Hands-On Ethical Hacking and Network Defense - Second Edition. Chapter 2 - TCP/IP Concepts Review

Similar documents
Guide to Network Defense and Countermeasures Third Edition. Chapter 2 TCP/IP

Networking Test 4 Study Guide

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

Transport Layer Protocols

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

TCP/IP and the Internet

Ethernet. Ethernet. Network Devices

Basic Network Configuration

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Overview of TCP/IP. TCP/IP and Internet

DO NOT REPLICATE. Analyze IP. Given a Windows Server 2003 computer, you will use Network Monitor to view and analyze all the fields of IP.

Procedure: You can find the problem sheet on Drive D: of the lab PCs. 1. IP address for this host computer 2. Subnet mask 3. Default gateway address

First Workshop on Open Source and Internet Technology for Scientific Environment: with case studies from Environmental Monitoring

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

Connecting with Computer Science, 2e. Chapter 5 The Internet

IP - The Internet Protocol

CYBER ATTACKS EXPLAINED: PACKET CRAFTING

How do I get to

Port Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap.

Linux Network Security

Transport and Network Layer

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology

Network Programming TDC 561

Lecture 28: Internet Protocols

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall.

EXPLORER. TFT Filter CONFIGURATION

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

My FreeScan Vulnerabilities Report

Payment Card Industry (PCI) Executive Report. Pukka Software

Understanding Layer 2, 3, and 4 Protocols

IP address format: Dotted decimal notation:

BASIC ANALYSIS OF TCP/IP NETWORKS

Transport Layer. Chapter 3.4. Think about

Cisco Configuring Commonly Used IP ACLs

IP Subnetting and Addressing

Advanced Higher Computing. Computer Networks. Homework Sheets

Objectives of Lecture. Network Architecture. Protocols. Contents

Firewalls, IDS and IPS

Networks: IP and TCP. Internet Protocol

Internet Protocols. Background CHAPTER

Cape Girardeau Career Center CISCO Networking Academy Bill Link, Instructor. 2.,,,, and are key services that ISPs can provide to all customers.

Firewalls. Chapter 3

Virtual Server and DDNS. Virtual Server and DDNS. For BIPAC 741/743GE

10 Configuring Packet Filtering and Routing Rules

Understanding TCP/IP. Introduction. What is an Architectural Model? APPENDIX

You can probably work with decimal. binary numbers needed by the. Working with binary numbers is time- consuming & error-prone.

CSCE 465 Computer & Network Security

Linux MDS Firewall Supplement

Indian Institute of Technology Kharagpur. TCP/IP Part I. Prof Indranil Sengupta Computer Science and Engineering Indian Institute of Technology

CHAPTER. Securing TCP/IP

CS155 - Firewalls. Simon Cooper <sc@sgi.com> CS155 Firewalls 22 May 2003

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Troubleshooting Tools

LESSON Networking Fundamentals. Understand TCP/IP

TCP/IP Fundamentals. OSI Seven Layer Model & Seminar Outline

Unit 4. Introduction to TCP/IP. Overview. Description. Unit Table of Contents

Firewalls. Basic Firewall Concept. Why firewalls? Firewall goals. Two Separable Topics. Firewall Design & Architecture Issues

Firewall Implementation

TCP/IP Basis. OSI Model

The OSI and TCP/IP Models. Lesson 2

Internetworking Microsoft TCP/IP on Microsoft Windows NT 4.0

: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1)

Outline. Outline. Outline

Internet Concepts. What is a Network?

Technical Support Information Belkin internal use only

Host Fingerprinting and Firewalking With hping

Basic Networking Concepts. 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet

TCP/IP Networking Terms you ll need to understand: Techniques you ll need to master:

Mobile IP Network Layer Lesson 02 TCP/IP Suite and IP Protocol

ICOM : Computer Networks Chapter 6: The Transport Layer. By Dr Yi Qian Department of Electronic and Computer Engineering Fall 2006 UPRM

INTRODUCTION TO FIREWALL SECURITY

Attacks and Defense. Phase 1: Reconnaissance

Session Hijacking Exploiting TCP, UDP and HTTP Sessions

CIT 380: Securing Computer Systems

Hands-on Network Traffic Analysis Cyber Defense Boot Camp

Network Security. Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT)

Computer Networks/DV2 Lab

The TCP/IP Reference Model

1. Firewall Configuration

Linux MPS Firewall Supplement

TCP/IP Fundamentals. Edmund Lam IT Audit Manager University of California 7/25/99 1

Module 1: Reviewing the Suite of TCP/IP Protocols

Protocols and Architecture. Protocol Architecture.

IP Network Layer. Datagram ID FLAG Fragment Offset. IP Datagrams. IP Addresses. IP Addresses. CSCE 515: Computer Network Programming TCP/IP

Remote login (Telnet):

Chapter 8 Security Pt 2

Looking for Trouble: ICMP and IP Statistics to Watch

IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT

Chapter 3 Using Access Control Lists (ACLs)

Guide to TCP/IP, Third Edition. Chapter 3: Data Link and Network Layer TCP/IP Protocols

CS5008: Internet Computing

Outline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg

Expert Reference Series of White Papers. Basics of IP Address Subnetting

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

Transcription:

Objectives After reading this chapter and completing the exercises, you will be able to: Overview of TCP/IP Describe the TCP/IP protocol stack Explain the basic concepts of IP addressing Explain the binary, octal, and hexadecimal numbering systems Protocol: A formal description of digital message formats and the rules for exchanging those messages in or between computing systems and in telecommunications. TCP/IP stack TCP/IP Protocol Stack Protocols may include signaling, authentication and error detection and correction capabilities. Language used by computers Transmission Control Protocol/Internet Protocol (TCP/IP) Four distinct layers Network Internet Transport Application The Application Layer Most widely used protocol Front end to the lower-layer protocols Layer you can see and touch The Transport Layer Encapsulates data into segments Use TCP or UDP to reach a destination host

TCP 3-way handshake TCP Segment Headers TCP is a connection-oriented protocol Uses header information, flags, and sequence numbers Computer A sends computer B a SYN packet Computer B replies with a SYN-ACK packet Computer A replies with an ACK packet Critical components: TCP flags Initial sequence number (ISN) Source & destination port numbers Abused by hackers TCP Flags You need to know hacking basics to protect a network Tools are available to custom craft packets to exploit the lack of security in the basic TCP protocol Each flag occupies one bit of the TCP segment Can be set to 0 (off) or 1 (on) 6 TCP Segment Flags SYN flag: synch flag; Session Start ACK flag: acknowledgment flag; Connection Acknowledgement PSH flag: push flag; Signals no buffering, delivery immediately to application layer URG flag: urgent flag; High priority data FIN flag: finish flag; Communication is finished RST flag: reset flag; Connection Termination

Initial Sequence Number (ISN) 32-bit number TCP Ports TCP packet Port Tracks packets received by a node Allows reassembly of large packets Sent on steps one and two of TCP three-way handshake Sending node ISN is sent with SYN packet Receiving node ISN is sent back to sending node with SYN-ACK packet Susceptible to Session Hijacking (guessing follow-on ISN s) Two 16-bit fields Contains source and destination port numbers Logical, not physical, TCP connection component Identifies running service Example: HTTP uses port 80 Best Business Practice: Stop or disable unneeded services More running services, more ports open for attack Increases Attack Surface Only the first 1023 ports are considered well-known Examples: List of well-known ports Ports 20 and 21 Internet Assigned Numbers Authority: www.iana.org

File Transfer Protocol (FTP) Was the standard for moving or copying large files Used today to a lesser extent Popularity of HTTP Requires a logon name and password More secure than Trivial File Transfer Protocol (TFTP) Port 25 Simple Mail Transfer Protocol (SMTP) E-mail servers listen on this port Port 53 Domain Name Service (DNS) Connects to Web sites using URLs instead of IP addresses Port 69 Trivial File Transfer Protocol Used for transferring router configurations Port 80 Hypertext Transfer Protocol (HTTP) Used when connecting to a Web server Port 110 Post Office Protocol 3 (POP3) Used for retrieving e-mail Port 119 Network News Transfer Protocol Used to connect to a news server for use with newsgroups Port 135 Remote Procedure Call (RPC) Critical for operation of Microsoft Exchange Server and Active Directory Port 139 NetBIOS Used by Microsoft s NetBIOS Session Service Port 143 Internet Message Access Protocol 4 (IMAP4) Used for retrieving e-mail User Datagram Protocol (UDP) Fast but unreliable delivery protocol Operates on Transport layer Used for speed Does not need to verify receiver is listening or ready

The Internet Layer Depends on higher layers of TCP/IP stack handle problems Referred to as a connectionless protocol Routes packets to destination address Uses a logical address (i.e., IP address) IP addressing packet delivery is connectionless Internet Control Message Protocol (ICMP) IP Addressing Sends messages related to network operations Helps troubleshoot network connectivity problems Ping command Tracks the route a packet traverses Consists of four bytes Classes Traceroute command Divided into two components Class A Class B Class C Class A Network address Host address First byte is reserved for network address Last three bytes are available for host computers Supports more than 16 million host computers Limited number of Class A networks

Reserved for large corporations and governments Format: network.node.node.node Class B Divided evenly Two-octet network address Two-octet host address Supports more than 65,000 hosts Assigned to large corporations and Internet Service Providers (ISPs) Format: network.network.node.node Class C 3-octet network address and 1-octet host address More than two million Class C addresses Supports up to 254 host computers Usually available for small business and home use Format: network.network.network.node Subnet mask Each network must be assigned a subnet mask Helps distinguish network from host address bits Subnetting concepts are important Utilities return information based on IP address and subnet information May be useful when penetration testing Planning IP Address Assignments Each network segment must have a unique network address Address cannot contain all 0s or all 1s Accessing entities and services on other networks

IPv6 Addressing Each computer needs IP address of gateway TCP/IP Internet layer uses subnet mask to determine destination computer s network address If addresses are different, relays packet to gateway Gateway forwards packet to its next destination Packet eventually reaches destination Internet Protocol version 6 (IPv6) IPv4 Wasn t designed with security in mind Many current network vulnerabilities IPv6 Developed to increase IP address space and provide additional security Uses 16 bytes, or a 128-bit address 2 128 or 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses Many OSs are configured to enable IPv6 Overview of Numbering Systems Many router filtering devices, firewalls, and intrusion detection systems are not Hackers bypass security systems Some network encapsulate IPv6 traffic in IPv4 for compatibility As a security professional, knowledge of numbering systems will come into play Binary Octal Hexadecimal Reviewing the Binary Numbering System Uses number 2 as its base Byte Binary digits (bits) represented by 0 or 1

Group of 8 bits Can represent 2 8 (256) different colors File permissions are represented with bits 1 represents having permission 111 (rwx): all permissions apply 0 removes permission 101 (r-x): user can read and execute but not write Understanding Nibbles Half a byte or four bits Helps with reading numbers by separating the byte Example: 1111 1010 versus 11111010 Components High-order nibble: left side Low-order nibble: right side Understanding Nibbles (cont d.) Converting 1010 1010 to decimal Low-order nibble 1010 = 10 (base 10) Multiply high-order nibble by 16 1010 = 10 x 16 = 160 (base 10) 128 + 32 = 160 Reviewing the Octal Numbering System Uses 8 as its base Supports values from 0 to 7 Octal digits can be represented with only three bits

UNIX permissions Owner permissions (rwx) Group permissions (rwx) Other permissions (rwx) Setting permission (rwxrwxrwx) means they all have read, write, and execute permissions Reviewing the Hexadecimal Numbering System Uses 16 as its base Supports numbers from 0 to 15 Hex number consists of two characters Each character represents a nibble Value contains alphabetic letters A representing 10 and F representing 15 Sometimes expressed with 0x in front Hex number in binary or decimal Convert each nibble to binary Convert binary value to decimal

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information