Lecture 5 in Powerpoint
Download
Report
Transcript Lecture 5 in Powerpoint
General Classes of TCP/IP Problems
TCP timers exist as a part of connection-oriented
delivery
TCP sequence numbers exist as part of reliable
delivery
The two main groups where TCP/IP security
and/or Denial of Service problems occur from
– IP Spoofing
– TCP Sequence Prediction
1
Guarding against TCP/IP Problems
Unfortunately, the problems are inherent in the
protocol since the designers created it for trust
and delivery
Cryptography in the form of encryption and
authentication would cut down on spoofing
problems
Software Fixes such as TCP wrappers, disabling
BSD-r protocols, .rhosts files
Designing networks with good network
topologies and no inherent trust relationships
2
TCP Timers
Retransmission Timer
– Used when a host expects and ACK from the other side
Connection Timer
– The initial timer set when a connection is established
when a SYN is sent
2MSL
– The timer used to measure TIME_WAIT state
Persist Timer
– Timer used to keep window size information
exchanged
Keepalive Timer (Polling)
– Keeps an idle connection alive
3
General Class of Routing Problems
Primarily dealing with problems at the network
level
IP Source Routing
– An attacker can choose a desired IP
RIP
– Bogus routing information can be propagated to
networks
EGP
– Core gateways occasionally poll each other and uses
sequence numbers that must be echoed by other end
ICMP
– ICMP redirects to advise bogus routes
4
General Class of TCP Problems
IP Spoofing
TCP Sequence Guessing
Connection Hi-jacking
Simultaneous Open
SYN, SYN-FIN, SYN-ACK
Timing Problems - Desynchronized States
5
IP Spoofing
A remote host can trivially send spoofed IP
addresses to a victim host
This attack must be in conjunction with sequence
prediction since an incorrect sequence numbers
have the target host send RST segments
Difficult to defend against
6
TCP Sequence Prediction Problem
The ISN uses a global counter for the initial
number
The increment is usually 64
SYN = ISN + Increment
4.2 BSD implementations violate RFC protocol by
setting ISN = 1
7