 12 TCP

Slides from TCP/IP - Forouzan. Chapter 12 TCP Chapter 12 Services Segments and Options Flow Control and Error Control rs Connections State Transition Diagram Congestion Control Operation and Design Figure Application layer Position of in /IP protocol

More information

IP - The Internet Protocol. Magda El Zarki Dept. of CS UC Irvine

IP - The Internet Protocol. Magda El Zarki Dept. of CS UC Irvine 1 IP - The Internet Protocol Magda El Zarki Dept. of CS UC Irvine Email: elzarki@uci.edu http://www.ics.uci.edu/~magda 2 Overview IP (Internet Protocol) is a Network Layer Protocol. Several versions most

More information

Transport and Network Layer

Transport and Network Layer Transport and Network Layer 1 Introduction Responsible for moving messages from end-to-end in a network Closely tied together TCP/IP: most commonly used protocol o Used in Internet o Compatible with a

More information

Understand the OSI Model

Understand the OSI Model Understand the OSI Model Part 2 Lesson Overview In this lesson, you will learn information about: Frames Packets Segments TCP TCP/IP Model Well-known ports for most-used purposes Anticipatory Set Review

More information

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin 2008 Course Technology Learning Objectives Describe packets and packet filtering

More information

Guide to TCP/IP Fourth Edition. Chapter 9: TCP/IP Transport Layer Protocols

Guide to TCP/IP Fourth Edition. Chapter 9: TCP/IP Transport Layer Protocols Guide to TCP/IP Fourth Edition Chapter 9: TCP/IP Transport Layer Protocols Objectives Explain the key features and functions of the User Datagram Protocol and the Transmission Control Protocol Explain,

More information

DDoS Attack Types: Glossary of Terms

DDoS Attack Types: Glossary of Terms DDoS Attack Types: Glossary of Terms This Distributed Denial of Service (DDoS) attack glossary is intended to provide a high level overview of the various DDoS attack types and typical DDoS attack characteristics.

More information

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall.

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall. Firewalls 1 Firewalls Idea: separate local network from the Internet Trusted hosts and networks Firewall Intranet Router DMZ Demilitarized Zone: publicly accessible servers and networks 2 1 Castle and

More information

Internet Packets. Forwarding Datagrams

Internet Packets. Forwarding Datagrams Internet Packets Packets at the network layer level are called datagrams They are encapsulated in frames for delivery across physical networks Frames are packets at the data link layer Datagrams are formed

More information

Indian Institute of Technology Kharagpur. TCP/IP Part I. Prof Indranil Sengupta Computer Science and Engineering Indian Institute of Technology

Indian Institute of Technology Kharagpur. TCP/IP Part I. Prof Indranil Sengupta Computer Science and Engineering Indian Institute of Technology Indian Institute of Technology Kharagpur TCP/IP Part I Prof Indranil Sengupta Computer Science and Engineering Indian Institute of Technology Kharagpur Lecture 3: TCP/IP Part I On completion, the student

More information

Guide to TCP/IP, Third Edition. Chapter 5: Transport Layer TCP/IP Protocols

Guide to TCP/IP, Third Edition. Chapter 5: Transport Layer TCP/IP Protocols Guide to TCP/IP, Third Edition Chapter 5: Transport Layer TCP/IP Protocols Objectives Understand the key features and functions of the User Datagram Protocol Explain the mechanisms that drive segmentation,

More information

Chapter 7. Local Area Network Communications Protocols

Chapter 7. Local Area Network Communications Protocols Chapter 7 Local Area Network Communications Protocols IP Version 4 The most commonly used network layer protocol is IP, or the Internet Protocol. As its name would indicate, IP is the protocol used on

More information

Internet Control Protocols Reading: Chapter 3

Internet Control Protocols Reading: Chapter 3 Internet Control Protocols Reading: Chapter 3 ARP - RFC 826, STD 37 DHCP - RFC 2131 ICMP - RFC 0792, STD 05 1 Goals of Today s Lecture Bootstrapping an end host Learning its own configuration parameters

More information

CSE 3461: Introduction to Computer Networking and Internet Technologies. Packet Switching. Presentation G

CSE 3461: Introduction to Computer Networking and Internet Technologies. Packet Switching. Presentation G CSE 3461: Introduction to Computer Networking and Internet Technologies Packet Switching Presentation G Study: 10.5, 10.6, 12.1, 12.2, 13.1, 13.2, 18.3, 18.4 Gojko Babić 10-09-2012 The Network Core mesh

More information

Chapter 8 TCP/IP. Chapter Figures

Chapter 8 TCP/IP. Chapter Figures Chapter 8 TCP/IP Chapter Figures Application Application TCP UDP ICMP IP ARP RARP Network interface Figure 8. HTTP Request Header contains source & destination port numbers TCP header Header contains source

More information

Introduction to IP networking

Introduction to IP networking DD2395 p2 2011 Introduction to IP networking Olof Hagsand KTH CSC 1 Example: Packet transfer www.server.org An end host requests a web-page from a server via a local-area network The aim of this lecture

More information

TCP/IP Fundamentals. OSI Seven Layer Model & Seminar Outline

TCP/IP Fundamentals. OSI Seven Layer Model & Seminar Outline OSI Seven Layer Model & Seminar Outline TCP/IP Fundamentals This seminar will present TCP/IP communications starting from Layer 2 up to Layer 4 (TCP/IP applications cover Layers 5-7) IP Addresses Data

More information

Basic Networking Concepts. 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet

Basic Networking Concepts. 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet Basic Networking Concepts 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet 1 1. Introduction -A network can be defined as a group of computers and other devices connected

More information

A1.1.1.11.1.1.2 1.1.1.3S B

A1.1.1.11.1.1.2 1.1.1.3S B CS Computer 640: Network AdityaAkella Lecture Introduction Networks Security 25 to Security DoS Firewalls and The D-DoS Vulnerabilities Road Ahead Security Attacks Protocol IP ICMP Routing TCP Security

More information

Final exam review, Fall 2005 FSU (CIS-5357) Network Security

Final exam review, Fall 2005 FSU (CIS-5357) Network Security Final exam review, Fall 2005 FSU (CIS-5357) Network Security Instructor: Breno de Medeiros 1. What is an insertion attack against a NIDS? Answer: An insertion attack against a network intrusion detection

More information

SY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

SY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. From a high-level standpoint, attacks on computer systems and networks can be grouped

More information

Basic Security Problems. Network protocols. Smurf Attack. Packet Sniffing. SYN Flooding. TCP Handshake. Network packets pass by untrusted hosts

Basic Security Problems. Network protocols. Smurf Attack. Packet Sniffing. SYN Flooding. TCP Handshake. Network packets pass by untrusted hosts Basic Security Problems Network protocols Vulnerabilities Network packets pass by untrusted hosts Eavesdropping, packet sniffing IP addresses are public Smurf TCP connection requires state SYN flooding

More information

Internet Protocols. Background CHAPTER

Internet Protocols. Background CHAPTER CHAPTER 3 Internet Protocols Background The Internet protocols are the world s most popular open-system (nonproprietary) protocol suite because they can be used to communicate across any set of interconnected

More information

TCP - Introduction. Features of TCP

TCP - Introduction. Features of TCP TCP - Introduction The Internet Protocol (IP) provides unreliable datagram service between hosts The Transmission Control Protocol (TCP) provides reliable data delivery It uses IP for datagram delivery

More information

Internet Transport Protocols

Internet Transport Protocols Internet Transport Protocols Transmission Control Protocol (TCP): TCP Socket Primitives. The TCP Segment Header. Establishing & Terminating TCP Connections: TCP Three-way Handshake. TCP Connection Management

More information

Attack Lab: Attacks on TCP/IP Protocols

Attack Lab: Attacks on TCP/IP Protocols Laboratory for Computer Security Education 1 Attack Lab: Attacks on TCP/IP Protocols Copyright c 2006-2009 Wenliang Du, Syracuse University. The development of this document is funded by the National Science

More information

IP addressing and forwarding Network layer

IP addressing and forwarding Network layer The Internet Network layer Host, router network layer functions: IP addressing and forwarding Network layer Routing protocols path selection RIP, OSPF, BGP Transport layer: TCP, UDP forwarding table IP

More information

CIS 551 / TCOM 401 Computer and Network Security

CIS 551 / TCOM 401 Computer and Network Security CIS 551 / TCOM 401 Computer and Network Security Spring 2008 Lecture 11 2/26/08 CIS/TCOM 551 1 Wireless (802.11) Spread spectrum radio 2.4GHz frequency band Bandwidth ranges 1, 2, 5.5, 11, 22, 54, 248

More information

Firewalls. Basic Firewall Concept. Why firewalls? Firewall goals. Two Separable Topics. Firewall Design & Architecture Issues

Firewalls. Basic Firewall Concept. Why firewalls? Firewall goals. Two Separable Topics. Firewall Design & Architecture Issues CS 155 May 20, 2004 Firewalls Basic Firewall Concept Separate local area net from internet Firewall John Mitchell Credit: some text, illustrations from Simon Cooper Router All packets between LAN and internet

More information

Technical Support Information Belkin internal use only

Technical Support Information Belkin internal use only The fundamentals of TCP/IP networking TCP/IP (Transmission Control Protocol / Internet Protocols) is a set of networking protocols that is used for communication on the Internet and on many other networks.

More information

Monitoring, Auditing, Intrusion Detection, Intrusion Prevention, and Penetration Testing CSEC 640

Monitoring, Auditing, Intrusion Detection, Intrusion Prevention, and Penetration Testing CSEC 640 Contents Topic 1: Analogy... 2 TCP/IP: Understanding the Layers... 2 Topic 2: Module Introduction... 4 Topic 3: Domain Name System Basics... 5 Introduction to Domain Name System... 5 DNS Zones... 6 DNS

More information

Overview of TCP/IP. TCP/IP and Internet

Overview of TCP/IP. TCP/IP and Internet Overview of TCP/IP System Administrators and network administrators Why networking - communication Why TCP/IP Provides interoperable communications between all types of hardware and all kinds of operating

More information

Attacks on TCP/IP Protocols

Attacks on TCP/IP Protocols Attacks on TCP/IP Protocols CPSC4620: Computer Network Security Robbie Myers Abstract: TCP/IP protocols serve as the backbone of the Internet transmission structure. As such an important component of this

More information

Abstract. Introduction. Section I. What is Denial of Service Attack?

Abstract. Introduction. Section I. What is Denial of Service Attack? Abstract In this report, I am describing the main types of DoS attacks and their effect on computer and network environment. This report will form the basis of my forthcoming report which will discuss

More information

TCP/IP: TCP. Network Security Lecture 7. Eike Ritter Network Security - Lecture 7

TCP/IP: TCP. Network Security Lecture 7. Eike Ritter Network Security - Lecture 7 TCP/IP: TCP Network Security Lecture 7 1 TCP spoofing Alice trusts Bob (e.g., logins on Alice are allowed with no password if TCP connection comes from host Bob) Mallory wants to impersonate Bob when opening

More information

Internet Protocol. Raj Jain. Washington University in St. Louis.

Internet Protocol. Raj Jain. Washington University in St. Louis. Internet Protocol Raj Jain Washington University Saint Louis, MO 63131 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse473-05/ 13-1 Overview! Internetworking

More information

Chapter 8 Network Security

Chapter 8 Network Security [Computer networking, 5 th ed., Kurose] Chapter 8 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 84Securing 8.4 e-mail 8.5 Securing TCP connections: SSL 8.6 Network

More information

Transport Layer: UDP vs. TCP

Transport Layer: UDP vs. TCP EEC 189Q: Computer Networks Transport Layer: UDP vs. TCP Reading: 8.4 & 8.5 Review: Internet Protocol Stack Application Telnet FTP HTTP Transport Network Link Physical bits on wire TCP LAN IP UDP Packet

More information

Network Security TCP/IP Refresher

Network Security TCP/IP Refresher Network Security TCP/IP Refresher What you (at least) need to know about networking! Dr. David Barrera Network Security HS 2014 Outline Network Reference Models Local Area Networks Internet Protocol (IP)

More information

Security Technology White Paper

Security Technology White Paper Security Technology White Paper Issue 01 Date 2012-10-30 HUAWEI TECHNOLOGIES CO., LTD. 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without

More information

[Prof. Rupesh G Vaishnav] Page 1

[Prof. Rupesh G Vaishnav] Page 1 Basics The function of transport layer is to provide a reliable end-to-end communications service. It also provides data transfer service for the user layers above and shield the upper layers from the

More information

Lecture Computer Networks

Lecture Computer Networks Prof. Dr. H. P. Großmann mit M. Rabel sowie H. Hutschenreiter und T. Nau Sommersemester 2012 Institut für Organisation und Management von Informationssystemen Thomas Nau, kiz Lecture Computer Networks

More information