TCP/IP Vulnerabilities

1
 TCP/IP
• The Internet protocol suite is the set of communications
protocols used for the Internet and similar networks, and
generally the most popular protocol stack for wide area
networks.

• It is commonly known as TCP/IP, because of its most

important protocols: Transmission Control Protocol (TCP)
and Internet Protocol (IP), which were the first networking
protocols defined in this standard.

• It is occasionally known as the DoD model due to the

foundational influence of the ARPANET in the 1970s
(operated by DARPA, an agency of the United States
Department of Defense).
2
 TCP/IP
• TCP/IP provides end-to-end connectivity specifying
how data should be:
– Formatted
– Addressed
– Transmitted
– Routed and
– Received at the destination.

• It has four abstraction layers, each with its own

protocols. From lowest to highest, the layers are:
3
 TCP/IP
Four Abstraction Layers
• The link layer (commonly Ethernet) contains
communication technologies for a local network.

• The internet layer (IP) connects local networks, thus

establishing internetworking.

• The transport layer (TCP) handles host-to-host

communication.

• The application layer (for example HTTP) contains all

protocols for specific data communications services on
a process-to-process level (for example how a web
browser communicates with a web server).
4
 TCP
• The Transmission Control Protocol (TCP) is one of the
core protocols of the Internet Protocol Suite. TCP is one of the two
original components of the suite, complementing the Internet
Protocol (IP), and the entire suite is commonly referred to as TCP/IP.

• TCP provides reliable, ordered delivery of a stream of octets from a

program on one computer to another program on another computer.

• TCP is the protocol used by major Internet applications such as

the World Wide Web, email, remote administration and file transfer.

• Other applications, which do not require reliable data stream service,

may use the User Datagram Protocol (UDP), which provides
a datagram service that emphasizes reduced latency over5 reliability.
 IP
• The Internet Protocol (IP) is the principal communications protocol used for
relaying datagram’s (also known as network packets) across
an internetwork using the Internet Protocol Suite.

• Responsible for routing packets across network boundaries, it is the primary

protocol that establishes the Internet

• IP is the primary protocol in the Internet Layer of the Internet Protocol Suite
and has the task of delivering datagram's from the source host to the
destination host solely based on the addresses

• For this purpose, IP defines datagram structures that encapsulate the data
to be delivered

• It also defines addressing methods that are used to label the datagram
source and destination

6
 TCP/IP Network Vulnerability -
Security
• The TCP/IP protocol suite has a number of vulnerability and security flaws
inherent in the protocols. Those vulnerabilities are often used by crackers
for Denial of Service (DOS) attacks, connection hijacking and other attacks.

• The following are the major TCP/IP security problems:

• TCP SYN attacks (or SYN Flooding). Uses sequence numbers to ensure data
is given to the user in the correct order.

• sequence numbers are established during the opening phase of a TCP

connection in the three-way handshake.

• TCP SYN attacks take advantage of a flaw in how most hosts implement TCP
three-way handshake.

7
 Flaws in hosts implement
TCP three-way handshake
• When Host B receives the SYN request from A,
• it must keep track of the partially opened connection in a "listen queue" for
at least 75 seconds
• and a host can only keep track of a very limited number of connections.

• A malicious host can exploit the small size of the listen queue by sending
multiple SYN requests to a host

• But never replying to the SYN&ACK the other host sends back

• By doing so, the other host's listen queue is quickly filled up, and it will stop
accepting new connections, until a partially opened connection in the
queue is completed or times out.

• This ability to effectively remove a host from the network for at least 75
seconds can be used as a denial-of-service attack, or it can be used to
implement other attacks, like IP Spoofing. (forged source to steal data)
8
 IPv4 & IPv6
Each device on the Internet, such as a computer or mobile
telephone, must be assigned an IP address in order to
communicate with other devices.

• IPv6 (Internet Protocol version 6) is a revision of

the Internet Protocol (IP) developed by the Internet
Engineering Task Force (IETF).

• IPv6 is intended to succeed IPv4, which is the

dominant communications protocol for most Internet
traffic as of 2012
• IPv6 was developed to deal with the long-anticipated
problem of IPv4 running out of addresses.

• IPv6 implements a new addressing system that allows for

far more addresses to be assigned than with IPv4.
9
 IPv4 & IPv6
• With the ever-increasing number of new devices being connected
to the Internet, there is a need for more addresses than IPv4 can
accommodate.

• IPv6 uses 128-bit addresses, allowing for 2128, or approximately

3.4×1038 addresses.

• IPv4 uses 32-bit addresses, allowing for only 4,294,967,296

unique addresses worldwide.

• Because the headers of IPv4 packets and IPv6 packets are

significantly different, the two protocols are not interoperable.

• World IPv6 Launch day kick-off date was on the 6th of June, 2012.

10
 Threat Model
The major threats to any active networking system are to
the public resources of the system such as:

• the CPU,
• memory
• network
• contents of the system i.e:
• the packets
• the information stored on routers

These threats imply that there could be various forms of

attack on a network irrespective of whether it is WAN
or LAN.
11
 Threat Model
To organise the resources available to you, all the security
resources must be identified e.g.:

• Controls
• Authentication – Checks weather user is true
• Multifactor authentication – e.g. ATM Card &PIN
• Authorisation – Give access to user
• Approval
• Investigation schemes & Technology

By organising the above will ensure security controls are being

implemented and will also help enforce organisational
regulations.
12
 Risk Access Spots
Areas to investigate are the Risk Access Spots which
may vary from one environment to another such as
the:

• Data - packets, address, header, frame, datagram

• Transmission Media
• Space (Wireless & Satellite)
• Sea (Submarine cables)
• Land (Coaxial/Twisted pair)
• Underground cables
13
 Risk Access Spots
Service Providers
• IP Address
• Routers & Switches
• Hubs
• Operating System
• Gateway
• Bridges
• Port Addresses

14
 Risk Access Spots

Server
• Client
• Web
• Cache
• Application
• Database

15
 Risk Access Spots

Authentication
• User ID
• Password
• Encryption

16
 Information Gathering
• The information gathered from carrying out research into
the above security risk areas will provide us the feedback
that is needed to establish

• Controls -: To put policies and procedures in place to ensure

that the security measures are implemented

• Access Rights -: The type of information that has to be

available to Individuals, Groups and other uses

• This is where treats like DOS is most damaging because of

the greater expressibility of active network programs
compared to traditional passive packet headers, there is
greater potential for the misuse of the system’s public
resources, thus denying service to other programs.
17
 Information Protection
• Programs should be protected from interference by other programs.
• One program should not be able to read or write data private to another
program without authorization, either while the packet program is in transit
or when it is running (i.e., no packet or program snooping).

• This property implies program isolation.

•
• Greater privileges will be given to some packets such as those associated
with the administrator’s node’s.

• Important that these packets are properly authenticated and that no

impersonation or spoofing attacks be possible.

• The authentication and authorization mechanisms should also be robust

against replay attacks, in which valid, but old messages are replayed in an
attempt to gain illegal access are denied.

18