Transcript Lecture4_Networking_..

ITP 457
Network Security
Networking Technologies II
UDP, IP, and NAT
Overview



UDP
IP
NAT
UDP





UDP – User Datagram Protocol
Also member of TCP/IP
TCP and UDP are cousins
An application developer can choose to
transmit data using either TCP or UDP
Both protocols cannot be used
simultaneously in an application
UDP Characteristics


Connectionless – the protocol doesn’t know
or remember the state of a connection
Does not have concept of



Session initiation
Acknowledgement
No error checking – does not retransmit lost
packets nor does it put them in proper order
UDP





UDP also called: “Unreliable Damn Protocol”
It is inherently unreliable
Unreliability is ok – IF it can buy you SPEED!
Some applications more interested in getting
packets across the network and don’t need
super high reliability.
Good protocol for a large number of
connections
UDP

Services that use UDP are








Streaming Video/ Audio
DNS queries
Online Games
Voice-over-IP (VoIP)
DHCP
DNS
SNMP
RIP
UDP header
UDP source port
UDP destination port
Message Length
Checksum
Data
UDP Ports



UDP – 65,535 ports
Some typical ports:
 53 – DNS (Domain Name Server)
 67 – DHCP (Dynamic Host Control Protocol)
 69 – TFTP (Trivial File Transfer Protocol)
 161 – SNMP (Simple Network Management Protocol)
 514 – Syslog
 6112 – Battle.NET
 14567 – Battlefield 1492
 26000 – Quake Server
 27015 – Halflife Server
For a searchable database of known ports:
 http://www.ports-services.com/
IS UDP less secure than TCP?




YES!
Absence of three-way handshake implies no
Sequence numbers or no control bits.
Difficult for firewalls and routers to track
where the ends systems are in their
communications
We cannot completely turn off UDP, due to
some of the necessary protocols that use
UDP
Internet Protocol( IP)



IP handles end-to-end delivery
Most commonly used network layer protocol
All traffic on the internet uses IP
Internet Protocol ( IP)




Upon receiving packet from Transport layer,
IP layer generates a header
Header includes : source and destination IP
addresses
Header is added to front of TCP packet to
create a resulting IP packet.
Purpose of IP is to carry packets end to end
across a network.
IP header
Source IP address
Destination IP address
Data
IP addresses




Identify each individual machine on the
internet
32 bits in length
Hackers attempt to determine all IP address
in use on a target network – “network
mapping”
Hackers generate bogus packets appearing
to come from a given IP address – “IP
address spoofing”
IP Addresses in depth

32 bits, with 8 bit groupings



E.x: 192.168.0.1
Each number between the dots can be between 0
and 255
4 billion combinations


Not really
Allocated in groups called address blocks


3 sizes, based on the class of the address
Class A, Class B, and Class C
Class A Addresses







Giant organizations
There are no more available
All IP addresses are of the form:
0 – 126.x.x.x
x can be between 0 and 255
The first octet is assigned to the owner, with the rest being freely
distributable to the nodes
Has a 24 bit address space
Uses up to half of the total IP addresses available!!!
Who owns these???
 Internet Service Providers
 Large internet companies

Google, CNN, WB
Class B Addresses






Large Campuses or Organizations
 Example: Colleges, including USC
These are running out!!!
All Class B Addresses are of the form:
128 - 191.x.x.x
Where x can take any number between 0 and 255
The first two octets are assigned to the address block owner, with
the last two being freely distributable
 Example: 128.125.x.x  USC
 Example: 169.232.x.x  UCLA
16-bit address space
¼ of all IP addresses belong to Class B Addresses
Class C Addresses




Small to mid-sized businesses
A fair number left
All Class C Addresses have the following
format:
192-232.x.x.x
The first three octets are assigned, with the
last being freely distributable

Only 253 distributable addresses within a Class C
Address
Reserved Addresses

Private Networks (no public connections)





10.x.x.x
172.16.x.x
192.168.x.x
127.x.x.x – local network (loopback)
255.255.255.255 – broadcast – sends to
everyone on the network
Netmasks

IP address has 2 components




Network address
Host address
Determined by the address and the class of
the address
Example (Class C):



IP Address: 192.168.3.16
Network address: 192.168.3
Host address: 16
Packet Fragmentation




Various transmission media have different
characteristics
Some require short packets others require
longer packets
E.g. satellite – longer packets
Local LAN – shorter packets
Packet Fragmentation



To optimize packet lengths for various
communication links, IP offers network elements
(routers and firewalls) the ability to slice up packets
into smaller pieces, a process called fragmentation.
The end system’s IP layer is responsible for
reassembling all fragments
Hackers use packet fragmentation to avoid being
detected by Intrusion Detection Systems
Lack of Security in IP



IP version 4 does not include any security
All components of packets are in clear text,
nothing is encrypted
Anything in the header or data segment can
be viewed or modified by the hacker


TCP/UDP Hijacking
“Man-in-the-middle” attack
ICMP



ICMP – Internet Control Message Protocol
It is the Network Plumber
Its job is to transmit command and control
information between networks and systems
ICMP examples


“ping” request = ICMP Echo message
If the “pinged” system is alive it will respond with
ICMP Echo Reply Message



Try pinging
 www.google.com
 www.yahoo.com
 www.cnn.com
Will they all work?
Some sites have disabled ping. Why?


Ping-of-death  a ping too big
Ping flooding  type of denial-of-service attack
Routers and packets

Routers



Transfer packets from network to network
They determine the path that a packet should
take across the network specifying from hop to
hop which network segments the packets should
bounce through as they travel across the network
Most networks use dynamic routing


RIP, EIGRP
We will be discussing these technologies later in
the course
Network address translation


NAT
Blocks of addresses are allotted to ISP’s and
organizations


Classes of IP Addresses
What happens when we have more
computers than IP Addresses?



We have a Class C address – allows 253
computers
Our organization has 1000 computers
What do we do???
Solution?

Reserve a range of IP addresses to build
your own IP network




10.x.y.z - un-routable IP addresses
172.16.y.z
192.168.y.z
How to connect these machines to Internet?
Network Address Translation

Use a gateway /router to map invalid addresses to
valid IP addresses


Translates your local address to a routable address
Router receives one IP Address
 Either dynamically assigns addresses to all the nodes
behind the router, or it is assigned statically using nonroutable addresses


If dynamic, uses DHCP (Dynamic Host Configuration Protocol)
When someone inside the network wants to access a
computer outside the local network (the internet), the
request is sent to the router, which uses NAT to send the
request to the internet
NAT and security?

Does NAT improve security?


It hides internal IP addresses from hacker
NAT must be combined with “firewalls” for
optimum security
Firewalls
Firewalls




Network traffic cops
Tools that control the flow of traffic going
between networks
By looking at addresses associated with
traffic, firewalls determine whether
connections should be transmitted or
dropped
We will cover the setup and configuration of
firewalls in great depth later in class