02-netsec network aspects - unitn.it...the network layer • provides information on how to reach...
TRANSCRIPT
![Page 1: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/1.jpg)
NetworkSecurityAA2015/2016NetworkaspectsDr.LucaAllodi
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016)
1
![Page 2: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/2.jpg)
Internetcommunication
• Internetismadeofseverallogicallyseparatednetworksà AutonomousSystems (AS)• Internet=networkofnetworks
• EachASautonomouslymanagescommunicationswithinitself• InteriorGatewayProtocols(IGP)à routewithineachAS• e.g.LocalAreaNetwork
• EachAScancommunicatetootherAS• ExteriorGatewaysProtocolsà routebetweenASs
• BorderGatewayProtocol
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 2
![Page 3: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/3.jpg)
Internetautonomoussystems
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 3https://www.usenix.org/legacy/event/lisa98/full_papers/pultar/pultar_html/pultar.html
![Page 4: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/4.jpg)
OSImodel
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 4
DATAExamples:
HTTP/Mail/Chatprotocols/econding info/
RPC/Telnet
SEGMENTSorDatagramsExamples:TCP,UDP
PacketExamples:IPv4,IPv6
FrameExamples:Ethernet,PPP
BitExamples:ethernet cable/
opticalfiber
![Page 5: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/5.jpg)
OSIDataLinklayer
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016)
5
![Page 6: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/6.jpg)
Datalinklayer
• Lowest“logical”level• Datalinkinterconnectsphysicalinterfaces• EachphysicalinterfaceisidentifiedbyaMACaddress• “Ethernetaddress”• 48-bitNetworkinterfaceidentifiers• Closestrepresentationoffinaldestinationofaframe• HEXnotation
• HH-HH-HH-HH-HH-HH• Usedtoroutepacketsinlocalnetworks
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 6
![Page 7: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/7.jpg)
Macaddresses
• Uniquelyidentifyanetworkinterface• AssignedbytheproduceraccordingtothestandardIEEE802
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 7
ifconfig:*nixsystemcommandtolistnetinterfaces“ipconfig”onwindowsmachines
en0: nameofinterface
Macaddressofinterface“en0”
![Page 8: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/8.jpg)
Macaddressesexample
• First24bitaresetbyIEEEstandard• Identifynetworkinterfaceproducer• 00-10-BCà Aastra Telecom• https://regauth.standards.ieee.org/standards-ra-web/pub/view.html#registries
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 8c8-2a-14-01-86-87
00-10-BC-19-3d-5d 00-10-BC-2c-11-56
Sendframeto00-10-BC-2c-11-56
Keeps frameDrops frame
![Page 9: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/9.jpg)
OSINetworkLayer
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016)
9
![Page 10: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/10.jpg)
TheNetworkLayer
• Providesinformationonhowtoreachothersystems• Addressingfunctionalities
• IPoperatesatthislayer• High-levelrepresentationofahost’saddresses• Conveysinformationtoroutethedatagram• IPv4definedinRFC791
• IPaddressesaredynamicallyassignedbyanauthority(e.g.ISP’sDHCPserver)• AsopposedtoMACaddressesthatarefixedbythevendor• “Connectionless”protocol(stateless)
• Nonotionof“established connection”atthisstage• Onlyprovidesthemeansnecessaryforapackettoreachitsdestination
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 10
![Page 11: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/11.jpg)
statelessvsstateful
• Acommunicationismadeofanumberofmessagges• Communicationsstart,develop,andends• Stateful protocolsprovidemeanstoestablishandcloseaconnection• e.g.TCP
• Statelessprotocolsdonothavethisnotion• IPmessagesarestand-alonepackets
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 11
![Page 12: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/12.jpg)
IPvsMACaddresses
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 12
c8-2a-14-01-86-87
00-10-BC-19-3d-5d
00-10-BC-2c-11-56
7B-12-00-93-73-28
75-CD-6C-59-37-B2
FB-2A-9D-AC-56-DB
..-..-..-..-..-..
48bità 248 addresses=281474976710656à 1536terabyte• Howtomanagerevoking? (e.g.Oneethernetcardgetssubstituted)• Howtomanagerouting?
![Page 13: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/13.jpg)
IPaddresses
• IPprovidesastructuredwaytoabstracthostaddressesawayfromtheirphysicalproperties• Twoversions• IPv4àmostcommon,currentlyused
• 32bits• IPv6à earlyadoption,willbeseencommonlyinthefuture• 128bits
• MakeitpossibletoefficientlytalkbetweensystemsindifferentAS
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 13
![Page 14: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/14.jpg)
IPaddresses– routing(simplified)
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 14
c8-2a-14-01-86-87
00-10-BC-19-3d-5d
7B-12-00-93-73-28
AS1e.g.ISPA
AS2e.g.ISPB
Hey192.168.1.1,SendIPpacketto10.11.14.3
Idonotknowwho10.11.14.3 is,I’llask192.67.65.2
192.67.65.2
192.168.1.1
192.168.1.2
192.67.1.3
10.11.14.13 isnotinthisASbutunder10.11.1.1
10.11.14.13 is7B-12-00-93-73-28
10.11.14.13
10.11.1.1
75-CD-6C-59-37-B2
EA-43-55-11-B3-C9
00-10-BC-2c-11-56
2.4.5.1
FB-2A-9D-AC-56-DB
192.67.65.175-CD-6C-78-71-AA
Details:http://disi.unitn.it/locigno/index.php/teaching-duties/computer-networks/102-reti-aa13-14
10.11.14.100-10-BC-2c-11-57
![Page 15: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/15.jpg)
ARPprotocol
• ARP=addressresolutionprotocol• AllowssystemstoassociateanIPaddresstoaMACaddress• Allowsdiscoverythroughbroadcast
• ARPtablescontaininformationtotranslateIPaddressesintoMACaddresses
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 15
![Page 16: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/16.jpg)
ARPtablesAàBIPaddress MACaddress …(e.g.TTL,interfaces..)
192.168.0.15 00-10-BC-19-3d-5d …
192.168.0.17 00-10-BC-4e-12-62 …
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 16
MAC:00-10-BC-19-3d-5dIP:192.168.0.15
MAC:00-10-BC-2c-11-56IP:192.168.0.16
MAC:00-10-BC-4e-12-62IP:192.168.0.17
A
B C
D
MAC:e0:f8:47:1a:4e:d6IP:192.168.0.1
![Page 17: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/17.jpg)
ARPtablesAàCIPaddress MACaddress …(e.g.TTL,interfaces..)
192.168.0.15 00-10-BC-19-3d-5d …
192.168.0.17 00-10-BC-4e-12-62 …
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 17
MAC:00-10-BC-19-3d-5dIP:192.168.0.15
MAC:00-10-BC-2c-11-56IP:192.168.0.16
MAC:00-10-BC-4e-12-62IP:192.168.0.17
A
B C
D
MAC:e0:f8:47:1a:4e:d6IP:192.168.0.1
![Page 18: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/18.jpg)
ARPtablesAàDIPaddress MACaddress …(e.g.TTL,interfaces..)
192.168.0.15 00-10-BC-19-3d-5d …
192.168.0.17 00-10-BC-4e-12-62 …
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 18
MAC:00-10-BC-19-3d-5dIP:192.168.0.15
MAC:00-10-BC-2c-11-56IP:192.168.0.16
MAC:00-10-BC-4e-12-62IP:192.168.0.17
???
A
B C
D
MAC:e0:f8:47:1a:4e:d6IP:192.168.0.1
![Page 19: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/19.jpg)
ARPquery
• AlladdressesinanARPtableareaddedbyoneoftwomechanisms• ARPrequest-reply
à whois192.168.0.16 tell 192.168.0.1à 192.168.0.16isat00-10-BC-2c-11-56
• GratuitousARPà 192.168.0.16isat00-10-BC-2c-11-56
• Thediscoveryprocesshappensthroughqueriestoneighbordevices• BroadcastmessagetothedesiredIP
• L2ethernet addressFF-FF-FF-FF-FF-FF• ThesystemwiththerequestedIPrepliesbackwithitscorrectmacaddress
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 19
![Page 20: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/20.jpg)
ARPframeheader
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 20
1=request2=reply
![Page 21: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/21.jpg)
ARPtablesAàDIPaddress MACaddress …(e.g.TTL,interfaces..)
192.168.0.15 00-10-BC-19-3d-5d …
192.168.0.17 00-10-BC-4e-12-62 …
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 21
MAC:00-10-BC-19-3d-5dIP:192.168.0.15
MAC:00-10-BC-2c-11-56IP:192.168.0.16
MAC:00-10-BC-4e-12-62IP:192.168.0.17
A
B C
D
L2Dest:FF-FF-FF-FF-FF-FFIP:192.168.0.16
L2Dest:FF-FF-FF-FF-FF-FFIP:192.168.0.16
MAC:00-10-BC-2c-11-56IP:192.168.0.16
BandCdropRequest(IPdoesnotmatch)
MAC:e0:f8:47:1a:4e:d6IP:192.168.0.1
![Page 22: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/22.jpg)
ARPtablesAàDIPaddress MACaddress …(e.g.TTL,interfaces..)
192.168.0.15 00-10-BC-19-3d-5d …
192.168.0.17 00-10-BC-4e-12-62 …
192.168.0.16 00-10-BC-2c-11-56
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 22
MAC:00-10-BC-19-3d-5dIP:192.168.0.15
MAC:00-10-BC-2c-11-56IP:192.168.0.16
MAC:00-10-BC-4e-12-62IP:192.168.0.17
A
B C
D
MAC:e0:f8:47:1a:4e:d6IP:192.168.0.1
![Page 23: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/23.jpg)
ExampleofARPrequest-reply
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 23
reply
request
![Page 24: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/24.jpg)
ARPbroadcastexample
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 24
L2dest
![Page 25: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/25.jpg)
ARPpoisoning
• ARPanswersorGratuitousARPframesdonotrequirean(additional)answer/confirmation• It’sadeclarativeprotocol
• Nodesarenotauthenticated• WhomevercansayIamx.x1.x2.x3,mymacaddressishh.hh1.hh2.hh3.hh4.hh5
• CcantellB“Disat[Cmacaddress]”• CcantellD“Bisat[Cmacaddress]”• AsaresulteverycommunicationbetweenBandDwillpassbyC
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 25
![Page 26: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/26.jpg)
ARPpoisoning
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 26
MAC:00-10-BC-19-3d-5dIP:192.168.0.15
MAC:00-10-BC-2c-11-56IP:192.168.0.16
MAC:00-10-BC-4e-12-62IP:192.168.0.17
A
BC
DIPaddress MACaddress
192.168.0.15 00-10-BC-19-3d-5d
192.168.0.17 00-10-BC-4e-12-62
MAC:e0:f8:47:1a:4e:d6IP:192.168.0.1
![Page 27: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/27.jpg)
ARPpoisoning
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 27
MAC:00-10-BC-19-3d-5dIP:192.168.0.15
MAC:00-10-BC-2c-11-56IP:192.168.0.16
MAC:00-10-BC-4e-12-62IP:192.168.0.17
A
BC
DIPaddress MACaddress
192.168.0.15 00-10-BC-4e-12-62
192.168.0.17 00-10-BC-4e-12-62
192.168.0.15 isat00-10-BC-4e-12-62
MAC:e0:f8:47:1a:4e:d6IP:192.168.0.1
![Page 28: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/28.jpg)
ARPpoisoning
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 28
MAC:00-10-BC-19-3d-5dIP:192.168.0.15
MAC:00-10-BC-2c-11-56IP:192.168.0.16
MAC:00-10-BC-4e-12-62IP:192.168.0.17
A
BC
D
MAC:e0:f8:47:1a:4e:d6IP:192.168.0.1
IPaddress MACaddress
192.168.0.1 e0:f8:47:1a:4e:d6
![Page 29: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/29.jpg)
ARPpoisoning
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 29
MAC:00-10-BC-19-3d-5dIP:192.168.0.15
MAC:00-10-BC-2c-11-56IP:192.168.0.16
MAC:00-10-BC-4e-12-62IP:192.168.0.17
A
BC
D
192.168.0.1 isat00-10-BC-4e-12-62
MAC:e0:f8:47:1a:4e:d6IP:192.168.0.1
IPaddress MACaddress
192.168.0.1 00-10-BC-4e-12-62
![Page 30: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/30.jpg)
ARPpoisoning
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 30
MAC:00-10-BC-19-3d-5dIP:192.168.0.15
MAC:00-10-BC-2c-11-56IP:192.168.0.16
MAC:00-10-BC-4e-12-62IP:192.168.0.17
A
BC
D
MAC:e0:f8:47:1a:4e:d6IP:192.168.0.1
1.Messageto192.168.0.100-10-BC-4e-12-62
IPaddress MACaddress
192.168.0.1 00-10-BC-4e-12-62
2
![Page 31: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/31.jpg)
ARPpoisoning
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 31
MAC:00-10-BC-19-3d-5dIP:192.168.0.15
MAC:00-10-BC-2c-11-56IP:192.168.0.16
MAC:00-10-BC-4e-12-62IP:192.168.0.17
A
BC
D
MAC:e0:f8:47:1a:4e:d6IP:192.168.0.1
IPaddress MACaddress
192.168.0.15 00-10-BC-4e-12-62
3.Messageto192.168.0.1500-10-BC-4e-12-62
4
![Page 32: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/32.jpg)
ARPpoisoning- limitations
• Worksonlyonlocalnetworks,whereMACaddressesareactuallymeaningful• Whencommunicationistargetedtodifferentnetwork,IPaddressesareused
• Routers andDNSshaveMACaddressestoo..• Thepoisoningworksbecausesystemsarenotauthenticated• Someimplementations/thirdpartytoolscanmitigatetheproblem• Checkforanomalies
• Canyouthinkofapossiblemitigation?
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 32
![Page 33: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/33.jpg)
IPHeader
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 33
![Page 34: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/34.jpg)
SubnetsandCIDR
• SubnetsarelogicaldivisionsofIPaddresses• Possibletosplitanetworkinmultiplesub-networks
• IPbitsaredividedin• x networkbits• ysubnetbits• zhostbits
• SubnetmaskindicatessectionsofIPaddressesmeantfornetwork+subnet• 255.255.255.0à 24bitstonetwork+subnet,8bitstohosts
• CIDRà syntheticwaytorepresentsubnetmasks• ClasslessInter-DomainRouting• Indicatesnumberofbitscoveredbythemask• 192.168.10.1/24=192.168.10.1/255.255.255.0
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 34
![Page 35: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/35.jpg)
Subnetexample
NETWORK SUBNET HOST
binary 10000100 10000110 0000111101100000
decimal 132 134 1596
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 35
• Ip addressà 132.134.15.96
• Networkmask?• 255.255.0.0
• CIDRrepresentation?• 132.134.15.96/16
• Howmanyhosts?• 2^16=65,536- 1
![Page 36: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/36.jpg)
Subnetexample
NETWORK SUBNET HOST
BinaryIP 10000100 10000110 0000111101100000
BinarySubnet mask 11111111 11111111 00000000 00000000
Network= IPANDSubnet 10000100 10000110 00000000 00000000
Host=IP ANDcomplement(subnet)
00000000 00000000 0000111101100000
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 36
• Ip addressà 132.134.15.96
![Page 37: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/37.jpg)
IPclasses
• IPv4hasseveralclasses• Definedover• RangeofIP• Numberofreferenceablehosts
• Classes:• A:0.0.0.0/8à 127.255.255.255/8• B:128.0.0.0/16à 191.255.255.255/16• C:192.0.0.0/24à 223.255.255.255/24• D:224.0.0.0à 239.255.255.255• E:240.0.0.0à 254.255.255.254
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 37
Standardcommunications
Multicast
Experimental
![Page 38: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/38.jpg)
IPaddresses– privateaddresses
• SomeIPsarereservedforprivatenetworks• 10.0.0.0à 10.255.255.255• 192.168.0.0à 192.168.255.255• 172.16.0.0à 172.31.255.255
• Theseshouldnotberoutedontheinternet• Gatewayshoulddrop thedatagram
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 38
![Page 39: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/39.jpg)
IPfragmentation(datagramsize>MTU)
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 39
![Page 40: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/40.jpg)
IPFragments
• Identification,16bit:uniqueidentifierofthefragmenteddatagrams• Allfragmentshavethesameidentificationnumber
• Flags,3bit• 0à Reserved,mustbe0• DFà Don’tfragment
• 0=theremaybefragments• 1=don’tfragment.Ifmustbefragmented,dropdatagram
• MFàMorefragments• 0=lastfragment• 1=therearemorefragments
• Offset,13bits:offsetofthisdatagramw.r.t firstfragmentwiththatID.
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 40
![Page 41: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/41.jpg)
Fragmentationexample
• Needtosenda4200bytesofdataoverIP• MaximumTransmissionUnitonethernet channelis1500bytes• ThedatagramdoesnotfitintheMTU
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 41
IPheader data
IPheader data data data
20bytes 4200bytes
4220bytes
20bytes 1480bytes 1500bytes 1220bytes
![Page 42: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/42.jpg)
Fragmentationexample(cntd)
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 42
IPheader data data data
20bytes 1480bytes 1480bytes 1240bytes
IPheader
IPheader
20bytes 20bytes
1500bytes 1500bytes 1280bytes
A B C
A B C
Identification 4452 4452 4452
Flags • DF=0• MF=1
• DF=0• MF=1
• DF=0• MF=0
Offset 0 1480 2960
![Page 43: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/43.jpg)
DenialofservicewithIPfragments
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 43
IP:10.1.1.1, ID=xDF=0;MF=1Offset=1480
IP:10.1.1.1, ID=xDF=0;MF=1Offset=2960
IP:10.1.1.1, ID=xDF=0;MF=1Offset=….
Waitforfirstfragment
DatagramisneverdeliveredasTCP/UDP/..Headerisinthefirstfragmentwhichneverarrives
![Page 44: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/44.jpg)
InternetControlMessageProtocol• DefinedinRFC792• ReliesonIP• However,itisanintegral partoftheInternetProtocol• AllIPmodulesmusthaveICMPsupport
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 44
![Page 45: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/45.jpg)
SomeICMPMessagetypes
• DestinationUnreachableMessage(Type3)• Code
• 0=netunreachable;• 1=hostunreachable;• 2=protocolunreachable;
• 3=portunreachable;• 4=fragmentationneededandDFset;
• 5=sourceroutefailed.
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 45
• TimeExceededMessage (Type11)• Code
• 0=netunreachable;• 1=hostunreachable;
• EchoorEchoReplyMessage• Type
• 8 =echomessage;• 0 =echoreply;
• Code• 0
![Page 46: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/46.jpg)
Traceroute(slideaddedfromclass)
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 46
Seeforexample:http://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-software-releases-121-mainline/12778-ping-traceroute.html
Picturefrom:http://www.loriotpro.com/Products/On-line_Documentation_V5/LoriotProDoc_EN/J10-Loriotpro_tools/J10-U21_Trace_Route_EN.htm (noaffiliation)
![Page 47: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/47.jpg)
Listofallmessagetypes
• 0EchoReply• 3DestinationUnreachable• 4SourceQuench• 5Redirect• 8Echo• 11TimeExceeded• 12ParameterProblem• 13Timestamp• 14TimestampReply• 15InformationRequest• 16InformationReply
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 47
![Page 48: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/48.jpg)
DenialofService
• Denialofservice(DoS)isatypeofattackthataimsatcongestingoroverpoweringasystem’scapacitybygeneratingrequeststhesystemwillhavetoanswer• Canaffecttheperformanceoftheattackedsystemoritschannels• Canleadtoasystemcrashduetoresourceconsumption
• DoS canbeoperated• Locally• Overthenetwork
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 48
![Page 49: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/49.jpg)
AsimpleDoS (PingFlood)
• NetworkDoS attacksusuallyexploitprotocolfeatures
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 49
Bandwidthsize
A B
ICMPType=8Code=0(Echoreply)ICMPType=0Code=0(Echoreply)
• AcanexploititswiderbandwidthtofloodBwithICMPechorequests• B’sbandwidthgets(quickly,relativelytoA’s)exhaustedwith
• A’srequests• B’sreplies
• Bcannolongeroperateonitsnetworkchannel
![Page 50: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/50.jpg)
AmoreadvancedDoS – PingofDeath• ICMPpacketsaretypically64bytesinsizeincludingIPheadersanddata
• IPdatagramcanextendupto65,535 bytes• Data Length field is 16bit
• Early implementations ofInternetmoduleswere strictlyimplementingRFCdirectives• Not handling exceptions properly
• Ping ofDeath• Generate large ICMPpacket• Fragmentin1024IPpackets of64Bytes• Destinationreceivesregularpacket
• IPmodulecomposefragments• ICMPmoduletriestoreaddatagrambiggerthanassignedbuffersize
• Destinationcrashes• “bufferoverflow”à possibleexecutionofcodeinmemory(moreonthisin
thiscourse)
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 50
![Page 51: 02-NetSec Network aspects - unitn.it...The Network Layer • Provides information on how to reach other systems • Addressing functionalities • IP operates at this layer • High-level](https://reader033.vdocuments.mx/reader033/viewer/2022041913/5e683600ffb4c1177227753d/html5/thumbnails/51.jpg)
Pingofdeathà visualisation
Dr.LucaAllodi- NetworkSecurity- UniversityofTrento,DISI(AA2015/2016) 51
A B
ICMPhead+data
IPdatagramSize:65536bytes
ICMPmodulebufferSize:64bytes
data
data
data
data
id=100,offset=0,MF=1Length=64id=100,offset=64,MF=1Length=64
id=100,offset=128,MF=1Length=64
id=100,offset=65,472,MF=0,Length=64
data
data
data
ICMPhead+data
IPdatagramSize:65536bytes