16 bit

dingdongboomΔίκτυα και Επικοινωνίες

27 Οκτ 2013 (πριν από 3 χρόνια και 11 μήνες)

81 εμφανίσεις

Survey of Information
Assurance

Review of TCP/IP

Agenda


Brief review of TCP/IP Protocol stack and
TCP/IP hierarchal model


Detailed discussion of Transport Control
Protocol


Detailed discussion of Internet Protocol


Discussion on limitations of TCP/IP and
possible solutions.

Scope of Discussions

The following are not covered in today’s
presentation:



Implementation details/flaws of TCP/IP protocol stack for generic
or specific systems



Detailed discussion on EACH of protocols treated as a part of
TCP/IP Protocol Suite



Detailed discussion on earlier versions



Detailed discussion on IPv6

Introduction to TCP/IP


History


Origin of the term “IPv4”


Standards: RFC 793


TCP and RFC 791


IP


Extensions: IPv6


Deployment: Worldwide!!!


Functionality Supported:


Connection oriented data delivery


Fragmentation Support


Addressing and Routing


Congestion Control etc.

TCP/IP Model
vs. OSI Model







REF:
http://www.trainsignaltraining.com/wpnew/wp
-
content/uploads/2007/10/TCP__OSI___Stelios/1_
TCPIP_and_OSI_models.jpg

REF:
http://www.trainsignaltraining.com/wpnew/wp
-
content/uploads/2007/10/TCP__OSI___Stelios/2_TCPIP_Protocol_Suite.jpg

TCP


Standards: RFC 793


TCP


Later Versions: NONE!!!


Alternative technologies: UDP


History:





Advanced Research projects Agency (ARPA)
Research.


Provides following services:





Network Technology Independence





Universal interconnection





Reliable Stream Transport Service





Congestion Control





End
-
to
-
end Acknowledgement


TCP Header

REF:
http://www.visi.com/~mjb/Drawings/TCP_Header.pdf

TCP Header Description


Source port (
16
-
bit) and
Destination port (16 bit)


Sequence number (
32
-
bit)


Acknowledgement number
(32
-
bit)


Header Length (4 bit)


Reserved (6 bit)


Control bits (8 bits)





Urgent pointer (URG) if this bit field is set the receiving TCP
should interpret the urgent pointer field.





Acknowledgement (ACK) this field is set to acknowledge the field
entered is valid





Push function (PSH) if this bit field is set the receiver should
deliver this segment to receiving application as soon as possible.

TCP Header Description (2)





Reset the connection (RST) if this bit is present, it is the receiver
that sender is aborting the connection and all queued data and allocated
buffers and connection can be freely relinquished.





Synchronize (SYN) this specifies that the bit field signifies that a
sender to synchronize sequence numbers this is used to establish
connection between the sender and receiver.


Window (16
-
bit)

Receiver side capacity to accept data


Checksum (16 bit)


Urgent Pointer (16 bit)


Options:
Variable, but cannot be larger than 40 bytes. The header length
field is 4 bit. They are often used for various flow control and congestion


Padding:
The optional header may vary in size it may be necessary to pad
the TCP header to align to 32
-
bit word boundary.


Data:
Application data

TCP


Reliable Stream Transport


Connection Establishment and Termination


Three way Handshake

REF:
http://condor.depaul.edu/~jkristof/technotes/tcp.html

TCP
-
Flow control

REF:
http://condor.depaul.edu/~jkristof/technotes/tcp.html

IP Overview


Standards: RFC 791


IP (viz. IPv4)


Later Versions: IPv6


Alternative technologies: IPX


Functionality Supported:


Addressing and Routing


Fragmentation Support


Type of Service


Loose/Strict Source and Record Route


IP Header

REF:
http://www.visi.com/~mjb/Drawings/IP_Header.pdf

IP Header Description


Version

(4 bits) describes header format. Version may be 4 for IPv4
or 6 for IPv6.


IHL

(Internet header length


4 bits) is the length of IP header in 32
-
bit words. Thus, actual length is 32*IHL
-
value bits or 4*IHL
-
value
bytes.


TOS

(Type of Service


8 bits) allows setting desired service
-
quality
parameters.


Total Length
(16 bits) is length of entire datagram.


Identification

(16 bits),
Flags

(3 bits) and
Fragment Offset
(13bits)
are used for fragmentation and reassembly of datagram(s).


TTL

(Time to Live 8 bits) is the maximum time a datagram is allowed
to remain in the internetwork. Each device decrements this value
when the datagram is processed and drops it if the value is zero.

IP Header Description (2)


Protocol

(8 bits) indicates the type of higher layer protocol
that follows after IP header.


Header Checksum

(16 bits) is checksum on header only.


SA

(Source address 32 bits) and
DA

(Destination address 32
bits) are source and destination IP addresses.


Options

(variable length) may or may not be used.


IP Addressing


IP Address is 32 bit field. (~4.29 billion addresses)


The IP address consists of a Network Part and a Host
Part


Need for larger addressing space


Division of
address space into
private

and
public

addresses.


The IANA (Internet Assigned Numbers Authority) has
reserved the three blocks of the IP address space for
private internets:




1
0.0.0.0
-

10.255.255.255 (10/8 prefix)




172.16.0.0
-

172.31.255.255 (172.16/12 prefix)




192.168.0.0
-

192.168.255.255 (192.168/16 prefix)



IP Addressing (2)


The IP Addressing is classful by design:








These classful networks may be further divided by
using subnetting


A set of contiguous networks may also be
“supernetted”


Class

First Octet

Range

Network Bits

Comments

Class A

0xxx xxxx

1.x.x.x


126.x.x.x
[1]

Bits 2
nd



8
th


126classes, 16.7 m hosts

Class B

10xx xxxx

128.x.x.x


191.x.x.x

Bits 3
rd



16
th


16.3k classes, 65.5 k hosts

Class C

110x xxxx

192.x.x.x


223.x.x.x

Bits 4
th



24
th


2.09m classes, 254 hosts

Class D

1110 xxxx

224.x.x.x


247.x.x.x

Bits 5
th



32
nd


Multicast

Class E

1111 xxxx

248.x.x.x


255.x.x.x

Bits 5
th



32
nd


Research use

[1]

The 0.0.0.0 network is default route and 127.0.0.0 is universal loopback address.

REF :
http://www.faqs.org/docs/linux_network/x
-
087
-
2
-
issues.ip
-
addresses.html

IP Addressing (3)
-

Subnetting


Consider a Class A network:


5.0.0.0


Hosts : 16,777,214


Consider borrowing 16 bits from host address
to form “subnets”


5.x.x.0

> 65536 sub
-
networks


Hosts : 254 for each subnet
-
> 16,646,144

IP Addressing (4)
-

Supernetting


Consider a set of Class C networks:


222.0.0.0


222.0.255.0


Networks: 256


256 routes to distinct networks.


Consider borrowing 16 bits from network address
to form a “supernet”


222.0.x.0/16 is 1 supernet


1 route to gateway
for given network.


Networks need to be contiguous to form
supernet.



IP Fragmentation


IP may fragment a PDU based on the maximum
transmission unit (MTU) of the link or Path MTU
(PMTU).


Higher layers may request DF (Don’t fragment) bit =
1; i.e. the PDU must not be fragmented.


If DF = 1 and PDU size exceeds link MTU, the router
will drop the PDU and send ICMP error to sender.


PMTU


D : Path MTU Discovery


IP Fragmentation (2)


IF DF = 0, PDU may be fragmented if needed.


For each fragment of PDU, the Identification value is
identical and allows for reassembly for out
-
of
-
order
fragments at receiver.


The MF (More Fragments) bit is set for all but last
fragment of a PDU.


The Fragment Offset value defines the location of
given piece of data in the original PDU, it is used for
reassembly.

IP Type of Service


This is an 8
-
bit field




Bits 0
-
2: Precedence




Bits 3
-
5: Delay Throughput and Reliability (respectively)


[Value: 0


Normal and 1


High]




Bits 6
-
7: Reserved


Precedence:

111


N/W control

110


Internetwork
control

101


CRITIC/ECP

100


Flash override

011
-

Flash

010
-

Immediate

001
-

Priority

000
-

Routine

TCP/IP


Issues Faced

1.
Security


TCP/IP was not designed for security, TCP/IP based communication
relies on IP address to identify peer. This IP address and very easily be
spoofed and modified.


Typical Attacks:





IP address spoofing





a) DNS spoofing


Create spoofed DNS response packet for a
DNS query




b) ARP spoofing


Also called ARP Cache poisoning, allows a
malicious host to cause all traffic to be redirected to self





Ping of Death



Uses oversized ping packet (usually >65535 bytes)
as fragments and cause buffer
-
overflows



TCP/IP


Issues Faced (2)





TCP DoS Attack



excessive SYN requests to a server may use up
all CPU cycles preventing it from actively provide services like FTP,
Radius Authentication, DNS, DHCP etc… allowing for more complicated
impersonation or simple denial of service.





TCP Sequence Number prediction



to create one
-
sided TCP
connection (Berkeley implementation of SN generation):




a) Impersonate an alive host and connect to server




b) Impersonate a down host by using
netstat

service





Routing Based Attacks







a) Poison RIP Routing information as it is received
unchecked by routers




b) ICMP Redirect for an open connection




c) ICMP “
Destination Unreachable”

and “
TTL exceeded




TCP/IP


Issues Faced (3)

2.
Limited Address Space


IPv4 supports slightly over 4.29 billion addresses. This is highly
insufficient address space.

3.
Connection Delay


There is an inherent delay involved in session establishment and
overhead involved with processing information contained in TCP
header.

Possible Solutions


Security
:





Narrow spectrum technologies


Firewalls,
DHCP Snooping





Broad Spectrum technologies


Encryption


Address Space limitation
:





NAT


introduces other issues (still widely
deployed)





IPv6


has not yet had widespread acceptance


Delay and overhead of connection
:





UDP

References


www.tcpipguide.com


RFC 791


Internet Protocol


RFC 793


Transport Control Protocol


By Douglas Komer


http://www.securityfocus.com/infocus/1674


http://www.cs.columbia.edu/~smb/papers/ipext.pdf


http://www.xs4all.nl/~rmeijer/spoofing.html