1 / 14

CIT 380: Securing Computer Systems

CIT 380: Securing Computer Systems. TCP/IP. TCP Header. TCP Header. Sequence Number: 32-bit segment identifier. Acknowledgment: next sequence number expected by sender of ACK TCP is full duplex so both sides of connection have own set of sequence numbers

gail-porter
Download Presentation

CIT 380: Securing Computer Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. CIT 380: Securing Computer Systems TCP/IP

  2. TCP Header

  3. TCP Header • Sequence Number: 32-bit segment identifier. • Acknowledgment: next sequence number expected by sender of ACK • TCP is full duplex so both sides of connection have own set of sequence numbers • Header length: length of header in 32-bit words (20bytes default–60bytes w/ options) • Window size: number of bytes receiver is willing to accept (flow control)

  4. TCP Header Flags (Code Bits) URG: urgent pointer is valid ACK: acknowledgement number is valid PSH: rcvr should pass data to app asap RST: reset connection SYN: synchronize sequence numbers to initiate a connection FIN: sender is finished sending data

  5. TCP Connections Establishment 3-way handshake Connection Trace Termination Normal Termination Connection Trace Reset

  6. Connection Establishment Protocol • Requester (client) sends a SYN segment, specifying the port number of the server to which it wants to connect and the client’s initial sequence number (ISN). • Server responds with SYN segment containing server’s ISN. Server acknowledges client’s SYN by ACKing the client’s ISN+1. • Client acknowledges server SYN by ACKing server’s ISN+1.

  7. TCP 3-way Handshake

  8. Connection Establishment Test at204m02> /usr/sbin/snoop sun09 at204m02> nc sun09 22 SSH-1.99-OpenSSH_3.7.1p2 ^C If no services running, start your own: at204m02> nc -l -p 8192

  9. Connection Termination Protocol As TCP is full duplex, each side must terminate half of the connection as follows: Send FIN segment (active close) Other side ACKs w/ FIN sequence number +1 Half-closed connections Side that sent FIN can still receive data. Example: ssh fasthost sort < words.txt

  10. TCP Disconnection

  11. TCP Reset Connection Refused > telnet at204m02 8192 Trying 10.1.0.90... telnet: Unable to connect to remote host: Connection refused Packet Trace sun09 -> at204m02 TCP D=8192 S=33048 Syn Seq=3848454475 Len=0 Win=24820 Options=<nop,nop,sackOK,mss 1460> at204m02 -> sun09 TCP D=33048 S=8192 Rst Ack=3848454476 Win=0

  12. TCP Reset (cont.) Connection Abort Any queued data is thrown away. Other side is informed of abnormal close. Packet Detail: One side sends RST. Other side aborts connection. There is no ACK sent in response.

  13. Half-Open Connections Connections where one side has aborted or closed connection w/o knowledge of other. • Client or server host has crashed. • DOS attack: requester sends SYN, doesn’t respond to SYN+ACK.

  14. References • K. Egevang and P. Francis, “The IP Network Address Translator (NAT),” RFC 1631, http://www.ietf.org/rfc/rfc1631.txt, 1994. • J.B. Postel, “Internet Protocol,” RFC 791, “http://www.ietf.org/rfc/rfc0791.txt, 1981. • J.B. Postel, “Internet Control Message Protocol,” RFC 792, “http://www.ietf.org/rfc/rfc0792.txt, 1981. • J.B. Postel, “Transmission Control Protocol,” RFC 793, http://www.ietf.org/rfc/rfc0793.txt, 1981. • Ed Skoudis, Counter Hack, Prentice Hall, 2002. • Richard Stevens, TCP/IP Illustrated, Vol. 1, Addison-Wesley, 1994. • Richard Stevens, UNIX Network Programming, Vol. 1, Prentice-Hall, 1998. • Andrew Tannenbaum, Computer Networks, 4th edition, Prentice-Hall, 2002.

More Related