1 / 25

Computer System Security CSE 5339/7339

Computer System Security CSE 5339/7339. Session 25 November 16, 2004. Contents. Security in Networks Group Work Wing’s presentation. IP Protocol. VERS. HLEN. Service Type. TOTAL LENGTH. IDENTIFICATION. FLAGS. FRAGMENT OFFSET. Unreliable packet delivery service Datagram (IPv4).

rodd
Download Presentation

Computer System Security CSE 5339/7339

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer System SecurityCSE 5339/7339 Session 25 November 16, 2004

  2. Contents • Security in Networks • Group Work • Wing’s presentation

  3. IP Protocol VERS HLEN Service Type TOTAL LENGTH IDENTIFICATION FLAGS FRAGMENT OFFSET • Unreliable packet delivery service • Datagram (IPv4) TIME TO LIVE PROTOCOL HEADER CHECKSUM SOURCE ADDRESS DESTINATION ADDRESS OPTIONS (IF ANY) PADDING DATA

  4. Attacks • IP Spoofing • Teardrop attacks

  5. ICMP (Internet Control Message Protocol) • Transmit error messages and unusual situations • Different types of ICMP have slightly different format Type Code CHECKSUM Unused (must be zero) DATA: Header and 1st 64 bits of offending datagram ICMP time-exceeded message

  6. ICMP (Echo request/reply) • Transmit error messages and unusual situations • Different types of ICMP have slightly different format Type Code CHECKSUM Identifier Sequence number DATA (optional) ICMP Echo Request/Reply Message

  7. Ping of Death Attack • Denial of service attack (1st in 1996) • Some systems did not handle oversized IP datagrams properly • An attacker construct an ICMP echo request containing 65,510 data octets and send it to victim • The total size of the resulting datagram would be larger than the 65.535 octet limit specified by IP • System would crash

  8. SMURF • Attacker send echo request message to broadcast address • Attacker also spoofs source address in the request Intermediary Victim Attacker

  9. UDP (User Datagram Protocol) • From one application to another (multiple destinations) • Port  positive integer (unique destination) SOURCE PORT DESTINATION PORT LENGTH CHECKSUM (optional) DATA

  10. Attacks on UDP • Fraggle • Trinoo

  11. Fraggle (similar to smurf) • UDP port 7 is used for echo service • An attacker can create a stream of user datagram with random source port and a spoofed source address • Destination port is 7 and destination source is a broadcast address at some intermediate site • The attack can get worse if the source port = 7 • Could be prevented by filtering out UDP echo requests destined for broadcast addresses

  12. Victim’s host spoofed source broadcast destination random source port destination Port = 7 Stream of UDP datagrams Victim’s host spoofed source broadcast destination source Port = 7 destination Port = 7 Stream of UDP datagrams

  13. Trinoo • Distributed denial of service • In smurf and fraggle, trafic comes from a single intermediate node. • Trinoo allows the attacker to flood the victim from hundreds intermediate sites simultaneously • Two programs: master and daemon – installed in many different stolen accounts

  14. attacker master master master master daemon daemon daemon daemon Large number of UDP packets to random ports

  15. TCP SOURCE PORT DESTINATION PORT SEQUENCE NUMBER • Reliable delivery • TCP messages are sent inside IP datagrams Acknowledgment HLEN RESV CODE BITS WINDOW CHECKSUM URGENT POINTER OPTIONS (IF ANY) PADDING DATA

  16. TCP Overview • TCP segments are sent inside IP datagrams • TCP divides a stream of data into chncks that fit in IP datagrams • It ensures that each datagram arrives at its destination • Itthen reassembles the datagrams to produce the original message

  17. TCP Overview (cont.) • TCP uses an acknowledgment-and retransmission scheme • TCP sending software keeps a record of each datagram and waits for an acknowledgment • If no acknowledgment is received during the timeout interval, the datagram is retransmitted

  18. Message 1 (SYN + SEQ) Host B Host A Message 2 (SYN + SEQ + ACK) Message 3 (ACK) Establishing a TCP Connection Using a 3-way handshake Message 1 (FIN + SEQ) Host A Host B Message 2 (ACK) Closing a TCP Connection (one way A to B)

  19. Group Work Discuss possible attacks

  20. Attacks on TCP • SYN Flood • Half-opened connection table • LAND • Spoofed source address = destination address • Source port = destination port • Certain implementations  freezing • TRIBE Flood Network (TFN) • Similar to trinoo but more than one attack • UDP flood, smurf, SYN floods, and others

  21. Probes and Scans Ping scan and traceroute (What machines exist on a given network and how they are arranged) Remote OS fingerprinting (What OS each detected host is running) (Different OS respond to invalid packets differently) (Example: FIN to connection that has not been opened) Port Scanning (Which ports are open?  port scanner) Open a TCP connection and close it immediately Use half opened connections

  22. Mobile Host Mobile Host Wired Backbone Base Station Base Station Fixed Host Fixed Communication Network Fixed host Base Station Base Station Fixed Host Fixed Host Mobile Host Mobile Host Wired Backbone with Mobile nodes

  23. Mobile IP (Cont.) Foreign Agent Foreign subnet Home Agent Arbitrary Topology of Routers and Links Home subnet Mobile Host visiting A foreign subnet Foreign subnet Mobile Host at Home Foreign Agent

  24. Mobile Host Mobile Host Wireless Multi-hop Backbone Mobile Host Mobile Host Mobile Host Mobile Host Mobile Host Mobile Host Mobile Host Mobile Host Mobile Host Mobile Host Wireless Multi-hop Backbone

  25. Hybrid Backbone Mobile Host Mobile Host Wired Backbone Base Station Base Station Mobile Host Fixed Host Fixed Communication Network Fixed host Base Station Base Station Fixed Host Fixed Host Mobile Host Mobile Host Wireless Multi-hop Backbone Mobile Host Mobile Host Mobile Host Mobile Host Mobile Host Mobile Host Mobile Host Mobile Host Mobile Host Mobile Host Mobile Host Mobile Host Mobile Host Hybrid backbone

More Related