* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download lecture07
Survey
Document related concepts
Society for Worldwide Interbank Financial Telecommunication wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Internet protocol suite wikipedia , lookup
Distributed firewall wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Zero-configuration networking wikipedia , lookup
SIP extensions for the IP Multimedia Subsystem wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Transcript
Error and Control Messages in the Internet Protocol • Extranormal communication among routers and hosts is sometimes necessary to: – Report errors – Handle abnormal conditions – Update routing information • The Internet Protocol defines a single mechanism for these types of messages The Internet Control Message Protocol (ICMP) • Normally generated by and intended for the IP software • Two levels of encapsulation: ICMP is for Error Reporting • Errors are reported to a datagram’s original sender • It is the sender’s responsibility to take appropriate action • Exception: ICMP messages are not generated for errors that result from datagrams carrying ICMP messages ICMP Message Format • All ICMP messages begin with the same three fields: – TYPE (1 octet) - identifies the message – CODE (1 octet) - information about the subtype – CHECKSUM (2 octets) - covers the ICMP message • ICMP error messages always include the header and first 64 data bits of the datagram causing the problem The ICMP TYPE Field Type Field ------------0 3 4 5 8 11 12 13 14 15 16 17 18 ICMP Message Type -------------------------Echo Reply Destination Unreachable Source Quench Redirect Echo Request Time Exceeded for Datagram Parameter Problem on Datagram Timestamp Request Timestamp Reply Information Request (obsolete) Information Reply (obsolete) Address Mask Request Address Mask Reply Echo Request and Reply Messages • IDENTIFIER and SEQUENCE NUMBER – Used by the sender to match replies with requests Destination Unreachable Messages • Sent when a router cannot deliver or forward a datagram Destination Unreachable CODE Field Code Value -------------0 1 2 3 4 5 6 7 8 9 10 11 12 Meaning ----------Network Unreachable Host Unreachable Protocol Unreachable Port Unreachable Fragmentation needed and DF set Source Route Failed Destination Network unknown Destination Host Unknown Source Host Isolated Comm. Administratively prohibited (network) Comm. Administratively prohibited (host) Network unreachable for type of service Host unreachable for type of service Congestion and Datagram Flow Control • Most routers have a limited queue in which to store arriving datagrams • Congestion - a router is overrun with traffic – High-speed computer sends datagrams faster than a router can retransmit them – Many computers send datagrams to the same router at once Source Quench Message • Congested routers send one for every datagram they drop: Source Quench Messages • Hosts that receive source quench messages should stop sending datagrams to that router (temporarily) • When it hasn’t received a source quench message in a while, the host can start gradually increasing its traffic again Redirect Messages • Hosts initialize routing table at startup • When a router detects a host using a nonoptimal route it sends the host a ICMP redirect message Net 1 R1 Net 2 R2 Net 3 H Redirect Messages Code Value -------------0 1 2 3 Meaning ----------Redirect datagrams for the Net (obsolete) Redirect datagrams for the Host Redirect datagrams for the Type of Service and Net Redirect datagrams for the Type of Service and Host Time Exceeded Messages • Code 0 - Datagram dropped because TTL reached 0 • Code 1 - Datagram dropped because fragment reassembly time exceeded ICMP – Security Issues • ICMP can be a source of security vulnerabilities: – Flaws in ICMP implementation can be exploited • Recall the teardrop vulnerability in IP – ICMP is well suited for denial-of-service attacks • Anyone notice the –f (flood) option to ping? • According to the man page: “This can be very hard on a network and should be used with caution.” Ping of Death • Attacker constructs an ICMP echo request message containing 65,510 data octets and sends it to a victim host: Ping of Death (cont) • The total size of the resulting datagram (65538 octets) is larger than the 65,536 octet limit specified by IP • Several systems did not handle this oversized IP datagram properly – Hang – Crash – Reboot • Fixed by software patches Smurf • Attacker sends ICMP echo request messages to a broadcast address at an intermediate site – Broadcast address = a copy of the datagram is delivered to every host connected to a specified network – For some broadcast address, a single request could generate replies from dozens or hundreds of hosts • The source address in each request packet is spoofed so that replies are sent to a victim machine • Result: the victim’s machine/network is flooded by ICMP echo replies • Many sites have reconfigured their machines so that their machines do not respond to ICMP echo requests sent to a broadcast address Smurf (cont) ICMP - Summary • ICMP provides a mechanism for extranormal communication among routers and hosts – – – – – Echo request/reply Destination unreachable Source quench Redirect Time exceeded • Sometimes incoming ICMP messages are blocked for security reasons