Lecture 14 Review of TCP/IP Internetworking

1

Lecture 14

Review of TCP/IP

Internetworking

2

Single Network: applications, client and server hosts, switches, access links, trunk

links, frames, path

ClientHost

Mobile ClientHost

ServerHost

ServerHost

Frame

Trunk Link

AccessLink

Path

3

Frame Organization

Trailer HeaderData Field

DestinationAddress

FieldMessage Structure

Frame

OtherHeaderField

4

Switching Decision

StationA

StationB

StationC

StationD

Switch

Switch receivesA frame, sends

It back outBased on

DestinationAddress

1 2 3 4 5 6

Frame with Station CIn the destination

Address field

5

An Internet

An internet is two or more individual switched networks connected by routers

SwitchedNetwork 1

SwitchedNetwork 2

Switched Network 3 Router

6

An Internet

Routers

RouteSingle Network

Single Network

Multiple Networks

Connected by Routers

Path of a Packet is its Route

Packet

7

Network

The Internet

Browser

Packet

Router

PacketRouter

Packet

Route

WebserverSoftware

Router

The globalInternet has

thousands of networks

8

Frames and Packets

ServerSwitch

Switch

RouterA

Router B

Client PC

Packet

Packet

Frame 1Carrying Packet

in Network 1

Frame 2Carrying Packet

in Network 2Frame 3Carrying Packet

in Network 3

9

Frames and Packets

Like passing a shipment (the packet) from a truck (frame) to an airplane (frame) at an airport.

Truck

SameShipment

Airplane

Airport AirportTruck

Shipper Receiver

10

TCP/IP Standards

Origins Defense Advanced Research Projects Agency

(DARPA) created the ARPANET

An internet connects multiple individual networks

Global Internet is capitalized

Internet Engineering Task Force (IETF)

Most IETF documents are requests for comments (RFCs)

Internet Official Protocol Standards: List of RFCs that are official standards

11

TCP/IP Standards

Hybrid TCP/IP-OSI Architecture Combines TCP/IP standards at layers 3-5 with OSI standards at layers 1-2

TCP/IP

Application

Transport

Internet

OSI

Subnet Access: UseOSI Standards Here

Hybrid TCP/IP-OSI

Application

Presentation

Session

Application

Transport Transport

Network Internet

Data Link Data Link

Physical Physical

12

TCP/IP Standards

OSI Layers Physical (Layer 1): defines electrical signaling

and media between adjacent devices

Data link (Layer 2): control of a frame through a single network, across multiple switches

SwitchedNetwork 1

Data Link

Physical Link Frame

13

TCP/IP Standards

Internet Layer Governs the transmission of a packet across an

entire internet. Path of the packet is its route

SwitchedNetwork 1

SwitchedNetwork 2

Switched Network 3 RouterRoute

Packet

14

TCP/IP Standards

Frames and Packets Frames are messages at the data link layer

Packets are messages at the internet layer

Packets are carried (encapsulated) in frames

There is only a single packet that is delivered from source to destination host

This packet is carried in a separate frame in each network

15

Internet and Transport Layers

Transport LayerEnd-to-End (Host-to-Host)

TCP is Connection-Oriented, ReliableUDP is Connectionless Unreliable

Client PC ServerInternet Layer(Usually IP)

Hop-by-Hop (Host-Router or Router-Router)Connectionless, Unreliable

Router 1 Router 2 Router 3

16

TCP/IP Standards

Internet and Transport Layers Purposes

Internet layer governs hop-by-hop transmission between routers to achieve end-to-end delivery

Transport layer is end-to-end (host-to-host) protocol involving only the two hosts

17

TCP/IP Standards

Internet and Transport Layers Internet Protocol (IP)

IP at the internet layer is unreliable—does not correct errors in each hop between routers

This is good: reduces the work each router along the route must do

18

TCP/IP Standards

Transport Layer Standards Transmission Control Protocol (TCP)

Reliable and connection-oriented service at the transport layer

Corrects errors

User Datagram Protocol (UDP) Unreliable and connectionless service at the

transport layer Lightweight protocol good when catching

errors is not important

19

HTML and HTTP at the Application Layer

Webserver

60.168.47.47

Hypertext Markup Language (HTML) Document or Other File (jpeg, etc.)

Client PC with Browser 123.34.150.37

Hypertext Transfer Protocol (HTTP) Requests and Responses

20

TCP/IP Standards

Application Layer To govern communication between application

programs, which may be written by different vendors

Document transfer versus document format standards HTTP / HTML for WWW service SMTP / RFC 822 (or RFC 2822) in e-mail

Many application standards exist because there are many applications

21

TCP/IP and OSI Architectures: Recap

TCP/IP

Application

Transport

Internet

OSI


Hybrid TCP/IP-OSI

Application

Presentation

Session

Application

Transport Transport

Network Internet

Data Link Data Link

Physical Physical

Note: The Hybrid TCP/IP-OSI Architecture is used on the Internet anddominates internal corporate networks.

22

IP Packet

Total Length(16 bits)

Identification (16 bits)

Header Checksum (16 bits)Time to Live

(8 bits)

Flags

Protocol (8 bits)1=ICMP, 6=TCP,

17=TCP

Bit 0 Bit 31IP Version 4 Packet

Source IP Address (32 bits)

Fragment Offset (13 bits)

Diff-Serv(8 bits)

HeaderLength(4 bits)

Version(4 bits)

Destination IP Address (32 bits)

Options (if any) Padding

Data Field

0100

23

IP Packet

Version Has value of four (0100)

Time to Live (TTL) Prevents the endless circulation of mis-addressed

packets Value is set by sender Decremented by one by each router along the

way If reaches zero, router throws packet away

24

IP Packet

Protocol Field Identifies contents of data field 1 = ICMP 6 = TCP 17 =UDP

IP HeaderProtocol=1

IP Data FieldICMP Message

IP HeaderProtocol=6

IP Data FieldTCP Segment

IP HeaderProtocol=17

IP Data FieldUDP Datagram

25

IP Packet

Header checksum to check for errors in the header only Faster than checking the whole packet Stops bad headers from causing problems IP Version 6 drops eve this checking

Address Fields 32 bits long, of course

Options field(s) give optional parameters

Data field contains the payload of the packet.

26

Layer Cooperation Through Encapsulation on the Source Host

ApplicationProcess

HTTPMessage

TransportProcess

HTTPMessage

TCPHdr

InternetProcess

HTTPMessage

TCPHdr

IPHdr

Encapsulation of HTTPmessage in data field ofa TCP segment

Encapsulation of TCPsegment in data fieldof an IP packet

27


InternetProcess

Data LinkProcess

PhysicalProcess

Encapsulationof IP packet in

data field ofa frame

HTTPMessage

TCPHdr

IPHdr

HTTPMessage

TCPHdr

IPHdr

DLHdr

DLTrlr

Converts Bits of Frame into Signals

28


DLTrlr

Note: The following is the final frame for supervisory TCP segments:

TCPHdr

IPHdr

DLHdr

29

Layer Cooperation Through Decapsulation on the Destination Host

ApplicationProcess

HTTPMessage

TransportProcess

HTTPMessage

TCPHdr

InternetProcess

HTTPMessage

TCPHdr

IPHdr

Decapsulation of HTTPmessage from data field ofa TCP segment

Decapsulation of TCPsegment from data fieldof an IP packet

30

Layer Cooperation Through Decapsulation on the Destination Host

InternetProcess

Data LinkProcess

PhysicalProcess

Decapsulation of IPpacket from datafield of a frame

HTTPMessage

TCPHdr

IPHdr

HTTPMessage

TCPHdr

IPHdr

DLHdr

DLHdr

Converts Signals into the Bits of the Frame

31

Vertical Communication on Router R1

Port 1DL

Port 2DL

Port 3DL

Port 4DL

PHY PHY PHY PHY

Internet Layer Process Packet

Frame

Router R1

Switch X2

A

Decapsulation

Notes:A. Router R1 receives frame from Switch X2

in Port 1.Port 1 DL process decapsulates packet.Port 1 DL process passes packet to internet process.

32

Vertical Communication on Router R1

Port 1DL

Port 2DL

Port 3DL

Port 4DL

PHY PHY PHY PHY

Internet Layer Process Packet

Frame

Router R1

Router 2

B

Encapsulation

B. Internet process sends packet out on Port 4.DL Process on Port 4 encapsulates

packet in a PPP frame.DL process passes frame to Port 4

PHY.

33

Packet

Site Connection to an ISP

2.Packet Carried

in ISP Carrier Frame

4.Data LinkBetween

Site and ISP(Difficult to Attack)

BorderFirewall

3.Packet Carried in Site Frame

Packet

1.Frame for This

Data Link

Site Network

5. Normally, Only the Arriving Packet is Dangerous—Not the Frame Fields

ISP

Packet

ISP Router

Internet Backbone

34

Internet Protocol (IP)

Basic Characteristics

There were already single networks, and many more would come in the future

Developers needed to make a few assumptions about underlying networks

So they kept IP simple

35


Connection-Oriented Service and Connectionless Service

Connection-oriented services have distinct starts and closes (telephone calls)

Connectionless services merely send messages (postal letters)

IP is connectionless

36

IP Packet

PCInternet Process

First RouterInternet Process

IP Packet

ConnectionlessPackets Sent in Isolation

Like Postal Letters

UnreliableNo Error Correction

Discarded by Receiver if Error is DetectedLeaves Error Correction to Transport Layer

Reduces the Cost of Routers

37


IP is Unreliable (Checks for Errors but does not Correct Errors) Not doing error correction at each hop between

switches reduces switch work and so switch cost

Does not even guarantee packets will arrive in order

38


Hierarchical IP Addresses Postal addresses are hierarchical (state, city,

postal zone, specific address)

Most post offices have to look only at state and city

Only the final post offices have to be concerned with specific addresses

39

Hierarchical IP Address

Network Part (not always 16 bits)

Subnet Part (not always 8 bits)

Host Part (not always 8 bits)

Total always is 32 bits.

128.171.17.13

Host 13128.171.17.13

CBA Subnet(17)

UH Network(128.171)

The Internet

40


Hierarchical IP Addresses 32-bit IP addresses are hierarchical (Figure 3-

15)

Network part tells what network host is on

Subnet part tells what subnet host is on within the network

Host part specifies the host on its subnet

Routers have to look only at network or subnet parts, except for the router that delivers the packet to the destination host

41


Hierarchical IP Addresses 32-bit IP addresses are hierarchical

Total is 32 bits; part sizes vary

Network mask tells you the size of the network part (Figure 3-16)

Subnet mask tells you the length of the network plus subnet parts combined

42

IP Address Masking with Network and Subnet Masks

Network Masking Subnet Masking

Mask Represents Tells the size of the network part

Tells the size of the network and the subnet parts combined

Eight ones give the decimal value

255 255

Eight zeros give the decimal value

0 0

Masking gives IP address bit where the mask value is 1; 0 where the mask bit is 0

IP address bit where the mask value is 1; 0 where mask bit is 0

43

IP Address Masking with Network and Subnet Masks

Example 1 Network Masking Subnet Masking

IP Address 128.171.17.13 128.171.17.13

Mask 255.255.0. 0 255.255.255.0

Result 128.171.0. 0 128.171.17.0

Meaning 16-bit network part is 128.171 Combined 24-bit network plus subnet part are 128.171.17

Example 2

IP Address 60.47.123.7 60.47.123.7

Mask 255.0.0.0 255.255.0.0

Result 60.0.0.0 60.47.0.0

Meaning 8-bit network part is 60 Combined 16-bit network plus subnet parts are 60.47

44

IP Address Spoofing

Trusted Server60.168.4.6

Victim Server60.168.47.47

1. Trust Relationship

2. Attack Packet

Spoofed Source IP Address60.168.4.6

Attacker’s Identity is Not Revealed

Attacker’s Client PC1.34.150.37

3. Server Accepts Attack Packet

45


IP Addresses and Security

IP address spoofing: Sending a message with a false IP address (Figure 3-17)

Gives sender anonymity so that attacker cannot be identified

Can exploit trust between hosts if spoofed IP address is that of a host the victim host trusts

46


IP Addresses and Security LAND attack: send victim a packet with victim’s

IP address in both source and destination address fields and the same port number for the source and destination. In 1997, many computers, switches, routers, and even printers, crashed when they received such a packet.

47

LAND Attack Based on IP Address Spoofing

Victim

60.168.47.47 Port 23 Open

Crashes

From: 60.168.47.47:23 To: 60.168.47.47:23Attacker

1.34.150.37

Source and Destination IP Addresses are the Same

Source and Destination Port Numbers are the Same

48


Other IP Header Fields Protocol field: Identifies content of IP data field

Firewalls need this information to know how to process the packet

49


Other IP Header Fields Time-to-Live field

Each router decrements the TTL value by one

Router decrementing TTL field to zero discards the packet

50


Other IP Header Fields Time-to-Live field

Router also sends an error advisement message to the sender

The packet containing this message reveals the sender’s IP address to the attacker

Traceroute uses TTL to map the route to a host (Figure 3-19) Tracert on Windows machines

51

Tracert Program in Windows

52


Other IP Header Fields Header Length field and Options

With no options, Header Length is 5 Expressed in units of 32 bits So, 20 bytes

Many options are dangerous So if Header Length is More Than 5, be

Suspicious Some firms drop all packets with options

53


Other IP Header Fields Length Field

Gives length of entire packet

Maximum is 65,536 bytes

Ping-of-Death attack sent IP packets with longer data fields

Many systems crashed

54

Ping-of-Death Attack

Victim 60.168.47.47

Crashes

IP Packet Containing ICMP Echo Message That is Illegally Long

Attacker 1.34.150.37

55


Other IP Header Fields Fragmentation

Routers may fragment IP packets (really, packet data fields) en route All fragments have same Identification field

value Fragment offset values allows fragments

to be ordered More fragments is 0 in the last fragment

56



Harms packet inspection: TCP header, etc. only in first packet in series

Cannot filter on TCP header, etc. in subsequent packets

57

TCP Header is Only in the First Fragment of a Fragmented IP Packet

5. Firewall 60.168.47.47

Can Only Filter TCP

Header in First Fragment


1. Fragmented IP Packet

2. Second Fragment

4. TCP Data Field

NoTCP Header

IP Header

TCP Data Field

2. First Fragment

IP Header

3. TCP Header Only in First Fragment

58



Teardrop attack: Crafted fragmented packet does not make sense when reassembled

Some firewalls drop all fragmented packets, which are rare today

59

Teardrop Denial-of-Service Attack

Victim 60.168.47.47

CrashesAttack Pretends to be Fragmented

IP Packet When Reassembled, “Packet” does not Make Sense.

Gaps and Overlaps


“Defragmented” IP Packet”

Gap Overlap

60

IP Packet with a TCP Segment Data Field

Source Port Number (16 bits) Destination Port Number (16 bits)

Bit 0 Bit 31

Acknowledgment Number (32 bits)

Sequence Number (32 bits)

TCP Checksum (16 bits)

Window Size(16 bits)

Flag Fields(6 bits)

Reserved(6 bits)


Urgent Pointer (16 bits)

IP Header (Usually 20 Bytes)

61

Transmission Control Protocol (TCP)

TCP Messages are TCP Segments Flags field has several one-bit flags: ACK, SYN,

FIN, RST, etc.

Window Size(16 bits)

Flag Fields(6 bits)

Reserved(6 bits)


62


Reliable Receiving process sends ACK to sending process if

segment is correctly received ACK bit is set (1) in acknowledgement segments

If sending process does not get ACK, resends the segment

PCTransport Process

WebserverTransport Process

TCP Segment

TCP Segment (ACK)

63


Connections: Opens and Closes Formal open and close

Three-way open: SYN, SYN/ACK, ACK (Figure 3-25)

Normal four-way close: FIN, ACK, FIN, ACK (Figure 3-25)

Abrupt close: RST (Figure 3-26)

64

Communication During a TCP Session

PCTransport Process


1. SYN (Open)

2. SYN, ACK (1) (Acknowledgement of 1)

3. ACK (2)

Open(3)

3-Way Open

65


PCTransport Process


1. SYN (Open)

2. SYN, ACK (1) (Acknowledgement of 1)

3. ACK (2)

4. Data = HTTP Request

5. ACK (4)

6. Data = HTTP Response

7. ACK (6)

Open(3)

CarryHTTPReq &Resp

(4)

66


PCTransport Process


8. Data = HTTP Request (Error)CarryHTTPReq &Resp

(4)

9. Data = HTTP Request (No ACK so Retransmit)

10. ACK (9)

11. Data = HTTP Response

12. ACK (11)

Error Handling

67


PCTransport Process


Close(4)

13. FIN (Close)

14. ACK (13)

15. FIN

16. ACK (15)

Note: An ACK may be combined with the next message if the next messageis sent quickly enough

Normal Four-Way Close

68


PCTransport Process


Close(1)

RST

Abrupt Close

Either side can sendA Reset (RST) Segment

At Any TimeEnds the Session Immediately

69

SYN/ACK Probing Attack Using Reset (RST)

SYN/ACK Segment

Victim 60.168.47.47

Crashes


1. Probe 60.168.47.47

5. 60.168.47.47

is Live! 4. Source IP Addr=

60.168.47.473. Go Away!

2. No Connection: Makes No Sense!

IP Hdr RST Segment

70


Sequence and Acknowledgement Number

Sequence numbers identify segment’s place in the sequence

Acknowledgement number identifies which segment is being acknowledged


Acknowledgment Number (32 bits)

Sequence Number (32 bits)

71


Port Number

Port numbers identify applications

Well-known ports (0-1023) used by applications that run as root (Figure 3-27)

HTTP=80, Telnet=23, FTP=21 for supervision, 20 for data transfer, SMTP=25


72


Port Number

Registered ports (1024-49152) for any application

Ephemeral/dynamic/private ports (49153-65535) used by client (16,383 possible)

Not all operating systems uses these port ranges, although all use well-known ports

73


Port Number

Socket format is IP address: Port, for instance, 128.171.17.13:80 Designates a specific program on a specific

machine

Port spoofing (Figure 3-28) Incorrect application uses a well-known port Especially 80, which is often allowed through

firewalls

128.171.17.13:80

74

Use of TCP and UDP Port Number

Client60.171.18.22

From: 60.171.18.22:50047To: 60.171.17.13:80

SMTP Server123.30.17.120

Port 25

Webserver60.171.17.13

Port 80

75


Client60.171.18.22

From: 60.171.17.13:80To: 60.171.18.22:50047


Port 25


Port 80From: 60.171.18.22:50047

To: 60.171.17.13:80

76


From: 60.171.18.22:60003To: 123.30.17.120:25

Client60.171.18.22


Port 25


Port 80

77


From: 60.171.18.22:60003To: 123.30.17.120:25

Client60.171.18.22

From: 60.171.18.22:50047To: 60.171.17.13:80


Port 25


Port 80

Clients Used DifferentEphemeral Ports for

Different Connections

78

User Data Protocol (UDP)

UDP Datagrams are Simple Source and destination port numbers (16 bits

each) UDP length (16 bits) UDP checksum (16 bits)

Bit 0 Bit 31



UDP Length (16 bits) UDP Checksum (16 bits)

Data Field

79

User Data Protocol (UDP)

Port Spoofing Still Possible

UDP Datagram Insertion Insert UDP datagram into an ongoing dialog

stream Hard to detect because no sequence numbers in

UDP

80

Internet Control Message Protocol (ICMP)

ICMP is for Supervisory Messages at the Internet Layer

ICMP and IP An ICMP message is delivered (encapsulated) in

the data field of an IP packet

Types and Codes Type: General category of supervisory

message Code: Subcategory of type (set to zero if there is

no code)

81

Internet Control Message Protocol (ICMP) for Supervisory Messages

“Host Unreachable”

Error Message

Router

“Echo”“EchoReply”

ICMP Message IP Header

82

IP Packet with an ICMP Message Data Field

Bit 31


Type (8 bits) Depends on Type and Code

Depends on Type and Code

Bit 0

Code (8 bits)

83

Internet control Message Protocol (ICMP)

Network Analysis Messages Echo (Type 8, no code) asks target host if it is

operational and available Echo reply (Type 0, no code). Target host

responds to echo sender Ping program implements Echo and Echo Reply.

Like submarine pinging a target Ping is useful for network managers to diagnose

problems based on failures to reply Ping is useful for hackers to identify potential

targets: live ones reply

84


Error Advisement Messages Advise sender of error but there is no error

correction Host Unreachable (Type 3, multiple codes)

Many codes for specific reasons for host being unreachable

Host unreachable packet’s source IP address confirms to hackers that the IP address is live and therefore a potential victim

Usually sent by a router

85


Error Advisement Messages Time Exceeded (Type 11, no codes)

Router decrementing TTL to 0 discards packet, sends time exceeded message

IP header containing error message reveals router’s IP address

By progressively incrementing TTL values by 1 in successive packets, attacker can scan progressively deeper into the network, mapping the network

Also usually sent by a router

86


Control Codes Control network/host operation Source Quench (Type=4, no code)

Tells destination host to slow down its transmission rate

Legitimate use: Flow control if host sending source quench is overloaded

Attackers can use for denial-of-service attack

87


Control Codes Redirect (Type 5, multiple codes)

Tells host or router to send packets in different way than they have

Attackers can disrupt network operations, for example, by sending packets down black holes

Many Other ICMP Messages

88

Topics Covered

Network Elements

Client and server stations

Applications

Trunk lines and access lines

Switches and routers

Messages (frames)

89

Topics Covered

Messages (frames) may have headers, data fields, and trailers

Headers have source and destination address fields

Switches forward (switch) frames based on the value in the destination address field

Based on field value, switch sends frames out a different port that the one on which the frame arrived

90

Topics Covered

Internets Group of networks connected by routers

The Internet is a global internet Organizations connect via ISPs

Internet messages are called packets Path of a packet is its route

Packets travel within frames in networks If route goes through four networks, There will be one packet and four frames

91

Topics Covered

TCP/IP Standards Dominate the Internet Created by the Internet Engineering Task Force

(IETF) Documents are called requests for comments

(RFCs)

OSI Standards Dominate for single networks Physical and data link layers

92

Topics Covered

TCP/IP

Application

Transport

Internet

OSI


Hybrid TCP/IP-OSI

Application

Presentation

Session

Application

Transport Transport

Network Internet

Data Link Data Link

Physical Physical

93

Topics Covered

Internetworking Layers Internet layer

Internet Protocol (IP) Governs packet organization Governs hop-by-hop router forwarding

(routing)

Transport layer Governs end-to-end connection between the

two hosts TCP adds reliability, flow control, etc. UDP is simpler, offers no reliability, etc.

94

Topics Covered

Application Layer Standards

Govern interaction between two application programs

Usually, a message formatting standard and a message transfer standard HTML / HTTP in WWW RFC 2822 / SMTP in e-mail

95

Topics Covered

IP Packet Version 4

32-bit source and destination addresses

Time to live (TTLS)

Header checksum

Protocol (type of message in data field)

Data field

96

Topics Covered

IP Packet Version 4

Option fields may be used, but more likely to be used by hackers rather than legitimately

Packet may be fragmented; this too is done mainly by attackers

Data field

Version 6 128-bit addresses to allow more addresses

97

Topics Covered

Vertical Communication on the Source Host

One layer (Layer N) creates a message

Passes message down to the next-lower layer (Layer N-1)

The Layer N-1 process encapsulates the Layer N message in the data field of a Layer N-1 record

Layer N-1 passes the Layer N-1 message down to Layer N-2

98

Topics Covered

Process is Reversed on the Destination Host Decapsulation occurs at each layer

Vertical Processes on Router The router first receives, then sends

So the router first decapsulates, then encapsulates

There is one internet layer process on each router

99

Topics Covered

Firewalls Only Need to Look at Internet, Transport, and Application Messages The attacker cannot manipulate the frame going

from the ISP to the organization

100

Topics Covered

IP

Connectionless and unreliable

Hierarchical IP addresses Network part Subnet part Host part Part lengths vary

101

Topics Covered

IP Masks

You cannot tell by looking at an IP address what its network or subnet parts are

Network mask has 1s in the network part, followed by all zeros

Subnet mask has 1s in the network and subnet parts, followed by all zeros

102

Topics Covered

IP address spoofing

Change the source IP address

To conceal identity of the attacker

To have the victim think the packet comes from a trusted host

LAND attack

103

Topics Covered

TCP Messages

Called TCP segments

Flags fields for SYN, ACK, FIN, RST

3-way handshake with SYN to open

Each segment is received correctly is ACKed This provides reliability

104

Topics Covered

TCP Messages

Normally, FIN is used in a four-way close

RST can create a single-message close Attackers try to generate RSTs because the

RST message is in a packet revealing the victim’s IP address

105

Topics Covered

Port Numbers Used in both TCP and UDP

16-bit source and destination port numbers

Clients use ephemeral port numbers Randomly generated by the client 49153-65536

Major applications on servers use well-known port numbers 0 to 1023

106

Topics Covered

ICMP

For supervisory messages at the internet layer

ICMP messages are encapsulated in the data fields of IP packets

Type and code designate contents of IP packet

Attackers use ICMP messages in scanning Replies tell them IP addresses

107

Topics Covered

ICMP Echo (Type 8, no code) asks target host if it is

operational and available Echo reply (Type 0, no code). Target host

responds to echo sender Ping program implements Echo and Echo

Reply. Like submarine pinging a target

ICMP error messages of several types

Allow only ICMP echo replies in border router ingress filtering

108

End of Lecture