CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… ·...
Transcript of CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… ·...
![Page 1: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/1.jpg)
CSc 466/566
Computer Security
18 : Network Security — IntroductionVersion: 2013/04/10 11:03:18
Department of Computer ScienceUniversity of Arizona
Copyright c© 2013 Christian Collberg
Christian Collberg
1/81
![Page 2: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/2.jpg)
Outline
1 IntroductionInternet Protocol LayersPacketsNetwork Security Issues
2 The Link LayerHubs and SwitchesEthernet FramesARP Spoofing
3 The Network LayerICPMIP Spoofing
4 The Transport LayerTCP Session Hijacking
5 Denial-of-ServiceICPM AttacksSYN Flood Attacks
6 SummaryIntroduction 2/81
![Page 3: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/3.jpg)
Autonomoussystem
Switch
LAN
Gatewayrouter
![Page 4: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/4.jpg)
Network Topology
Computers are host nodes — they send and receive messages.
Routers are communication nodes — they pass on messages.
Local Area Network (LAN) — private network of physicallyclose computers.
Wide Area Network (WAN) — many physically separatedmachines/groups of machines.
Autonomous Systems (AS) — clusters of routers.
Introduction 4/81
![Page 5: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/5.jpg)
Autonomous Systems
Controlled by a single organizational entity.
Consist of clusters of routers.
Routing within an AS is done by shortest route .
Routing between ASs is by contractual agreements .
Introduction 5/81
![Page 6: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/6.jpg)
Internet Protocol Layers — Physical Layer
Describes how bitstreams are transferred from one node toanother over a physical medium.
Introduction 6/81
![Page 7: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/7.jpg)
Internet Protocol Layers — Physical Layer
Describes how bitstreams are transferred from one node toanother over a physical medium.
Abstraction:
Introduction 6/81
![Page 8: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/8.jpg)
Internet Protocol Layers — Physical Layer
Describes how bitstreams are transferred from one node toanother over a physical medium.
Abstraction:1 Source/Destination: networking hardware
Introduction 6/81
![Page 9: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/9.jpg)
Internet Protocol Layers — Physical Layer
Describes how bitstreams are transferred from one node toanother over a physical medium.
Abstraction:1 Source/Destination: networking hardware2 Data: raw bits
Introduction 6/81
![Page 10: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/10.jpg)
Internet Protocol Layers — Physical Layer
Describes how bitstreams are transferred from one node toanother over a physical medium.
Abstraction:1 Source/Destination: networking hardware2 Data: raw bits3 Link: copper, coaxial, optical fiber, WiFi. . .
Introduction 6/81
![Page 11: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/11.jpg)
Internet Protocol Layers — Link Layer
Describes how collections of bits (frames) are transferred (ontop of the physical layer) in a LAN.
Introduction 7/81
![Page 12: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/12.jpg)
Internet Protocol Layers — Link Layer
Describes how collections of bits (frames) are transferred (ontop of the physical layer) in a LAN.
Abstraction:
Introduction 7/81
![Page 13: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/13.jpg)
Internet Protocol Layers — Link Layer
Describes how collections of bits (frames) are transferred (ontop of the physical layer) in a LAN.
Abstraction:1 Source/Destination: LAN nodes
Introduction 7/81
![Page 14: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/14.jpg)
Internet Protocol Layers — Link Layer
Describes how collections of bits (frames) are transferred (ontop of the physical layer) in a LAN.
Abstraction:1 Source/Destination: LAN nodes2 Data: frames
Introduction 7/81
![Page 15: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/15.jpg)
Internet Protocol Layers — Link Layer
Describes how collections of bits (frames) are transferred (ontop of the physical layer) in a LAN.
Abstraction:1 Source/Destination: LAN nodes2 Data: frames3 Link: Ethernet, Wireless
Introduction 7/81
![Page 16: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/16.jpg)
Internet Protocol Layers — Link Layer
Describes how collections of bits (frames) are transferred (ontop of the physical layer) in a LAN.
Abstraction:1 Source/Destination: LAN nodes2 Data: frames3 Link: Ethernet, Wireless4 Addressing: Media Access Control Addresses (MAC).
Introduction 7/81
![Page 17: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/17.jpg)
Internet Protocol Layers — Link Layer
Describes how collections of bits (frames) are transferred (ontop of the physical layer) in a LAN.
Abstraction:1 Source/Destination: LAN nodes2 Data: frames3 Link: Ethernet, Wireless4 Addressing: Media Access Control Addresses (MAC).
Detects errors occurring in the physical layer.
Introduction 7/81
![Page 18: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/18.jpg)
Internet Protocol Layers — Link Layer
Describes how collections of bits (frames) are transferred (ontop of the physical layer) in a LAN.
Abstraction:1 Source/Destination: LAN nodes2 Data: frames3 Link: Ethernet, Wireless4 Addressing: Media Access Control Addresses (MAC).
Detects errors occurring in the physical layer.
Finds a good routing path in the network.
Introduction 7/81
![Page 19: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/19.jpg)
Internet Protocol Layers — Network (Internet) Layer
Describes how to move packets between any two hosts on theInternet.
Introduction 8/81
![Page 20: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/20.jpg)
Internet Protocol Layers — Network (Internet) Layer
Describes how to move packets between any two hosts on theInternet.
Abstraction:
Introduction 8/81
![Page 21: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/21.jpg)
Internet Protocol Layers — Network (Internet) Layer
Describes how to move packets between any two hosts on theInternet.
Abstraction:1 Source/Destination: Internet nodes
Introduction 8/81
![Page 22: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/22.jpg)
Internet Protocol Layers — Network (Internet) Layer
Describes how to move packets between any two hosts on theInternet.
Abstraction:1 Source/Destination: Internet nodes2 Data: IP packets
Introduction 8/81
![Page 23: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/23.jpg)
Internet Protocol Layers — Network (Internet) Layer
Describes how to move packets between any two hosts on theInternet.
Abstraction:1 Source/Destination: Internet nodes2 Data: IP packets3 Addressing: Internet Protocol (IP) addresses.
Introduction 8/81
![Page 24: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/24.jpg)
Internet Protocol Layers — Network (Internet) Layer
Describes how to move packets between any two hosts on theInternet.
Abstraction:1 Source/Destination: Internet nodes2 Data: IP packets3 Addressing: Internet Protocol (IP) addresses.
IPv4 — 32-bit addresses, IPv6 — 128-bit addresses.
Introduction 8/81
![Page 25: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/25.jpg)
Internet Protocol Layers — Network (Internet) Layer
Describes how to move packets between any two hosts on theInternet.
Abstraction:1 Source/Destination: Internet nodes2 Data: IP packets3 Addressing: Internet Protocol (IP) addresses.
IPv4 — 32-bit addresses, IPv6 — 128-bit addresses.
Best effort delivery — no guarantees a packet will bedelivered.
Introduction 8/81
![Page 26: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/26.jpg)
Internet Protocol Layers — Transport Layer
Describes how to communicate between two applications(services) running on hosts on the Internet.
Introduction 9/81
![Page 27: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/27.jpg)
Internet Protocol Layers — Transport Layer
Describes how to communicate between two applications(services) running on hosts on the Internet.
Abstraction:
Introduction 9/81
![Page 28: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/28.jpg)
Internet Protocol Layers — Transport Layer
Describes how to communicate between two applications(services) running on hosts on the Internet.
Abstraction:1 Source/Destination: Ports connected to processes
Introduction 9/81
![Page 29: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/29.jpg)
Internet Protocol Layers — Transport Layer
Describes how to communicate between two applications(services) running on hosts on the Internet.
Abstraction:1 Source/Destination: Ports connected to processes2 Data: TCP/UDP packets
Introduction 9/81
![Page 30: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/30.jpg)
Internet Protocol Layers — Transport Layer
Describes how to communicate between two applications(services) running on hosts on the Internet.
Abstraction:1 Source/Destination: Ports connected to processes2 Data: TCP/UDP packets3 Addressing: IP address + port number
Introduction 9/81
![Page 31: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/31.jpg)
Internet Protocol Layers — Transport Layer
Describes how to communicate between two applications(services) running on hosts on the Internet.
Abstraction:1 Source/Destination: Ports connected to processes2 Data: TCP/UDP packets3 Addressing: IP address + port number
Transmission Control Protocol (TCP) — connection-basedprotocol; guaranteed and ordered delivery of packets.
Introduction 9/81
![Page 32: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/32.jpg)
Internet Protocol Layers — Transport Layer
Describes how to communicate between two applications(services) running on hosts on the Internet.
Abstraction:1 Source/Destination: Ports connected to processes2 Data: TCP/UDP packets3 Addressing: IP address + port number
Transmission Control Protocol (TCP) — connection-basedprotocol; guaranteed and ordered delivery of packets.
User Datagram Protocol (UDP) — connection-less protocol;quick delivery without guarantees.
Introduction 9/81
![Page 33: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/33.jpg)
Internet Protocol Layers — Application Layer
Uses the transport layer to provide protocols that supportuseful functions on the Internet
Introduction 10/81
![Page 34: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/34.jpg)
Internet Protocol Layers — Application Layer
Uses the transport layer to provide protocols that supportuseful functions on the Internet
Examples:
Introduction 10/81
![Page 35: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/35.jpg)
Internet Protocol Layers — Application Layer
Uses the transport layer to provide protocols that supportuseful functions on the Internet
Examples:1 HTTP — web browsing over TCP
Introduction 10/81
![Page 36: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/36.jpg)
Internet Protocol Layers — Application Layer
Uses the transport layer to provide protocols that supportuseful functions on the Internet
Examples:1 HTTP — web browsing over TCP2 DNS — domain name lookup over UDP
Introduction 10/81
![Page 37: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/37.jpg)
Internet Protocol Layers — Application Layer
Uses the transport layer to provide protocols that supportuseful functions on the Internet
Examples:1 HTTP — web browsing over TCP2 DNS — domain name lookup over UDP3 SMTP/IMAP — email over TCP
Introduction 10/81
![Page 38: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/38.jpg)
Internet Protocol Layers — Application Layer
Uses the transport layer to provide protocols that supportuseful functions on the Internet
Examples:1 HTTP — web browsing over TCP2 DNS — domain name lookup over UDP3 SMTP/IMAP — email over TCP
4 SSL — encrypted connections over TCP
Introduction 10/81
![Page 39: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/39.jpg)
Internet Protocol Layers — Application Layer
Uses the transport layer to provide protocols that supportuseful functions on the Internet
Examples:1 HTTP — web browsing over TCP2 DNS — domain name lookup over UDP3 SMTP/IMAP — email over TCP
4 SSL — encrypted connections over TCP5 VoIP — Internet telephony over UDP.
Introduction 10/81
![Page 40: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/40.jpg)
Network Packets
A packet consists of:1 A header (metadata)2 Payload (actual data)3 A footer (metadata, sometimes)
Metadata — routing and control information.
Introduction 11/81
![Page 41: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/41.jpg)
Packet Encapsulation
The payload of each packet encapsulates the packet of ahigher layer:
1 A frame packet encapsulates an IP packet.2 An IP packet encapsulates a TCP/UDP packet.3 A TCP packet encapsulates application data.
Introduction 12/81
![Page 42: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/42.jpg)
ApplicationData
ApplicationLayer
![Page 43: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/43.jpg)
Layer
ApplicationLayer
TCPHeader
TCP DataTransport
DataApplication
ApplicationData
![Page 44: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/44.jpg)
Layer
ApplicationLayer
TCP DataTransportLayer
Network
IP Data
TCP Data
Data
Data
ApplicationData
TCPHeader
IPHeader
TCPHeader
Application
Application
![Page 45: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/45.jpg)
Layer
NetworkLayer
Transport
LinkLayer
ApplicationLayer
Data
FrameFooter
ApplicationData
ApplicationData
TCP DataTCPHeader
IPHeader TCP
Header
IP Data
TCP Data
ApplicationData
FrameHeader
IPHeader
Frame Data
IP Data
TCPHeader
TCP Data
Application
![Page 46: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/46.jpg)
Packet Encapsulation — HTTP
When Web browsing:1 An HTTP packet would be contained in a TCP packet.2 The TCP packet would be contained IP packet.3 The IP packet would be contained in (for example) an
Ethernet frame.
Introduction 14/81
![Page 47: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/47.jpg)
Networking Examples
OSI model animation: http://www.youtube.com/watch?v=fiMswfo45DQ
Animation - Networking Tutorial:http://www.youtube.com/watch?v=xV-Qq0aHs1o
Introduction 15/81
![Page 48: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/48.jpg)
Network Security Issues — Confidentiality
Packet data is not kept confidential.
Two solutions:1 Encrypt data at the application level (https);2 Revise lower level protocol to include encryption (IPsec).
Introduction 16/81
![Page 49: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/49.jpg)
Network Security Issues — Integrity
Packet header/footers include simple checksums:
can detect a few communication bit errors;not cryptographically strong.
Two solutions:1 MACs at the application level;2 Revise lower level protocol.
Introduction 17/81
![Page 50: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/50.jpg)
Network Security Issues — Availability
Denial of Service attacks:
could be just Christmas rush on amazon.com!concerted attacks.
Two solutions:1 Applications need to scale with communication requests;2 Block illegitimate requests.
Introduction 18/81
![Page 51: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/51.jpg)
Network Security Issues — Assurance
Assurance is the way in which trust is provided and managedin a system.
Packets can travel between any two nodes in a network.
Solution:1 If we want to control packet flow, permissions have to be
added on top of the network.
Example:
Firewalls — allows us to block flows of packets we don’t trustfrom entering our system.
Introduction 19/81
![Page 52: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/52.jpg)
Network Security Issues — Authenticity
Packets have no space for digital signatures!
IP has no concept of identity .
Two solutions:1 Add signatures at application layer;2 Revise lower level layers.
Introduction 20/81
![Page 53: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/53.jpg)
Network Security Issues — Anonymity
No concept of identity on the Internet — anonymous bydefault!
Good for human rights worker.
Not good when we can’t identify a malicious user.
Solutions:1 Achieve higher level of anonymity by replicating processes in
many places on the network.
Introduction 21/81
![Page 54: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/54.jpg)
Outline
1 IntroductionInternet Protocol LayersPacketsNetwork Security Issues
2 The Link LayerHubs and SwitchesEthernet FramesARP Spoofing
3 The Network LayerICPMIP Spoofing
4 The Transport LayerTCP Session Hijacking
5 Denial-of-ServiceICPM AttacksSYN Flood Attacks
6 SummaryThe Link Layer 22/81
![Page 55: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/55.jpg)
The Link Layer
The Link Layer sits on top of the physical layer.
Ethernet — IEEE 802.3 .
Ethernet cables connect computers on a LAN.
Collision : Two computers on the same network segmentsend a packet at the same time.
History of Ethernet: http://www.youtube.com/watch?v=g5MezxMcRmk.
The Link Layer 23/81
![Page 56: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/56.jpg)
Ethernet Collision
LAN
wait 5 wait 23
Collision algorithm:1 Each computer waits a random length of time;2 Retransmit!3 Another collision? Repeat from 1!
The Link Layer 24/81
![Page 57: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/57.jpg)
Hubs and Switches
Hubs and Switches connect devices on a LAN.
Ethernet Hub :
Forward all frames to all attached devices.Lots of extra traffic: all frames are duplicated!All devices are on the same network segment, and must docollision avoidance.
Ethernet Switch :
Initially works like a hub.Over time, learns the addresses of attached devices.Eventually, only forwards a frame to the destination device.Fewer collisions.
The Link Layer 25/81
![Page 58: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/58.jpg)
Switch
Hub
to:AA
to:A A
to:A
B
to:B
B
![Page 59: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/59.jpg)
MAC Addresses
MAC address: 48 bits assigned to network interface.
MAC structure:
locally assigned (1bit)
manufacturer (23bits)
unique number (24bits)
Software (Unix: ifconfig) can change a device’s MAC:locally assigned=1.
The Link Layer 27/81
![Page 60: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/60.jpg)
Ethernet Frame Format
Preamble (7 bytes)
Start-of-Frame delimiter (1 byte)
MAC destination (6 bytes)
MAC source (6 bytes)
Ethertype/length (2 bytes)
Payload (45-1500 bytes)
CRC-32 Checksum (4 bytes)
Interframe Gap (12 bytes)
The Link Layer 28/81
![Page 61: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/61.jpg)
Ethernet Frame Format. . .
The CRC-32 checksum can catch simple transmission errors.
Switches learn the location of network devices from the MACaddresses.
The Link Layer 29/81
![Page 62: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/62.jpg)
Address Resolution Protocol
Address Resolution Protocol (ARP): Find the MAC addressgiven the IP address.
Algorithm (Bob wants to know the MAC address of IPaddress A):
1 Broadcast to all network interfaces: Who has IP address A? .2 Wait for a response A is at MAC address M! from the devices
with IP address A.3 Store A ↔ M in the ARP cache .
Problem: no authentication.
The Link Layer 30/81
![Page 63: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/63.jpg)
ARP Spoofing
Any computer on the network could claim to have a particularIP address.
Machines will update their ARP cache whenever they see anARP reply — even if there was no correspondingARP request !
Attack:1 Eve sends ARP reply(Bob’s IP ↔ Eve’s MAC) to Alice.2 Alice puts Bob’s IP ↔ Eve’s MAC in her ARP cache.3 Eve sends ARP reply(Alice’s IP ↔ Eve’s MAC) to Bob.4 Bob puts Alice’s IP ↔ Eve’s MAC in his ARP cache.
The Link Layer 31/81
![Page 64: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/64.jpg)
Alice
Eve
Bob
![Page 65: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/65.jpg)
Bob’s IP ↔ Eve’s MAC
Alice
Eve
Bob
ARPrepl
y(Bob’s
IP ↔Eve’
s MAC)
![Page 66: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/66.jpg)
Bob’s IP ↔ Eve’s MAC
Alice
Eve
Bob
Alice’s IP ↔ Eve’s MAC
ARPrepl
y(Bob’s
IP ↔Eve’
s MAC)
ARP reply(Alice’s IP↔ Eve’s MAC)
![Page 67: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/67.jpg)
ARP Spoofing. . .
After the ARP cache poisoning all traffic between Alice andBob is routed through Eve:
1 MITM attack;2 Denial of Service attack.
The Link Layer 33/81
![Page 68: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/68.jpg)
ARP Spoofing — Countermeasures
1 Restrict LAN access to trusted users.
The Link Layer 34/81
![Page 69: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/69.jpg)
ARP Spoofing — Countermeasures
1 Restrict LAN access to trusted users.
2 Check for multiple occurrences of the same MAC address onthe LAN.
The Link Layer 34/81
![Page 70: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/70.jpg)
ARP Spoofing — Countermeasures
1 Restrict LAN access to trusted users.
2 Check for multiple occurrences of the same MAC address onthe LAN.
3 Static ARP tables : the system adminstrator manually sets upthe routers’ ARP caches.
The Link Layer 34/81
![Page 71: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/71.jpg)
ARP Spoofing — Countermeasures
1 Restrict LAN access to trusted users.
2 Check for multiple occurrences of the same MAC address onthe LAN.
3 Static ARP tables : the system adminstrator manually sets upthe routers’ ARP caches.
4 Inspect all ARP packets, detecting attempted spoofing.
The Link Layer 34/81
![Page 72: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/72.jpg)
Outline
1 IntroductionInternet Protocol LayersPacketsNetwork Security Issues
2 The Link LayerHubs and SwitchesEthernet FramesARP Spoofing
3 The Network LayerICPMIP Spoofing
4 The Transport LayerTCP Session Hijacking
5 Denial-of-ServiceICPM AttacksSYN Flood Attacks
6 SummaryThe Network Layer 35/81
![Page 73: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/73.jpg)
The Network (Internet) Layer
Best effort routing of packets between any two hosts on theInternet.
Abstraction:1 Source/Destination: Internet nodes2 Data: IP packets3 Addressing: Internet Protocol (IP) addresses.
IPv4 — 32-bit addresses, IPv6 — 128-bit addresses.
No guarantees a packet will be delivered.
The Network Layer 36/81
![Page 74: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/74.jpg)
Routing Algorithm — From a Host Node
Sending a packet P from a host node N:1 If P ’s destination is on this LAN:
Use the ARP protocol to find the MAC address,
deliver directly.
2 Otherwise:
use the ARP protocol to find the MAC address of the
gateway ,
forward.
The Network Layer 37/81
![Page 75: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/75.jpg)
Routing Algorithm — From a Router
Router — gateways and other network nodes that handlerouting of packages on the Internet.
A router typically connects two or more LANs.
Routing tables describe the next router to which a packetshould be forwarded.
The Network Layer 38/81
![Page 76: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/76.jpg)
Router Operations
For each packet, the router decides whether to1 Drop — expired packets (TTL=0) are dropped.2 Deliver — if the packet is going to a machine on this LAN,
deliver it.3 Forward — otherwise, send to neighboring router.
TTL (time to live): a field in the IP header, decremented byeach router, used to prevent packets from living forever.
The Network Layer 39/81
![Page 77: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/77.jpg)
Routing Table Protocols
Open Shortest Path First (OSPF) — how should packets berouted within an autonomous system?
packets should travel along shortest paths.
Border Gateway Protocol (BGP) — how should packets berouted between autonomous systems?
packets are routed based on contractual agreements.
Routing animation: http://www.youtube.com/watch?v=RbY8Hb6abbg
The Network Layer 40/81
![Page 78: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/78.jpg)
Routing vs. Switch
Switch :
forwards packets on a single LAN.learns routes over time.
Router :
can belong to multiple LANs.uses routing tables to forward packets.
The Network Layer 41/81
![Page 79: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/79.jpg)
IPv4 Packet Format
Version (4 bits)
Header length (4 bits)
Service type (8 bits)
Total length (16 bits)
Identification (16 bits)
Flags (3 bits)
Fragment offset (13 bits)
Time-to-Live (8 bits)
Protocol (8 bits)
Header Checksum (16 bits)
Source Address (32 bits)
Destination Address (32 bits)
Payload
The Network Layer 42/81
![Page 80: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/80.jpg)
IP Address Format
IPv4 address: 32 bits.
IPv4 address structure:
network portion host portion
Network portion : IP prefix for all machines on a network.
Host portion : identifies a particular device
Peter Packet & Subnetting:http://www.youtube.com/watch?v=x-QC6l9KhQY&feature=related
Class A — Reserved for government organizations, telcos.
Class B — Reserved for ISPs, large businesses.
Class C — Reserved for smaller organizations.
The Network Layer 43/81
![Page 81: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/81.jpg)
IP Address Classes
Class Leadingbits
Size ofnetworknumberbit field
Size ofrest bitfield
Numberof net-works
Addressesper net-work
A 0 8 24 27 224
B 10 16 16 214 216
C 110 24 8 221 28
Class Start address End address
A 0.0.0.0 127.255.255.255
B 128.0.0.0 191.255.255.255
C 192.0.0.0 223.255.255.255
The Network Layer 44/81
![Page 82: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/82.jpg)
Internet Control Message Protocol
Internet Control Message Protocol (ICMP) — used fornetwork diagnostics.
ICMP messages:1 Echo request : please acknowledge receipt of packet.
The Network Layer 45/81
![Page 83: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/83.jpg)
Internet Control Message Protocol
Internet Control Message Protocol (ICMP) — used fornetwork diagnostics.
ICMP messages:1 Echo request : please acknowledge receipt of packet.2 Echo response : packet receipt is acknowledged.
The Network Layer 45/81
![Page 84: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/84.jpg)
Internet Control Message Protocol
Internet Control Message Protocol (ICMP) — used fornetwork diagnostics.
ICMP messages:1 Echo request : please acknowledge receipt of packet.2 Echo response : packet receipt is acknowledged.3 Time exceeded : notify that packet has expired (TTL=0).
The Network Layer 45/81
![Page 85: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/85.jpg)
Internet Control Message Protocol
Internet Control Message Protocol (ICMP) — used fornetwork diagnostics.
ICMP messages:1 Echo request : please acknowledge receipt of packet.2 Echo response : packet receipt is acknowledged.3 Time exceeded : notify that packet has expired (TTL=0).4 Destination unreachable : notify that packet could not be
delivered.
The Network Layer 45/81
![Page 86: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/86.jpg)
Ping Protocol
![Page 87: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/87.jpg)
Ping Protocol
ECHO request()
![Page 88: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/88.jpg)
Ping Protocol
ECHO request()
ECHO response()
Diagnostic tool too see if a host is working.
The Network Layer 46/81
![Page 89: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/89.jpg)
Traceroute Protocol
How do we find the path a packet takes to a node N?
Algorithm:1 Send ECHO request(TTL=1) to N .2 A router that receives ECHO request(TTL=1) responds with
TIME exceeded().3 Send ECHO request(TTL=2) to N .4 Repeat, increasing TTL each time, until N is reached,
responding with ECHO response().
The Network Layer 47/81
![Page 90: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/90.jpg)
![Page 91: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/91.jpg)
ECHO request(TTL=1)
![Page 92: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/92.jpg)
ECHO request(TTL=1)
TIME exceeded()
![Page 93: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/93.jpg)
ECHO request(TTL=1)
TIME exceeded()
ECHO request(TTL=2)
![Page 94: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/94.jpg)
ECHO request(TTL=1)
TIME exceeded()
ECHO request(TTL=2)
TIME exceeded()
![Page 95: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/95.jpg)
ECHO request(TTL=1)
TIME exceeded()
ECHO request(TTL=2)
TIME exceeded()
ECHO request(TTL=3)
![Page 96: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/96.jpg)
ECHO request(TTL=1)
TIME exceeded()
ECHO request(TTL=2)
TIME exceeded()
ECHO request(TTL=3)
TIME exceeded()
![Page 97: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/97.jpg)
ECHO request(TTL=1)
TIME exceeded()
ECHO request(TTL=2)
TIME exceeded()
ECHO request(TTL=3)
TIME exceeded()
ECHO request(TTL=4)
![Page 98: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/98.jpg)
ECHO request(TTL=1)
TIME exceeded()
ECHO request(TTL=2)
TIME exceeded()
ECHO request(TTL=3)
TIME exceeded()
ECHO request(TTL=4)
ECHO response()
![Page 99: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/99.jpg)
IP Spoofing
The source address in an IP packet is never checked:overwrite it!
The sender will never get a response! So, why? Denial ofservice attack.
HEADER
////////Source///////////Address
Destination Address
Payload
The Network Layer 49/81
![Page 100: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/100.jpg)
Countermeasures to IP Spoofing
Bob’s LAN
Borderrouter Source: Bob’s Lan
Border router can block packets whose source address appearsto be from inside the subnetwork, although they come fromoutside the subnetwork.
The Network Layer 50/81
![Page 101: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/101.jpg)
Countermeasures to IP Spoofing. . .
Bob’s LAN
Borderrouter
Source: Alice’ LAN
Border router can block outgoing packets whose sourceaddress appears to be from outside the subnetwork.
Maybe a node has been compromised by malware?
The Network Layer 51/81
![Page 102: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/102.jpg)
Countermeasures to IP Spoofing. . .
Bob’s LAN
Block Alice!
Block Alice!
Alice
Source: EveBlock Alice!
IP Traceback — determining the origin of a packet, withoutusing the source field.
Once we know the actual source address, we can ask1 the ASs to block packets from this location.2 the ISP controlling the source address to block suspicious
machines.
The Network Layer 52/81
![Page 103: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/103.jpg)
IP Traceback Techniques. . .
Packet marking — routers add information to packets, sothat their path can be reconstructed.Naive approach: each router adds its address to the end ofthe packet:
HEADER
////////Source///////////Address
Destination Address
Payload
Router 1
Router 2
Router 3
Router 4
Advantages : Easy to reconstruct path.Disadvantages : Router overhead, how to know if there’sspace in the packet?, packet fragmentation.
The Network Layer 53/81
![Page 104: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/104.jpg)
IP Traceback Techniques — Node Sampling
Node sampling :
Only one router address can be stored in the packet.A router writes its address with probability p.
HEADER
////////Source///////////Address
Destination Address
Payload
Router address
Given enough packets, the path can be reconstructed.
The Network Layer 54/81
![Page 105: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/105.jpg)
IP Traceback Technique — Node Sampling. . .
Bob’s LAN
CRouter: A
B
Source: Eve
Alice
D
A
Probability the packet will be marked by C : pProbability the packet will be marked by B : p · (1− p)Probability the packet will be marked by A: p · (1− p) · (1− p)
The Network Layer 55/81
![Page 106: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/106.jpg)
IP Traceback Technique — Node Sampling. . .
Bob’s LAN
C
Router: B
B
Source: Eve
Alice
D
A
Probability the packet will be marked by C : pProbability the packet will be marked by B : p · (1− p)Probability the packet will be marked by A: p · (1− p) · (1− p)
The Network Layer 55/81
![Page 107: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/107.jpg)
IP Traceback Technique — Node Sampling. . .
Bob’s LAN
C
Router: B
B
Source: Eve
Alice
D
A
Probability the packet will be marked by C : pProbability the packet will be marked by B : p · (1− p)Probability the packet will be marked by A: p · (1− p) · (1− p)
The Network Layer 55/81
![Page 108: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/108.jpg)
IP Traceback Technique — Node Sampling. . .
Bob’s LAN
C
Router: B
B
Source: Eve
Alice
D
A
Probability the packet will be marked by C : pProbability the packet will be marked by B : p · (1− p)Probability the packet will be marked by A: p · (1− p) · (1− p)
The Network Layer 55/81
![Page 109: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/109.jpg)
IP Traceback Technique — Other Techniques
Many other techniques have been proposed.
Most not implemented — require cooperation from Internetrouters.
The Network Layer 56/81
![Page 110: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/110.jpg)
Outline
1 IntroductionInternet Protocol LayersPacketsNetwork Security Issues
2 The Link LayerHubs and SwitchesEthernet FramesARP Spoofing
3 The Network LayerICPMIP Spoofing
4 The Transport LayerTCP Session Hijacking
5 Denial-of-ServiceICPM AttacksSYN Flood Attacks
6 SummaryThe Transport Layer 57/81
![Page 111: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/111.jpg)
The Transport Layer
Communication between processes connected to ports .
The Transport Layer 58/81
![Page 112: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/112.jpg)
The Transport Layer
Communication between processes connected to ports .
Abstraction:
The Transport Layer 58/81
![Page 113: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/113.jpg)
The Transport Layer
Communication between processes connected to ports .
Abstraction:1 Source/Destination: Ports connected to processes
The Transport Layer 58/81
![Page 114: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/114.jpg)
The Transport Layer
Communication between processes connected to ports .
Abstraction:1 Source/Destination: Ports connected to processes2 Data: TCP/UDP packets
The Transport Layer 58/81
![Page 115: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/115.jpg)
The Transport Layer
Communication between processes connected to ports .
Abstraction:1 Source/Destination: Ports connected to processes2 Data: TCP/UDP packets3 Addressing: IP address + port number
The Transport Layer 58/81
![Page 116: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/116.jpg)
The Transport Layer
Communication between processes connected to ports .
Abstraction:1 Source/Destination: Ports connected to processes2 Data: TCP/UDP packets3 Addressing: IP address + port number
Transmission Control Protocol (TCP) — connection-basedprotocol; guaranteed and ordered delivery of packets.
The Transport Layer 58/81
![Page 117: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/117.jpg)
The Transport Layer
Communication between processes connected to ports .
Abstraction:1 Source/Destination: Ports connected to processes2 Data: TCP/UDP packets3 Addressing: IP address + port number
Transmission Control Protocol (TCP) — connection-basedprotocol; guaranteed and ordered delivery of packets.
User Datagram Protocol (UDP) — connection-less protocol;quick delivery without guarantees.
The Transport Layer 58/81
![Page 118: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/118.jpg)
TCP Packet Format
Source Port (16 bits)
Destination Port (16 bits)
Sequence Number (32 bits)
Acknowledgement Number (32 bits)
Offset (4 bits)
Reserved (4 bits)
Flags (8 bits)
Window size (16 bits)
Checksum (16 bits)
Urgent Pointer (16 bits)
Payload
The Transport Layer 59/81
![Page 119: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/119.jpg)
TCP Sequence Number
seq=9
Incremented for every packet by payload length.
Allows us to determine when packets arrive out of order.
Allows us to determine when packets don’t arrive.
![Page 120: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/120.jpg)
TCP Sequence Number
seq=9
seq=10
seq=10
Incremented for every packet by payload length.
Allows us to determine when packets arrive out of order.
Allows us to determine when packets don’t arrive.
![Page 121: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/121.jpg)
TCP Sequence Number
seq=9
seq=10
seq=11
seq=10
seq=11
Incremented for every packet by payload length.
Allows us to determine when packets arrive out of order.
Allows us to determine when packets don’t arrive.
![Page 122: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/122.jpg)
TCP Sequence Number
seq=9
seq=10
seq=11
seq=10
seq=11
seq=13
Incremented for every packet by payload length.
Allows us to determine when packets arrive out of order.
Allows us to determine when packets don’t arrive.
The Transport Layer 60/81
![Page 123: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/123.jpg)
TCP Acknowledgement Number
seq=9
Receiver sends an acknowledgement package with thesequence number of the next payload byte it wants to receive.
![Page 124: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/124.jpg)
TCP Acknowledgement Number
seq=9
seq=10
seq=10
Receiver sends an acknowledgement package with thesequence number of the next payload byte it wants to receive.
![Page 125: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/125.jpg)
TCP Acknowledgement Number
seq=9
seq=10
seq=11
seq=10
seq=11
Receiver sends an acknowledgement package with thesequence number of the next payload byte it wants to receive.
![Page 126: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/126.jpg)
TCP Acknowledgement Number
seq=9
seq=10
seq=11
seq=11
seq=10
seq=11
seq=13
Receiver sends an acknowledgement package with thesequence number of the next payload byte it wants to receive.
![Page 127: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/127.jpg)
TCP Acknowledgement Number
seq=9
seq=10
seq=11
seq=11
seq=12
seq=10
seq=11
seq=13
ack=12
Receiver sends an acknowledgement package with thesequence number of the next payload byte it wants to receive.
![Page 128: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/128.jpg)
TCP Acknowledgement Number
seq=9
seq=10
seq=11
seq=11
seq=12
seq=10
seq=11
seq=13
ack=12
seq=12
Receiver sends an acknowledgement package with thesequence number of the next payload byte it wants to receive.
The Transport Layer 61/81
![Page 129: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/129.jpg)
TCP Connections
TCP uses a 3-way handshake to set up a connection.
The protocol includes a random initialization of thesequence number .
![Page 130: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/130.jpg)
TCP Connections
SYN(seq=42)
TCP uses a 3-way handshake to set up a connection.
The protocol includes a random initialization of thesequence number .
![Page 131: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/131.jpg)
TCP Connections
SYN(seq=42)
SYN-ACK(seq=99,ack=42+1)
TCP uses a 3-way handshake to set up a connection.
The protocol includes a random initialization of thesequence number .
![Page 132: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/132.jpg)
TCP Connections
SYN(seq=42)
SYN-ACK(seq=99,ack=42+1)
ACK(seq=42+1,ack=99+1)
TCP uses a 3-way handshake to set up a connection.
The protocol includes a random initialization of thesequence number .
The Transport Layer 62/81
![Page 133: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/133.jpg)
TCP Session Hijacking
TCP Session Hijacking — an attacker1 hijacks another user’s TCP connection;2 alters another user’s TCP connection .
The Transport Layer 63/81
![Page 134: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/134.jpg)
TCP Sequence Prediction Attack
Session spoofing — The attacker is able to create a TCPsession with a server, who thinks it is talking to another client.
Early TCP implementations had easily guessable sequencenumbers.
Attack:1 Eve launches a denial-of-service attack against Alice so she
can’t interfere with the attack.2 Eve sends a SYN(src=Alice) to Bob.3 Bob responds with a SYN-ACK to Alice, who cannot respond
since she’s under attack.4 Eve guesses N , Bob’s next sequence number.5 Eve sends a ACK(seq=N) to Bob.6 Eve talks to Bob as if she is Alice.
Blind injection attack : Eve won’t receive replies from Bob.
The Transport Layer 64/81
![Page 135: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/135.jpg)
Alice Bob
Eve
![Page 136: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/136.jpg)
Alice Bob
Eve
DOSattack
![Page 137: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/137.jpg)
Alice Bob
Eve
SYN(src=Alice)
![Page 138: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/138.jpg)
Alice Bob
Eve
SYN-ACK
![Page 139: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/139.jpg)
Alice Bob
Eve
ACK(seq=?)
Eve establishes a TCP connection with Bob, who thinks he’stalking to Alice.
Eve needs to guess the next sequence number Bob will use.
![Page 140: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/140.jpg)
TCP Session Spoofing — ACK Storms
Alice Bob
Eve
Blind injection attacks can cause an ACK Storm, when theclient and server try to resynchronize their sequence numbers.
A firewall can, eventually, detect the ACK Storm.
![Page 141: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/141.jpg)
TCP Session Spoofing — ACK Storms
Alice Bob
Eve
ACK(seq=?)
Blind injection attacks can cause an ACK Storm, when theclient and server try to resynchronize their sequence numbers.
A firewall can, eventually, detect the ACK Storm.
![Page 142: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/142.jpg)
TCP Session Spoofing — ACK Storms
Alice Bob
Eve
ACK(seq=?)
Blind injection attacks can cause an ACK Storm, when theclient and server try to resynchronize their sequence numbers.
A firewall can, eventually, detect the ACK Storm.
![Page 143: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/143.jpg)
TCP Session Spoofing — ACK Storms
Alice Bob
Eve
ACK(seq=?)
Blind injection attacks can cause an ACK Storm, when theclient and server try to resynchronize their sequence numbers.
A firewall can, eventually, detect the ACK Storm.
![Page 144: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/144.jpg)
TCP Session Spoofing — ACK Storms
Alice Bob
Eve
ACK(seq=?)
Blind injection attacks can cause an ACK Storm, when theclient and server try to resynchronize their sequence numbers.
A firewall can, eventually, detect the ACK Storm.
![Page 145: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/145.jpg)
TCP Session Spoofing — ACK Storms
Alice Bob
Eve
ACK(seq=?)
Blind injection attacks can cause an ACK Storm, when theclient and server try to resynchronize their sequence numbers.
A firewall can, eventually, detect the ACK Storm.
![Page 146: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/146.jpg)
TCP Session Spoofing — ACK Storms
Alice Bob
Eve
ACK(seq=?)
Blind injection attacks can cause an ACK Storm, when theclient and server try to resynchronize their sequence numbers.
A firewall can, eventually, detect the ACK Storm.
![Page 147: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/147.jpg)
TCP Session Spoofing — ACK Storms
Alice Bob
Eve
ACK(seq=?)
Blind injection attacks can cause an ACK Storm, when theclient and server try to resynchronize their sequence numbers.
A firewall can, eventually, detect the ACK Storm.
![Page 148: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/148.jpg)
TCP Session Spoofing — ACK Storms
Alice Bob
Eve
ACK(seq=?)
Blind injection attacks can cause an ACK Storm, when theclient and server try to resynchronize their sequence numbers.
A firewall can, eventually, detect the ACK Storm.
![Page 149: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/149.jpg)
TCP Session Spoofing — ACK Storms
Alice Bob
Eve
ACK(seq=?)
Blind injection attacks can cause an ACK Storm, when theclient and server try to resynchronize their sequence numbers.
A firewall can, eventually, detect the ACK Storm.
![Page 150: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/150.jpg)
TCP Session Spoofing — ACK Storms
Alice Bob
Eve
ACK(seq=?)
Blind injection attacks can cause an ACK Storm, when theclient and server try to resynchronize their sequence numbers.
A firewall can, eventually, detect the ACK Storm.
The Transport Layer 66/81
![Page 151: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/151.jpg)
Complete Session Hijacking
Eve is on the same network segment as Alice and Bob, andpacket sniffs on them as they establish their TCP connection.
Eve guesses the next sequence number and sends a spoofedattack command to Bob, appearing to be Alice.
The Transport Layer 67/81
![Page 152: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/152.jpg)
Complete Session Hijacking. . .
Alice Bob
Eve
![Page 153: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/153.jpg)
Complete Session Hijacking. . .
Alice Bob
Eve
SYN,SYN-ACK,ACK
![Page 154: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/154.jpg)
Complete Session Hijacking. . .
Alice Bob
Eve
SYN,SYN-ACK,ACK
Sniff
seq=?
![Page 155: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/155.jpg)
Complete Session Hijacking. . .
Alice Bob
Eve "attack",seq=?,src=Alice
The Transport Layer 68/81
![Page 156: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/156.jpg)
Countermeasures
Don’t use predictable sequence numbers.
Encrypt at the network layer ( IPsec ).
Encrypt at the application layer (https ).
The Transport Layer 69/81
![Page 157: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/157.jpg)
Outline
1 IntroductionInternet Protocol LayersPacketsNetwork Security Issues
2 The Link LayerHubs and SwitchesEthernet FramesARP Spoofing
3 The Network LayerICPMIP Spoofing
4 The Transport LayerTCP Session Hijacking
5 Denial-of-ServiceICPM AttacksSYN Flood Attacks
6 SummaryDenial-of-Service 70/81
![Page 158: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/158.jpg)
Denial-of-Service Attacks
Web servers have limited bandwidth.
Once the server has used up bandwidth/CPU, it startsdropping requests.
Denial-of-Service Attacks : Any attack that targets amachine/software’s availability.
Source addresses are spoofed to hide the attacker’s identity.
Denial-of-Service 71/81
![Page 159: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/159.jpg)
Internet Control Message Protocol
The Internet Control Message Protocol is used for networkdiagnostics.
ICMP messages:1 Echo request : please acknowledge reciept of packet.
Denial-of-Service 72/81
![Page 160: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/160.jpg)
Internet Control Message Protocol
The Internet Control Message Protocol is used for networkdiagnostics.
ICMP messages:1 Echo request : please acknowledge reciept of packet.2 Echo response : packet receipt is acknowledged.
Denial-of-Service 72/81
![Page 161: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/161.jpg)
Internet Control Message Protocol
The Internet Control Message Protocol is used for networkdiagnostics.
ICMP messages:1 Echo request : please acknowledge reciept of packet.2 Echo response : packet receipt is acknowledged.3 Time exceeded : notify that packet has expired (TTL=0).
Denial-of-Service 72/81
![Page 162: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/162.jpg)
Internet Control Message Protocol
The Internet Control Message Protocol is used for networkdiagnostics.
ICMP messages:1 Echo request : please acknowledge reciept of packet.2 Echo response : packet receipt is acknowledged.3 Time exceeded : notify that packet has expired (TTL=0).4 Destination unreachable : notify that packet could not be
delivered.
Denial-of-Service 72/81
![Page 163: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/163.jpg)
Ping Flood Attack
A powerful machine can attack a less powerful one by sendingit a large number of ECHO requests.
![Page 164: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/164.jpg)
Ping Flood Attack
ECHO request(src="bob")
A powerful machine can attack a less powerful one by sendingit a large number of ECHO requests.
![Page 165: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/165.jpg)
Ping Flood Attack
ECHO request(src="eve")
A powerful machine can attack a less powerful one by sendingit a large number of ECHO requests.
![Page 166: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/166.jpg)
Ping Flood Attack
ECHO request(src="sam")
A powerful machine can attack a less powerful one by sendingit a large number of ECHO requests.
![Page 167: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/167.jpg)
Ping Flood Attack
ECHO request(src="joe")
A powerful machine can attack a less powerful one by sendingit a large number of ECHO requests.
![Page 168: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/168.jpg)
Ping Flood Attack
ECHO request(src="pat")
A powerful machine can attack a less powerful one by sendingit a large number of ECHO requests.
Denial-of-Service 73/81
![Page 169: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/169.jpg)
Smurf Attack
A broadcast address sends to all IP addresses on the network.
In a smurf attack , we get an amplification effect by creatingan ECHO request with a spoofed source address (of thetarget) and broadcasting this to all nodes on the network.
Attack:1 Broadcast the packet
ECHO request(src="target",dest="EVERYBODY") to thenodes on the network.
Denial-of-Service 74/81
![Page 170: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/170.jpg)
Smurf Attack
A broadcast address sends to all IP addresses on the network.
In a smurf attack , we get an amplification effect by creatingan ECHO request with a spoofed source address (of thetarget) and broadcasting this to all nodes on the network.
Attack:1 Broadcast the packet
ECHO request(src="target",dest="EVERYBODY") to thenodes on the network.
2 Each node N will respond withECHO response(src=N,dest="target").
Denial-of-Service 74/81
![Page 171: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/171.jpg)
Smurf Attack. . .
Bob
![Page 172: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/172.jpg)
Smurf Attack. . .
BobECHO
req(dest=ALL,src="bob")
ECHO req(dest=ALL,src="bob")ECHO req(dest=ALL,src="bob")
![Page 173: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/173.jpg)
Smurf Attack. . .
Bob
ECHO res(dest="bob",src="eve")
ECHO res(dest="bob",src="sam")
ECHO res
(dest=
"bob",
src="j
oe")
Denial-of-Service 75/81
![Page 174: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/174.jpg)
Smurf Attack. . .
Countermeasures:1 Make hosts and routers ignore broadcasts.2 Make servers ignore all PINGs.
Denial-of-Service 76/81
![Page 175: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/175.jpg)
SYN Flood Attacks
Idea: Start lots of connections to a server, but never finish theSYN/SYN-ACK/ACK sequence, causing the server’s memoryto fill up.
Attack:1 Eve sends a SYN(src="joe") packet to Alice’s server.
Denial-of-Service 77/81
![Page 176: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/176.jpg)
SYN Flood Attacks
Idea: Start lots of connections to a server, but never finish theSYN/SYN-ACK/ACK sequence, causing the server’s memoryto fill up.
Attack:1 Eve sends a SYN(src="joe") packet to Alice’s server.2 Server responds with SYN-ACK, sent to joe.
Denial-of-Service 77/81
![Page 177: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/177.jpg)
SYN Flood Attacks
Idea: Start lots of connections to a server, but never finish theSYN/SYN-ACK/ACK sequence, causing the server’s memoryto fill up.
Attack:1 Eve sends a SYN(src="joe") packet to Alice’s server.2 Server responds with SYN-ACK, sent to joe.3 Eve repeats from 1.
Denial-of-Service 77/81
![Page 178: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/178.jpg)
SYN Flood Attacks. . .
![Page 179: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/179.jpg)
SYN Flood Attacks. . .
SYN(src="joe")
![Page 180: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/180.jpg)
SYN Flood Attacks. . .
SYN(src="joe")
SYN-ACK
![Page 181: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/181.jpg)
SYN Flood Attacks. . .
SYN(src="sam")
![Page 182: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/182.jpg)
SYN Flood Attacks. . .
SYN(src="sam") SYN-ACK
![Page 183: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/183.jpg)
SYN Flood Attacks. . .
SYN(src="pat")
![Page 184: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/184.jpg)
SYN Flood Attacks. . .
SYN(src="pat")
SYN-ACK
Denial-of-Service 78/81
![Page 185: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/185.jpg)
SYN Flood Attacks — Countermeasures
SYN Cookies (see the book).
Microsoft Windows:
A special queue for half-open connections.Don’t allocate resources for the TCP connection until the ACK
has been received.
Denial-of-Service 79/81
![Page 186: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/186.jpg)
Outline
1 IntroductionInternet Protocol LayersPacketsNetwork Security Issues
2 The Link LayerHubs and SwitchesEthernet FramesARP Spoofing
3 The Network LayerICPMIP Spoofing
4 The Transport LayerTCP Session Hijacking
5 Denial-of-ServiceICPM AttacksSYN Flood Attacks
6 SummarySummary 80/81
![Page 187: CSc 466/566 Computer Security 18 : Network Security ...collberg/Teaching/466-566/2013/Slide… · Network Security Issues — Assurance Assurance is the way in which trust is provided](https://reader033.fdocuments.us/reader033/viewer/2022043017/5f399fe778566f650a5fe704/html5/thumbnails/187.jpg)
Readings and References
Chapter 5 in Introduction to Computer Security, by Goodrichand Tamassia.
Summary 81/81