Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • Module 8.2: Basic Security Problems in The Internet Protocol Suite

    Încărcat de

    Harpreet Singh
    20 vizualizări8 pagini
    This document discusses basic security problems in the Internet Protocol suite, including: 1. There is no source IP authentication, allowing spoofing of source IPs and anonymous DoS/infection attacks. 2. TCP state like sequence and acknowledgment numbers can be obtained through eavesdropping, enabling session hijacking. 3. Denial of service vulnerabilities exist, like an attacker sending a reset packet to close an open socket through guessing the sequence number. Random initial sequence numbers help mitigate but do not prevent spoofing attacks.

    Descriere originală:

    Titlu original

    Module 8.2.pptx

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    PPTX, PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    This document discusses basic security problems in the Internet Protocol suite, including: 1. There is no source IP authentication, allowing spoofing of source IPs and anonymous DoS/infection attacks. 2. TCP state like sequence and acknowledgment numbers can be obtained through eavesdropping, enabling session hijacking. 3. Denial of service vulnerabilities exist, like an attacker sending a reset packet to close an open socket through guessing the sequence number. Random initial sequence numbers help mitigate but do not prevent spoofing attacks.

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PPTX, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    20 vizualizări8 pagini

    Module 8.2: Basic Security Problems in The Internet Protocol Suite

    Încărcat de

    Harpreet Singh
    This document discusses basic security problems in the Internet Protocol suite, including: 1. There is no source IP authentication, allowing spoofing of source IPs and anonymous DoS/infection attacks. 2. TCP state like sequence and acknowledgment numbers can be obtained through eavesdropping, enabling session hijacking. 3. Denial of service vulnerabilities exist, like an attacker sending a reset packet to close an open socket through guessing the sequence number. Random initial sequence numbers help mitigate but do not prevent spoofing attacks.

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PPTX, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 8

    Module 8.

    2: Basic Security Problems


    in the Internet Protocol Suite
    Problem: no src IP authentication
    Client is trusted to embed correct source IP
    Easy to override using raw sockets
    Libnet: a library for formatting raw packets with arbitrary IP headers
    (https://repolinux.wordpress.com/2011/09/18/libnet-1-1-tutorial/)

    Anyone who owns their machine can send packets with arbitrary
    source IP
    response will be sent back to forged source IP

    Implications
    Anonymous DoS attacks;
    Anonymous infection attacks (e.g. slammer worm)
    TCP
    Transmission Control Protocol
    Connection-oriented, preserves order
    Sender
    Break data into packets
    Attach packet numbers
    Receiver
    Acknowledge receipt; lost packets are resent
    Reassemble packets in correct order

    Book Mail each page Reassemble book


    1

    19

    1 5 1
    TCP Header (protocol=6)

    Source Port Dest port


    SEQ Number
    ACK Number
    U A P P S F
    R C S S Y I TCP Header
    G K H R N N

    Other stuf
    Review: TCP Handshake
    C S
    SNCrandC
    SYN: Listening
    ANC0

    SNSrandS Store SNC , SNS


    SYN/ACK:
    ANSSNC

    Wait
    SNSNC+1
    ACK:
    ANSNS

    Established

    Received packets with SN too far out of window are dropped


    http://packetlife.net/blog/2010/jun/7/understanding-tcp-sequence-acknowledgment-
    numbers/
    Basic Security Problems
    1. Network packets pass by untrusted hosts
    Eavesdropping, packet sniffing
    Especially easy when attacker controls a machine close to
    victim (e.g. WiFi routers)

    2. TCP state easily obtained by eavesdropping


    Enables spoofing and session hijacking

    3. Denial of Service (DoS) vulnerabilities


    DDoS
    Why random initial sequence
    numbers?
    Suppose initial seq. numbers (SN C , SNS ) are predictable:
    Attacker can create TCP session on behalf of forged source IP
    Random seq. num. does not block attack, but makes it
    harder

    TCP SYN
    srcIP=victim SYN/ACK
    dstIP=victim Victim
    ACK SN=server SNS
    attacker srcIP=victim Server
    AN=predicted SNS

    server thinks command


    command is from victim IP addr
    Example DoS vulnerability: Reset
    Attacker sends a Reset packet to an open socket

    If correct SNS then connection will close DoS

    Naively, success prob. is 1/232 (32-bit seq. #s).


    but, many systems allow for a large window of
    acceptable seq. #s. Much higher success probability.

    Attacker can flood with RST packets until one works

    Most efective against long lived connections, e.g. BGP

    S-ar putea să vă placă și