1. TCP/IP Network and Firewall

2. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet

3. TCP Packet Flags  00: URG  01: ACK  02: PSH  03: RST  04: SYN  05: FIN

4. Communication During TCP Session PC 1. SYN (open)  3. ACK (2)  4. Data=HTTP  Request 7. FIN  10. ACK(9) Webserver  2. SYN, ACK(1)  5. ACK(4)  6. Data=HTTP Response  8. ACK(7)  9. FIN

5. SYN/ACK Probing Attack Attacker send SYN/ACK segment  To confuse the server and make server to respond Victim respond RST segment  Show server information

6. TCP Port Numbers Server and Well-Known Port Numbers  Port numbers from 0 to 1023  Should only be used by privileged application Port 80 – HTTP Port 21 – FTP Port 20 – SMTP Registered Port Number  Port number from 1024 to 49512  Used by other applications Port 1433/tcp – MSSQL Port 1352/tcp -- Lotus Note

7. TCP Port Numbers Con. Private / Dynamic Port Number  Port numbers from 49153 to 65535  Client use the port number to connect to server Client 60.171.18.22 Web Server 60.171.17.13 Port 80 open From: 60.171.18.22: 50047 To: 60.171.17.13:80 From: 60.171.17.13:80 To: 60.171.18.22: 50047 SMTP Server 60.171.17.120 Port 25 open From: 60.171.18.22: 63003 To: 60.171.17.120:25

8. Port Spoofing Application use well-known port number despite not being the service that normally uses that port number For example HTTP service.

9. UDP Packet UTP datagram is far simpler than the TCP segment because UDP is connectionless UDP is susceptible to port number spoofing

10. Internet Control Massage (ICMP) Network Analysis Message  Echo (Type 8)  Echo Reply (Type 0) Error Advisement Message  Host Unreachable (Type 3)  Time Exceeded (Type 11) Control Message  Source Quench (Type 4)  Redirect (Type 5)