Lehigh CSEchuah/courses/cse343/cse350_lecture1... · 2005. 1. 17. · • Summary & Homework for...

1

��

��

��

��

�� !!�"��#��"��"�$�%��!��&��!!�"��#��"��"�$�%��!��&��

'��"��(��)�� '��"��(��)��

��"�*��"�*��

1/17/2005 Instructor: Dr M. Chuah CSE350/450 2

+� !��+� !��

• Basic Course Information• Course Homepage• Textbooks• Grading• Course Objectives

• Overview of TCP/IP• Summary & Homework for Lecture 1


,��#��- � ��,��#��- � ��

•• Course InformationCourse Information–– checks bbchecks bb

•• Office hoursOffice hours–– Tuesday 11Tuesday 11--12 noon12 noon–– Lab: PL112 Wed 3Lab: PL112 Wed 3--6pm.6pm.–– Email: Email: [email protected]@cse.lehigh.edu

•• PrerequisitesPrerequisites–– Programming in C/C++, Socket ProgrammingProgramming in C/C++, Socket Programming–– Understanding of Computer Network ArchitectureUnderstanding of Computer Network Architecture–– Or InstructorOr Instructor’’s permissions permission

2


.�/ 0��.�/ 0��

•• Primary TextbookPrimary Textbook–– W. Stallings, W. Stallings, ““Cryptography and Network SecurityCryptography and Network Security””

•• Textbooks of interestTextbooks of interest–– S. S. NorthcuffNorthcuff etc, etc, ““Network Intrusion DetectionNetwork Intrusion Detection””–– E. E. ZwickyZwicky etc, etc, ““Building Internet FirewallsBuilding Internet Firewalls””–– B. Caswell etc, B. Caswell etc, ““SNORT 2.0 Intrusion DetectionSNORT 2.0 Intrusion Detection””–– S. Thomas, S. Thomas, ““SSL and TLS EssentialsSSL and TLS Essentials””–– R. Steven, R. Steven, ““TCP/IP Illustrated TCP/IP Illustrated ““–– W. Gray, W. Gray, ““Linux Socket ProgrammingLinux Socket Programming””–– Others: IETF Others: IETF RFCsRFCs, Internet Drafts, Conf/Journal , Internet Drafts, Conf/Journal

paperspapers


1��&��"1��&��"

•• Homework: Homework: –– 5 Lab Sessions: 30% (Undergrads), 20% (Grads)5 Lab Sessions: 30% (Undergrads), 20% (Grads)–– Term Project: 25%Term Project: 25%–– Term Paper (Graduate): 15%Term Paper (Graduate): 15%

•• Midterm: 20%Midterm: 20%•• Final Exam: 25%(Undergrads),20%(Grads)Final Exam: 25%(Undergrads),20%(Grads)•• All Exams: Closed BookAll Exams: Closed Book

–– 1 page summary sheet1 page summary sheet


+02�� )��+02�� )��

•• Overall knowledge of Network Security Overall knowledge of Network Security threats & vulnerabilitiesthreats & vulnerabilities

•• Deep Understanding of some techniques & Deep Understanding of some techniques & tools for detecting, responding to and tools for detecting, responding to and recovering from security incidentsrecovering from security incidents–– with lab sessionswith lab sessions

•• Research TrainingResearch Training•• Technical WritingTechnical Writing

3


.�� )��&�!��.�� )��&�!��

•• 01/18: Overview of TCP/IP, socket 01/18: Overview of TCP/IP, socket programming, network vulnerabilities, programming, network vulnerabilities, snifferssniffers..

•• 01/20: 01/20: FootprintingFootprinting, spoofing, IP Fragmentation, spoofing, IP Fragmentation•• 01/25: Packet Filtering, Firewall. Proxies, 01/25: Packet Filtering, Firewall. Proxies,

Bastion HostBastion Host•• 02/1: DOS, DDOS, IDS02/1: DOS, DDOS, IDS•• 02/8: Worm/Virus Detection02/8: Worm/Virus Detection•• 02/15: Secured Email, TLS/SSL02/15: Secured Email, TLS/SSL•• 02/22: Cryptography I02/22: Cryptography I


.�� )��&�!��.�� )��&�!��33 �� &�� &

•• 03/1: Cryptography II03/1: Cryptography II•• SpringBreakSpringBreak•• 03/15: Symmetric Key03/15: Symmetric Key•• 03/17: Pubic Key03/17: Pubic Key•• 03/22: Midterm03/22: Midterm•• 03/29: Review of Midterm, VPN103/29: Review of Midterm, VPN1•• 03/31: VPN2 03/31: VPN2 •• 04/5: IPSEC 04/5: IPSEC •• 04/12: Security in 04/12: Security in WLANsWLANs•• 04/19: Security in 04/19: Security in AdhocAdhoc/Sensor /Sensor •• 04/26: Review04/26: Review•• Final ExamFinal Exam


+� !��+� !��

44 ,��#��- � ��,��#��- � ��

44 +)��)�� #�.��+)��)�� #�.��

55 ��

55 +)��)�� #��+)��)�� #��

55 �� "�� "

55 +)��)�� #�.��+)��)�� #�.��

44 ��- - ��$�6�- ��#��'�� 7��- - ��$�6�- ��#��'�� 7

4


��- �� - ��

Network1

Network2

Host

LAN

Router

Host

RouterRouter

RouterRouter

Host HostHost Host

Host Host

HostHost


+��%�� +��%��

Seven Layer OSI Network Architecture


��6��&��6��&��

5


��%&&��%&&��

44 ��&&��8�� - 0��9�6�� - 0��&&��8�� - 0��9�6�� - 0��


�� "�� "


�� "�� "�55 ��

6


�� "�� "�33 ��


.��6��&��.��6��&��


.��6��&��.��6��&��

44 ��

44 ��:��- 0��:��- 0��

44 %��!�&"�- �� - 0��%��!�&"�- �� - 0��

44 �� +##�� +##��

55 ��#��*�0� ��&��.��&�� #��*�0� ��&��.��&�� &�� &� ��0�"��&�� &� ��0�"��

44 ;!�"�;!�"�

55 ( 1��(�"�� ( 1��(�"��

55 %�<��&�� %�<�#��!&��"��#�� %�<��&�� %�<�#��!&��"��#��

55 ��6��6��

55 �.�� .��

55 �=��>��:��- 0��=��>��:��- 0��

55 ;��- ��&� ��#��- ��&��;��- ��&� ��#��- ��&��

44 ? ��&�� &��%�<��"- �� #��#�? ��&�� &��%�<��"- �� #��#�&� ��0� �� )��!!��"� �� &� ��0� �� )��!!��"� ��

7


.��6��&��.��6��&��33 �� &�� &

44 ��-��-

55 .��7@�0� ��.��7@�0� ��AA��- �!�- �� #� ��- �!�- �� #� ��AA��- �!�- �� - ��#��!!�7@��- �!�- �� - ��#��!!�7@330� �� &��0� �� &��&��&�33��&��B� ��.��&��&� ��.��&��B� ��.��&��&� ��.��&� ��&� ��

.��&��6��&��.��&��6��&��

44 (�"�� (�"��

55 �� 7�� 7� � &� �� #�!!��"��"�� &� ��+�!��&� �� #�!!��"��"�� &� ��+�!��"��#�� ( 1�0� �� "��#�� ( 1�0� ��

44 +� ��+� ��


��- �!�� - �!�� 0000 00 07 e9 7c 22 fc 00 11 93 85 e0 c4 08 00 45 00 ...|".........E.

0010 00 2c db 26 40 00 3f 06 0e 77 86 e2 20 37 86 e2 .,.&@.?..w.. 7..

0020 24 33 01 bd 12 3f 3d fa 0f b6 a8 6f 87 c0 50 18 $3...?=....o..P.

0030 bc 40 8a 7c 00 00 85 00 00 00 00 00 .@.|........

Ethernet Header:src addr: 00 07 e9 7c 22 fcdest addr: 00 11 93 85 e0 c4 IP Header:src addr: 134.226.36.55dest addr: 134.226.36.51TCP Header:src port: 445dest port: 4671NetBios Information


��%&&��$�� %&&��%&&��$�� %&&��

��

��

��

��

��

��

IP Address

MAC Address

8


% �% �AA�� CC? ��? ��DDEEFF ��

��

��

��

��

��

��


% �% �AA�� !�� !��

��

��

��

��

��

��


��! ��!33'�#��% �� :�� '�#��% �� :��

9


��! ��!33'�#��% �� !�'�#��% �� !�


�� 33��#��.(��#��.(GG

*Maximum Transfer Unit


;��"- �� ;��"- ��

44 +�� :��+�� :��33 !�- � �&� �"��- ��>�� - �!!�� !�- � �&� �"��- ��>�� - �!!��

�.(��#�� .(��#��

6��)��.��:��!�&"��6��)��.��:��!�&"��

�0�� 0�� .(��.(� �#��!!�� )�!)�&��#��!!�� )�!)�&��

��- - �� - - ��

44 ��#��"- �� #��"- �� 33 &� �"��- ��0��!� �&� �"��- ��0��!� �

�� #� �� - �!!�� .(�� #� �� - �!!�� .(�

44 �� &� �� &� �"��- �!��"�� &� �� &� �"��- �!��"��

�.(��.(�

55 ��!� �� !� ��

55 ��- �!!�� 0��&�� - �!!�� 0��&��

�.(��.(�

10


;��"- �� H&� ��!�I;��"- �� H&� ��!�I

44 ��#��"- �� &��&�� &� �"��- ��#��"- �� &��&�� &� �"��- �

55 ��!�&��!!��&��#��!&��!�&��!!��&��#��!&��

55 ,� ��&��&�� &� �"��- ��#��"- �� ,� ��&��&�� &� �"��- ��#��"- ��

55 + ��#��!&��)��#��- � ��#�� "��"��!�+ ��#��!&��)��#��- � ��#�� "��"��!�&� �"��- �&� �"��- �

55 ; %1��.�+;;��.�"�)��"��!�!�� #�#��"- �� ; %1��.�+;;��.�"�)��"��!�!�� #�#��"- ��

44 �� !��!��.(� ��- �� >��#��#��"- �� !��!��.(� ��- �� >��#��#��"- ��

44 �� #�&� ��#��- ��"��!�&� �"��- ��#��"- �� #�&� ��#��- ��"��!�&� �"��- ��#��"- ��

44 �� #��- � �� &�� #��- � �� &��


•• Each network has a Each network has a Maximum Transmission UnitMaximum Transmission Unit HHMTU)MTU)•• IP datagrams can be larger than most hardware IP datagrams can be larger than most hardware MTUsMTUs

–– IP: 2IP: 21616 -- 1 1 –– Ethernet: 1500 Ethernet: 1500 –– Token ring: 2048 or 4096 Token ring: 2048 or 4096

•• StrategyStrategy–– fragment when necessary (Datagram > MTU)fragment when necessary (Datagram > MTU)–– try to avoid fragmentation at source hosttry to avoid fragmentation at source host–– rere--fragmentation is possible fragmentation is possible –– fragments are selffragments are self--contained datagramscontained datagrams–– delay reassembly until destination hostdelay reassembly until destination host–– do not recover from lost fragments do not recover from lost fragments

;��"- �� $ � ��- 0!�;��"- �� $ � ��- 0!�


44 ��- ��&��#��"- �� - ��&��#��"- ��

44 ? �� "��!�&� �"��- E�? �� "��!�&� �"��- E�

55 �� &�� "��!�&� �"��- �� &�� "��!�&� �"��- �

44 6�� &��&�� &�� #��!�� #��"- �� E�6�� &��&�� &�� #��!�� #��"- �� E�

55 �� - �� #��"- �� - �� #��"- ��

55 �#� �- ��/��0�#��!!�#��"- �� )�B��#� �- ��/��0�#��!!�#��"- �� )�B�#��"- �� - �&�!�� #��"- �� - �&�!��

55 �� "��- �&��&�� "��- �&��&�

44 ��H��!�� !�� !I��- �&� ��H��!�� !�� !I��- �&� �� - � �� - �

;��"- �� '��;��"- �� '��

11


44 ��- ��&��#��"- �� - ��&��#��"- ��

44 ? �� "��!�&� �"��- E�? �� "��!�&� �"��- E�

55 �� &�� "��!�&� �"��- �� &�� "��!�&� �"��- �

44 6�� &��&�� &�� #��!�� #��"- �� E�6�� &��&�� &�� #��!�� #��"- �� E�

55 �� - �� #��"- �� - �� #��"- ��

55 �#� �- ��/��0�#��!!�#��"- �� )�B��#� �- ��/��0�#��!!�#��"- �� )�B�#��"- �� - �&�!�� #��"- �� - �&�!��

55 �� "��- �&��&�� "��- �&��&�

44 ��H��!�� !�� !I��- �&��H��!�� !�� !I��- �&� �� - � �� - �

;��"- �� '��;��"- �� '��

�� Best Effort Delivery


.�� 0!��- �� .�� 0!��- ��


�!�&��"�? ��&��G�!�&��"�? ��&��G

12


;!�� !;!�� !

44 ��&�0�##��>��&�0�##��>��/��&,�##��/��&,�##��

44 ��)��0�##��>�� )��0�##��>��/ �),�##��/ �),�##��

44 ��&��"��&��&��"��&�

55 '�� ,� �� '�� ,� �� 33'�� ,� �%��&'�� ,� �%��& J8�%&)�� &�? ��&��J8�%&)�� &�? ��&��

55 �##�� )��? ��&��8%&)�� &�? ��&��##�� )��? ��&��8%&)�� &�? ��&�� 33HH'�� ,� �� '�� ,� �� 33'�� ,� �%��&'�� ,� �%��&II

55 '�� ,� �? �� '�� ,� �? �� 33'�� ,� �%��&'�� ,� �%��& J8J8��/��&,�##��/��&,�##��

55 ,!��&��#�H,!��&��#�H'�� ,� �? �� '�� ,� �? �� 33'�� ,� �%��&I9�'�� ,� �%��&I9�K�K��/��&,�##��/��&,�##��

44 ��)��"��&� ��)��"��&�

55 '�� ,� � �)&'�� ,� � �)&33'�� ,� � ��&'�� ,� � ��& J8J8��/ �),�##��/ �),�##��

55 %&)�� &? ��&��%&)�� &? ��&�� 88��/ �),�##��/ �),�##��55HH��/ ,� ��/�� &��/ ,� ��/�� &33'�� ,� � ��&'�� ,� � ��&II

44 %!��&�%�<�� )��"�&� ��"- �� %!��&�%�<�� )��"�&� ��"- ��

44 �� %&)�� &? ��&��%&)�� &? ��&��8�8�


�� "��- - ��"��(��/�� "��- - ��"��(��/

• Network programming jargons• Address• Port• Socket: {address,port} pair• Binding: process of attaching to a socket

• Client/Server Model:

Client ServerRequestResponse


�!�� &��"��- - ��"�!�� &��"��- - ��"

7�7� �� !�>��)��- �� !�>��)��- ��

*�*� ��

�� &�� #��)��&�� #��)��AA��

�&&��B�� - 0��&&��B�� - 0��

�� 0!�� 0!��

��)�� )��

�� &�� #� �� &�� #� ��

�� #�!�� #�!�

@�@� �!�� !��

L�L� �/� ��"��-�/� ��"��-

1. struct sockaddr_in server; bzero(&server, sizeof(server));

2. sockfd=socket(AF_INET, SOCK_STREAM, 0)

3. server.sin_family=AF_INET; server.sin_port=htons(80); inet_pton(AF_INET, argv[1], & server.sin_addr)

4. connect(soctfd, &server, sizeof(server))

5. read(sockfd, buffer, max_buffer)

6. close(sockfd)7. exit(0)

13


��)��&��"��- - ��"��)��&��"��- - ��"

7�7� �� !�>��)��- �� !�>��)��- ��

*�*� ��

�� ,��&�� ,��&��

�� '�� '��

�� %�� %��

@�@� ��&�? �� &�? ��

L�L� �!�� !��

M�M� �/� ��"��-�/� ��"��-

1. struct sockaddr_in server; bzero(&server, sizeof (server));

2. listenfd=socket(AF_INET, SOCK_STREAM, 0)

3. server.sin_family=AF_INET; server.sin_addr=htonnl(INADDR_ANY); server.sin_port=htons(80);bind(listenfd, &server, sizeof(server));

4. listen(listenfd,0);5. connfd=accept(listenfd, NULL,

NULL);6. read(connfd, buffer, max_buff)7. close(connfd)8. exit(0)


��0��:�� "��;!��0��:�� "��;!��

connect() listen()

SYN_SENT accept()

EstablishedSYN_RCVD

Established

write()read()

read() write()

close()FIN_WAIT1

FIN_WAIT2

TIME_WAIT

CLOSE_WAITclose()LAST_ACK

close()

SYN

SYN, ACK

ACK

Request

Reply, ACK

ACK

FIN

ACK

FINACK

Client Server


6�- ��#��'�� 76�- ��#��'�� 7

• Read R. Steven’s “TCP/IP Illustrated”Chapters 3-6, 17, 18, 21• Collect Lab 1 printouts• Start doing Part 1 of Lab 1• Go to lab and get familiar with socket programming.

Lehigh CSEchuah/courses/cse343/cse350_lecture1... · 2005. 1. 17. · • Summary & Homework for...

Documents

Transcript of Lehigh CSEchuah/courses/cse343/cse350_lecture1... · 2005. 1. 17. · • Summary & Homework for...