Download Session-24 - Lyle School of Engineering

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
Document related concepts
no text concepts found
Transcript 
Computer System Security
CSE 5339/7339
Session 24
November 11, 2004
Computer Science and Engineering
Contents
 Network Basics (cont.)
 Group Work
 Security in Networks
 Group Work
 Allison’s presentation
Computer Science and Engineering
Computer Network Basics
 Wide Area Networks (WAN)
 Metropolitan Area Network (MAN)
 Local Area Network (LAN)
 System or Storage Area Network (SAN)
Computer Science and Engineering
Routing Schemes
 Connection-oriented
The entire message follows the same path from source to
destination.
 Connectionless
A message is divided into packets. Packets may take
different routes from source to destination Serial number
Computer Science and Engineering
Network Performance
 Gilder’s Law
George Gilder projected that the total bandwidth of
communication systems triples every twelve months .
Ethernet: 10Mbps  10Gbps (1000 times)
CPU clock frequency: 25MHz  2.5GHz (100 times)
 Metcalfe's Law
Robert Metcalfe projected that the value of a network is
proportional to the square of the number of nodes
Internet
Computer Science and Engineering
Internet
Internet is the collection of networks and routers
that form a single cooperative virtual network,
which spans the entire globe. The Internet relies on
the combination of the Transmission Control
Protocol and the Internet Protocol or TCP/IP. The
majority of Internet traffic is carried using TCP/IP
packets.
Computer Science and Engineering
Country
Internet Users
Latest Data
Population
( 2004 Est. )
% of Population
United States
209,518,183
294,540,100
71.1 %
China
79,500,000
1,327,976,227
6.0 %
Japan
63,884,205
127,944,200
49.9 %
Germany
45,315,166
82,633,200
54.8 %
United Kingdom
35,089,470
59,157,400
59.3 %
South Korea
29,220,000
47,135,500
62.0 %
France
22,534,967
59,494,800
37.9 %
Brazil
20,551,168
183,199,600
11.2 %
Italy
19,900,000
56,153,700
35.4 %
Canada
16,841,811
32,026,600
52.6 %
Computer Science and Engineering
ISO OSI Network Model
Application
Application
Presentation
Presentation
Session
Session
Transport
Transport
Network
Network
Data Link
Data Link
Physical
Physical
LAN
Internet
LAN
Computer Science and Engineering
Group Work (Simple example)
Show how a message is sent from point A to point B
on a network through the seven layers. You might
want to look at the example on page 375.
Computer Science and Engineering
TCP/IP
Mail
ftp
Telnet
Transmission Control
Protocol
(TCP)
Internet Protocol
(IP)
Ethernet
Token ring
Computer Science and Engineering
TCP/IP Packets
Physical
Header
IP
Header
TCP
Header
message
Computer Science and Engineering
Addressing
 MAC (Media Access Control) address
Every host connected to a network has a network
interface card (NIC) with a unique physical address.
 IP address
IPv4  32 bits (129.16.48.6)
IPv6  128 bits
Computer Science and Engineering
Routing
 Routers
 Routing Tables
 Example
Computer Science and Engineering
IP Protocol
 Unreliable packet delivery service
 Datagram (IPv4)
VERS
HLEN
Service Type
IDENTIFICATION
TIME TO LIVE
TOTAL LENGTH
FLAGS
PROTOCOL
FRAGMENT OFFSET
HEADER CHECKSUM
SOURCE ADDRESS
DESTINATION ADDRESS
OPTIONS (IF ANY)
PADDING
DATA
Computer Science and Engineering
Group Work
Discuss possible attacks
Computer Science and Engineering
Attacks
 IP Spoofing
 Teardrop attacks
Computer Science and Engineering
ICMP (Internet Control Message Protocol)
 Transmit error messages and unusual situations
 Different types of ICMP have slightly different
format
Type
Code
CHECKSUM
Unused (must be zero)
DATA: Header and 1st 64 bits of offending datagram
ICMP time-exceeded message
Computer Science and Engineering
ICMP (Echo request/reply)
 Transmit error messages and unusual situations
 Different types of ICMP have slightly different format
Type
Code
Identifier
CHECKSUM
Sequence number
DATA (optional)
ICMP Echo Request/Reply Message
Computer Science and Engineering
Ping of Death Attack
Denial of service attack (1st in 1996)
Some systems did not handle oversized IP datagrams
properly
An attacker construct an ICMP echo request
containing 65,510 data octets and send it to victim
The total size of the resulting datagram would be
larger than the 65.535 octet limit specified by IP
System would crash
Computer Science and Engineering
SMURF
Attacker send echo request message to
broadcast address
Attacker also spoofs source address in the
request
Intermediary
Attacker
Victim
Computer Science and Engineering
UDP (User Datagram Protocol)
 From one application to another (multiple destinations)
 Port  positive integer (unique destination)
SOURCE PORT
DESTINATION PORT
LENGTH
CHECKSUM (optional)
DATA
Computer Science and Engineering
Group Work
Discuss possible attacks
Computer Science and Engineering
TCP
 Reliable delivery
 TCP messages are sent inside IP datagrams
SOURCE PORT
DESTINATION PORT
SEQUENCE NUMBER
Acknowledgment
HLEN
RESV
CODE BITS
CHECKSUM
WINDOW
URGENT POINTER
OPTIONS (IF ANY)
PADDING
DATA
Computer Science and Engineering
Group Work
Discuss possible attacks
Computer Science and Engineering
Wired Backbone with Mobile nodes
Mobile Host
Mobile Host
Wired Backbone
Base Station
Base Station
Fixed host
Fixed Host
Fixed Communication
Network
Base Station
Base Station
Fixed Host
Fixed Host
Mobile Host
Mobile Host
Computer Science and Engineering
Wireless Multi-hop Backbone
Mobile Host
Mobile Host
Wireless Multi-hop
Backbone
Mobile Host
Mobile Host
Mobile Host
Mobile Host
Mobile Host
Mobile Host
Mobile Host
Mobile Host
Mobile Host
Mobile Host
Computer Science and Engineering
Hybrid backbone
Hybrid Backbone
Mobile Host
Mobile Host
Wired Backbone
Base Station
Fixed host
Base Station
Fixed
Communication
Network
Mobile Host
Fixed Host
Base Station
Base Station
Fixed Host
Fixed Host
Mobile Host
Mobile Host
Wireless Multi-hop
Backbone
Mobile Host
Mobile Host
Mobile Host
Mobile Host
Mobile Host
Mobile Host
Mobile Host
Mobile Host
Mobile Host
Mobile Host
Mobile Host
Mobile Host
Mobile Host
Computer Science and Engineering
Mobile IP (Cont.)
Foreign Agent
Foreign subnet
Mobile Host visiting
A foreign subnet
Foreign subnet
Foreign Agent
Arbitrary
Topology of
Routers and
Links
Home Agent
Home subnet
Mobile Host at Home
Computer Science and Engineering
Related documents