IP Addressing EE 122 Intro to Communication Networks Fall 2007 WF 4 5 30 in Cory 277 Vern Paxson TAs Lisa Fowler Daniel Killebrew Jorge Ortiz http inst eecs berkeley edu ee122 Materials with thanks to Jennifer Rexford Ion Stoica and colleagues at Princeton and UC Berkeley 1 Announcements We plan to close the Tuesday section leaving Mon 4 5 Wed 12 1 Fri 10 11 If this will cause you hardship please let me know this week Please take the poll see the announcements page regarding lecture scheduling for Thanksgiving week Reminder Lisa s office hours are by appointment And Friday section will be taught by Daniel Once more subscribe to the mailing list 2 1 Goals of Today s Lecture Finish security analysis of IP s header design IP addresses Dotted quad notation IP prefixes for aggregation o Classless InterDomain Routing CIDR Classful addresses Special purpose address blocks Address allocation Hierarchy by which address blocks are given out Finding information about an allocation 3 Security Implications of IP s Design 4 bit 8 bit 4 bit Version Header Type of Service Length TOS 3 bit Flags 16 bit Identification 8 bit Time to Live TTL 16 bit Total Length Bytes 8 bit Protocol 13 bit Fragment Offset 16 bit Header Checksum 32 bit Source IP Address 32 bit Destination IP Address Options if any Payload 2 Security Implications of TOS 8 bits What if attacker sets TOS for their flooding traffic for prioritized delivery If regular traffic does not set TOS then network prefers the attack traffic greatly compounding damage What if network charges for TOS traffic and attacker spoofs the victim s source address denial of money In general in today s network TOS does not work Due to very hard problems with billing TOS has now been redefined for Differential Service o Discussed later in course 5 IP Packet Structure 4 bit 8 bit 4 bit Version Header Type of Service Length TOS 3 bit Flags 16 bit Identification 8 bit Time to Live TTL 16 bit Total Length Bytes 8 bit Protocol 13 bit Fragment Offset 16 bit Header Checksum 32 bit Source IP Address 32 bit Destination IP Address Options if any Payload 3 Security Implications of Fragmentation Allows evasion of network monitoring enforcement E g split an attack across multiple fragments Packet inspection won t match a signature Offset 0 Offset 8 Nasty at tack bytes E g split TCP header across multiple fragments Firewall can t tell anything about connection associated with traffic Both of these can be addressed by monitor remembering previous fragments But that costs state 7 Fragmentation Attacks con t What if 2 overlapping fragments are inconsistent Offset 0 Offset 8 USERNAME NICE EVIL Offset 8 How does network monitor know whether receiver sees USERNAME NICE or USERNAME EVIL 8 4 Fragmentation Attacks con t What if fragments exceed IP datagram limit Offset 65528 NineBytes Maximum size of 13 bit field 0x1FFF 8191 Byte offset into final datagram 8191 8 65528 Length of final datagram 65528 9 65537 Result kernel crash Denial of service using just a few packets Fixed in modern OS s 9 Fragmentation Attacks con t What happens if attacker doesn t send all of the fragments in a datagram Receiver or firewall winds up holding the ones they receive for a long time State holding attack 10 5 IP Packet Structure 4 bit 8 bit 4 bit Version Header Type of Service Length TOS 3 bit Flags 16 bit Identification 8 bit Time to Live TTL 16 bit Total Length Bytes 8 bit Protocol 13 bit Fragment Offset 16 bit Header Checksum 32 bit Source IP Address 32 bit Destination IP Address Options if any Payload Security Implications of TTL 8 bits Allows discovery of topology ala traceroute Can provide a hint that a packet is spoofed It arrives at a router w a TTL different than packets from that address usually do o Because path from attacker to router has different hops Though this is brittle in the presence of routing changes Initial value that s picked is somewhat distinctive to sender s operating system This plus other such initializations allow OS fingerprinting Which in turn can allow attacker to infer its likely vulnerabilities 12 6 Security Implications of Remainder No apparent problems with protocol field 8 bits It s just a demux ing handle If value set incorrectly next higher layer will find packet ill formed Similarly bad IP checksum field 16 bits will very quickly cause packet to be discarded by the network 13 IP Addressing 14 7 Designing IP s Addresses Question 1 what should an address be associated with E g a telephone number is associated not with a person but with a handset Question 2 what structure should addresses have What are the implications of different types of structure Question 3 who determines the particular addresses used in the global Internet What are the implications of how this is done 15 IP Addresses IPv4 A unique 32 bit number Identifies an interface on a host on a router Represented in dotted quad notation E g 12 34 158 5 12 34 158 5 00001100 00100010 10011110 00000101 16 8 Grouping Related Hosts The Internet is an inter network Used to connect networks together not hosts Needs a way to address a network i e group of hosts host host host host host host LAN 2 LAN 1 router WAN router WAN router LAN Local Area Network WAN Wide Area Network 17 Scalability Challenge Suppose hosts had arbitrary addresses Then every router would need a lot of information to know how to direct packets toward the host 1 2 3 4 5 6 7 8 host host 2 4 6 8 host 1 2 3 5 5 6 7 9 host host 2 4 6 9 host LAN 2 LAN 1 router WAN router WAN router 1 2 3 4 1 2 3 5 forwarding table 18 9 Hierarchical Addressing in U S Mail Addressing in the U S mail Zip code 94704 Street Center Street Building on street 1947 Location in building Suite 600 Name of occupant Vern Paxson Forwarding the U S mail Deliver letter to the post office in the zip code Assign letter to mailman covering the street Drop letter into mailbox for the building room Give letter to the appropriate person 19 Hierarchical Addressing IP Prefixes Divided into network host portions left and right 12 34 158 0 23 is a 23 bit prefix with 29 addresses Terminology Slash 23 12 34 158 5 00001100 00100010 10011110 00000101 Network 23 bits Host 9 bits 20 10 IP Address and a 23 bit Subnet Mask Address 12 34 158 5 00001100 00100010 10011110 00000101 11111111 11111111 11111110 00000000 255 Mask 255 254 0 21 Scalability Improved Number related hosts from a common subnet 1 2 3 0 24 on the left LAN 5 6 7 0 24 on the right LAN 1 2 3 4 1 2 3 7 1 2 3 156 host host 5 6 7 8
View Full Document
Unlocking...