DOC PREVIEW
Stanford CS 155 - Network Protocols and Vulnerabilities

This preview shows page 1-2-3-4-5 out of 15 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 15 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 15 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 15 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 15 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 15 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 15 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

1Network Protocols andVulnerabilitiesJohn MitchellOutlineu Basic Networking (FMU)u Network attacks• Attack host networking protocols– SYN flooding, TCP Spoofing, …• Attack network infrastructure– Routing– Domain Name System This lecture is about the way things work now and how they arenot perfect. Next lecture – some security improvements (still notperfect).BackboneISPISPInternet Infrastructureu Local and interdomain routing• TCP/IP for routing, connections• BGP for routing announcementsu Domain Name System• Find IP addressTCP Protocol StackApplicationTransportNetworkLinkApplication protocolTCP protocolIP protocolDataLinkIPNetworkAccessIP protocolDataLinkApplicationTransportNetworkLink2Data FormatsApplicationTransport (TCP, UDP)Network (IP)Link LayerApplication message - dataTCP data TCP data TCP dataTCP HeaderdataTCPIPIP HeaderdataTCPIPETH ETFLink (Ethernet) HeaderLink (Ethernet) Trailersegment packetframemessageInternet Protocolu Connectionless• Unreliable• Best effortu Transfer datagram• Header• DataIPVersion Header LengthType of ServiceTotal LengthIdentificationFlagsTime to LiveProtocolHeader ChecksumSource Address of Originating HostDestination Address of Target HostOptionsPaddingIP DataFragment OffsetIP Routingu Internet routing uses numeric IP addressu Typical route uses several hopsMegTomISPOffice gateway121.42.33.12132.14.11.515SourceDestinationSequencePacket121.42.33.12121.42.33.1132.14.11.51132.14.11.1Two-level Address Hierarchyu Addresses divided into two parts• First: the domain (network) of the host• Second: address of host within domainNetwork Number (Prefix) Host NumberIP AddressThree different address formats: Class A, Class B, Class C(not important for this course)3Simple Routing ExampleLink1 (l1)Link2 (l2)ABCb l1l2cRouting table tellshow to get to subnet(not individual host)Router Router Router 171.64.78.56171.66.191.22171.64.82.12IP Protocol Functions (Summary)u Routing• IP host knows location of router (gateway)• IP gateway must know route to other networksu Error reporting• IP reports discards to sourceu Fragmentation and reassembly• If packets smaller than the user dataUser Datagram Protocolu IP provides routing• IP address gets datagram to a specific machineu UDP separates traffic by port• Destination port number gets UDP datagram toparticular application process, e.g., 128.3.23.3, 53• Source port number provides return addressu Minimal guarantees (… mice and elephants)• No acknowledgment• No flow control• No message continuationUDPTransmission Control Protocolu Connection-oriented, preserves order• Sender– Break data into packets– Attach packet numbers• Receiver– Acknowledge receipt; lost packets are resent– Reassemble packets in correct orderTCPBook Mail each page Reassemble book19511 14File Transfer Protocolu FTP uses TCP to transfer filesu Steps in FTP• Login connection– User connects to remote computer– Specifies name and password• Data transfer– Specify file names to send or receive– Can also ask for list of file names, other functionsFTPSimple Mail Transfer Protocolu Protocol for transferring mail on Internetu Three associated standards• Protocol used to send mail using TCP– HELO, EHLO, … messages• Format for mail messages– Set of header fields and their interpretation To: <address> From: <address>– Methods for including data other than plain text• Routing mail using the Domain Name SystemSMTPInternet Control Message Protocolu Provides feedback about network operation• Error reporting• Reachability testing• Congestion Controlu Example message types• Destination unreachable• Time exceeded• Parameter problem• Redirect to better gateway• Echo/echo reply - reachability test• Timestamp request/reply - measure transit delayICMPBasic Security Problemsu Network packets pass by untrusted hosts• Eavesdropping, packet sniffingu IP addresses are public• Smurfu TCP connection requires state• SYN flooding attacku TCP state easy to guess• TCP spoofing attack5Packet Sniffingu Promiscuous NIC reads all packets• Read all unencrypted data• ftp, telnet send passwords in clear!Sweet Hall attack installed sniffer on local machineAlice BobEveNetworkSmurf Attacku Choose victim• Flood victim with packets from many sourcesu Generate ping stream (ICMP Echo Req)• Network broadcast address with a spoofed sourceIP set to a victim hostu Wait for responses• Every host on target network will generate a pingreply (ICMP Echo Reply) to victim• Ping reply stream can overload victimTCP HandshakeCSSYNCSYNS, ACKCACKSListeningStore dataWaitConnectedSYN FloodingCSSYNC1 ListeningStore dataSYNC2SYNC3SYNC4SYNC56SYN Floodingu Attacker sends many connection requests• Spoofed source addressesu Victim allocates resources for each request• Connection requests exist until timeout• Fixed bound on half-open connectionsu Resources exhausted fi requests rejectedTCP Connection Spoofingu Each TCP connection has an associated state• Sequence number, port numberu Problem• Easy to guess state– Port numbers are standard– Sequence numbers often chosen in predictable wayIP Spoofing Attacku A, B trusted connection• Send packets withpredictable seq numbersu E impersonates B to A• Opens connection to A to getinitial seq number• SYN-floods B’s queue• Sends packets to A thatresemble B’s transmission• E cannot receive, but mayexecute commands on AABEAttack can be blocked if E is outside firewall.TCP Congestion Controlu If packets are lost, assume congestion• Reduce transmission rate by half, repeat• If loss stops, increase rate very slowlyDesign assumes routers blindly obey this policySourceDestination7Competitionu Amiable Alice yields to boisterous Bob• Alice and Bob both experience packet loss• Alice backs off• Bob disobeys protocol, gets better resultsSource ASource BDestinationDestinationTCP Attack on Congestion Controlu Misbehaving receiver can trick sender intoignoring congestion control• Receiver: duplicate ACK indicates gap– Packets within seq number range assumed lost– Sender executes fast retransmit algorithm• Malicious receiver can– Send duplicate ACK– ACK before data is received• needs some application level retransmission – e.g.HTTP 1.1 range requests … See RFC 2581• Solutions– Add nonces – ACKs return nonce to prove receptionSee: Savage et al., TCP Congestion Control with a Misbehaving


View Full Document

Stanford CS 155 - Network Protocols and Vulnerabilities

Documents in this Course
Lecture 5

Lecture 5

64 pages

Phishing

Phishing

31 pages

Load more
Download Network Protocols and Vulnerabilities
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Network Protocols and Vulnerabilities and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Network Protocols and Vulnerabilities 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?