Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

TCP Interactive data and UDP

advertisement 
General Classes of TCP/IP Problems



TCP timers exist as a part of connection-oriented
delivery
TCP sequence numbers exist as part of reliable
delivery
The two main groups where TCP/IP security
and/or Denial of Service problems occur from
– IP Spoofing
– TCP Sequence Prediction
1
Guarding against TCP/IP Problems




Unfortunately, the problems are inherent in the
protocol since the designers created it for trust
and delivery
Cryptography in the form of encryption and
authentication would cut down on spoofing
problems
Software Fixes such as TCP wrappers, disabling
BSD-r protocols, .rhosts files
Designing networks with good network
topologies and no inherent trust relationships
2
TCP Timers

Retransmission Timer
– Used when a host expects and ACK from the other side

Connection Timer
– The initial timer set when a connection is established
when a SYN is sent

2MSL
– The timer used to measure TIME_WAIT state

Persist Timer
– Timer used to keep window size information
exchanged

Keepalive Timer (Polling)
– Keeps an idle connection alive
3
General Class of Routing Problems


Primarily dealing with problems at the network
level
IP Source Routing
– An attacker can choose a desired IP

RIP
– Bogus routing information can be propagated to
networks

EGP
– Core gateways occasionally poll each other and uses
sequence numbers that must be echoed by other end

ICMP
– ICMP redirects to advise bogus routes
4
General Class of TCP Problems






IP Spoofing
TCP Sequence Guessing
Connection Hi-jacking
Simultaneous Open
SYN, SYN-FIN, SYN-ACK
Timing Problems - Desynchronized States
5
IP Spoofing



A remote host can trivially send spoofed IP
addresses to a victim host
This attack must be in conjunction with sequence
prediction since an incorrect sequence numbers
have the target host send RST segments
Difficult to defend against
6
TCP Sequence Prediction Problem




The ISN uses a global counter for the initial
number
The increment is usually 64
SYN = ISN + Increment
4.2 BSD implementations violate RFC protocol by
setting ISN = 1
7
Related documents
Q13 Why do manufacturers of network hardware and software follow
Q13 Why do manufacturers of network hardware and software follow
View File
View File
REFERENCE MODELS FOR COMPUTER NETWORKS
REFERENCE MODELS FOR COMPUTER NETWORKS
Learn TCP/IP Quiz
Learn TCP/IP Quiz
Assignment #2
Assignment #2
Exam - www.gregvogl.net
Exam - www.gregvogl.net
Wireshark Lab: TCP
Wireshark Lab: TCP
ca 5803 - mobile computing
ca 5803 - mobile computing
The Design Pholosophy of the DARPA Internet Protocols
The Design Pholosophy of the DARPA Internet Protocols
on ti c ra
on ti c ra
Moinul Zaber's presentation on TCP/IP security threats
Moinul Zaber's presentation on TCP/IP security threats
Download
advertisement