1 / 16

CS 5565 Network Architecture and Protocols

This lecture covers the principles of TCP connection management, including the 3-way handshake and closing a connection. Topics include initial sequence number reuse, sequence number prediction attacks, and SYN attacks.

billterry
Download Presentation

CS 5565 Network Architecture and Protocols

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CS 5565Network Architecture and Protocols Godmar Back Lecture 23

  2. Announcements • Project 1B due Today, 11:59pm • See my note on forum about router queue size • Midterm March 22 • See sample midterm from last year • Won’t cover NAT on midterm • Reading Assignment: Chapter 3 • 3.5-3.8 TCP, except for 3.7.2 • FAST TCP Paper CS 5565 Spring 2006

  3. Study of TCP: Outline • segment structure • reliable data transfer • flow control • connection management [ Principles of congestion control ] • TCP congestion control [ Network Address Translation ] CS 5565 Spring 2006

  4. TCP Connection Management

  5. Recall: TCP sender, receiver establish “connection” before exchanging data segments initialize TCP variables: seq. #s buffers, flow control info (e.g. RcvWindow) client: connection initiator connect(s, &dstaddr, …) server: contacted by client cl=accept(sv, &caddr,…); Three way handshake: Step 1: client host sends TCP SYN segment to server specifies initial seq # no data Step 2: server host receives SYN, replies with SYNACK segment server allocates buffers specifies server initial seq. # Step 3: client receives SYNACK, replies with ACK segment, which may contain data TCP Connection Management CS 5565 Spring 2006

  6. TCP 3-way handshake TCP connection establishment: • Q1: why 3-way and not 2-way handshake? • Q2: how do sender & receiver determine initial seqnums? CS 5565 Spring 2006

  7. 3-way Handshake & Delayed Dups • Normal operation • Old SYN appearing out of nowhere. • Duplicate SYN and duplicate ACK following SYN. • 3-way handshake required to deal with scenarios (b) and (c) CS 5565 Spring 2006

  8. Initial Sequence Number Reuse • Idea: Tie initial TCP seq numbers to clock • Increment every 4s, guards against previous incarnations of a connection with identical sequence numbers • Must also guard against sequence number prediction attack • Use PRNG see [RFC 1948], [CERT 2001-09] • RFC 1948: ISN = 4s clock val + F(src, dst, sport, dport, random()) CS 5565 Spring 2006

  9. When Sequence Numbers Attack • Suppose attacker A can predict sequence number a host B is going to use next • By using spoofed source IP C, A can engage in successful 3-way handshake with B • B believes it is talking to C, might grant permissions based on C’s IP address • Attacker on A must suppress the RST packets C is likely to send – use a denial-of-service attack for that • A sends message to compromise B CS 5565 Spring 2006

  10. When SYNs Attack • Servers receiving SYN must allocate resources • Opens up possibility of denial-of-service attack where server is flooded with bogus SYN packets with forged IP source addresses • Solution: • SYN cookies • Server creates ACK number, sends ACK – but does not allocate buffers • If client continues with SYNACK, check if ACK could have been sent, then allocate buffers if correct CS 5565 Spring 2006

  11. Closing a connection: client closes socket:close(s); Step 1:client end system sends TCP FIN control segment to server Step 2:server receives FIN, replies with ACK. Closes connection, sends FIN. client server close FIN ACK close FIN ACK timed wait closed TCP Connection Management (cont.) CS 5565 Spring 2006

  12. Step 3:client receives FIN, replies with ACK. Enters “timed wait” - will respond with ACK to received FINs Step 4:server, receives ACK. Connection closed. Note: with small modification, can handle simultaneous FINs. TCP Connection Management (cont.) client server closing FIN ACK closing FIN ACK timed wait closed closed CS 5565 Spring 2006

  13. TCP ConnectionFSM The heavy solid line is the normal path for a client. The heavy dashed line is the normal path for a server. The light lines are unusual events. Each transition is labeled by the event causing it and the action resulting from it, separated by a slash. CS 5565 Spring 2006

  14. TCP Connection Management (cont’d) TCP client lifecycle TCP server lifecycle CS 5565 Spring 2006

  15. Closing a Connection • Note: previous charts showed normal case • Can we reliably close a connection if packets (FIN, ACK) can be lost? • No: Famous two-army problem CS 5565 Spring 2006

  16. Summary • TCP segments, acknowledgements & retransmission • Delayed ACKs, Nagle’s algorithm • Fast retransmit • RTT estimation & Karn’s algorithm • Flow Control & Silly Window Syndrome • Connection Management in TCP • Attacks against TCP’s connection management scheme • SYN attack • Sequence number prediction attacks CS 5565 Spring 2006

More Related