310 likes | 417 Views
ITP 457 Network Security. Networking Technologies II UDP, IP, and NAT. Overview. UDP IP NAT. UDP. UDP – User Datagram Protocol Also member of TCP/IP TCP and UDP are cousins An application developer can choose to transmit data using either TCP or UDP
E N D
ITP 457Network Security Networking Technologies II UDP, IP, and NAT
Overview • UDP • IP • NAT
UDP • UDP – User Datagram Protocol • Also member of TCP/IP • TCP and UDP are cousins • An application developer can choose to transmit data using either TCP or UDP • Both protocols cannot be used simultaneously in an application
UDP Characteristics • Connectionless – the protocol doesn’t know or remember the state of a connection • Does not have concept of • Session initiation • Acknowledgement • No error checking – does not retransmit lost packets nor does it put them in proper order
UDP • UDP also called: “Unreliable Damn Protocol” • It is inherently unreliable • Unreliability is ok – IF it can buy you SPEED! • Some applications more interested in getting packets across the network and don’t need super high reliability. • Good protocol for a large number of connections
UDP • Services that use UDP are • Streaming Video/ Audio • DNS queries • Online Games • Voice-over-IP (VoIP) • DHCP • DNS • SNMP • RIP
UDP header UDP source port UDP destination port Message Length Checksum Data
UDP Ports • UDP – 65,535 ports • Some typical ports: • 53 – DNS (Domain Name Server) • 67 – DHCP (Dynamic Host Control Protocol) • 69 – TFTP (Trivial File Transfer Protocol) • 161 – SNMP (Simple Network Management Protocol) • 514 – Syslog • 6112 – Battle.NET • 14567 – Battlefield 1492 • 26000 – Quake Server • 27015 – Halflife Server • For a searchable database of known ports: • http://www.ports-services.com/
IS UDP less secure than TCP? • YES! • Absence of three-way handshake implies no Sequence numbers or no control bits. • Difficult for firewalls and routers to track where the ends systems are in their communications • We cannot completely turn off UDP, due to some of the necessary protocols that use UDP
Internet Protocol( IP) • IP handles end-to-end delivery • Most commonly used network layer protocol • All traffic on the internet uses IP
Internet Protocol ( IP) • Upon receiving packet from Transport layer, IP layer generates a header • Header includes : source and destination IP addresses • Header is added to front of TCP packet to create a resulting IP packet. • Purpose of IP is to carry packets end to end across a network.
IP header Source IP address Destination IP address Data
IP addresses • Identify each individual machine on the internet • 32 bits in length • Hackers attempt to determine all IP address in use on a target network – “network mapping” • Hackers generate bogus packets appearing to come from a given IP address – “IP address spoofing”
IP Addresses in depth • 32 bits, with 8 bit groupings • E.x: 192.168.0.1 • Each number between the dots can be between 0 and 255 • 4 billion combinations • Not really • Allocated in groups called address blocks • 3 sizes, based on the class of the address • Class A, Class B, and Class C
Class A Addresses • Giant organizations • There are no more available • All IP addresses are of the form: 0 – 126.x.x.x x can be between 0 and 255 • The first octet is assigned to the owner, with the rest being freely distributable to the nodes • Has a 24 bit address space • Uses up to half of the total IP addresses available!!! • Who owns these??? • Internet Service Providers • Large internet companies • Google, CNN, WB
Class B Addresses • Large Campuses or Organizations • Example: Colleges, including USC • These are running out!!! • All Class B Addresses are of the form: 128 - 191.x.x.x Where x can take any number between 0 and 255 • The first two octets are assigned to the address block owner, with the last two being freely distributable • Example: 128.125.x.x USC • Example: 169.232.x.x UCLA • 16-bit address space • ¼ of all IP addresses belong to Class B Addresses
Class C Addresses • Small to mid-sized businesses • A fair number left • All Class C Addresses have the following format: 192-232.x.x.x • The first three octets are assigned, with the last being freely distributable • Only 253 distributable addresses within a Class C Address
Reserved Addresses • Private Networks (no public connections) • 10.x.x.x • 172.16.x.x • 192.168.x.x • 127.x.x.x – local network (loopback) • 255.255.255.255 – broadcast – sends to everyone on the network
Netmasks • IP address has 2 components • Network address • Host address • Determined by the address and the class of the address • Example (Class C): • IP Address: 192.168.3.16 • Network address: 192.168.3 • Host address: 16
Packet Fragmentation • Various transmission media have different characteristics • Some require short packets others require longer packets • E.g. satellite – longer packets • Local LAN – shorter packets
Packet Fragmentation • To optimize packet lengths for various communication links, IP offers network elements (routers and firewalls) the ability to slice up packets into smaller pieces, a process called fragmentation. • The end system’s IP layer is responsible for reassembling all fragments • Hackers use packet fragmentation to avoid being detected by Intrusion Detection Systems
Lack of Security in IP • IP version 4 does not include any security • All components of packets are in clear text, nothing is encrypted • Anything in the header or data segment can be viewed or modified by the hacker • TCP/UDP Hijacking • “Man-in-the-middle” attack
ICMP • ICMP – Internet Control Message Protocol • It is the Network Plumber • Its job is to transmit command and control information between networks and systems
ICMP examples • “ping” request = ICMP Echo message • If the “pinged” system is alive it will respond with ICMP Echo Reply Message • Try pinging • www.google.com • www.yahoo.com • www.cnn.com • Will they all work? • Some sites have disabled ping. Why? • Ping-of-death a ping too big • Ping flooding type of denial-of-service attack
Routers and packets • Routers • Transfer packets from network to network • They determine the path that a packet should take across the network specifying from hop to hop which network segments the packets should bounce through as they travel across the network • Most networks use dynamic routing • RIP, EIGRP • We will be discussing these technologies later in the course
Network address translation • NAT • Blocks of addresses are allotted to ISP’s and organizations • Classes of IP Addresses • What happens when we have more computers than IP Addresses? • We have a Class C address – allows 253 computers • Our organization has 1000 computers • What do we do???
Solution? • Reserve a range of IP addresses to build your own IP network • 10.x.y.z - un-routable IP addresses • 172.16.y.z • 192.168.y.z • How to connect these machines to Internet?
Network Address Translation • Use a gateway /router to map invalid addresses to valid IP addresses • Translates your local address to a routable address • Router receives one IP Address • Either dynamically assigns addresses to all the nodes behind the router, or it is assigned statically using non-routable addresses • If dynamic, uses DHCP (Dynamic Host Configuration Protocol) • When someone inside the network wants to access a computer outside the local network (the internet), the request is sent to the router, which uses NAT to send the request to the internet
NAT and security? • Does NAT improve security? • It hides internal IP addresses from hacker • NAT must be combined with “firewalls” for optimum security
Firewalls • Network traffic cops • Tools that control the flow of traffic going between networks • By looking at addresses associated with traffic, firewalls determine whether connections should be transmitted or dropped • We will cover the setup and configuration of firewalls in great depth later in class