Network Security Lecture 8 PDF

Vulnerabilities in ICMP • Understanding on the types of ICMP operations • Appreciation on how ICMP normally interacts between the originator and the other hosts • Identifying the abnormal network behaviours. 39 Outline • Layer 3: Network – Internet Protocol (IP) – Address Resolution Protocol (ARP) – Internet Control Message Protocol (ICMP) • Layer 4: Transport – Transmission Control Protocol (TCP) • Layer 7: Application – Dynamic Host Configuration Protocol (DHCP) – Domain Name System (DNS) 40 How to tell TCP is a reliable and connection-oriented protocol? 41 TCP header Source port address (16 bits) Destination port address (16 bits) TCP header Sequence number (32 bits) Acknowledgement number (32 bits) HLEN (4 bits) Res erve d (3bit s) C R N W C S R E U R C A C K P S H R S F S Y I T N N Window size Urgent pointer (If URG set, 16 bits) Checksum (16 bits) Options and Padding 42 TCP features • TCP provides reliability • Error control • Flow control • TCP is a connection-oriented protocol • TCP offers full-duplex service 43 A TCP Connection Three stages of a TCP connection: 1. Connection establishment with a 3-way handshake 2. Data transfer 3. Connection termination with a 4-way handshake 44 (I) Connection establishment with a 3-way handshake (cont.-) • A client (A) sends a TCP synchronization (SYN) segment to the destination device (B), usually a server – A destination port is specified and a source port is assigned dynamically • Use 3 segments establish a TCP connection – Segment 1: A issues a message to B for initialization – Segment 2: B sends a message to A for initialization and acknowledgement – Segment 3: A sends an acknowledgement to B 45 (I) Connection establishment with a 3-way handshake (cont.-) Client (1) Request for connection Server Simplified segment fields Seq: 8000 SYN segment S Seq: 15000 Ack: 8001 A SYN-ACK segment (2) Response S Seq: 8001 (3) Connection established Time ACK segment Ack: 15001 A Time 46 (II) TCP Data Transfer Simplified segment fields • • Received data must be acknowledged with an ACK that specifies the byte number that the receiver is expecting to receive from the sender TCP uses sequence number to identify the amount of data transferred and any out-of-order packets Client Seq: 8001 Ack: 15001 Server A Data Byes: 8001-9000 Seq: 15001 Ack: 9001 A Data Byes: 15001-16000 Seq: 9001 Ack: 16001 A 47 TCP Connection Termination: 4-Way Handshake Client Seq: x Server Ack: y FIN F Seq: y Ack: x +1 ACK A Seq Ack FIN F Seq ACK Ack A 48 Threats to TCP • Predicting TCP Sequences – It’s possible for an attacker to guess the sequence of numbers that TCP assigns to a stream of data packets. – If an attacker can predict both the sequence number of an ongoing communication session. It can carry out an injection attack to insert corrupted or fraudulent data into the stream. • SYN Flooding • … 49 Outline • Layer 3: Network – Internet Protocol (IP) – Address Resolution Protocol (ARP) – Internet Control Message Protocol (ICMP) • Layer 4: Transport – Transmission Control Protocol (TCP) • Layer 7: Application – Dynamic Host Configuration Protocol (DHCP) – Domain Name System (DNS) 50 DHCP • DHCP is used to automatically assign IP addresses as needed within a network. – When a computer is turned on, it requests an IP address from a DHCP server – The server assigns an address for a specific amount of time (called a lease) • DHCP Servers listen on UDP port 67 for leasing IP addresses. • DHCP clients use UDP port 68 for requesting IP addresses 51 DHCP Lease Process 1. During the bootup process, a DHCP client broadcasts a DHCPDISCOVER message to reach a DHCP server for requesting an IP. 2. The DHCP server reserves an IP address for the client and makes a lease offer by sending a DHCPOFFER message to the client via unicast. 52 DHCP Lease Process (cont.) 3. The client responds with a DHCPREQUEST message via broadcast to accept the offered IP address. – If several DHCP servers respond to the request, the client accepts the first offer that it receives. 4. The DHCP server whose offer was accepted responds with a DHCPACK message via unicast. – It acknowledges the lease acceptance and contains the client’s IP address lease and 53 other IP addressing information. DHCP Message Format OP Code (op) (1 byte) DHCP Message Payload Hardware Type (htype) (1 byte) Transaction ID (xid) (4 bytes) Seconds (sec) (2 bytes) Hardware address length (hlen) (1byte) Hops (hops) (1 byte) Flags (flags) (2 bytes) Client IP address (ciaddr) (4 bytes) Your IP address (yiaddr) (4 bytes) Server IP address (siaddr) (4 bytes) UDP Gateway IP address (giaddr) (4 bytes) Client hardware address (chaddr) (16 bytes) Server name (64 bytes) Boot File name (bname) (128 bytes) IP Options (variable Size) Ethernet 54 Threats to DHCP • DHCP spoofing – The attacker inserts a rogue DHCP server in the network – The rogue DHCP responds to DHCP requests and tries to list itself as the default gateway or DNS server, initiating a man in the middle attack. – It can intercept traffic from users before forwarding to the actual gateway 55 Threats to DHCP (Cont.) • DHCP starvation attack – The attacker uses slave hosts to keep on requesting for IP addresses from the DHCP until DHCP server’s entire pool of addresses is exhausted. – As such the legitimate client is unable to get an IP from the DHCP server and hence cannot connect to the network. • Understanding on the DHCP operation between a client and a server. • Identifying the abnormal network behaviours 56 Outline • Layer 3: Network – Internet Protocol (IP) – Address Resolution Protocol (ARP) – Internet Control Message Protocol (ICMP) • Layer 4: Transport – Transmission Control Protocol (TCP) • Layer 7: Application – Dynamic Host Configuration Protocol (DHCP) – Domain Name System (DNS) 57

Network Security Lecture 8 PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue