SlideShare a Scribd company logo

Security problems in TCP/IP

Sukh Sandhu
Sukh Sandhu

The TCP/IP protocol suite has a number of vulnerability and security flaws inherent in the protocols. Those vulnerabilities are often used by crackers for Denial of Service (DOS) attacks, connection hijacking and other attacks. The following are the major TCP/IP security problems: TCP SYN attacks (or SYN Flooding) ¡§CThe TCP uses sequence numbers to ensure data is given to the user in the correct order. The sequence numbers are initially established during the opening phase of a TCP connection in the three-way handshake. TCP SYN attacks take advantage of a flaw in how most hosts implement TCP three-way handshake. When Host B receives the SYN request from A, it must keep track of the partially opened connection in a "listen queue" for at least 75 seconds and a host can only keep track of a very limited number of connections. A malicious host can exploit the small size of the listen queue by sending multiple SYN requests to a host, but never replying to the SYN&ACK the other host sends back. By doing so, the other host's listen queue is quickly filled up, and it will stop accepting new connections, until a partially opened connection in the queue is completed or times out. This ability to effectively remove a host from the network for at least 75 seconds can be used as a denial-of-service attack, or it can be used to implement other attacks, like IP Spoofing. IP Spoofing - IP spoofing is an attack used to gain unauthorized access to computers, whereby the attacker sends messages to a computer with a forging IP address indicating that the message is coming from a trusted host. The IP layer assumes that the source address on any IP packet it receives is the same IP address as the system that actually sent the packet -- it does no authentication. Many higher level protocols and applications also make this assumption, so it seems that anyone able to forge the source address of an IP packet could get unauthorized privileges. There are few variations of IP Spoofing such as Blind and Non-blind spoofing, man-in-the-middle- attack (connection hijacking), etc. For details, please read the IP Spoofing section. Routing attacks ¡§C This attack takes advantage of Routing Information Protocol (RIP), which is often an essential component in a TCP/IP network. RIP is used to distribute routing information within networks, such as shortest-paths, and advertising routes out from the local network. Like TCP/IP, RIP has no built in authentication, and the information provided in a RIP packet is often used without verifying it. Attacks on RIP change where data goes to, not where it came from. For example, an attacker could forge a RIP packet, claiming his host "X" has the fastest path out of the network. All packets sent out from that network would then be routed through X, where they could be modified or examined. An attacker could also use RIP to effectively impersonate any host, by causing all traffic sent to that host to be sent to the attacker's machine

Education
1 of 18
Download to read offline
1
SECURITY PROBLEMS IN TCP/IP Reference: Security Problems in the TCP/IP Protocol Suite : by Steve Bellovin R-services Source-routing ARP attacks Session hijacking TCP session stealing 2
SECURITY PROBLEMS IN R-SERVICES rsh and rcp use the .rhosts file in your directory, which lists hosts and accounts to allows access from without a password. Allowed by /etc/inetd Example .rhosts file: red.cs.umass.edu brian *.cs.umass.edu brian * * 3
SECURITY PROBLEMS IN R-SERVICES Now that we know a machine is running rsh, how can we pretend to be another machine to gain access? Attack Defense  Source routing ignore source routes  False routing table updates secure routing protocols  Session hijacking ssh/ secure connection  ICMP redirects ?  False ARP packets Publish ARP tables  TCP session stealing ssh/ secure connection 4
SECURITY PROBLEMS IN R-SERVICES Exploiting trusted relationships: C is a trusted host to S Source routing:  IP source-route option  The responder includes the source-route on the reply packets.  Some/most OSs ignore source routes these days. X 1. C->S: spoofed packet (source-route; includes X) 2. replies C S Open a TCP connection to rshd spoofing the address of a trusted host, but include yourself in the source route. 5
SESSION HIJACKING Normal TCP operation from client, C, to server, S  C->S: SYN(ISNC) Client C Server S  S->C: SYN(ISNS), ACK(ISNC+1)  C->S: ACK(ISNS +1) SYN(ISNC)  Client and Server exchange data  ISN number generation SYN(ISNS),  4.2BSD: increments 128/sec ACK(ISNC+1 )  4.3BSD: increments 125000/sec ACK(ISNS+1) 6
SESSION HIJACKING Session hijacking: Find a machine, C, that’s down, guess the ISN. Usually in regular increments.  X->S: SYN(ISNX) [spoofs C] S: rshd server  S->C: SYN(ISNS), ACK(ISNX +1)  X->S: ACK(ISNS +1) [spoofs C; estimates ISNS]  X->S: [ echo “* *” >> ~/.rhosts] [spoofs C]  X->S: RESET [spoofs C]  X rlogins from anywhere in the world. X 3. SYN(5000), ACK(1001) 1. ISN estimation: 1: Disables C 2. SYN(1000) C S Trusted relationship 7
SESSION HIJACKING 2. Session hijacking: X 6: ACK(ISNS +1) (spoofs C; estimates ISNS) 4: SYN(ISNX) (spoofs C) C S 5: SYN(ISNS), ACK(ISNX+1) 3. Executes remote commands: X 7: [echo “* *” >> ~/.rhosts] (spoofs C) 8: RESET (spoofs C) C S 8
DISABLING HOSTS: SYN FLOODING DOS Send lots of spoofed SYN packets to a victim host Each SYN packet received causes a buffer to be allocated, and the limits of the listen()call to be reached. Morris invented SYN flooding just to launch a session hijacking attack, later used against Yahoo! 9
ATTACKING ROUTING TO EXPLOIT RSH Two types of routing: dynamic routing vs. static routing Dynamic routing updates  OSPF: link-state algorithm  RIP: distance vector algorithm Attacker injects a RIP update stating she has a path to host C  All subsequent packets to C will be routed to the attacker.  The attacker initiates connection to rshd of the server. (spoofing C) Defense: uses secure routing protocols  Only accept authenticated updates.  Requires key management. 10
ICMP ATTACK ICMP redirect: forces a machine to route through you.  Requires an existing connection  Open a spoofed connection to the host you want to attack.  Then send a spoofed ICMP redirect to the victim redirecting it to the gateway you’ve compromised. Others  ICMP destination unreachable  Frequent ICMP source quenches 11
ARP ATTACKS When a machines sends an ARP request out, you could answer that you own the address.  But in a race condition with the real machine. Unfortunately, ARP will just accept replies without requests! Just send a spoofed reply message saying your MAC address owns a certain IP address.  Repeat frequently so that cache doesn’t timeout Messages are routed through you to sniff or modify. 12
ARP SPOOFING - COUNTERMEASURES “Publish” MAC address of router/default gateway and trusted hosts to prevent ARP spoof  Statically defining the IP to Ethernet address mapping Example: arp -s hostname 00:01:02:03:04:ab pub 13
TCP SESSION STEALING Reference: “A Simple Active Attack Against TCP” by Laurent Joncheray. In Proceedings of 5th USENIX Unix Security Symposium. June 1995 Active attack using desynchronized states  The attacker is in the path b/w the client and the server  The attacker can sniff all the packets and inject some spoofed packets  Steps: 1. The attacker sniffs the communication b/w the two. 2. The attacker disables the communication by desynchronizing the client and the server. 3. The attacker injects spoofed packets that acceptable for both ends. 14
TCP SESSION STEALING Desynchronized state b/w client C and server S  Both in “Established state”  No data is being sent (stable state)  S_SEQ  C_ACK and C_SEQ  S_ACK When S_ACK < C_SEQ < S_ACK + S_Wind:  The packet is accepted (buffered) but not sent to the user When C_SEQ > S_ACK + S_Wind or C_SEQ < S_ACK :  The packet is dropped In both cases, the ACK(S_ACK) is sent (ACK packet with S_SEQ, S_ACK) 15
TCP SESSION STEALING In a desynchronized state, the attacker can send any acceptable data to the server  E.g. [echo myhost >> ~/.rhost] for rlogin X 2: X->S (spoofing C): S_ACK, S_SEQ 1: C->S: C_SEQ, C_ACK [echo myhost >> ~/.rhost] (accepted) (dropped) C S C_SEQ, C_ACK S_SEQ, S_ACK S_SEQ  C_ACK and C_SEQ  S_ACK 16
DESYNCHRONIZATION X 3,4, 6 2 Early desynchronization C S 1 1. C->S(Syn): C_Seq0 ; C: Syn_Sent 2. S->C(Syn/Ack): S_Seq0, C_Seq0+1 ; S: Syn_Rcvd ; C: Established (C_Seq0+1, S_Seq0+1) (before the packet C->S(Ack): S_Seq0+1) 3. X->S(spoofing C, Rst) 4. X->S(spoofing C, Syn): X_Seq0 ; the same port # used in (1) 5. S->C(Syn/Ack): S_Seq1, X_Seq0+1 6. X->S(spoofing C, Ack): S_Seq1+1 ; S: Established (S_Seq1+1, X_Seq0+1) 17
THE ATTACK Null data desynchronization 1. The attacker watches the session without interfering. 2. During a quiet period, the attacker sends a large amount of null data (IAC, NOP for telnet): nothing happens, server only changes the TCP Ack number 3. Now, when the client sends data, it is dropped by the server because it’s lower than the server’s window. 4. The attacker does the same with the client. Defense: ssh connection, or IPsec 18

Recommended

security problems in the tcp/ip protocol suite
security problems in the tcp/ip protocol suitesecurity problems in the tcp/ip protocol suite
security problems in the tcp/ip protocol suiteYash Kotak
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its UsesMohsin Ali
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network securityAPNIC
 
Security Attacks.ppt
Security Attacks.pptSecurity Attacks.ppt
Security Attacks.pptZaheer720515
 
Security and Viruses
Security and VirusesSecurity and Viruses
Security and VirusesAmrit Kaur
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security ArchitectureBharathiKrishna6
 
Email security
Email securityEmail security
Email securityIndrajit Sreemany
 

Recommended

security problems in the tcp/ip protocol suite
security problems in the tcp/ip protocol suitesecurity problems in the tcp/ip protocol suite
security problems in the tcp/ip protocol suiteYash Kotak
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its UsesMohsin Ali
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network securityAPNIC
 
Security Attacks.ppt
Security Attacks.pptSecurity Attacks.ppt
Security Attacks.pptZaheer720515
 
Security and Viruses
Security and VirusesSecurity and Viruses
Security and VirusesAmrit Kaur
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security ArchitectureBharathiKrishna6
 
Email security
Email securityEmail security
Email securityIndrajit Sreemany
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerNaveen Kumar
 
Security Threats at OSI layers
Security Threats at OSI layersSecurity Threats at OSI layers
Security Threats at OSI layersDepartment of Computer Science
 
Final networks lab manual
Final networks lab manualFinal networks lab manual
Final networks lab manualJaya Prasanna
 
Intruders
IntrudersIntruders
IntrudersDr.Florence Dayana
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in DepthDilum Bandara
 
Types of attacks
Types of attacksTypes of attacks
Types of attacksVivek Gandhi
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 
Dhcp ppt
Dhcp pptDhcp ppt
Dhcp pptHema Dhariwal
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Securitylalithambiga kamaraj
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
 
MAC-Message Authentication Codes
MAC-Message Authentication CodesMAC-Message Authentication Codes
MAC-Message Authentication CodesDarshanPatil82
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPSSantosh Khadsare
 
Security services and mechanisms
Security services and mechanismsSecurity services and mechanisms
Security services and mechanismsRajapriya82
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Samip jain
 
Email security presentation
Email security presentationEmail security presentation
Email security presentationSubhradeepMaji
 
WLAN Attacks and Protection
WLAN Attacks and ProtectionWLAN Attacks and Protection
WLAN Attacks and ProtectionChandrak Trivedi
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Arp spoofing
Arp spoofingArp spoofing
Arp spoofingLuthfi Widyanto
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Dr. Kapil Gupta
 
Security in mobile ad hoc networks
Security in mobile ad hoc networksSecurity in mobile ad hoc networks
Security in mobile ad hoc networksPiyush Mittal
 
Tcp
TcpTcp
Tcpgiaolvq
 
Himanshupptx
HimanshupptxHimanshupptx
HimanshupptxHimanshu Chaurishiya
 

More Related Content

What's hot

Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerNaveen Kumar
 
Final networks lab manual
Final networks lab manualFinal networks lab manual
Final networks lab manualJaya Prasanna
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in DepthDilum Bandara
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
 
MAC-Message Authentication Codes
MAC-Message Authentication CodesMAC-Message Authentication Codes
MAC-Message Authentication CodesDarshanPatil82
 
Security services and mechanisms
Security services and mechanismsSecurity services and mechanisms
Security services and mechanismsRajapriya82
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Samip jain
 
Email security presentation
Email security presentationEmail security presentation
Email security presentationSubhradeepMaji
 
WLAN Attacks and Protection
WLAN Attacks and ProtectionWLAN Attacks and Protection
WLAN Attacks and ProtectionChandrak Trivedi
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Dr. Kapil Gupta
 
Security in mobile ad hoc networks
Security in mobile ad hoc networksSecurity in mobile ad hoc networks
Security in mobile ad hoc networksPiyush Mittal
 

What's hot (20)

Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
Security Threats at OSI layers
Security Threats at OSI layersSecurity Threats at OSI layers
Security Threats at OSI layers
 
Final networks lab manual
Final networks lab manualFinal networks lab manual
Final networks lab manual
 
Intruders
IntrudersIntruders
Intruders
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
 
Dhcp ppt
Dhcp pptDhcp ppt
Dhcp ppt
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Security
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
 
MAC-Message Authentication Codes
MAC-Message Authentication CodesMAC-Message Authentication Codes
MAC-Message Authentication Codes
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPS
 
Security services and mechanisms
Security services and mechanismsSecurity services and mechanisms
Security services and mechanisms
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)
 
Email security presentation
Email security presentationEmail security presentation
Email security presentation
 
WLAN Attacks and Protection
WLAN Attacks and ProtectionWLAN Attacks and Protection
WLAN Attacks and Protection
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
Arp spoofing
Arp spoofingArp spoofing
Arp spoofing
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security
 
Security in mobile ad hoc networks
Security in mobile ad hoc networksSecurity in mobile ad hoc networks
Security in mobile ad hoc networks
 

Viewers also liked

Introduction to TCP/IP
Introduction to TCP/IPIntroduction to TCP/IP
Introduction to TCP/IPMichael Lamont
 
Osi , tcp/ip protocol and Addressing
Osi , tcp/ip protocol and Addressing Osi , tcp/ip protocol and Addressing
Osi , tcp/ip protocol and Addressing marwan aldulaimy
 
FEGTS IP training - TCP/IP Introduction
FEGTS IP training - TCP/IP IntroductionFEGTS IP training - TCP/IP Introduction
FEGTS IP training - TCP/IP IntroductionKae Hsu
 
Protocols and the TCP/IP Protocol Suite
Protocols and the TCP/IP Protocol SuiteProtocols and the TCP/IP Protocol Suite
Protocols and the TCP/IP Protocol SuiteAtharaw Deshmukh
 
Network infrastructure - TCP/IP
Network infrastructure - TCP/IPNetwork infrastructure - TCP/IP
Network infrastructure - TCP/IPraymondkao
 
Spoofing Techniques
Spoofing TechniquesSpoofing Techniques
Spoofing TechniquesRaza_Abidi
 
TCP-IP Reference Model
TCP-IP Reference ModelTCP-IP Reference Model
TCP-IP Reference ModelMukesh Tekwani
 

Viewers also liked (20)

Tcp
TcpTcp
Tcp
 
Himanshupptx
HimanshupptxHimanshupptx
Himanshupptx
 
Presentation1
Presentation1Presentation1
Presentation1
 
Introduction to TCP/IP
Introduction to TCP/IPIntroduction to TCP/IP
Introduction to TCP/IP
 
TCP/IP
TCP/IPTCP/IP
TCP/IP
 
Ip Spoofing
Ip SpoofingIp Spoofing
Ip Spoofing
 
My ppt..priya
My ppt..priyaMy ppt..priya
My ppt..priya
 
I P S P O O F I N G
I P S P O O F I N GI P S P O O F I N G
I P S P O O F I N G
 
TCP/IP Basics
TCP/IP BasicsTCP/IP Basics
TCP/IP Basics
 
Osi , tcp/ip protocol and Addressing
Osi , tcp/ip protocol and Addressing Osi , tcp/ip protocol and Addressing
Osi , tcp/ip protocol and Addressing
 
FEGTS IP training - TCP/IP Introduction
FEGTS IP training - TCP/IP IntroductionFEGTS IP training - TCP/IP Introduction
FEGTS IP training - TCP/IP Introduction
 
Protocols and the TCP/IP Protocol Suite
Protocols and the TCP/IP Protocol SuiteProtocols and the TCP/IP Protocol Suite
Protocols and the TCP/IP Protocol Suite
 
More on Tcp/Ip
More on Tcp/IpMore on Tcp/Ip
More on Tcp/Ip
 
Network infrastructure - TCP/IP
Network infrastructure - TCP/IPNetwork infrastructure - TCP/IP
Network infrastructure - TCP/IP
 
IP Spoofing
IP SpoofingIP Spoofing
IP Spoofing
 
Spoofing Techniques
Spoofing TechniquesSpoofing Techniques
Spoofing Techniques
 
TCP/IP(networking)
TCP/IP(networking)TCP/IP(networking)
TCP/IP(networking)
 
TCP-IP Reference Model
TCP-IP Reference ModelTCP-IP Reference Model
TCP-IP Reference Model
 
Ip address
Ip addressIp address
Ip address
 
Ip Spoofing
Ip SpoofingIp Spoofing
Ip Spoofing
 

Similar to Security problems in TCP/IP

Attacks and their mitigations
Attacks and their mitigationsAttacks and their mitigations
Attacks and their mitigationsMukesh Chaudhari
 
Stream ciphers presentation
Stream ciphers presentationStream ciphers presentation
Stream ciphers presentationdegarden
 
Pentesting layer 2 protocols
Pentesting layer 2 protocolsPentesting layer 2 protocols
Pentesting layer 2 protocolsAbdessamad TEMMAR
 
Packet sniffing in switched LANs
Packet sniffing in switched LANsPacket sniffing in switched LANs
Packet sniffing in switched LANsIshraq Al Fataftah
 
DDoS Attack Detection & Mitigation in SDN
DDoS Attack Detection & Mitigation in SDNDDoS Attack Detection & Mitigation in SDN
DDoS Attack Detection & Mitigation in SDNChao Chen
 
Copy of a simple tcp spoofing attack
Copy of a simple tcp spoofing attackCopy of a simple tcp spoofing attack
Copy of a simple tcp spoofing attackVishal Gurujuwada
 
New flaws in WPA-TKIP
New flaws in WPA-TKIPNew flaws in WPA-TKIP
New flaws in WPA-TKIPvanhoefm
 
Os detection with arp
Os detection with arpOs detection with arp
Os detection with arpDavid Clark
 
Cryptographic Protocols: Practical revocation and key rotation
Cryptographic Protocols: Practical revocation and key rotationCryptographic Protocols: Practical revocation and key rotation
Cryptographic Protocols: Practical revocation and key rotationPriyanka Aash
 
Type of DDoS attacks with hping3 example
Type of DDoS attacks with hping3 exampleType of DDoS attacks with hping3 example
Type of DDoS attacks with hping3 exampleHimani Singh
 
Computer network (4)
Computer network (4)Computer network (4)
Computer network (4)NYversity
 
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...idsecconf
 

Similar to Security problems in TCP/IP (20)

6005679.ppt
6005679.ppt6005679.ppt
6005679.ppt
 
Attacks and their mitigations
Attacks and their mitigationsAttacks and their mitigations
Attacks and their mitigations
 
Stream ciphers presentation
Stream ciphers presentationStream ciphers presentation
Stream ciphers presentation
 
Hacking Cisco
Hacking CiscoHacking Cisco
Hacking Cisco
 
Pentesting layer 2 protocols
Pentesting layer 2 protocolsPentesting layer 2 protocols
Pentesting layer 2 protocols
 
Network and DNS Vulnerabilities
Network and DNS VulnerabilitiesNetwork and DNS Vulnerabilities
Network and DNS Vulnerabilities
 
Packet sniffing in switched LANs
Packet sniffing in switched LANsPacket sniffing in switched LANs
Packet sniffing in switched LANs
 
08 tcp-dns
08 tcp-dns08 tcp-dns
08 tcp-dns
 
DDoS Attack Detection & Mitigation in SDN
DDoS Attack Detection & Mitigation in SDNDDoS Attack Detection & Mitigation in SDN
DDoS Attack Detection & Mitigation in SDN
 
Copy of a simple tcp spoofing attack
Copy of a simple tcp spoofing attackCopy of a simple tcp spoofing attack
Copy of a simple tcp spoofing attack
 
12 tcp-dns
12 tcp-dns12 tcp-dns
12 tcp-dns
 
Arp Cache Poisoning
Arp Cache PoisoningArp Cache Poisoning
Arp Cache Poisoning
 
New flaws in WPA-TKIP
New flaws in WPA-TKIPNew flaws in WPA-TKIP
New flaws in WPA-TKIP
 
Os detection with arp
Os detection with arpOs detection with arp
Os detection with arp
 
Sockets
SocketsSockets
Sockets
 
Sockets
SocketsSockets
Sockets
 
Cryptographic Protocols: Practical revocation and key rotation
Cryptographic Protocols: Practical revocation and key rotationCryptographic Protocols: Practical revocation and key rotation
Cryptographic Protocols: Practical revocation and key rotation
 
Type of DDoS attacks with hping3 example
Type of DDoS attacks with hping3 exampleType of DDoS attacks with hping3 example
Type of DDoS attacks with hping3 example
 
Computer network (4)
Computer network (4)Computer network (4)
Computer network (4)
 
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
 

More from Sukh Sandhu

Qualified Social Media Expert
Qualified Social Media ExpertQualified Social Media Expert
Qualified Social Media ExpertSukh Sandhu
 
An introduction to microsoft office 2007 lecture
An introduction to microsoft office 2007 lectureAn introduction to microsoft office 2007 lecture
An introduction to microsoft office 2007 lectureSukh Sandhu
 
Healthy Foods and Junk Food - Sharing some Information
Healthy Foods and Junk Food - Sharing some InformationHealthy Foods and Junk Food - Sharing some Information
Healthy Foods and Junk Food - Sharing some InformationSukh Sandhu
 
Mark-up languages
Mark-up languagesMark-up languages
Mark-up languagesSukh Sandhu
 
How to build a web page - SES Magazine
How to build a web page - SES MagazineHow to build a web page - SES Magazine
How to build a web page - SES MagazineSukh Sandhu
 
Content management system requirements checklist
Content management system requirements checklistContent management system requirements checklist
Content management system requirements checklistSukh Sandhu
 
The HTML Beginner Tutorial
The HTML Beginner Tutorial The HTML Beginner Tutorial
The HTML Beginner Tutorial Sukh Sandhu
 
Personal development plan
Personal development planPersonal development plan
Personal development planSukh Sandhu
 
How to write a good business letter
How to write a good business letter How to write a good business letter
How to write a good business letter Sukh Sandhu
 
When You Are Angry
When You Are AngryWhen You Are Angry
When You Are AngrySukh Sandhu
 

More from Sukh Sandhu (12)

Qualified Social Media Expert
Qualified Social Media ExpertQualified Social Media Expert
Qualified Social Media Expert
 
An introduction to microsoft office 2007 lecture
An introduction to microsoft office 2007 lectureAn introduction to microsoft office 2007 lecture
An introduction to microsoft office 2007 lecture
 
Healthy Foods and Junk Food - Sharing some Information
Healthy Foods and Junk Food - Sharing some InformationHealthy Foods and Junk Food - Sharing some Information
Healthy Foods and Junk Food - Sharing some Information
 
HTML standards
HTML standardsHTML standards
HTML standards
 
Mark-up languages
Mark-up languagesMark-up languages
Mark-up languages
 
How to build a web page - SES Magazine
How to build a web page - SES MagazineHow to build a web page - SES Magazine
How to build a web page - SES Magazine
 
Content management system requirements checklist
Content management system requirements checklistContent management system requirements checklist
Content management system requirements checklist
 
Web standards
Web standards Web standards
Web standards
 
The HTML Beginner Tutorial
The HTML Beginner Tutorial The HTML Beginner Tutorial
The HTML Beginner Tutorial
 
Personal development plan
Personal development planPersonal development plan
Personal development plan
 
How to write a good business letter
How to write a good business letter How to write a good business letter
How to write a good business letter
 
When You Are Angry
When You Are AngryWhen You Are Angry
When You Are Angry
 

Recently uploaded

HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxmarlenawright1
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024Elizabeth Walsh
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - Englishneillewis46
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17Celine George
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxRamakrishna Reddy Bijjam
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibitjbellavia9
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfPoh-Sun Goh
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxheathfieldcps1
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Pooja Bhuva
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfSherif Taha
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxPooja Bhuva
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxDr. Ravikiran H M Gowda
 
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxOn_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxPooja Bhuva
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxEsquimalt MFRC
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...ZurliaSoop
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...Nguyen Thanh Tu Collection
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfDr Vijay Vishwakarma
 

Recently uploaded (20)

HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxOn_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
 

Security problems in TCP/IP

  • 1. 1
  • 2. SECURITY PROBLEMS IN TCP/IP Reference: Security Problems in the TCP/IP Protocol Suite : by Steve Bellovin R-services Source-routing ARP attacks Session hijacking TCP session stealing 2
  • 3. SECURITY PROBLEMS IN R-SERVICES rsh and rcp use the .rhosts file in your directory, which lists hosts and accounts to allows access from without a password. Allowed by /etc/inetd Example .rhosts file: red.cs.umass.edu brian *.cs.umass.edu brian * * 3
  • 4. SECURITY PROBLEMS IN R-SERVICES Now that we know a machine is running rsh, how can we pretend to be another machine to gain access? Attack Defense  Source routing ignore source routes  False routing table updates secure routing protocols  Session hijacking ssh/ secure connection  ICMP redirects ?  False ARP packets Publish ARP tables  TCP session stealing ssh/ secure connection 4
  • 5. SECURITY PROBLEMS IN R-SERVICES Exploiting trusted relationships: C is a trusted host to S Source routing:  IP source-route option  The responder includes the source-route on the reply packets.  Some/most OSs ignore source routes these days. X 1. C->S: spoofed packet (source-route; includes X) 2. replies C S Open a TCP connection to rshd spoofing the address of a trusted host, but include yourself in the source route. 5
  • 6. SESSION HIJACKING Normal TCP operation from client, C, to server, S  C->S: SYN(ISNC) Client C Server S  S->C: SYN(ISNS), ACK(ISNC+1)  C->S: ACK(ISNS +1) SYN(ISNC)  Client and Server exchange data  ISN number generation SYN(ISNS),  4.2BSD: increments 128/sec ACK(ISNC+1 )  4.3BSD: increments 125000/sec ACK(ISNS+1) 6
  • 7. SESSION HIJACKING Session hijacking: Find a machine, C, that’s down, guess the ISN. Usually in regular increments.  X->S: SYN(ISNX) [spoofs C] S: rshd server  S->C: SYN(ISNS), ACK(ISNX +1)  X->S: ACK(ISNS +1) [spoofs C; estimates ISNS]  X->S: [ echo “* *” >> ~/.rhosts] [spoofs C]  X->S: RESET [spoofs C]  X rlogins from anywhere in the world. X 3. SYN(5000), ACK(1001) 1. ISN estimation: 1: Disables C 2. SYN(1000) C S Trusted relationship 7
  • 8. SESSION HIJACKING 2. Session hijacking: X 6: ACK(ISNS +1) (spoofs C; estimates ISNS) 4: SYN(ISNX) (spoofs C) C S 5: SYN(ISNS), ACK(ISNX+1) 3. Executes remote commands: X 7: [echo “* *” >> ~/.rhosts] (spoofs C) 8: RESET (spoofs C) C S 8
  • 9. DISABLING HOSTS: SYN FLOODING DOS Send lots of spoofed SYN packets to a victim host Each SYN packet received causes a buffer to be allocated, and the limits of the listen()call to be reached. Morris invented SYN flooding just to launch a session hijacking attack, later used against Yahoo! 9
  • 10. ATTACKING ROUTING TO EXPLOIT RSH Two types of routing: dynamic routing vs. static routing Dynamic routing updates  OSPF: link-state algorithm  RIP: distance vector algorithm Attacker injects a RIP update stating she has a path to host C  All subsequent packets to C will be routed to the attacker.  The attacker initiates connection to rshd of the server. (spoofing C) Defense: uses secure routing protocols  Only accept authenticated updates.  Requires key management. 10
  • 11. ICMP ATTACK ICMP redirect: forces a machine to route through you.  Requires an existing connection  Open a spoofed connection to the host you want to attack.  Then send a spoofed ICMP redirect to the victim redirecting it to the gateway you’ve compromised. Others  ICMP destination unreachable  Frequent ICMP source quenches 11
  • 12. ARP ATTACKS When a machines sends an ARP request out, you could answer that you own the address.  But in a race condition with the real machine. Unfortunately, ARP will just accept replies without requests! Just send a spoofed reply message saying your MAC address owns a certain IP address.  Repeat frequently so that cache doesn’t timeout Messages are routed through you to sniff or modify. 12
  • 13. ARP SPOOFING - COUNTERMEASURES “Publish” MAC address of router/default gateway and trusted hosts to prevent ARP spoof  Statically defining the IP to Ethernet address mapping Example: arp -s hostname 00:01:02:03:04:ab pub 13
  • 14. TCP SESSION STEALING Reference: “A Simple Active Attack Against TCP” by Laurent Joncheray. In Proceedings of 5th USENIX Unix Security Symposium. June 1995 Active attack using desynchronized states  The attacker is in the path b/w the client and the server  The attacker can sniff all the packets and inject some spoofed packets  Steps: 1. The attacker sniffs the communication b/w the two. 2. The attacker disables the communication by desynchronizing the client and the server. 3. The attacker injects spoofed packets that acceptable for both ends. 14
  • 15. TCP SESSION STEALING Desynchronized state b/w client C and server S  Both in “Established state”  No data is being sent (stable state)  S_SEQ  C_ACK and C_SEQ  S_ACK When S_ACK < C_SEQ < S_ACK + S_Wind:  The packet is accepted (buffered) but not sent to the user When C_SEQ > S_ACK + S_Wind or C_SEQ < S_ACK :  The packet is dropped In both cases, the ACK(S_ACK) is sent (ACK packet with S_SEQ, S_ACK) 15
  • 16. TCP SESSION STEALING In a desynchronized state, the attacker can send any acceptable data to the server  E.g. [echo myhost >> ~/.rhost] for rlogin X 2: X->S (spoofing C): S_ACK, S_SEQ 1: C->S: C_SEQ, C_ACK [echo myhost >> ~/.rhost] (accepted) (dropped) C S C_SEQ, C_ACK S_SEQ, S_ACK S_SEQ  C_ACK and C_SEQ  S_ACK 16
  • 17. DESYNCHRONIZATION X 3,4, 6 2 Early desynchronization C S 1 1. C->S(Syn): C_Seq0 ; C: Syn_Sent 2. S->C(Syn/Ack): S_Seq0, C_Seq0+1 ; S: Syn_Rcvd ; C: Established (C_Seq0+1, S_Seq0+1) (before the packet C->S(Ack): S_Seq0+1) 3. X->S(spoofing C, Rst) 4. X->S(spoofing C, Syn): X_Seq0 ; the same port # used in (1) 5. S->C(Syn/Ack): S_Seq1, X_Seq0+1 6. X->S(spoofing C, Ack): S_Seq1+1 ; S: Established (S_Seq1+1, X_Seq0+1) 17
  • 18. THE ATTACK Null data desynchronization 1. The attacker watches the session without interfering. 2. During a quiet period, the attacker sends a large amount of null data (IAC, NOP for telnet): nothing happens, server only changes the TCP Ack number 3. Now, when the client sends data, it is dropped by the server because it’s lower than the server’s window. 4. The attacker does the same with the client. Defense: ssh connection, or IPsec 18