CC536 Cyber Security: Application Layer Attacks

Questions and Answers

What is the primary function of the routing process?

To find the shortest possible path to send a packet (correct)

To send packets on to the next hop

To guarantee authenticity of packets

To assign IP addresses to devices

What type of addressing is used in the Network Layer?

Physical addresses

Logical addresses

IP addresses (correct)

MAC addresses

What is the main function of the Data Link Layer?

To send packets on to the next hop

To provide node-to-node delivery of data (correct)

To guarantee authenticity of packets

To assign IP addresses to devices

What type of addresses are used in the Data Link Layer?

MAC addresses

Can MAC addresses guarantee authenticity?

No, they are reconfigurable via network interface

What is the main function of the Physical Layer?

To provide the physical means of sending and receiving data

What is a potential vulnerability of the Physical Layer?

It is vulnerable to tampering by third parties

Are any of the five network layers susceptible to attacks?

Yes, all layers are susceptible to attacks

Which layer is responsible for sending and receiving application messages?

Application Layer

What is the Internet composed of?

A group of layers, each implementing a service

What is the primary function of the Network Layer?

Node-to-node delivery of data

Which layer is responsible for communication between hosts?

Network Layer

What occurs at the 'Gate' in the airport analogy?

Loading and unloading of passengers

Which layer is responsible for routing packets?

Network Layer

What is the primary function of the Data Link Layer?

Error-free transfer of data frames

Where is the Application Layer implemented?

Host

What is the purpose of the Header in packet encapsulation?

To provide additional information about the packet

What is the Application Layer responsible for?

Providing services and interfaces for applications

Which layer is susceptible to attacks?

Every layer

What is the primary function of the Physical Layer?

Sending/receiving physical signals

Which layer is responsible for providing physical connectivity?

Physical Layer

How many layers are there in the Internet model?

5

What is the purpose of packet encapsulation?

To add headers for routing and delivery

What is sent over the network?

A packet with headers and data

What is the role of the Link Layer?

Framing and transmitting data

What is the purpose of the Footer in frame encapsulation?

To mark the end of the frame

What is the 5-layer Internet composed of?

Application, Transport, Network, Link, and Physical Layers

What is a potential risk of SMTP attacks due to a lack of message integrity?

Messages can be tampered with

What is the main goal of the email header spoofing attack?

To mislead the recipient about the sender of the email

What is a way to defend against email spoofing by checking email bodies?

Text analysis of known spam campaigns

What is the primary function of the Domain Name System (DNS)?

To translate domain names to IP addresses

What is a characteristic of the DNS?

It is a hierarchical system of name servers

What is the primary reason for using DNS?

To provide a convenient way to access internet hosts

What is a difference between IP addresses and domain names?

IP addresses are used for location, while domain names are used for identification

What is the purpose of PGP in defending against email spoofing?

To provide sender and receiver authentication, confidentiality, and integrity

What is a collection of connected nodes with the same authoritative DNS server?

A zone

When a DNS client requests a DNS resolution, what is the first step if the answer is not in the cache?

Query the root DNS server

What is the main benefit of caching DNS look-ups?

Amortizing initial look-up

What is an example of temporal locality of requests in DNS resolution?

Requesting www.espn.com/page1 and www.espn.com/page2

What is a popular destination in DNS resolution?

google.com

What can an attacker do if they control a DNS server?

Control how users of that DNS server view the internet

What happens when a DNS client requests a DNS resolution and the answer is not in the cache?

The DNS client queries the root DNS server

What is the benefit of caching popular destinations in DNS resolution?

Reducing the latency of DNS resolution

Study Notes

Internet and Network Layers

• The internet is a group of layers, each implementing a service.
• The 5-layer internet model consists of:
  • Application layer
  • Transport layer
  • Network layer
  • Data Link layer
  • Physical layer

Internet Packet Encapsulation

• Packets are generated and sent through the network layers.
• The application layer sends a message, which is segmented into packets with headers and data.
• The transport layer adds a packet header and packet data.
• The network layer adds a packet header and packet data.
• The data link layer adds a frame header and frame data.
• The physical layer transmits the physical signals.

Application Layer

• The application layer is responsible for sending and receiving application messages.
• It provides routing and forwarding of packets.
• Addressing is based on IP addresses, which are logical addresses assigned by routers and Internet Service Providers.

Data Link Layer

• The data link layer is responsible for node-to-node delivery of data.
• It uses MAC addresses, which are physical identifiers for hardware.
• MAC addresses do not guarantee authenticity, as they can be reconfigured or spoofed by attackers.

Physical Layer

• The physical layer is responsible for transmitting and receiving physical signals.
• Examples of physical layers include radio waves, telephone lines, fiber optic cables, and undersea submarine cables.
• The physical layer does not guarantee availability, as it can be tampered with by third parties.

Food for Thought

• Every network layer is susceptible to attacks.
• Attacks can occur at any layer, and understanding the layers is essential for defense.

Recap: The 5-Layer Internet

• The application layer sends and receives application messages.
• The transport layer enables communication between applications.
• The network layer enables communication between hosts.
• The data link layer enables node-to-node delivery of data.
• The physical layer transmits physical signals.

Where is Each Layer Implemented?

• The application layer is implemented in the user's device.
• The transport layer is implemented in the operating system.
• The network layer is implemented in the router.
• The data link layer is implemented in the network interface card.
• The physical layer is implemented in the physical transmission medium.

Case Study: Email Header Spoofing

• Attackers can spoof email headers to mislead recipients about the sender of the email.
• Defenses include checking email bodies and headers, as well as using Pretty Good Privacy (PGP) for authentication and confidentiality.

Application Layer Attacks

• DNS hijacking is a type of attack that can occur at the application layer.
• Identifying internet hosts can be done using IP addresses, which are logical addresses assigned by routers and Internet Service Providers.

The Domain Name System

• The domain name system (DNS) is a distributed database that translates domain names to IP addresses.
• DNS is implemented in a hierarchy of name servers.
• DNS resolution involves a client requesting a domain name and receiving the IP address from a DNS server.

Reducing Resolution Latency

• DNS resolution latency can be reduced by caching look-ups and exploiting temporal locality of requests.
• Popular destinations, such as google.com, can be optimized for faster resolution.

Attacking DNS

• If an attacker controls a DNS server, they can control how users of that DNS server view the internet.
• DNS attacks can have significant consequences, as they can redirect users to malicious websites or steal sensitive information.

Description

This quiz covers the basics of application layer attacks and their relation to the internet, as well as its layered implementation. It includes concepts such as ticket purchases, baggage claims, and airport gates.