

































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
IP Protocol Functions (Summary). Routing. ▫ IP host knows location of router (gateway). ▫ IP gateway must know route to other networks.
Typology: Study notes
1 / 41
This page cannot be seen from the preview
Don't miss anything!


































CS 155 Spring 2010
How things work now plus some problems
Attacking host-to-host datagram protocols TCP Spoofing, … Attacking network infrastructure Routing Domain Name System
Application Transport Network Link
IP protocol Data Link
Network Access IP protocol Data Link Application Transport Network Link
Application Transport (TCP, UDP) Network (IP) Link Layer Application message - data TCP data TCP data TCP data TCP Header IP TCP data IP Header ETH IP TCP data ETF Link (Ethernet) Header Link (Ethernet) Trailer segment packet frame message
121.42.33. 132.14.11. Source Destination
121.42.33. 121.42.33. 132.14.11. 132.14.11.
IP host knows location of router (gateway) IP gateway must know route to other networks
If max-packet-size less than the user-data-size
ICMP packet to source if packet is dropped
Packet dropped f TTL=0. Prevents infinite loops.
Break data into packets Attach packet numbers
Acknowledge receipt; lost packets are resent Reassemble packets in correct order
Book Mail each page Reassemble book 19 5 1 1 1
C
S
SNC←randC ANC← 0 SNS←randS ANS←SNC SN←SNC+ AN←SNS Received packets with SN too far out of window are dropped
C
S
Attacker can create TCP session on behalf of forged source IP Breaks IP-based authentication (e.g. SPF, /etc/hosts ) Victim Server
dstIP=victim SN=server SNS
srcIP=victim AN=predicted SNS command server thinks command is from victim IP addr attacker
srcIP=victim
32
Much higher success probability.
Node A can confuse gateway into sending it traffic for B By proxying traffic, attacker A can easily inject packets into B’s session (e.g. WiFi networks)
Attacker can cause entire Internet to send traffic for a victim IP to attacker’s address. Example: Youtube mishap (see DDoS lecture)