Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Figure 3-13: Internet Protocol (IP) IP Addresses and Security  IP address spoofing: Sending a message with a false IP address (Figure 3-17)  Gives.

Published byGerard Booker Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Figure 3-13: Internet Protocol (IP) IP Addresses and Security  IP address spoofing: Sending a message with a false IP address (Figure 3-17)  Gives."— Presentation transcript:

1

2 1 Figure 3-13: Internet Protocol (IP) IP Addresses and Security  IP address spoofing: Sending a message with a false IP address (Figure 3-17)  Gives sender anonymity so that attacker cannot be identified  Can exploit trust between hosts if spoofed IP address is that of a host the victim host trusts

3 2 Figure 3-17: IP Address Spoofing Trusted Server 60.168.4.6 Victim Server 60.168.47.47 1. Trust Relationship 2. Attack Packet Spoofed Source IP Address 60.168.4.6 Attacker’s Identity is Not Revealed Attacker’s Client PC 1.34.150.37 3. Server Accepts Attack Packet

4 3 Figure 3-13: Internet Protocol (IP) (Study Figure) IP Addresses and Security  LAND attack: send victim a packet with victim’s IP address in both source and destination address fields and the same port number for the source and destination (Figure 3-18). In 1997, many computers, switches, routers, and even printers, crashed when they received such a packet.

5 4 Figure 3-18: LAND Attack Based on IP Address Spoofing Victim 60.168.47.47 Port 23 Open Crashes From: 60.168.47.47:23 To: 60.168.47.47:23 Attacker 1.34.150.37 Source and Destination IP Addresses are the Same Source and Destination Port Numbers are the Same

6 5 Figure 3-13: Internet Protocol (IP) (Study Figure) Other IP Header Fields  Protocol field: Identifies content of IP data field Firewalls need this information to know how to process the packet  Time-to-Live field Each router decrements the TTL value by one Router decrementing TTL field to zero discards the packet

7 6 Figure 3-13: Internet Protocol (IP) (Study Figure) Other IP Header Fields  Time-to-Live field Router also sends an error advisement message to the sender The packet containing this message reveals the sender’s IP address to the attacker Traceroute uses TTL to map the route to a host (Figure 3-19)  Tracert on Windows machines

8 7 Figure 3-19: Tracert Program in Windows

9 8 Figure 3-13: Internet Protocol (IP) (Study Figure) Other IP Header Fields  Header Length field and Options With no options, Header Length is 5  Expressed in units of 32 bits  So, 20 bytes Many options are dangerous  So if Header Length is More Than 5, be Suspicious  Some firms drop all packets with options

10 9 Figure 3-13: Internet Protocol (IP) (Study Figure) Other IP Header Fields  Length Field Gives length of entire packet Maximum is 65,536 bytes Ping-of-Death attack sent IP packets with longer data fields Many systems crashed

11 10 Figure 3-20: Ping-of-Death Attack Victim 60.168.47.47 Crashes IP Packet Containing ICMP Echo Message That is Illegally Long Attacker 1.34.150.37

12 11 Figure 3-13: Internet Protocol (IP) (Study Figure) Other IP Header Fields  Fragmentation Routers may fragment IP packets (really, packet data fields) en route  All fragments have same Identification field value  Fragment offset values allows fragments to be ordered  More fragments is 0 in the last fragment Harms packet inspection: TCP header, etc. only in first packet in series  Cannot filter on TCP header, etc. in subsequent packets

13 12 Figure 3-22: TCP Header is Only in the First Fragment of a Fragmented IP Packet 5. Firewall 60.168.47.47 Can Only Filter TCP Header in First Fragment Attacker 1.34.150.37 1. Fragmented IP Packet 2. Second Fragment 4. TCP Data Field No TCP Header IP Header TCP Data Field 2. First Fragment IP Header 3. TCP Header Only in First Fragment

14 13 Figure 3-13: Internet Protocol (IP) (Study Figure) Other IP Header Fields  Fragmentation Teardrop attack: Crafted fragmented packet does not make sense when reassembled Some firewalls drop all fragmented packets, which are rare today

15 14 Figure 3-21: Teardrop Denial-of- Service Attack Victim 60.168.47.47 Crashes Attack Pretends to be Fragmented IP Packet When Reassembled, “Packet” does not Make Sense. Gaps and Overlaps Attacker 1.34.150.37 “Defragmented” IP Packet” GapOverlap

16 15 Figure 3-24: IP Packet with a TCP Segment Data Field Source Port Number (16 bits)Destination Port Number (16 bits) Bit 0 Bit 31 Acknowledgment Number (32 bits) Sequence Number (32 bits) TCP Checksum (16 bits) Window Size (16 bits) Flag Fields (6 bits) Reserved (6 bits) Header Length (4 bits) Urgent Pointer (16 bits) IP Header (Usually 20 Bytes)

Download ppt "1 Figure 3-13: Internet Protocol (IP) IP Addresses and Security  IP address spoofing: Sending a message with a false IP address (Figure 3-17)  Gives."

Similar presentations

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
IP Fragmentation. MTU Maximum Transmission Unit (MTU) –Largest IP packet a network will accept –Arriving IP packet may be larger IP Packet MTU.

IP Fragmentation. MTU Maximum Transmission Unit (MTU) –Largest IP packet a network will accept –Arriving IP packet may be larger IP Packet MTU.
Introduction1-1 message segment datagram frame source application transport network link physical HtHt HnHn HlHl M HtHt HnHn M HtHt M M destination application.

Introduction1-1 message segment datagram frame source application transport network link physical HtHt HnHn HlHl M HtHt HnHn M HtHt M M destination application.
Leon-Garcia & Widjaja: Communication Networks Copyright ©2000 The McGraw Hill Companies A Little More on Chapter 7 And Start Chapter 8 TCP/IP.

Leon-Garcia & Widjaja: Communication Networks Copyright ©2000 The McGraw Hill Companies A Little More on Chapter 7 And Start Chapter 8 TCP/IP.
Module A.  This is a module that some teachers will cover while others will not  This module is a refresher on networking concepts, which are important.

Module A.  This is a module that some teachers will cover while others will not  This module is a refresher on networking concepts, which are important.
Network Layer Packet Forwarding IS250 Spring 2010

Network Layer Packet Forwarding IS250 Spring 2010
Internet Control Message Protocol (ICMP). Introduction The Internet Protocol (IP) is used for host-to-host datagram service in a system of interconnected.

Internet Control Message Protocol (ICMP). Introduction The Internet Protocol (IP) is used for host-to-host datagram service in a system of interconnected.
1 TCP/IP Internetworking (February 1, 2012) © Abdou Illia – Spring 2012.

1 TCP/IP Internetworking (February 1, 2012) © Abdou Illia – Spring 2012.
CSEE W4140 Networking Laboratory Lecture 6: TCP and UDP Jong Yul Kim 03.01.2010.

CSEE W4140 Networking Laboratory Lecture 6: TCP and UDP Jong Yul Kim
Examining IP Header Fields

Examining IP Header Fields
Source Port # (16)Destination Port # (16) Sequence Number (32 bits) Acknowledgement Number (32 bits) Hdr Len (4) Flags (6)Window Size (16) Options (if.

Source Port # (16)Destination Port # (16) Sequence Number (32 bits) Acknowledgement Number (32 bits) Hdr Len (4) Flags (6)Window Size (16) Options (if.
1 Internet Control Message Protocol (ICMP) RIZWAN REHMAN CCS, DU.

1 Internet Control Message Protocol (ICMP) RIZWAN REHMAN CCS, DU.
ECE-6612 Prof. John A. Copeland 404 894-5177 fax 404 894-0035 Office: Klaus 3362.

ECE Prof. John A. Copeland fax Office: Klaus 3362.
Module A Panko and Panko Business Data Networks and Security, 9 th Edition © 2013 Pearson.

Module A Panko and Panko Business Data Networks and Security, 9 th Edition © 2013 Pearson.
ITIS 6167/8167: Network Security Weichao Wang. 2 Contents ICMP protocol and attacks UDP protocol and attacks TCP protocol and attacks.

ITIS 6167/8167: Network Security Weichao Wang. 2 Contents ICMP protocol and attacks UDP protocol and attacks TCP protocol and attacks.
1 Figure 3-33: Internet Control Message Protocol (ICMP) ICMP is for Supervisory Messages at the Internet Layer ICMP and IP  An ICMP message is delivered.

1 Figure 3-33: Internet Control Message Protocol (ICMP) ICMP is for Supervisory Messages at the Internet Layer ICMP and IP  An ICMP message is delivered.
Internet Control Message Protocol ICMP. ICMP has two major purposes: –To report erroneous conditions –To diagnose network problems ICMP has two major.

Internet Control Message Protocol ICMP. ICMP has two major purposes: –To report erroneous conditions –To diagnose network problems ICMP has two major.
Petrozavodsk State University, Alex Moschevikin, 2003NET TECHNOLOGIES Internet Control Message Protocol ICMP author -- J. Postel, September 1981. The purpose.

Petrozavodsk State University, Alex Moschevikin, 2003NET TECHNOLOGIES Internet Control Message Protocol ICMP author -- J. Postel, September The purpose.
Internet Protocol (IP)

Internet Protocol (IP)
Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 1 Internet Control Message Protocol (ICMP) Shivkumar Kalyanaraman Rensselaer Polytechnic Institute.

Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 1 Internet Control Message Protocol (ICMP) Shivkumar Kalyanaraman Rensselaer Polytechnic Institute.

Similar presentations

Ads by Google