Network Protocols and Vulnerabilities, Study notes of Network Technologies and TCP/IP

IP Protocol Functions (Summary). Routing. ▫ IP host knows location of router (gateway). ▫ IP gateway must know route to other networks.

Typology: Study notes

2022/2023

Uploaded on 05/11/2023

geek45
geek45 🇺🇸

4.4

(10)

274 documents

1 / 41

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Network Protocols and
Vulnerabilities
Dan Boneh
CS 155 Spring 2010
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29

Partial preview of the text

Download Network Protocols and Vulnerabilities and more Study notes Network Technologies and TCP/IP in PDF only on Docsity!

Network Protocols and

Vulnerabilities

Dan Boneh

CS 155 Spring 2010

Outline

! Basic Networking:

 How things work now plus some problems

! Some network attacks

 Attacking host-to-host datagram protocols  TCP Spoofing, …  Attacking network infrastructure  Routing  Domain Name System

TCP Protocol Stack

Application Transport Network Link

Application protocol

TCP protocol

IP protocol Data Link

IP

Network Access IP protocol Data Link Application Transport Network Link

Data Formats

Application Transport (TCP, UDP) Network (IP) Link Layer Application message - data TCP data TCP data TCP data TCP Header IP TCP data IP Header ETH IP TCP data ETF Link (Ethernet) Header Link (Ethernet) Trailer segment packet frame message

IP Routing

! Internet routing uses numeric IP address

! Typical route uses several hops

Meg

Tom

ISP

Office gateway

121.42.33. 132.14.11. Source Destination

Packet

121.42.33. 121.42.33. 132.14.11. 132.14.11.

IP Protocol Functions (Summary)

! Routing

 IP host knows location of router (gateway)  IP gateway must know route to other networks

! Fragmentation and reassembly

 If max-packet-size less than the user-data-size

! Error reporting

 ICMP packet to source if packet is dropped

! TTL field: decremented after every hop

 Packet dropped f TTL=0. Prevents infinite loops.

User Datagram Protocol

! Unreliable transport on top of IP:

 No acknowledgment

 No congenstion control

 No message continuation

UDP

Transmission Control Protocol

! Connection-oriented, preserves order

 Sender

 Break data into packets  Attach packet numbers

 Receiver

 Acknowledge receipt; lost packets are resent  Reassemble packets in correct order

TCP

Book Mail each page Reassemble book 19 5 1 1 1

Review: TCP Handshake

C S

SYN :

SYN/ACK :

ACK :

Listening

Store SN

C

, SN

S

Wait

Established

SNC←randC ANC← 0 SNS←randS ANS←SNC SN←SNC+ AN←SNS Received packets with SN too far out of window are dropped

Basic Security Problems

1. Network packets pass by untrusted hosts

 Eavesdropping, packet sniffing

 Especially easy when attacker controls a

machine close to victim

2. TCP state can be easy to guess

 Enables spoofing and session hijacking

3. Denial of Service (DoS) vulnerabilities

 DDoS lecture

2. TCP Connection Spoofing

! Why random initial sequence numbers? (SN

C

, SN

S

! Suppose init. sequence numbers are predictable

 Attacker can create TCP session on behalf of forged source IP  Breaks IP-based authentication (e.g. SPF, /etc/hosts ) Victim Server

SYN/ACK

dstIP=victim SN=server SNS

ACK

srcIP=victim AN=predicted SNS command server thinks command is from victim IP addr attacker

TCP SYN

srcIP=victim

Example DoS vulnerability [Watson’04]

! Suppose attacker can guess seq. number for an

existing connection:

 Attacker can send Reset packet to

close connection. Results in DoS.

 Naively, success prob. is 1/

32

(32-bit seq. #’s).

 Most systems allow for a large window of

acceptable seq. #’s

 Much higher success probability.

! Attack is most effective against long lived

connections, e.g. BGP

Routing Vulnerabilities

Routing Vulnerabilities

! Common attack: advertise false routes

 Causes traffic to go though compromised hosts

! ARP (addr resolution protocol): IP addr -> eth addr

 Node A can confuse gateway into sending it traffic for B  By proxying traffic, attacker A can easily inject packets into B’s session (e.g. WiFi networks)

! OSPF: used for routing within an AS

! BGP: routing between ASs

 Attacker can cause entire Internet to send traffic for a victim IP to attacker’s address.  Example: Youtube mishap (see DDoS lecture)