Lecture 8 Network Security - Part 1_v1_Part2 PDF

Summary

This lecture covers fundamental networking concepts like ARP, IP, and MAC addressing, and exploring the ICMP protocol. It describes how these protocols work and their role in network communication.

Full Transcript

ARP: IP and MAC addressing • IP addresses are used for identifying destination devices across the Internet. • MAC addresses are used for direct delivery within the same network. • ARP is used to resolve a logical (IP) address of a target host to its physical (MAC) address in a local area network. 2...

ARP: IP and MAC addressing • IP addresses are used for identifying destination devices across the Internet. • MAC addresses are used for direct delivery within the same network. • ARP is used to resolve a logical (IP) address of a target host to its physical (MAC) address in a local area network. 20 ARP in Direct Delivery A B C • The sender A and receiver B are located at the same network. • A requests for B’s MAC address. • Once B’s MAC address is resolved, then the data can be delivered from A to B. 21 ARP in Indirect Delivery • G 131.181.1.1 131.181.2.100 A B 131.181.1.100 131.181.2.100 • • • The sender A and receiver B are not located at the same network. A requests for gateway’s MAC address. Once G’s MAC address is resolved, then A sends the data to G for data forwarding G requests B’s MAC address. Once B’s MAC address is resolved, then G forwards the data to B Two ARP processes involved. 22 ARP in Indirect Delivery G1 131.181.1.1 G2 131.181.2.1 131.181.2.2 ARP A-G1 A ARP G1-G2 131.181.3.2 G3 131.181.4.1 131.181.3.1 ARP G2-G3 ARP G3-B B 131.181.1.100 131.181.4.100 4 * ARP processes: • A - G1 • G1 - G2 • G2 - G3 • G3 - B 23 ARP Process- Request • • ARP is a two-step process: a request and a reply. Within a network, when a host (requester) – A, begins a conversation with a target host - B – A is aware of B’s IP address, but does not have the B's MAC address. Thus A is unable to send a unicast frame to B. – A sends an ARP broadcast frame to request B’s MAC address. Since it is a broadcast, all hosts on the network receives the ARP request. – All hosts scan the content of the ARP request to determine if they are the intended target. The hosts which are not the intended target discard the broadcast frame. 24 ARP Process - Reply • B is the target of the ARP Request. It sends an ARP Reply back to A. • Since B knows who sent the initial ARP Request, it is able to send the ARP Response unicast, directly back to A. 25 ARP Frame Format 0 7 8 15 Hardware Type (e.g. Ethernet =1) Hardware Address length Protocol length 16 23 24 31 Protocol Type (network layer protocol) Operation (Request = 1, Reply = 2) Sender Hardware Address (48 bits = 6 bytes) Target Hardware Address (Empty in request) Target IP address (32 bits) 26 ARP Poisoning • ARP Poisoning is also known as ARP Spoofing. • A type of attack carried out over a local area network (LAN). • It involves sending malicious ARP packets on a LAN to change the mapping of the attacker's MAC address with the IP address of another host 27 Outline • Layer 3: Network – Internet Protocol (IP) – Address Resolution Protocol (ARP) – Internet Control Message Protocol (ICMP) • Layer 4: Transport – Transmission Control Protocol (TCP) • Layer 7: Application – Dynamic Host Configuration Protocol (DHCP) – Domain Name System (DNS) 28 ICMP Features • ICMP is a supporting protocol to support IP. • ICMP messages are encapsulated inside of IP datagrams before going down to the data link layer IP Header Frame Header ICMP header + data = IP data Frame data Trailer 29 ICMP Features (cont.) • Assists the diagnosis of some network problems, particularly related to the network layer of the OSI model • Assists in obtaining specific information from routers and the destination host • Is used by routers and hosts • Returns the message back to the originator 30 Types of ICMP Destination Unreachable Source Quench Error Reporting Time Exceeded Param Problem • ICMP messages can be broadly classified into 2 types: – Error reporting – Query/Reply ICMP Redirect … Echo/Reply Query Timestamp ... 31 Time-Exceeded • The ICMP Time Exceeded message is issued: – When a packet is sent, its TTL is decremented by 1 at each hop. If the TTL reaches 0, the packet is dropped and a Time-Exceeded message is sent to the originator. – If destination does not receive all fragments in a set time, it drops any received fragments and sends a Time-Exceeded message to the originator 32 Scenario: ICMP Redirect • Sending host, A, has IP address 10.0.0.100/24 • A’s routing table has a default route entry pointing to router G1’s IP address 10.0.0.1/24 as the default gateway • Router G1 uses router G2’s IP address 10.0.0.2/24 as its next hop when forwarding traffic to destination Network X. G1 G2 Network X B A 33 Source from Cisco: Understanding ICMP Redirect Messages Scenario: ICMP Redirect (cont.) • G1 with IP address 10.0.0.1 receives a packet from host 10.0.0.100 on a network • G1 checks its routing table and obtains the IP address 10.0.0.2 of the next hop G2, on the route to the packet’s destination network X. • If G2 and sending host identified by the sending host’s IP are on the same network 10.0.0.0, ICMP Redirect message is sent to the sending host to advise the host to send its traffic for network X directly to G2, as this is one hop shorter to the destination’s network • G1 forwards the received packet to G2 34 Echo Request/Reply • A host or router that receives an echo-request message creates an echo-reply message and returns it to the originator • echo-request and echo-reply messages can be used to help diagnose some network problems – e.g. communication status between two devices • Testing destination availability and providing status is achieved by invoking a ping command – Creates a series of echo-request and echo-reply messages providing statistical information 35 Ping Utility 36 Tracert Utility 37 Can ICMP be used for evil? 38

Use Quizgecko on...
Browser
Browser