320 likes | 404 Views
CIT 380: Securing Computer Systems. TCP/IP. IP: Internet Protocol. IPv4 underlies Internet. 32-bit addresses in dotted-quad: 10.17.0.90. IPv6 is successor with 128-bit addresses. Complexities: addressing, routing. IP Header. IP Header. Protocol version: IPv4
E N D
IP: Internet Protocol IPv4 underlies Internet. • 32-bit addresses in dotted-quad: 10.17.0.90. • IPv6 is successor with 128-bit addresses. Complexities: addressing, routing
IP Header Protocol version: IPv4 Header length: 5-60 32-bit words Type of service (TOS): • 3-bit precedence (ignored today) • 4 TOS bits (min delay (telnet), max throughput (ftp), max reliability, min monetary cost) • unused 0 bit
IP Header Total length: length of IP datagram (bytes) • maximum size: 65535 bytes • large packets fragmented at data link layer. • small packets may be padded to minimum length. TTL: upper limit on number of router hops. Protocol: which protocol supplied packet data. Header checksum: IP header checksum
IP Fragments IP packets may be fragmented by routers for transmission across different media. • Max IP packet size: 65536 • Max Ethernet packet size: 1500 IP headers contain fragment data: • Don’t Fragment Flag: 0=allowed, 1=don’t • More Fragments Flag: 0=last, 1=more fragments • Identification: identifies single packet for reassembly. • Fragment Offset: where contents of fragment go.
Internet Addresses 32-bit IPv4 addresses • Dotted decimal notation: ii.jj.kk.ll Divided into two parts • Network ID • Host ID • XOR address with netmask to get Network ID.
Address Classes Class A: 0.0.0.0-127.255.255.255 8-bit net ID, 24-bit host ID Class B: 128.0.0.0-191.255.255.255 16-bit net ID, 16-bit host ID Class C: 192.0.0.0-223.255.255.255 24-bit net ID, 8-bit host ID Class D: 224.0.0.0-239.255.255.255 28-bit multicast group ID Class E: 240.0.0.0-255.255.255.255 Reserved for future use
CIDR Class addressing too inefficient • Still need to aggregate routes to limit routing table size. Example:196.1.1.0/24 • 24-bits of Net ID: 196.1.1 • Remaining 8-bits are host ID Not limited to network class sizes • Example: 192.168.128.0/22 • 4 class C networks: 192.168.{128,129,130,131}.0
Network Address Translation Local network uses IETF reserved addresses. • Non-routable: no router knows how to send packets to. • RFC 1918: 10.x.y.z, 192.168.y.z, 172.16-31.y.z Gateway translates reserved addresses to unique, routable IP addresses. NAT Gateway Src = 10.0.0.1 Src = 2.3.4.5 Dst = 10.0.0.1 Dst = 2.3.4.5 Internal Network Internet
NAT Techniques One-to-one Mapping • Map each internal IP address to a single external IP addr. • Need as many external IP addresses as have simultaneous connections to Internet. Many-to-one Mapping • Port Address Translation (PAT) • Map all internal IP addresses to a single external IP addr. • NAT device encodes state by rewriting the source port and keeping a state table of the mappings.
ARP: Address Resolution Protocol MAC address determines packet destination. How does network layer supply the link layer with a MAC address? ARP: Address Resolution Protocol • Maps 32-bit IP addresses to 48-bit MAC addrs • Data link layer protocol above ethernet • RARP: Reverse ARP
ARP Example sftp zappa.nku.edu • Obtains IP address via gethostbyname() • sftp asks TCP to connect to IP address • TCP sends connection request to zappa using an IP datagram • Sending host emits ARP broadcast, asking for MAC address of given IP address • Destination host’s ARP layer receives broadcast, answers with an ARP reply w/ IP->MAC mapping • Sending host constructs ethernet frame with destination MAC address containing IP datagram • Sending host sends IP datagram
ARP Cache st361m13 (10.1.0.90) > arp -a Net to Media Table: IPv4 Device IP Address Phys Addr ------ -------------------- ------------------ hme0 at_elan.lc3net 00:00:a2:cb:28:5e hme0 10.1.0.79 00:e0:cf:00:0e:92 hme0 st361m13 08:00:20:d8:e0:07 hme0 10.1.7.103 00:90:27:b6:b5:e5 hme0 10.1.0.139 00:e0:cf:00:15:bd
Routing Table Where to send an IP packet to? Use a table lookup: routing table Search Process: • Search for a matching host address. • Search for a matching network address. • Search for a default route. No route to destination: Host or network unreachable error if search fails.
Routing Table st361m13 (10.1.0.90) > netstat –rn Routing Table: IPv4 Destination Gateway Flags Ref Use Int ------------- -------------------- ----- ----- 10.1.0.0 10.1.0.90 U 1 4977 hme0 224.0.0.0 10.1.0.90 U 1 0 hme0 default 10.1.0.1 UG 1 66480 127.0.0.1 127.0.0.1 UH 6 798905 lo0
Routing Table Destination: final destination host/network Gateway: next host in route to destination Flags U: Route is up G: Route is to a gateway (router) H: Route destination is a host (not a network) D: Route created by a redirect M: Route modified by a redirect
Routing Table 10.1.0.0 direct access to local subnet 224.0.0.0 multicast route default forward packets to router at IP 10.1.0.1 127.0.0.1 loopback
IP Routing Manual (static) routes Added with the route command. ICMP redirects can alter routes Router sends ICMP redirect when packet should’ve been sent to another router. Routing protocols Routers exchange routes with each other using special routing protocols. Full internet router tables contain ~30,000 routes. Source routing Sender includes routing info in packet header.
ICMP (Internet Control Message Protocol) Network layer protocol encapsulated in IP • Communicates error messages and exceptions. • Messages handled by either IP or TCP/UDP.
ICMP Message Types Type 0: echo (ping) reply Type 3: destination unreachable Type 4: source quench Type 5: redirect Type 8: echo (ping) request Type 9, 10: router advertisement, solicitation Type 11: time (TTL) exceeded Type 12: parameter (header) problem Type 13: timestamp Type 14: timestamp reply Type 15, 16: information request, reply
UDP: User Datagram Protocol Simple datagram transport layer protocol. Each application output generates one UDP datagram, which produces one IP datagram. Trades reliability for speed Sends datagrams directly to unreliable IP layer. 16-bit port numbers Identify sending and receiving processes. Applications DNS, SNMP, TFTP, streaming audio/video
UDP Example: TFTP Trivial File Transfer Protocol No authentication TFTP Session: sun16 > tftp at204m02 tftp> get readme.txt Received 1024 bytes in 0.2 seconds. tftp> quit
TFTP Packet Types Packet types • read a file (filename, ascii/binary) • write a file (filename, ascii/binary) • file data block • ACK • error
TFTP Session Trace at204m02 > snoop udp sun16 • 0.00000 sun16 -> at204m02 TFTP Read "2sun" (netascii) • 0.00498 at204m02 -> sun16 TFTP Data block 1 (512 bytes) • 0.00136 sun16 -> at204m02 TFTP Ack block 1 • 0.00010 at204m02 -> sun16 TFTP Data block 2 (300 bytes) (last block) 5 0.00119 sun16 -> at204m02 TFTP Ack block 2
TFTP Security Feature: no username/password required TFTP used for diskless hosts to boot. How to protect /etc/passwd? Limit TFTP server filesystem access. Generally only can access /tftpboot directory.
TCP: Transmission Control Protocol Connection-oriented Must establish connection before sending data. 3-way handshake. Reliable byte-stream TCP decides how to divide stream into packets. ACK, timeout, retransmit, reordering. 16-bit source and destination ports. FTP(21), HTTP(80), POP(110), SMTP(25)
TCP Reliability • Breaks data into best-sized chunks. • After sending segment, maintains timer; if no ACK within time limit, resends segment. • Sends ACK on receipt of packets. • Discards pkts on bad checkum of header and data. • Receiver resequences TCP segments so data arrives in order sent. • Receiver discards duplicate segments. • Flow control: only sends as much data as receiver can process.