Computer Science and Engineering Computer System Security CSE 5339/7339 Session 25 November 16, 2004.

Slides:



Advertisements
Similar presentations
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Advertisements

Umut Girit  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.
Prentice HallHigh Performance TCP/IP Networking, Hassan-Jain Chapter 2 TCP/IP Fundamentals.
CISCO NETWORKING ACADEMY Chabot College ELEC Transport Layer (4)
CCNA – Network Fundamentals
Transmission Control Protocol (TCP)
Intermediate TCP/IP TCP Operation.
CISCO NETWORKING ACADEMY PROGRAM (CNAP)
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
UDP & TCP Where would we be without them!. UDP User Datagram Protocol.
CSE551: Computer Network Review r Network Layers r TCP/UDP r IP.
Transport Layer – TCP (Part1) Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS School of Computing, UNF.
Chapter 7 – Transport Layer Protocols
Copyright 1999, S.D. Personick. All Rights Reserved. Telecommunications Networking II Lecture 32 Transmission Control Protocol (TCP) Ref: Tanenbaum pp:
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.
Internet Control Message Protocol (ICMP)
IP Basics. Physical Link Network IP ARP ICMP RoutingTables.
CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.
IP Basics. IP encapsulates TCP IP packets travel through many different routers (hops) before reaching it’s destination MTU variation at the physical.
© 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.1 Computer Networks and Internets with Internet Applications, 4e By Douglas.
1 CCNA 2 v3.1 Module Intermediate TCP/IP CCNA 2 Module 10.
TCP. Learning objectives Reliable Transport in TCP TCP flow and Congestion Control.
WXES2106 Network Technology Semester /2005 Chapter 8 Intermediate TCP CCNA2: Module 10.
Transport Layer TCP and UDP IS250 Spring 2010
Gursharan Singh Tatla Transport Layer 16-May
CS 356 Systems Security Spring Dr. Indrajit Ray
1 ICMP : Internet Control Message Protocol Computer Network System Sirak Kaewjamnong.
What Can IP Do? Deliver datagrams to hosts – The IP address in a datagram header identify a host IP treats a computer as an endpoint of communication Best.
ITIS 6167/8167: Network Security Weichao Wang. 2 Contents ICMP protocol and attacks UDP protocol and attacks TCP protocol and attacks.
Petrozavodsk State University, Alex Moschevikin, 2003NET TECHNOLOGIES Internet Control Message Protocol ICMP author -- J. Postel, September The purpose.
ICMP (Internet Control Message Protocol) Computer Networks By: Saeedeh Zahmatkesh spring.
© Janice Regan, CMPT 128, CMPT 371 Data Communications and Networking Network Layer ICMP and fragmentation.
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 24 November 11, 2004.
1 Transport Layer Computer Networks. 2 Where are we?
Internet Control Message Protocol (ICMP). Objective l IP and ICMP l Why need ICMP? l ICMP Message Format l ICMP fields l Examples: »Ping »Traceroute.
Overview Network communications exposes one to many different types of risks: No protection of the privacy, integrity, or authenticity of messages Traffic.
1 Semester 2 Module 10 Intermediate TCP/IP Yuda college of business James Chen
The Transmission Control Protocol (TCP) TCP is a protocol that specifies: –How to distinguish among multiple destinations on a given machine –How to initiate.
Chapter 4 TCP/IP Overview Connecting People To Information.
TCP : Transmission Control Protocol Computer Network System Sirak Kaewjamnong.
TCP Lecture 13 November 13, TCP Background Transmission Control Protocol (TCP) TCP provides much of the functionality that IP lacks: reliable service.
© Introduction to Internetworking – Alex Kooijman 04/04/2000 Introduction to internetworking Part Two.
TCP/IP Honolulu Community College Cisco Academy Training Center Semester 2 Version 2.1.
1 Network Layer Lecture 16 Imran Ahmed University of Management & Technology.
Lecture 22 Network Security CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Hesham El-Rewini.
Denial of Service Attacks
Lecture 4 Overview. Ethernet Data Link Layer protocol Ethernet (IEEE 802.3) is widely used Supported by a variety of physical layer implementations Multi-access.
1 Introduction to TCP/IP. 2 OSI and Protocol Stack OSI: Open Systems Interconnect OSI ModelTCP/IP HierarchyProtocols 7 th Application Layer 6 th Presentation.
CSC 600 Internetworking with TCP/IP Unit 5: IP, IP Routing, and ICMP (ch. 7, ch. 8, ch. 9, ch. 10) Dr. Cheer-Sun Yang Spring 2001.
1 Figure 3-13: Internet Protocol (IP) IP Addresses and Security  IP address spoofing: Sending a message with a false IP address (Figure 3-17)  Gives.
DoS/DDoS attack and defense
1 DETAILS OF PROTOCOLS The Zoo Protocol - TCP - IP.
UDP & TCP Where would we be without them!. UDP User Datagram Protocol.
IP1 The Underlying Technologies. What is inside the Internet? Or What are the key underlying technologies that make it work so successfully? –Packet Switching.
© 2002, Cisco Systems, Inc. All rights reserved..
Lecture 21: Network Primer 7/9/2003 CSCE 590 Summer 2003.
TCP/IP1 Address Resolution Protocol Internet uses IP address to recognize a computer. But IP address needs to be translated to physical address (NIC).
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 27 November 23, 2004.
Introduction to TCP/IP
Process-to-Process Delivery, TCP and UDP protocols
Error and Control Messages in the Internet Protocol
TCP/IP Transmission Control Protocol / Internet Protocol
ITIS 6167/8167: Network Security
CCNA 2 v3.1 Module 10 Intermediate TCP/IP
46 to 1500 bytes TYPE CODE CHECKSUM IDENTIFIER SEQUENCE NUMBER OPTIONAL DATA ICMP Echo message.
ITIS 6167/8167: Network and Information Security
Internet Control Message Protocol
Transport Layer 9/22/2019.
Presentation transcript:

Computer Science and Engineering Computer System Security CSE 5339/7339 Session 25 November 16, 2004

Computer Science and Engineering Contents  Security in Networks  Group Work  Wing’s presentation

Computer Science and Engineering IP Protocol  Unreliable packet delivery service  Datagram (IPv4) Service TypeVERSHLENTOTAL LENGTH IDENTIFICATIONFLAGSFRAGMENT OFFSET TIME TO LIVEPROTOCOLHEADER CHECKSUM SOURCE ADDRESS DESTINATION ADDRESS PADDINGOPTIONS (IF ANY) DATA

Computer Science and Engineering Attacks  IP Spoofing  Teardrop attacks

Computer Science and Engineering ICMP (Internet Control Message Protocol)  Transmit error messages and unusual situations  Different types of ICMP have slightly different format TypeCodeCHECKSUM Unused (must be zero) DATA: Header and 1 st 64 bits of offending datagram ICMP time-exceeded message

Computer Science and Engineering ICMP (Echo request/reply)  Transmit error messages and unusual situations  Different types of ICMP have slightly different format TypeCodeCHECKSUM Sequence number DATA (optional) ICMP Echo Request/Reply Message Identifier

Computer Science and Engineering Ping of Death Attack  Denial of service attack (1 st in 1996)  Some systems did not handle oversized IP datagrams properly  An attacker construct an ICMP echo request containing 65,510 data octets and send it to victim  The total size of the resulting datagram would be larger than the octet limit specified by IP  System would crash

Computer Science and Engineering SMURF  Attacker send echo request message to broadcast address  Attacker also spoofs source address in the request Intermediary Attacker Victim

Computer Science and Engineering UDP (User Datagram Protocol) CHECKSUM (optional) DATA LENGTH DESTINATION PORTSOURCE PORT  From one application to another (multiple destinations)  Port  positive integer (unique destination)

Computer Science and Engineering Attacks on UDP  Fraggle  Trinoo

Computer Science and Engineering Fraggle (similar to smurf)  UDP port 7 is used for echo service  An attacker can create a stream of user datagram with random source port and a spoofed source address  Destination port is 7 and destination source is a broadcast address at some intermediate site  The attack can get worse if the source port = 7  Could be prevented by filtering out UDP echo requests destined for broadcast addresses

Computer Science and Engineering spoofed source Victim’s host broadcast destination random source port destination Port = 7 spoofed source Victim’s host broadcast destination source Port = 7 destination Port = 7 Stream of UDP datagrams

Computer Science and Engineering Trinoo  Distributed denial of service  In smurf and fraggle, trafic comes from a single intermediate node.  Trinoo allows the attacker to flood the victim from hundreds intermediate sites simultaneously  Two programs: master and daemon – installed in many different stolen accounts

Computer Science and Engineering attacker master daemon Large number of UDP packets to random ports

Computer Science and Engineering TCP CODE BITSHLENRESVWINDOW URGENT POINTER SEQUENCE NUMBER PADDINGOPTIONS (IF ANY) DATA CHECKSUM DESTINATION PORTSOURCE PORT Acknowledgment  Reliable delivery  TCP messages are sent inside IP datagrams

Computer Science and Engineering TCP Overview  TCP segments are sent inside IP datagrams  TCP divides a stream of data into chncks that fit in IP datagrams  It ensures that each datagram arrives at its destination  Itthen reassembles the datagrams to produce the original message

Computer Science and Engineering TCP Overview (cont.)  TCP uses an acknowledgment-and retransmission scheme  TCP sending software keeps a record of each datagram and waits for an acknowledgment  If no acknowledgment is received during the timeout interval, the datagram is retransmitted

Computer Science and Engineering Host A Host B Establishing a TCP Connection Using a 3-way handshake Host AHost B Closing a TCP Connection (one way A to B) Message 1 (SYN + SEQ) Message 2 (SYN + SEQ + ACK) Message 3 (ACK) Message 1 (FIN + SEQ) Message 2 (ACK)

Computer Science and Engineering Group Work Discuss possible attacks

Computer Science and Engineering Attacks on TCP  SYN Flood  Half-opened connection table  LAND  Spoofed source address = destination address  Source port = destination port  Certain implementations  freezing  TRIBE Flood Network (TFN)  Similar to trinoo but more than one attack  UDP flood, smurf, SYN floods, and others

Computer Science and Engineering Probes and Scans Ping scan and traceroute (What machines exist on a given network and how they are arranged) Remote OS fingerprinting (What OS each detected host is running) (Different OS respond to invalid packets differently) (Example: FIN to connection that has not been opened) Port Scanning (Which ports are open?  port scanner) Open a TCP connection and close it immediately Use half opened connections

Computer Science and Engineering Wired Backbone with Mobile nodes Fixed Communication Network Fixed Host Fixed host Fixed Host Base Station Wired Backbone Mobile Host

Computer Science and Engineering Mobile IP (Cont.) Arbitrary Topology of Routers and Links Home Agent Mobile Host at Home Foreign Agent Mobile Host visiting A foreign subnet Home subnet Foreign subnet

Computer Science and Engineering Wireless Multi-hop Backbone Mobile Host

Computer Science and Engineering Hybrid backbone Fixed Communication Network Fixed Host Fixed host Fixed Host Base Station Wired Backbone Mobile Host Wireless Multi-hop Backbone Mobile Host Hybrid Backbone Mobile Host

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.