IPv4 Overview .

Uploaded on:
Category: People / Lifestyle
IPv4 Review. Digital Security Spring 2006. Diagram. Survey Layered System Design System Layer conventions Transport Layer Conventions Application Layer Conventions. Perusing Material. Numerous writings on IP organizing PC Systems, Andrew Tannenbaum
Slide 1

IPv4 Overview Cyber Security Spring 2006

Slide 2

Outline Review Layered Network Architecture Network Layer conventions Transport Layer Protocols Application Layer Protocols

Slide 3

Reading Material Many messages on IP organizing Computer Networks, Andrew Tannenbaum Data and Computer Communications, William Stallings Internetworking with TCP/IP Vol 1, Douglas Comer Plus every one of the firsts from the Internet Engineering Task Force (IETF) http://ietf.org/

Slide 4

OSI Reference Model The layers 7: Application, e.g., HTTP, SMTP, FTP 6: Presentation 5: Session 4: Transport, e.g. TCP, UDP 3: Network, e.g. IP, IPX 2: Data interface, e.g., Ethernet outlines, ATM cells 1: Physical, e.g., Ethernet media, ATM media Standard programming building explanations behind considering a layered plan

Slide 5

Layers Limit Need for Intelligence Intermediate gadgets just need to prepare the bundle headers up to the level they comprehend Ether Hdr IP Hdr TCP Hdr HTTP Hdr Data

Slide 6

Various system gadgets Hosts and servers – Operate at Level 7 (application) Proxies – Operate at level 7 Firewalls – Operate between levels 2 and 7. From the outside world roll out improvements at levels 2 (in straightforward mode) or 3 (in steering mode) Routers – Operate at Level 3 (arrange) Switches or Hubs – Operate at level 2 (information interface) Gateways – Operate at level 2 Data Http Hdr TCP Hdr IP Hdr Ether Hdr

Slide 7

IPv4 32 bit Addressing plan Host address, e.g., Network address, e.g., or Host address is the primary address in subnetwork, e.g. Broadcast address is the last address in the subnetwork, e.g., Version IHL Type of administration Total length Frag Offset DF MF Identification Time to live Header checksum Protocol Source address Destination Address at least 0 expressions of alternatives

Slide 8

Address ridiculing Sender can put any source address in parcels he sends: Can be utilized to send unwelcome return activity to the parodied deliver Can be utilized to sidestep channels to get unwelcome movement to the goal Reverse Path confirmation can be utilized by switches to extensively get some spoofers

Slide 9

Fragmentation May need to piece an IP bundle on the off chance that one information interface en route can\'t deal with the parcel estimate Perhaps way is a blend of various HW Perhaps unforeseen embodiment makes the parcel bigger than the source anticipated that Hosts attempt would comprehend Maximum Transmission Unit (MTU) to maintain a strategic distance from the requirement for fracture (which causes an execution hit) Any gadget en route can section Identification field recognizes all components of a similar part Fragmentation put away in the MF (more parts) and section balance fields Devices can reassemble as well But for the most part the goal does the reassembly

Slide 10

Fragmentation Flaws Split parcel to trick straightforward firewall and IDS Intermediate substance spectators must do reassembly Overlapping parts Can be utilized to trap IDS by concealing, e.g. a "get/and so on/secret key" demand Different customers reassemble covering parts contrastingly Just drop covering pieces Bad section balances abuse poor stack usage E.g. Tear assault, negative balances or overlarge balances cause support floods Firewalls can check for all around shaped parcels. Asset assaults on re-constructing agents Send everything except one part for some bundles

Slide 11

Address Resolution Protocol (ARP) Used to find mapping of neighboring ethernet MAC to IP addresses. Need to discover MAC for which is in your interfaces subnetwork Broadcast an ARP ask for on the connection Hopefully get an ARP answer giving the right MAC The gadget stores this data in an ARP reserve or ARP table

Slide 12

ARP reserve harming Bootstrap issue as for security. Anybody can send an ARP answer The Ingredients to ARP Poison, http://www.governmentsecurity.org/articles/TheIngredientstoARPPoison.php Classic Man-in-the-center assault Send arp answer messages to gadget so they think your machine is another person Better than straightforward sniffing on the grounds that parcels will get to your paying little heed to sniffing. Arrangements Encrypt all movement Monitoring programs like arpwatch to distinguish mapping changes Which may be substantial because of DHCP

Slide 13

Basic IPv4 Routing Static steering. Utilized by hosts and a few firewalls and switches. Directing table comprises of passages of Network, Next jump address, metric, interface May have steering table per approaching interface To highway a bundle, take the goal address and locate the best match organize in the table. If there should arise an occurrence of a tie take a gander at the metric Use the relating next jump deliver and interface to send the parcel on. The following jump address is on an indistinguishable connection from this gadget, so you utilize the following bounce\'s information interface address, e.g. ethernet MAC address Decrement "time to live" field in IP header at each bounce. Drop bundle when it achieves 0 Attempt to abstain from steering circles As web got greater, TTL fields got set greater. 225 greatest

Slide 14

Routing illustration Receive a parcel bound to on inside interface Local directing table for inside interface,, 1, outside,, 1, dmz,, 1, dmz,, 3, outside,, 1, outside Entries 3 and 4 tie. Be that as it may, metric for 3 is better Entries 1 and 2 are for specifically associated systems

Slide 15

Source Based Routing In the IP Options field, can indicate a source course Was thought about as an approach to guarantee some activity could be conveyed regardless of the possibility that the directing table was totally messed up. Can be utilized by the terrible person to evade security implementing gadgets Most people arrange switches to drop bundles with source courses set

Slide 16

IP Options in General Originally imagined as a way to add more components to IP later Most switches drop parcels with IP alternatives set Stance of not passing activity you don\'t see Therefore, IP Option instruments never truly took off what\'s more source directing, there are security Options Used for DNSIX, a MLS organize encryption plot

Slide 17

Dynamic Routing Protocols For scaling, find topology and steering instead of statically building steering tables Open Shortest Path First (OSPF): Used for directing inside an authoritative space RIP: not utilized much any longer Border Gateway Protocol (BGP): Used for directing between regulatory areas. Can encode non-specialized travel imperatives, e.g. Space X will just convey activity of paying clients Receives full ways from neighbors, so it maintains a strategic distance from checks to boundlessness.

Slide 18

Dynamic Routing Injecting startling highways a security concern. BGP bolsters peer confirmation BGP blackholing is in truth utilized as a component to disengage "terrible" hosts Filter out course movement from sudden (outside) focuses OSPF has MD5 validation, and can statically arrange neighbor switches, instead of find them.

Slide 19

Internet Control Message Protocol (ICMP) Used for diagnostics Destination inaccessible Time surpassed, TTL hit 0 Parameter issue, awful header field Source extinguish, throttling system once in a while utilized Redirect, criticism on potential terrible course Echo Request and Echo answer, ping Timestamp ask for and Timestamp answer, execution ping Can utilize data to help delineate a system Some individuals square ICMP from outside area

Slide 20

Smurf Attack An enhancement DoS assault A moderately little measure of data sent is extended to a lot of information Send ICMP resound demand to IP communicate addresses. Parody the casualty\'s address as the source The resound ask for beneficiaries obediently send reverberate answers to the casualty overpowering it Fraggle is a UDP variation of a similar assault

Slide 21

Transport layer UDP and TCP Transport streams are characterized by source and goal ports A couple of gadgets can have various streams working at the same time by conveying between various sets of ports Applications are related with ports (by and large just goal ports) IANA composes port assignments http://www.iana.org/Source ports for the most part progressively chose Ports under 1024 are viewed as outstanding ports Would not anticipate that source ports will originate from the notable range Scanners test for listening ports to comprehend the administrations running on different machines

Slide 22

Datagram Transport User Datagram Protocol (UDP) A best-exertion conveyance, no certification, no ACK Lower overhead than TCP Good for best-exertion movement like occasional updates No extensive association overhead on the endpoints Some people actualize their own solid convention over UDP to get "better execution" or "less overhead" than TCP Such endeavors don\'t for the most part work out TFTP and DNS conventions utilize UDP Data channels of some media conventions, e.g., H.323 likewise utilize UDP

Slide 23

UDP Header Source Port Destination Port UDP checksum UDP Length

Slide 24

Reliable Streams Transmission Control Protocol (TCP) Guarantees dependable, requested stream of activity Such assurances force overhead A considerable lot of state is required on both finishes Most Internet conventions utilize TCP, e.g., HTTP, FTP, SSH, H.323 control channels

Slide 25

TCP Header Destination Port Source Port Sequence Number Acknowledgment number U R G A C K P S H R S T S Y N F I N Window Size HDR Len Urgent Pointer Checksum Options (at least 0 words)

Slide 26

Syn surge An asset DoS assault concentrated on the TCP three-way handshake Say A needs to set up a TCP association with B A sends SYN with its succession number X B answers with its own SYN and arrangement number Y and an ACK of A\'s grouping number X A sends information with its grouping number X and ACK\'s B\'s succession number Y Send a number of the main message to B. Never react to the second message. This leaves B with a cluster of half open (or embryonic) associations that are topping off memory Firewalls adjusted by setting limits on the quantity of such half open associations. .:tslide

View more...