Slide #1

CIT 380: Securing Computer Systems

TCP/IP

IP: Internet Protocol

IPv4 underlies Internet.– 32-bit addresses in dotted-quad: 10.17.0.90.– IPv6 is successor with 128-bit addresses.

Complexities: addressing, routing

Slide #2

Slide #3

IP Header

Slide #4

IP Header

Protocol version: IPv4

Header length: 5-60 32-bit words

Type of service (TOS):– 3-bit precedence (ignored today)– 4 TOS bits (min delay (telnet), max throughput

(ftp), max reliability, min monetary cost)– unused 0 bit

Slide #5

IP Header

Total length: length of IP datagram (bytes)– maximum size: 65535 bytes– large packets fragmented at data link layer.– small packets may be padded to minimum length.

TTL: upper limit on number of router hops.Protocol: which protocol supplied packet data.Header checksum: IP header checksum

Slide #6

IP Fragments

IP packets may be fragmented by routers for transmission across different media.– Max IP packet size: 65536– Max Ethernet packet size: 1500

IP headers contain fragment data:– Don’t Fragment Flag: 0=allowed, 1=don’t– More Fragments Flag: 0=last, 1=more fragments– Identification: identifies single packet for

reassembly.– Fragment Offset: where contents of fragment go.

Slide #7

Internet Addresses

32-bit IPv4 addresses– Dotted decimal notation: ii.jj.kk.ll

Divided into two parts– Network ID– Host ID– XOR address with netmask to get Network ID.

Network ID Host ID

Slide #8

Address ClassesClass A: 0.0.0.0-127.255.255.255

8-bit net ID, 24-bit host IDClass B: 128.0.0.0-191.255.255.255

16-bit net ID, 16-bit host IDClass C: 192.0.0.0-223.255.255.255

24-bit net ID, 8-bit host IDClass D: 224.0.0.0-239.255.255.255

28-bit multicast group IDClass E: 240.0.0.0-255.255.255.255

Reserved for future use

Slide #9

CIDR

Class addressing too inefficient– Still need to aggregate routes to limit routing table size.

Example:196.1.1.0/24– 24-bits of Net ID: 196.1.1

– Remaining 8-bits are host ID

Not limited to network class sizes– Example: 192.168.128.0/22

– 4 class C networks: 192.168.{128,129,130,131}.0

Slide #10

Network Address TranslationLocal network uses IETF reserved addresses.

– Non-routable: no router knows how to send packets to.

– RFC 1918: 10.x.y.z, 192.168.y.z, 172.16-31.y.z

Gateway translates reserved addresses to unique, routable IP addresses.

NATGateway

Src = 10.0.0.1

Dst = 10.0.0.1

Src = 2.3.4.5

Dst = 2.3.4.5

Internal Network Internet

Slide #11

NAT Techniques

One-to-one Mapping– Map each internal IP address to a single external IP addr.

– Need as many external IP addresses as have simultaneous connections to Internet.

Many-to-one Mapping– Port Address Translation (PAT)

– Map all internal IP addresses to a single external IP addr.

– NAT device encodes state by rewriting the source port and keeping a state table of the mappings.

Slide #12

ARP: Address Resolution Protocol

MAC address determines packet destination.

How does network layer supply the link layer with a MAC address?

ARP: Address Resolution Protocol– Maps 32-bit IP addresses to 48-bit MAC addrs– Data link layer protocol above ethernet– RARP: Reverse ARP

Slide #13

ARP Example

sftp zappa.nku.edu

1. Obtains IP address via gethostbyname() 2. sftp asks TCP to connect to IP address3. TCP sends connection request to zappa using an IP

datagram4. Sending host emits ARP broadcast, asking for MAC

address of given IP address5. Destination host’s ARP layer receives broadcast, answers

with an ARP reply w/ IP->MAC mapping6. Sending host constructs ethernet frame with destination

MAC address containing IP datagram7. Sending host sends IP datagram

Slide #14

ARP Cachest361m13 (10.1.0.90) > arp -a

Net to Media Table: IPv4Device IP Address Phys Addr ------ -------------------- ------------------hme0 at_elan.lc3net 00:00:a2:cb:28:5ehme0 10.1.0.79 00:e0:cf:00:0e:92hme0 st361m13 08:00:20:d8:e0:07hme0 10.1.7.103 00:90:27:b6:b5:e5hme0 10.1.0.139 00:e0:cf:00:15:bd

Slide #15

IP Routing

Slide #16

Routing Table

Where to send an IP packet to?Use a table lookup: routing tableSearch Process:

1. Search for a matching host address.2. Search for a matching network address.3. Search for a default route.

No route to destination: Host or network unreachable error if search fails.

Slide #17

Routing Tablest361m13 (10.1.0.90) > netstat –rn

Routing Table: IPv4Destination Gateway Flags Ref Use Int------------- -------------------- ----- -----10.1.0.0 10.1.0.90 U 1 4977 hme0224.0.0.0 10.1.0.90 U 1 0 hme0default 10.1.0.1 UG 1 66480 127.0.0.1 127.0.0.1 UH 6 798905 lo0

Slide #18

Routing Table

Destination: final destination host/networkGateway: next host in route to destinationFlags

U: Route is upG: Route is to a gateway (router)H: Route destination is a host (not a network)D: Route created by a redirectM: Route modified by a redirect

Slide #19

Routing Table

10.1.0.0direct access to local subnet

224.0.0.0multicast route

defaultforward packets to router at IP 10.1.0.1

127.0.0.1loopback

Slide #20

IP RoutingManual (static) routes

Added with the route command.

ICMP redirects can alter routesRouter sends ICMP redirect when packet should’ve been

sent to another router.

Routing protocolsRouters exchange routes with each other using special

routing protocols.

Full internet router tables contain ~30,000 routes.

Source routingSender includes routing info in packet header.

ICMP (Internet Control Message Protocol)

Network layer protocol encapsulated in IP– Communicates error messages and exceptions.– Messages handled by either IP or TCP/UDP.

Slide #21

Slide #22

ICMP (Internet Control Message Protocol)

IP Header (20 bytes) ICMP Message

8-bit type 8-bit code 16-bit checksum

Contents (always

depend contains

on type and code

IP header + 8 data bytes)

Slide #23

ICMP Message TypesType 0: echo (ping) replyType 3: destination unreachableType 4: source quenchType 5: redirectType 8: echo (ping) requestType 9, 10: router advertisement, solicitationType 11: time (TTL) exceededType 12: parameter (header) problemType 13: timestampType 14: timestamp replyType 15, 16: information request, reply

Slide #24

UDP: User Datagram Protocol

Simple datagram transport layer protocol.Each application output generates one UDP

datagram, which produces one IP datagram.Trades reliability for speed

Sends datagrams directly to unreliable IP layer.

16-bit port numbersIdentify sending and receiving processes.

ApplicationsDNS, SNMP, TFTP, streaming audio/video

Slide #25

UDP Header

Slide #26

UDP Example: TFTP

Trivial File Transfer ProtocolNo authentication

TFTP Session:

sun16 > tftp at204m02tftp> get readme.txtReceived 1024 bytes in 0.2 seconds.tftp> quit

Slide #27

TFTP Packet Types

Packet types1) read a file (filename, ascii/binary)

2) write a file (filename, ascii/binary)

3) file data block

4) ACK

5) error

Slide #28

TFTP Packet Diagram

Slide #29

TFTP Session Traceat204m02 > snoop udp sun16 1 0.00000 sun16 -> at204m02 TFTP Read "2sun"

(netascii)

2 0.00498 at204m02 -> sun16 TFTP Data block 1 (512 bytes)

3 0.00136 sun16 -> at204m02 TFTP Ack block 1

4 0.00010 at204m02 -> sun16 TFTP Data block 2 (300 bytes) (last block)

5 0.00119 sun16 -> at204m02 TFTP Ack block 2

Slide #30

TFTP Security

Feature: no username/password requiredTFTP used for diskless hosts to boot.

How to protect /etc/passwd?Limit TFTP server filesystem access.

Generally only can access /tftpboot directory.

Slide #31

TCP: Transmission Control Protocol

Connection-orientedMust establish connection before sending data.

3-way handshake.

Reliable byte-streamTCP decides how to divide stream into packets.

ACK, timeout, retransmit, reordering.

16-bit source and destination ports.FTP(21), HTTP(80), POP(110), SMTP(25)

Slide #32

TCP Reliability1. Breaks data into best-sized chunks.2. After sending segment, maintains timer; if no

ACK within time limit, resends segment.3. Sends ACK on receipt of packets.4. Discards pkts on bad checkum of header and

data.5. Receiver resequences TCP segments so data

arrives in order sent.6. Receiver discards duplicate segments.7. Flow control: only sends as much data as

receiver can process.