Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSE 461 Section. Let’s learn things first! Joke Later!

Published byAlexandra Jefferson Modified over 9 years ago

Similar presentations

Presentation on theme: "CSE 461 Section. Let’s learn things first! Joke Later!"— Presentation transcript:

1 CSE 461 Section

2 Let’s learn things first! Joke Later!

3 What do we mean by “reliable?” We know when the other party receives or doesn’t receive certain data Data arrives intact Data arrives in the correct order (to the application layer, at least) TCP Is Reliable

4 What’s the main mechanism for ensuring this reliability? Sequence numbers! They allow packets to be identified, acknowledged, and, implicitly re-requested For TCP to work, clients must know each other’s sequence number schemes Where This Reliability Comes From

5 Need to synchronize with each other’s sequence numbers How can we do this? Active open vs. passive open connect() vs. listen() SYN packet Send own sequence number A SYN/ACK packet Acknowledge with A+1, send own sequence number B ACK packet Acknowledge with B+1 Demonstration Starting Communication: The Three-Way Handshake

6 Three-Way Handshake Diagram

7 We need a protocol for stopping communications What could we do? Let’s send packets to close the connection! FIN/ACK sequence Ending Communications

8 TCP FSA

9 TCP Half-Open One client is in the open state; the other is not How could this happen? One endpoint has crashed One endpoint has removed the socket One endpoint has received a SYN and sent a SYN/ACK, but the other side has not ACKed the SYN/ACK yet One endpoint has sent a FIN and received an ACK, but the other side has not sent a FIN yet RST packet often sent in these cases TCP Half-Open

10 Hosts allocate a TCB (Transmission Control Block) on receipt of a SYN packet and put in the “SYN queue” They then send a SYN/ACK and wait for an ACK response However, what if one host sends lots of SYNs and no ACKs? Causes the receiving host to allocate lots of TCBs, filling up resources This attack is called “SYN flooding” SYN Flooding

11 What ideas can we think of to make it so that SYN flooding doesn’t work? Constraint: we don’t want to break TCP!) Identify SYN flooders and filter their packets Reduce our timeout until we garbage-collect TCBs Recycle half-open TCP connections Use SYN cookies Sequence number encodes all of the data that would otherwise be stored This allows us to garbage-collect our SYN queue and still respond to subsequent ACKs SYN Flooding Countermeasures

12 TCP is not (by default) encrypted This means anyone sniffing our packets can see the sequence numbers being used How is this a problem? For many protocols, the sequence and acknowledgement numbers are the other “security” Using these numbers can make a host think that you’re sending the next packet in a communication session This can cause the communication to be re-addressed to a new IP address/port TCP Connection Hijacking

13 In TCP, how does a server know to discard a duplicate packet? What does it check for? Correct checksum Same sequence number How are sequence numbers generated? Randomly at first, then incremented Often, this increment is unpredictable, and depends on received data length How could we secret inject a packet into communication? Predict the length and sequence number of some data in the future Pre-empt that data with a similar packet TCP Veto

14 Two jokes Joke Time

15 Questions?

Download ppt "CSE 461 Section. Let’s learn things first! Joke Later!"

Similar presentations

Introduction 1 Lecture 13 Transport Layer (Transmission Control Protocol) slides are modified from J. Kurose & K. Ross University of Nevada – Reno Computer.

Introduction 1 Lecture 13 Transport Layer (Transmission Control Protocol) slides are modified from J. Kurose & K. Ross University of Nevada – Reno Computer.
TCP/IP Christopher Zacky. lolwut Decimal Numbers.

TCP/IP Christopher Zacky. lolwut Decimal Numbers.
TCP Flooding. TCP handshake C S SYN C SYN S, ACK C ACK S Listening Store data Wait Connected.

TCP Flooding. TCP handshake C S SYN C SYN S, ACK C ACK S Listening Store data Wait Connected.
Transportation Layer (2). TCP full duplex data: – bi-directional data flow in same connection – MSS: maximum segment size connection-oriented: – handshaking.

Transportation Layer (2). TCP full duplex data: – bi-directional data flow in same connection – MSS: maximum segment size connection-oriented: – handshaking.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
TCP - Part I Relates to Lab 5. First module on TCP which covers packet format, data transfer, and connection management.

TCP - Part I Relates to Lab 5. First module on TCP which covers packet format, data transfer, and connection management.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 OSI Transport Layer Network Fundamentals – Chapter 4.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 OSI Transport Layer Network Fundamentals – Chapter 4.
Transport Layer – TCP (Part2) Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS School of Computing, UNF.

Transport Layer – TCP (Part2) Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS School of Computing, UNF.
CISCO NETWORKING ACADEMY PROGRAM (CNAP)

CISCO NETWORKING ACADEMY PROGRAM (CNAP)
UDP & TCP Where would we be without them!. UDP User Datagram Protocol.

UDP & TCP Where would we be without them!. UDP User Datagram Protocol.
1 TCP - Part I Relates to Lab 5. First module on TCP which covers packet format, data transfer, and connection management.

1 TCP - Part I Relates to Lab 5. First module on TCP which covers packet format, data transfer, and connection management.
1 CS 4396 Computer Networks Lab Transmission Control Protocol (TCP) Part I.

1 CS 4396 Computer Networks Lab Transmission Control Protocol (TCP) Part I.
Computer Networks 2 Lecture 2 TCP – I - Transport Protocols: TCP Segments, Flow control and Connection Setup.

Computer Networks 2 Lecture 2 TCP – I - Transport Protocols: TCP Segments, Flow control and Connection Setup.
UNIT 07 Process – to – Process Delivery: UDP,TCP and SCTP

UNIT 07 Process – to – Process Delivery: UDP,TCP and SCTP
Slide 1 Attacks on TCP/IP. slide 2 Security Issues in TCP/IP uNetwork packets pass by untrusted hosts Eavesdropping (packet sniffing) uIP addresses are.

Slide 1 Attacks on TCP/IP. slide 2 Security Issues in TCP/IP uNetwork packets pass by untrusted hosts Eavesdropping (packet sniffing) uIP addresses are.
CSE 461: Transport Layer Connections. Naming Processes/Services  Process here is an abstract term for your Web browser (HTTP), servers (SMTP),

CSE 461: Transport Layer Connections. Naming Processes/Services  Process here is an abstract term for your Web browser (HTTP), servers (SMTP),
CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.

CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.
1 CCNA 2 v3.1 Module 10. 2 Intermediate TCP/IP CCNA 2 Module 10.

1 CCNA 2 v3.1 Module Intermediate TCP/IP CCNA 2 Module 10.
TCP. Learning objectives Reliable Transport in TCP TCP flow and Congestion Control.

TCP. Learning objectives Reliable Transport in TCP TCP flow and Congestion Control.
Ch 23 Ameera Almasoud Based on Data Communications and Networking, 4th Edition. by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007.

Ch 23 Ameera Almasoud Based on Data Communications and Networking, 4th Edition. by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007.

Similar presentations

Ads by Google