Professional Documents
Culture Documents
Domain #1 Network Security Tcp/Ip
Domain #1 Network Security Tcp/Ip
TCP/IP Overview
Copyright SecureNinja.com 2000-2011 All rights Reserved
The De Facto standard for Internetworking Also called Internet Protocol (IP) Internet was ARPANET designed by DARPA
Initially mostly friendly groups connected together Universities, Government, researchers, etc Now millions of computer worldwide
OSI
Application
Presentation Session
RFC 1122 (in bold) Application Transport / Host to Host Internet / Network Access
Transport Network
Routing Datagrams
Host A1
Copyright SecureNinja.com 2000-2011 All rights Reserved
Gateway G1 Internet
Gateway G2 Internet
Link Layer
Link Layer
Link Layer
Link Layer
Network A
Network B
Network C
Data Encapsulation
Application Layer
Copyright SecureNinja.com 2000-2011 All rights Reserved
Data
Data
Header
Data
Header
Header
Data
Data Structures (1 of 2)
Application Layer
Copyright SecureNinja.com 2000-2011 All rights Reserved
TCP stream
UDP message
Link Layer
frame
frame
Data Structures (2 of 2)
Transmission Methods
Unicast From one station to another station
Copyright SecureNinja.com 2000-2011 All rights Reserved
Broadcast From one station to all the stations on the same LAN Multicast From one station to multiple selected locations Information sent only once over the networks Routers must be configured appropriately
Ethernet Overview
Commonly called ARP Station on Ethernet network communicate using MAC You know the IP address but not the MAC address
Gratuitous ARP
Requests that are NOT normally needed
Copyright SecureNinja.com 2000-2011 All rights Reserved
Same as doors within a building Ease communication between entities A 16 bit field within the TCP and UDP packets IANA Internet Assigned Numbers Authority Well Known ports are from 0-1023 (0 is not used on IPV4) Registered ports are from 1024 to 49151 Dynamic and/or Private Ports are from 49152 to 65535 Ephemeral ports (short live connections) Some OS dare to be different, see the notes Windows Server 2003 is from 1025 to 5000
http://www.iana.org
HTTP
110 POP3
500 IKE
443 HTTPS
20/21 FTP 23 Telnet
119 NNTP
123 NTP 143 IMAP
1701 L2TP
1723 PPTP 1812 RADIUS AUTH
25
88 53
SMTP
22
69
SSH
TFTP
Protocol Numbers
Copyright SecureNinja.com 2000-2011 All rights Reserved
# /etc/protocols # Internet (IP) protocols # ip 0 IP # internet protocol icmp 1 ICMP # internet control message protocol ggp 3 GGP # gateway-gateway protocol tcp 6 TCP # transmission control protocol egp 8 EGP # exterior gateway protocol pup 12 PUP # PARC universal packet protocol udp 17 UDP # user datagram protocol hmp 20 HMP # host monitoring protocol xns-idp NSIDP # Xerox NS IDP rdp 27 RDP # "reliable datagram" protocol
IP (Internet Protocol)
Copyright SecureNinja.com 2000-2011 All rights Reserved
IP provides the basic packet delivery service on which TCP/IP networks are built. All TCP/IP data flows through IP, incoming and outgoing, regardless of its final destination The Internet Protocol functions include: Defines the datagram, which is the basic unit of transmission on the internet Defines the Internet addressing scheme Moving data between the Network Access Layer and the Transport Layer Routing of datagrams to remote hosts Performs fragmentation and re-assembly of datagrams.
IP Datagram
The datagram is the packet format defined by IP
Copyright SecureNinja.com 2000-2011 All rights Reserved
The first five or six 32-bit words, (default is 5) of the datagram are control information called header.
The header contains all the information necessary to deliver the packet. No error detection or recovery
IP Datagram Format
Reliable data transfer Stream-oriented data transfer Push functions Resequencing Flow control ( sliding windows ) Multiplexing Full-duplex transmission Precedence and security Graceful close
3044,23 SYN
12
16
20
24
28
31
1 2
Destination Port
Words
3 4 5 6
Acknowledgment Number Offset Reserved Checksum Options data begins here ... Flags Window Urgent Pointer Padding
Header
UDP Protocol
User Datagram Protocol
Copyright SecureNinja.com 2000-2011 All rights Reserved
A connectionless protocol
Uses best effort A lot less overhead than TCP
Bits
12
16
20
24
28
31
Source Port
Length
Each address has four integers separated by periods Each integers represents 8 bits of the 32 bits address Values are from 0 (network) to 255 (broadcast)
IP Addressing
140.179.220.200
Copyright SecureNinja.com 2000-2011 All rights Reserved
We see the address in the decimal form Your computer sees it in the binary form Lets decode the first octet (140) on the next slide
2 64
3 32
4 16
5 8
6 4
7 2
8 1
27 1
128 128 128
26 0
64 0
25 0
32 0
24 0
16 0
23 1
8 8 8
22 1
4 4 4
21 0
2 0
20 0
1 0 = 140
Classes of IP addresses
As mentioned previously, all IP addresses are 32 bit
Copyright SecureNinja.com 2000-2011 All rights Reserved
Classes of IP addresses
Class A IP addresses
Has an 8 bits network ID starting with 0
Copyright SecureNinja.com 2000-2011 All rights Reserved
Class B IP addresses
Has 16 bits network ID starting with 1-0
Copyright SecureNinja.com 2000-2011 All rights Reserved
Class C IP addresses
Has 24 bits network ID starting with 1-1-0
Copyright SecureNinja.com 2000-2011 All rights Reserved
Resume of classes
Copyright SecureNinja.com 2000-2011 All rights Reserved
The number of addresses usable for addressing specific hosts in each network is always 2N 2
Classful versus Classless Inter-Domain Routing (CIDR)
Subnetting VLSM (Variable Length Subnet Mask) No longer dependent of 8, 16, 24 network numbers
What is subnetting
It is making use of the host portion of the address
Copyright SecureNinja.com 2000-2011 All rights Reserved
SubNetwork Mask
NNNNNNNN.NNNNNNNN.NNNNNNNN.NNNHHHHH
11111111.11111111.11111111.11100000
Subnetting Scenario
So we have 1 Class C Network (206.15.143.0) We have 254 host address available (1 to 254)
Copyright SecureNinja.com 2000-2011 All rights Reserved
But what if we need 5 different networks Each network has no more than 30 hosts each Do we apply for 4 more Class C licenses?
one for each network
Your ISP might no longer love you and may tell you to get smart! You would be wasting 224 addresses on each network, a total of 1120 addresses would be wasted ! Not good Are you out of luck? Subnetting is coming to the rescue
Our needs
We know we need at least 5 subnets We are on a class C network with 8 bits for the hosts
Copyright SecureNinja.com 2000-2011 All rights Reserved
Borrowing bits
Lets review what portion is what: We have a Class C address:
Copyright SecureNinja.com 2000-2011 All rights Reserved
NNNNNNNN.NNNNNNNN.NNNNNNNN.HHHHHHHH
With a Subnet mask of:
11111111.11111111.11111111.00000000
NNNNNNNN.NNNNNNNN.NNNNNNNN.NNNHHHHH
This will change our subnet mask to the following: 11111111.11111111.11111111.11100000 Above is how the computer will see our new subnet mask, but we need to express it in decimal form as well:
255.255.255.224
(128+64+32=224)
Subnet addresses
Remember our values:
Copyright SecureNinja.com 2000-2011 All rights Reserved
128
64
32
16
Equals
0
0 1
1
1 0
0
1 0
H
H H
H
H H
H
H H
H
H H
H
H H
64
96 128
1
1
0
1
1
0
H
H
H
H
H
H
H
H
H
H
160
192
Antiquated Protocols
Finger Chargen & Echo Daytime Telnet FTP SNMP SMTP POP3
Copyright SecureNinja.com 2000-2011 All rights Reserved
IP Version 6 aka IPng (Next Generation) The differences are in five major areas:
Addressing and routing Security Network address translation Administrative workload, and Mobile Computing
IP Version 6 Migration
Copyright SecureNinja.com 2000-2011 All rights Reserved
Over 30 IPv6 RFCs written since 1994 Migration from V4 to V6 will take time
Standard and Procedures for coexistence of both Tunneling IPv6 within IPv4 Tunneling IPv4 within IPv6 Double stacks used at the same time
IPv6 Advantages (1 of 2)
Copyright SecureNinja.com 2000-2011 All rights Reserved
Huge address space (2128) Makes NAT and it issues no longer necessary Reduces Configuration and Management
Support Stateless Auto Configuration Creates a guaranteed unique IP address
Combines LAN MAC with prefix provided by router DHCP is no longer needed, DHCPV6 can still be used
IPv6 Advantages (2 of 2)
Quality of Service (QoS) on VPNs
Copyright SecureNinja.com 2000-2011 All rights Reserved
IPSEC is required and built-in Router dont fragment packets, only host ICMPv6 Router Solicitation and Advertisement
Determine the IP address of the best gateway It is a requirement
Multicast (a requirement in IPv6) From one station to multiple selected stations Information sent only once over the networks Anycast Sent to a group of nodes/stations Needs to be delivered to at least one node and not all of them
Mobile nodes can change their location and addresses without loosing existing connections through which the nodes are communicating Supported at Internet Level Thus transparent Use two types of IP addresses: The IPv6 address; and The Mobile IP Address
Neighbor Discovery prevent it remotely on IPv6 Could be possible if tunneling IPv6 over IPv4
1. 2. 3.
A attacker with access to the network sends an Echo Request with the source address as User 2 and the destination as the User 1. The victim receives this echo request and sends an Echo Reply to User 2. The attacker then creates a redirect packet with the Echo Reply attached. The packet is constructed with the source as the router and the destination as User 1 and in this packet tells User 1 to redirect all traffic for User 2 to the attacker. The Hacker then receives packets from User 1 and can spoof User 2.
Questions?
Copyright SecureNinja.com 2000-2011 All rights Reserved