Download presentation
Presentation is loading. Please wait.
2
Raw Sockets CS-480b Dick Steflik
3
Raw Sockets
4
Raw Sockets let you program at just above the network (IP) layer You could program at the IP level using the IP API but you can’t get at ICMP Raw Sockets expose ICMP you get a Raw Packet and populate the entire packet yourself for high level protocols like TCP and UDP you lose all of the functionality implemented in those layers –choosing to use a Raw Socket must be weighed carefully Raw Sockets can be dangerous Raw Sockets can be against the law http://www.kumite.com/rsnbrgr/rob/grcspoof/cnn/
5
Limitations Loss of Reliability No ports Non Standard Communications No automatic ICMP No Raw TCP or UDP Must have root (or administrator) privilege
6
When to use When you need to control the IP header applications like Ping and Traceroute not all fields can be set using the IP APIs Network Address Translation Firewalls When your application requires optimum network speed one level above the Link Layer if you need reliability, you must build it into your application
7
Windows and Raw Sockets WinSock 2.0 - November 2001 raw sockets for NT and W2000 must run as administrator Win XP Professional - raw socket functionality restricted to administrator users same level of access as UNIX / Linux –but first user created has administrator rights - if this is being used on a home machine most users would be running as administrator all of the time leaving their machine possibly open to being hijacked Home - will eventually become the predominant OS is not supposed to have raw sockets Internet Connection Firewall (ICF) attempt to fix problem but only blocks incoming traffic; all outgoing traffic permitted hacker can install a trojan horse that installs a zombie that just sits and waits to become part of a DDoS attack on someone
8
Windows and Raw Sockets WinSock 2.0 allows windows programmers to build advanced applications Firewalls Network Address Translation Packet Filtering SYN Flood protection Security IPSec support VPN Clients Network Administration Packet Sniffers/Analyzers Pathway Analyzers (ping and traceroute)
9
Possible Motives With a possible expansion of DDoS attacks could make TCP/IP look unstable and undesireable MS could be waiting in the wings with a replacement technology to replace TCP/IP (Robert X. Cringely, author) proprietary (TCP/MS) –bad for us; good for MS
10
Countering Raw Sockets Attacks Egress Filtering - verifying that all packets leaving a network are really from that network at network edges/borders Locking Down Raw Sockets Raw Sockets Disabler and Socket Lock have been demonstrated to disable raw sockets usage in host machines where they are installed IP v6 IPv4 is susceptible to address spoofing, IPv6 is not
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.