Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Science and Engineering Computer System Security CSE 5339/7339 Session 25 November 16, 2004.

Published byDylan Haynes Modified over 9 years ago

Similar presentations

Presentation on theme: "Computer Science and Engineering Computer System Security CSE 5339/7339 Session 25 November 16, 2004."— Presentation transcript:

1 Computer Science and Engineering Computer System Security CSE 5339/7339 Session 25 November 16, 2004

2 Computer Science and Engineering Contents  Security in Networks  Group Work  Wing’s presentation

3 Computer Science and Engineering IP Protocol  Unreliable packet delivery service  Datagram (IPv4) Service TypeVERSHLENTOTAL LENGTH IDENTIFICATIONFLAGSFRAGMENT OFFSET TIME TO LIVEPROTOCOLHEADER CHECKSUM SOURCE ADDRESS DESTINATION ADDRESS PADDINGOPTIONS (IF ANY) DATA

4 Computer Science and Engineering Attacks  IP Spoofing  Teardrop attacks

5 Computer Science and Engineering ICMP (Internet Control Message Protocol)  Transmit error messages and unusual situations  Different types of ICMP have slightly different format TypeCodeCHECKSUM Unused (must be zero) DATA: Header and 1 st 64 bits of offending datagram ICMP time-exceeded message

6 Computer Science and Engineering ICMP (Echo request/reply)  Transmit error messages and unusual situations  Different types of ICMP have slightly different format TypeCodeCHECKSUM Sequence number DATA (optional) ICMP Echo Request/Reply Message Identifier

7 Computer Science and Engineering Ping of Death Attack  Denial of service attack (1 st in 1996)  Some systems did not handle oversized IP datagrams properly  An attacker construct an ICMP echo request containing 65,510 data octets and send it to victim  The total size of the resulting datagram would be larger than the 65.535 octet limit specified by IP  System would crash

8 Computer Science and Engineering SMURF  Attacker send echo request message to broadcast address  Attacker also spoofs source address in the request Intermediary Attacker Victim

9 Computer Science and Engineering UDP (User Datagram Protocol) CHECKSUM (optional) DATA LENGTH DESTINATION PORTSOURCE PORT  From one application to another (multiple destinations)  Port  positive integer (unique destination)

10 Computer Science and Engineering Attacks on UDP  Fraggle  Trinoo

11 Computer Science and Engineering Fraggle (similar to smurf)  UDP port 7 is used for echo service  An attacker can create a stream of user datagram with random source port and a spoofed source address  Destination port is 7 and destination source is a broadcast address at some intermediate site  The attack can get worse if the source port = 7  Could be prevented by filtering out UDP echo requests destined for broadcast addresses

12 Computer Science and Engineering spoofed source Victim’s host broadcast destination random source port destination Port = 7 spoofed source Victim’s host broadcast destination source Port = 7 destination Port = 7 Stream of UDP datagrams

13 Computer Science and Engineering Trinoo  Distributed denial of service  In smurf and fraggle, trafic comes from a single intermediate node.  Trinoo allows the attacker to flood the victim from hundreds intermediate sites simultaneously  Two programs: master and daemon – installed in many different stolen accounts

14 Computer Science and Engineering attacker master daemon Large number of UDP packets to random ports

15 Computer Science and Engineering TCP CODE BITSHLENRESVWINDOW URGENT POINTER SEQUENCE NUMBER PADDINGOPTIONS (IF ANY) DATA CHECKSUM DESTINATION PORTSOURCE PORT Acknowledgment  Reliable delivery  TCP messages are sent inside IP datagrams

16 Computer Science and Engineering TCP Overview  TCP segments are sent inside IP datagrams  TCP divides a stream of data into chncks that fit in IP datagrams  It ensures that each datagram arrives at its destination  Itthen reassembles the datagrams to produce the original message

17 Computer Science and Engineering TCP Overview (cont.)  TCP uses an acknowledgment-and retransmission scheme  TCP sending software keeps a record of each datagram and waits for an acknowledgment  If no acknowledgment is received during the timeout interval, the datagram is retransmitted

18 Computer Science and Engineering Host A Host B Establishing a TCP Connection Using a 3-way handshake Host AHost B Closing a TCP Connection (one way A to B) Message 1 (SYN + SEQ) Message 2 (SYN + SEQ + ACK) Message 3 (ACK) Message 1 (FIN + SEQ) Message 2 (ACK)

19 Computer Science and Engineering Group Work Discuss possible attacks

20 Computer Science and Engineering Attacks on TCP  SYN Flood  Half-opened connection table  LAND  Spoofed source address = destination address  Source port = destination port  Certain implementations  freezing  TRIBE Flood Network (TFN)  Similar to trinoo but more than one attack  UDP flood, smurf, SYN floods, and others

21 Computer Science and Engineering Probes and Scans Ping scan and traceroute (What machines exist on a given network and how they are arranged) Remote OS fingerprinting (What OS each detected host is running) (Different OS respond to invalid packets differently) (Example: FIN to connection that has not been opened) Port Scanning (Which ports are open?  port scanner) Open a TCP connection and close it immediately Use half opened connections

22 Computer Science and Engineering Wired Backbone with Mobile nodes Fixed Communication Network Fixed Host Fixed host Fixed Host Base Station Wired Backbone Mobile Host

23 Computer Science and Engineering Mobile IP (Cont.) Arbitrary Topology of Routers and Links Home Agent Mobile Host at Home Foreign Agent Mobile Host visiting A foreign subnet Home subnet Foreign subnet

24 Computer Science and Engineering Wireless Multi-hop Backbone Mobile Host

25 Computer Science and Engineering Hybrid backbone Fixed Communication Network Fixed Host Fixed host Fixed Host Base Station Wired Backbone Mobile Host Wireless Multi-hop Backbone Mobile Host Hybrid Backbone Mobile Host

Download ppt "Computer Science and Engineering Computer System Security CSE 5339/7339 Session 25 November 16, 2004."

Similar presentations

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Umut Girit 200535027.  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.

Umut Girit  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.
Prentice HallHigh Performance TCP/IP Networking, Hassan-Jain Chapter 2 TCP/IP Fundamentals.

Prentice HallHigh Performance TCP/IP Networking, Hassan-Jain Chapter 2 TCP/IP Fundamentals.
CISCO NETWORKING ACADEMY Chabot College ELEC 99.05 Transport Layer (4)

CISCO NETWORKING ACADEMY Chabot College ELEC Transport Layer (4)
CCNA – Network Fundamentals

CCNA – Network Fundamentals
Transmission Control Protocol (TCP)

Transmission Control Protocol (TCP)
Intermediate TCP/IP TCP Operation.

Intermediate TCP/IP TCP Operation.
CISCO NETWORKING ACADEMY PROGRAM (CNAP)

CISCO NETWORKING ACADEMY PROGRAM (CNAP)
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
UDP & TCP Where would we be without them!. UDP User Datagram Protocol.

UDP & TCP Where would we be without them!. UDP User Datagram Protocol.
CSE551: Computer Network Review r Network Layers r TCP/UDP r IP.

CSE551: Computer Network Review r Network Layers r TCP/UDP r IP.
Transport Layer – TCP (Part1) Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS School of Computing, UNF.

Transport Layer – TCP (Part1) Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS School of Computing, UNF.
Chapter 7 – Transport Layer Protocols

Chapter 7 – Transport Layer Protocols
Copyright 1999, S.D. Personick. All Rights Reserved. Telecommunications Networking II Lecture 32 Transmission Control Protocol (TCP) Ref: Tanenbaum pp:521-545.

Copyright 1999, S.D. Personick. All Rights Reserved. Telecommunications Networking II Lecture 32 Transmission Control Protocol (TCP) Ref: Tanenbaum pp:
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.

CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.
Internet Control Message Protocol (ICMP)

Internet Control Message Protocol (ICMP)
IP Basics. Physical Link Network IP ARP ICMP RoutingTables.

IP Basics. Physical Link Network IP ARP ICMP RoutingTables.
CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.

CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.
IP Basics. IP encapsulates TCP IP packets travel through many different routers (hops) before reaching it’s destination MTU variation at the physical.

IP Basics. IP encapsulates TCP IP packets travel through many different routers (hops) before reaching it’s destination MTU variation at the physical.

Similar presentations

Ads by Google