Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
(February 1, 2012)
CIA
How defense tools are designed and configured to meet security goals.
rules for communication in a network Tasks and rules allow each device to:
Generate messages in the required form for transmission Understand and process received messages properly
Computer 1 Task 1/ Rule 1 Task 2 / Rule 2 Task 3 / Rule 3 Task 4 /Rule 4 Task 5 / Rule 5
Computer 2 Task 1 / Rule 1 Task 2 / Rule 2 Task 3 / Rule 3 Task 4 / Rule 4 Task 5 / Rule 5
4
with its peer layer, and with layer above and below it.
Different protocols at each
layer
Upper layer deal with
Data transport
Role
Represent user interface between the application
sofware (e.g. Eudora) and the Network Provides services like: Identification of the intended communication partner, determining resources availability for communication, etc.
Presentation
Session
Role
Makes sure the data arrives at the destination exactly as it left source (in case of connection-oriented communication) Provides error checking before transmission, and error recovery in case of failed delivery. Responsible for creating, maintaining and ending network connections.
Network
Data Link
LLC
MAC
Combines bits into bytes, bytes into a frames with header, address information, error detection code, and trailer
Role
Handles the transmission of bits over a communication channel. Defines characteristics such as voltage levels, connector types and maximum transmission distance. Places signal on the cable. Responsible to move bits between devices.
Internet
4. Application
4 layers
Interface layer - equivalent to
1. Interface
1. Physical
the OSIs Physical and Data Link layers Network layer - roughly equivalent to the OSIs Network layer Transport layer - performs same function as OSI Transport layer Application layer - equivalent to the OSIs Presentation and Application layers
9
Applications/Protocols
Webservice: HTTP E-mail: SMTP (Simple Mail Transfer Protocol), POP (Post Office Protocol), IMAP (Internet Message Access Protocol) Telnet applications: Terminal Emulation Protocol File transfer: FTP TCP (Transmission Control Protocol).
Required in webservice when HTTP is used Required in Mailservice when SMTP is used. SMTP messages are encapsulated in TCP segments Connection-oriented: Establishes and maintains connections before sending. Close connections after transmission. Correct errors in TCP segments. Connectionless: Dont open connection. Simply sends. Discards incorrect UDP datagrams (no retransmission)
Transport
Network Interface
Physical
11
communicate directly
There is no direct connection between them! They need to use an indirect communication system called layered communications or layer cooperation
HTTP Request
TCP-H IP-H
PPP-T
HTTP req.
Frame
13
Physical
Other layers pass successive data fields (containing next-lower layer messages) up to the next-higher layer HTTP req. HTTP req. HTTP req. HTTP req. TCP-H TCP-H IP-H TCP-H IP-H PPP-H
PPP-T
Transmission media
IP Packet
Bit 0
0100
Bit 31
Identification (16 bits) Time To Live Protocol (8 bits) 1=ICMP, 6=TCP,17=UDP (8 bits)
Source IP Address (32 bits) Destination IP Address (32 bits) Options (if any) Data Field
Padding
QoS: Also called Type of Service, indicates the priority level the packet should have Identification tag: to help reconstruct the packet from several fragments Flags: indicates whether packet could be fragmented or not (DF: Don't fragment), indicates whether more fragments of a packet follow (MF: More Fragments or NF: No More Fragments) Fragment offset: identify which fragment this packet is attached to TTL: Indicates maximum number of hops (or routers) the packet could pass before a hop discards it. Header checksum: to check for errors in the headers only 16
Protocol in use today? What is the other version? What does a router do with an IP packet if it decrements its TTL value to zero? Assume that a router received an IP packet with the Protocol in header set to 6. What Transport layer protocol is used in the message: TCP, UDP, or ICMP?
17
IP Fragmentation
Subnet 1 Subnet 2
When a packet arrives at a router, the router selects the port and
subnet to forward the packet to If packet too large for the subnet to handle, router fragments the packet; ie.
Divides packets data field into fragments Gives each fragment same Identification tag value, i.e. the Identification tag of original packet
First fragment is given Fragment Offset value of 0 Subsequent fragments get Fragment Offset values consistent with their datas place in original packet Last fragments Flag is set to No More Fragments
Flags
Firewall might drop the first fragment, but not subsequent fragments Some firewalls drop all fragmented packets
Router
2. Second Fragment
1. First Fragment
IP Header
Attacker 1.34.150.37
No TCP Header
TCP Segment
Bit 0 Source Port Number (16 bits) Bit 31 Destination Port Number (16 bits) Sequence Number (32 bits) Acknowledgment Number (32 bits) Header Length (4 bits) Reserved (6 bits) Flag Fields:
ACK, SYN,
(6 bits)
Port number: identifies sending and receiving application programs. Sequence number: Identifies segments place in the sequence. Allows receiving
Transport layer to put arriving TCP segments in order. Acknowledgement number: identifies which segment is being acknowledged Flag fields: Six one-bit flags: ACK, SYN, FIN, RST, URG, PSH. Can be set to 0 (off) or 1 (on). e.g. SYN=1 means a request for connection/synchronization. 20
Q: If the ACK flag is set to 1, what other field must also be set to allow the receiver know what TCP segment is being acknowledged?
Sender and receiver need to establish connection Sender and receiver need to agree to talk Flags are used for establishing connection
Sender requests connection opening: SYN flag set to 1 If receiver is ready to talk, it responds by a SYN/ACK segment Sender acknowledges the acknowledgment
If sender does not get ACK, it resends the segment Webserver Transport Process 1. SYN (Open) 2. SYN, ACK (1) (Acknowledgment of 1) 3. ACK (2)
3-way Handshake
21
PC Transport Process
Note: With connectionless protocols like UDP, there is no flags. Messages are just sent. If part of sent messages not received, there is no retransmission.
Note: At any time, either process can send a TCP RST (reset) segment with RST bit set to 1 to drop the connection (i.e. to abruptly end the connection).
22
IP Hdr RST Segment Attacker 1.34.150.37 5. 60.168.47.47 is Live! 4. Source IP Addr= 60.168.47.47 Victim 60.168.47.47 3. Go Away!
Sending SYN/ACK segments helps attackers locate live targets Older Windows OS could crash when they receive a SYN/ACK probe
23
24
3)
Is the source host a server or a client? Why? If the host is a server, what kind of service does it provide? Is the destination host a server or a client ? Why?
25
Most companies set their firewall to accept packet to and from port 80 Attackers set their client program to use well-know port 80
26