CIS 3360: Security in Computing Pre-Knowledge: Internet and Networking Cliff Zou Spring 2012.

Slides:



Advertisements
Similar presentations
Introduction 2 1: Introduction.
Advertisements

Transportation Layer (2). TCP full duplex data: – bi-directional data flow in same connection – MSS: maximum segment size connection-oriented: – handshaking.
Transport Layer3-1 TCP. Transport Layer3-2 TCP: Overview RFCs: 793, 1122, 1323, 2018, 2581 r full duplex data: m bi-directional data flow in same connection.
1 Chapter 3 Transport Layer Computer Networking: A Top Down Approach 4 th edition. Jim Kurose, Keith Ross Addison-Wesley, July A note on the use.
Introduction1-1 message segment datagram frame source application transport network link physical HtHt HnHn HlHl M HtHt HnHn M HtHt M M destination application.
Data Communications and Computer Networks Chapter 3 CS 3830 Lecture 16 Omar Meqdadi Department of Computer Science and Software Engineering University.
1 Transport Layer Lecture 9 Imran Ahmed University of Management & Technology.
CSE551: Computer Network Review r Network Layers r TCP/UDP r IP.
James 1:5 If any of you lacks wisdom, he should ask God, who gives generously to all without finding fault, and it will be given to him.
EEC-484/584 Computer Networks Lecture 15 Wenbing Zhao (Part of the slides are based on Drs. Kurose & Ross ’ s slides for their Computer.
Introduction1-1 Introduction to Computer Networks Our goal:  get “feel” and terminology  more depth, detail later in course  approach:  use Internet.
Networking Based on the powerpoint presentation of Computer Networking: A Top Down Approach Featuring the Internet, Third Edition, J.F. Kurose and K.W.
Introduction1-1 Chapter 1: Introduction  get context, overview, “feel” of networking  more depth, detail later in course  approach: m descriptive m.
Chapter 3 Transport Layer
1: Introduction1 Protocol “Layers” Networks are complex! r many “pieces”: m hosts m routers m links of various media m applications m protocols m hardware,
1-1 Foundation Objectives: 1.1 What’s the Internet? 1.2 Network edge 1.3 Network core 1.4 Network access and physical media 1.5 Internet structure and.
1 Day 01 - The Internet. 2 Chapter 1 Introduction Computer Networking: A Top Down Approach Featuring the Internet, 3 rd edition. Jim Kurose, Keith Ross.
EEC-484/584 Computer Networks Lecture 13 Wenbing Zhao (Part of the slides are based on Drs. Kurose & Ross ’ s slides for their Computer.
1 Ch. 7 : Internet Transport Protocols. Transport Layer Our goals: r understand principles behind transport layer services: m Multiplexing / demultiplexing.
Introduction1-1 CS 325 Computer Networks Sami Rollins Fall 2005.
What’s the Internet: “nuts and bolts” view
Gursharan Singh Tatla Transport Layer 16-May
1: Introduction1 Part I: Introduction Goal: r get context, overview, “feel” of networking r more depth, detail later in course r approach: m descriptive.
Chapter 1 Introduction Computer Networking: A Top Down Approach 6th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.
Process-to-Process Delivery:
RSC Part I: Introduction Redes y Servicios de Comunicaciones Universidad Carlos III de Madrid These slides are, mainly, part of the companion slides to.
CS 381 Introduction to computer networks Chapter 1 - Lecture 4 2/10/2015.
Instructor: Christopher Cole Some slides taken from Kurose & Ross book IT 347: Chapter 1.
Introduction1-1 Course Code:EE/TE533 Instructor: Muddathir Qamar.
CS 3214 Computer Systems Godmar Back Lecture 23. Announcements Project 5 due Dec 8 Exercise 10 handed out Exercise 11 coming before Thanksgiving CS 3214.
Transport Layer 3-1 Chapter 3 Transport Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All.
Introduction 1-1 “Real” Internet delays and routes  What do “real” Internet delay & loss look like?  Traceroute program: provides delay measurement from.
3: Transport Layer3b-1 TCP: Overview RFCs: 793, 1122, 1323, 2018, 2581 r full duplex data: m bi-directional data flow in same connection m MSS: maximum.
2: Transport Layer 21 Transport Layer 2. 2: Transport Layer 22 TCP: Overview RFCs: 793, 1122, 1323, 2018, 2581 r full duplex data: m bi-directional data.
TCOM 509 – Internet Protocols (TCP/IP) Lecture 04_b Transport Protocols - TCP Instructor: Dr. Li-Chuan Chen Date: 09/22/2003 Based in part upon slides.
RSC Part I: Introduction Redes y Servicios de Comunicaciones Universidad Carlos III de Madrid These slides are, mainly, part of the companion slides to.
Fall 2005 By: H. Veisi Computer networks course Olum-fonoon Babol Chapter 6 The Transport Layer.
Transport Layer3-1 Chapter 3: Transport Layer Our goals: r understand principles behind transport layer services: m multiplexing/demultipl exing m reliable.
Transport Layer3-1 Chapter 3 Transport Layer Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose, Keith Ross Addison-Wesley,
Ch 1. Computer Networks and the Internet Myungchul Kim
TCP/IP Network.
CSE679: Computer Network Review r Review of the uncounted quiz r Computer network review.
Introduction1-1 Data Communications and Computer Networks Chapter 1 CS 3830 Lecture 1 Omar Meqdadi Department of Computer Science and Software Engineering.
1 Network Core and Network Edge By Muhammad Hanif To BS IT 4 th Semester.
1: Introduction1 Introduction 3. 1: Introduction2 Delay in packet-switched networks packets experience delay on end-to-end path r four sources of delay.
Introduction1-1 Chapter 1 Computer Networks and the Internet Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose,
1: Introduction1 Protocol “Layers” Networks are complex! r many “pieces”: m hosts m routers m links of various media m applications m protocols m hardware,
Introduction1-1 Chapter 1 Computer Networks and the Internet Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose,
Introduction1-1 Computer Network (  Instructor  Ai-Chun Pang 逄愛君, m Office Number: 417  Textbook.
Transport Layer3-1 Chapter 3 Transport Layer Computer Networking: A Top Down Approach 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.
SOME HIGHLIGHTS FROM CHAPTER ONE Introduction 1-1.
Transport Layer3-1 Transport Layer If you are going through Hell Keep going.
CIS679: TCP and Multimedia r Review of last lecture r TCP and Multimedia.
1: Introduction1 Internet Services and Protocols Adapted from “Computer Networking: A Top Down Approach Featuring the Internet” Kurose and Ross, Addison.
Introduction 1-1 1DT057 Distributed Information Systems Chapter 1 Introduction.
DMET 602: Networks and Media Lab Amr El Mougy Yasmeen EssamAlaa Tarek.
CS 5565 Network Architecture and Protocols
09-Transport Layer: TCP Transport Layer.
Graciela Perera Introduction Graciela Perera
CS 3214 Computer Systems Networking.
Day 01 - The Internet.
Part 0: Networking Review
Slides taken from: Computer Networking by Kurose and Ross
CS 3214 Computer Systems Lecture 21 Godmar Back.
An Aleksandar,   Accounts have been created for any students in EECS 340 who did not already have one.  Physical access to the labs has.
CS 3214 Computer Systems Networking.
CS 5565 Network Architecture and Protocols
Process-to-Process Delivery:
Process-to-Process Delivery: UDP, TCP
Presentation transcript:

CIS 3360: Security in Computing Pre-Knowledge: Internet and Networking Cliff Zou Spring 2012

2 Objectives  Obtain the basic knowledge of computer networking and the Internet  Concepts of network applications, Internet  Basic knowledge of network protocols: TCP/IP  Reading assignment:  Wikipiedia tutorials:    Reference book:  Computer Networking: A Top Down Approach Featuring the Internet, 5th edition. Jim Kurose, Keith Ross, Addison-Wesley, Pearson Education, 2010

Lecture Materials Some of these slides are adapted from the slides copyrighted by Jim Kurose, Keith Ross Addison-Wesley, Pearson Education2010. Computer Networking: A Top Down Approach Featuring the Internet, 5th edition. 3

4 A Little Bit of Internet History  1961: Kleinrock - queueing theory shows effectiveness of packet- switching  1967: ARPAnet conceived by Advanced Research Projects Agency  1969: First ARPAnet node operational  1972: 15 nodes in ARPAnet; First program  1973: Metcalfe’s PhD thesis proposes Ethernet  1974: Cerf and Kahn - architecture for interconnecting networks  1983: deployment of TCP/IP  1982: smtp protocol defined  1983: DNS defined for name-to-IP-address translation  early 1990s: Web  Late 1990’s – 2000’s: instant messaging, P2P file sharing; network security, est. 50 million host, 100 million+ users, backbone links running at Gbps

5 Cerf and Kahn’s internetworking principles:  minimalism, autonomy - no internal changes required to interconnect networks  best effort service model  stateless routers  decentralized control define today’s Internet architecture

6 What is the Internet? Application Network Data Link Transport Data Link Physical link Web, … TCP, UDP IP Ethernet, cellular

Some Internet applications   Web  Instant messaging  Remote login  P2P file sharing  Multi-user network games  Streaming stored video clips  Internet telephone  Real-time video conference  Massive parallel computing

88 Internet  Internet: loosely hierarchical “network of networks”  Major Components: Hosts, Routers, Communication links  Protocols: for sending, receiving of msgs  e.g., TCP, IP, HTTP, FTP, PPP  Internet standards  RFC: Request for comments  IETF: Internet Engineering Task Force local ISP company network regional ISP router workstation server mobile

99 Internet: Three Components  End systems (hosts): millions of connected computing devices executing network applications  Routers: forwarding packets (chunks of data)  Communication links: Connecting hosts and routers  fiber, copper, radio, satellite  transmission rate = bandwidth local ISP company network regional ISP router workstation server mobile

10 Internet Service  Communication infrastructure enables distributed applications:  Web, , games, e-commerce, file sharing  Communication services provided to applications:  Connectionless unreliable  connection-oriented reliable

11 Internet structure: network of networks  roughly hierarchical  at center: “tier-1” ISPs (e.g., UUNet, BBN/Genuity, Sprint, AT&T), national/international coverage  treat each other as equals Tier 1 ISP Tier-1 providers interconnect (peer) privately NAP Tier-1 providers also interconnect at public network access points (NAPs)

12 Internet structure: network of networks  “Tier-2” ISPs: smaller (often regional) ISPs  Connect to one or more tier-1 ISPs, possibly other tier-2 ISPs Tier 1 ISP NAP Tier-2 ISP Tier-2 ISP pays tier-1 ISP for connectivity to rest of Internet  tier-2 ISP is customer of tier-1 provider Tier-2 ISPs also peer privately with each other, interconnect at NAP

13 Internet structure: network of networks  “Tier-3” ISPs and local ISPs  last hop (“access”) network (closest to end systems) Tier 1 ISP NAP Tier-2 ISP local ISP local ISP local ISP local ISP local ISP Tier 3 ISP local ISP local ISP local ISP Local and tier- 3 ISPs are customers of higher tier ISPs connecting them to rest of Internet

14 Internet structure: network of networks  a packet passes through many networks! Tier 1 ISP NAP Tier-2 ISP local ISP local ISP local ISP local ISP local ISP Tier 3 ISP local ISP local ISP local ISP

“Real” Internet delays and routes  What do “real” Internet delay & loss look like?  Traceroute program: provides delay measurement from source to router along end-end Internet path towards destination. For all i:  sends three packets that will reach router i on path towards destination  router i will return packets to sender  sender times interval between transmission and reply. 3 probes

“Real” Internet delays and routes 1 cs-gw ( ) 1 ms 1 ms 2 ms 2 border1-rt-fa5-1-0.gw.umass.edu ( ) 1 ms 1 ms 2 ms 3 cht-vbns.gw.umass.edu ( ) 6 ms 5 ms 5 ms 4 jn1-at wor.vbns.net ( ) 16 ms 11 ms 13 ms 5 jn1-so wae.vbns.net ( ) 21 ms 18 ms 18 ms 6 abilene-vbns.abilene.ucaid.edu ( ) 22 ms 18 ms 22 ms 7 nycm-wash.abilene.ucaid.edu ( ) 22 ms 22 ms 22 ms ( ) 104 ms 109 ms 106 ms 9 de2-1.de1.de.geant.net ( ) 109 ms 102 ms 104 ms 10 de.fr1.fr.geant.net ( ) 113 ms 121 ms 114 ms 11 renater-gw.fr1.fr.geant.net ( ) 112 ms 114 ms 112 ms 12 nio-n2.cssi.renater.fr ( ) 111 ms 114 ms 116 ms 13 nice.cssi.renater.fr ( ) 123 ms 125 ms 124 ms 14 r3t2-nice.cssi.renater.fr ( ) 126 ms 126 ms 124 ms 15 eurecom-valbonne.r3t2.ft.net ( ) 135 ms 128 ms 133 ms ( ) 126 ms 128 ms 126 ms 17 * * * 18 * * * 19 fantasia.eurecom.fr ( ) 132 ms 128 ms 136 ms traceroute: gaia.cs.umass.edu to Three delay measurements from gaia.cs.umass.edu to cs- gw.cs.umass.edu * means no response (probe lost, router not replying) trans-oceanic link Under Windows is “tracert”

Traceroute from My Home Computer

Where a Router is Placed?  There are many public websites provide IP location service    Based on traceroute and IP locator, you can know the complete routing path of a connection  Major reason why many networks block traceroute traffic 19

Protocol network protocols:  all communication activity in Internet governed by protocols Protocols define format, order of messages sent and received among network entities, and actions taken on message transmission, receipt

What’s a protocol? a human protocol and a computer network protocol: Hi Got the time? 2:00 TCP connection request TCP connection response Get time

22 A closer look at network structure:  network edge: applications and hosts  network core:  routers  network of networks  Connection: communication links

The network edge:  end systems (hosts):  run application programs  e.g. Web,  at “edge of network”  client/server model  client host requests, receives service from always-on server  e.g. Web browser/server; client/server  peer-peer model:  minimal (or no) use of dedicated servers  e.g. Gnutella, KaZaA

Network edge: connection-oriented service TCP [ Transmission Control Protocol ]  reliable, in-order : byte-stream data transfer  loss: acknowledgements and retransmissions  flow control:  sender won’t overwhelm receiver  congestion control:  senders “slow down sending rate” when network congested Examples of applications using TCP:  HTTP (Web), FTP (file transfer), SSH (remote secure login), SMTP ( )

Network edge: connectionless service  UDP [User Datagram Protocol]  connectionless  unreliable data transfer  no flow control  no congestion control Examples of applications using UDP:  streaming media, teleconferencing, DNS, Internet telephony

The Network Core  mesh of interconnected routers  data transfer methods through net  circuit switching: dedicated circuit per call: telephone net  packet-switching: data sent through net in discrete “chunks”

Circuit Switching End-end resources reserved for “call”  call setup required  link bandwidth, switch capacity  dedicated resources: no sharing  circuit-like (guaranteed) performance

Packet-switched networks  Move packets through routers from source to destination  datagram network:  destination address in packet determines next hop  routes may change during session  virtual circuit network:  each packet carries tag (virtual circuit ID), tag determines next hop  fixed path determined at call setup time, remains fixed thru call  routers maintain per-call state

Internet protocol stack  application: supporting network applications  FTP, SMTP, HTTP  transport: host-host data transfer  TCP, UDP  network: routing of datagrams from source to destination  IP, routing protocols  link: data transfer between neighboring network elements  PPP, Ethernet  physical: bits “on the wire or wireless” application transport network link physical

message segment datagram frame source application transport network link physical HtHt HnHn HlHl M HtHt HnHn M HtHt M M destination application transport network link physical HtHt HnHn HlHl M HtHt HnHn M HtHt M M network link physical link physical HtHt HnHn HlHl M HtHt HnHn M HtHt HnHn HlHl M HtHt HnHn M HtHt HnHn HlHl M HtHt HnHn HlHl M router switch Encapsulation

Message Flow  transport segment from sending to receiving host  on sending side encapsulates segments into datagrams  on receiving side, delivers segments to transport layer  network layer protocols in every host, router  router examines header fields in all IP datagrams passing through it application transport network data link physical application transport network data link physical network data link physical network data link physical network data link physical network data link physical network data link physical network data link physical network data link physical network data link physical network data link physical network data link physical network data link physical 31

TCP/IP Introduction 32

 TCP  Transport Layer  IP  Network Layer  Networking security mainly deals with these two services/protocols 33

Transport Layer  TCP - connection-oriented service  Provide reliable data transmission  Used by most data-based, not time-sensitive network applications  , Web, file transfer….  Require to set up TCP connection channel first  UDP – connectionless service  Unreliable data transmission  Error packets will be discarded without retransmission  No additional delay for future incoming packets  Used for time-sensitive, error-tolerant applications  VOIP, video streaming, DNS…. 34

Transport vs. network layer  network layer: logical communication between hosts  transport layer: logical communication between processes  relies on, enhances, network layer services A B C D Sport:4625 Dport: 80 Sport:8050 Dport: 25

Addressing processes  to receive messages, process must have identifier  identifier includes both IP address and port numbers associated with process on host.  host device has unique 32-bit IP address  IP address is for addressing a host/computer  Example port numbers:  HTTP server: 80  Mail server: 25  to send HTTP message to gaia.cs.umass.edu web server:  IP address:  Port number: 80

TCP and UDP Port Numbers  16 bits (0 – 65535)  Internet Assigned Numbers Authority (IANA)  Well known ports ( )  Example: HTTP – 80, SMTP – 25  Registered ports (1024 – 49151)  Example: HTTP alternate 8080 used for web proxy and caching server  Dynamic and/or private ports: (49152– 65535)

 Each TCP connection is identified by 4-tuple:  source IP address  source port number  dest IP address  dest port number  These four values are widely used in network filtering and intrusion detection 38

UDP Packet Header  UDP packet header is 8 bytes long  Port number is 16 bits long  Checksum for verifying packet error 39 source port #dest port # 32 bits Application data (message) UDP segment format length checksum Length, in bytes of UDP segment, including header

UDP Transmission Process 40 Host A Packet 2 time Host B Packet 1 Packet 3 Packet 4 Packet 5 X  No acknowledgement from recipient  Sending rate is controlled by sender (bounded by sender’s bandwidth)

TCP Transmission Process (simplified without considering piplining) 41 Need sequence # and acknowledge # to distinguish each packet

TCP segment structure (Header is 20 bytes normally) source port # dest port # 32 bits application data (variable length) sequence number acknowledgement number Receive window Urg data pnter checksum F SR PAU head len not used Options (variable length) URG: urgent data (generally not used) ACK: ACK # valid PSH: push data now RST, SYN, FIN: connection estab (setup, teardown commands) # bytes rcvr willing to accept counting by bytes of data (not segments!) Internet checksum (as in UDP)

TCP seq. #’s and ACKs Seq. #’s:  byte stream “number” of first byte in segment’s data ACKs:  seq # of next byte expected from other side  Cumulative ack  ack to receive all bytes until the specified # Q: how receiver handles out-of-order segments?  TCP spec doesn’t say  Practical approach: save in buffer Q: How TCP implement duplex communication?  Seq. # for sending data, Ack# for receiving data

An example of TCP Duplex Communication Host A Host B Seq=42, ACK=79, data = ‘john’ Seq=79, ACK=46, data = ‘pass’ Seq=46, ACK=83 data =‘CNT4704’ User host ACKs receipt, send back use password host ACKs receipt, echoes back ‘pass’ time simple telnet scenario Sequence number is based on bytes, not packets!

ACK Only in Duplex Communication ? 45 Seq=79, ACK=46, data = ‘pass’ Seq=46, ACK=83 data =‘CNT4704’ host ACKs receipt, send back use password time Seq= 83, ACK=53, no data section ACK only packet, seq# is the first byte to be transmitted in the future (the packet has no data section)

TCP: retransmission scenarios Host A Seq=100, 20 bytes data ACK=100 time premature timeout Host B Seq=92, 8 bytes data ACK=12 0 Seq=92, 8 bytes data Seq=92 timeout ACK=12 0 Host A Seq=92, 8 bytes data ACK=100 loss timeout lost ACK scenario Host B X Seq=92, 8 bytes data ACK=10 0 time Seq=92 timeout SendBase = 100 SendBase = 120 SendBase = 120 Sendbase = 100

TCP retransmission scenarios (more) Host A Seq=92, 8 bytes data ACK=100 loss timeout Cumulative ACK scenario Host B X Seq=100, 20 bytes data ACK=12 0 time SendBase = 120 Host A Seq=100, 20 bytes data ACK=100 time premature timeout Host B Seq=92, 8 bytes data ACK=12 0 Seq=92, 8 bytes data Seq=92 timeout ACK=12 0 Seq=92 timeout SendBase = 120 SendBase = 120 Sendbase = 100

TCP Connection Setup --- Three-Way Handshaking Step 1: client host sends TCP SYN segment to server  specifies initial seq #  no data Step 2: server host receives SYN, replies with SYN/ACK segment  server allocates buffers  specifies server initial seq. # Step 3: client receives SYN/ACK, replies with ACK segment, which may contain data client SYN, seq=client_seq server SYN/ACK, seq=server_seq, ack=client_seq+1 ACK, seq=client_seq+1 ack=server_seq+1

TCP Connection Setup  Most firewalls, packet capturing software, and intrusion detection software use TCP connection setup packets to determine how to deal with the new connection  Very important to understand the three-way handshake 49

TCP Connection Management (cont.) Closing a connection: close (); Step 1: client end system sends TCP/FIN control segment to server Step 2: server receives FIN, replies with ACK. Closes connection, sends FIN. client FIN server ACK FIN close closed timed wait

TCP Connection Management (cont.) Step 3: client receives FIN, replies with ACK.  Enters “timed wait” - will respond with ACK to received FINs Step 4: server, receives ACK. Connection closed. client FIN server ACK FIN closing closed timed wait closed Some applications simply send RST to terminate TCP connections immediately