Embed Size (px)
Citation preview
1
TCP/IP Concepts Review
A CEH Perspective
2
Objectives
At the end of this unit, you will be able to:
Describe the TCP/IP protocol stack
For each level, explain roles and vulnerabilities
Explain basic IP addressing concepts
including ports, protocols, and subnetting
Identify and use the following numbering
systems
Binary
Octal, and
Hexadecimal
3
TCP/IP Overview
Transmission Control Program/Internet Protocol
Worlds most widely used protocol
Vint Cerf aka father of the Internet
TCP/IP Vulnerabilities Lack of identification and
authentication
In design, no security goals
TCP/IP Four layered stack1. Application
2. Transport
3. Internet
4. Network Interface
4
Levels of Data Structures
At the Application Level,
Stream or Message
At the Transport Level,
Segment or Datagram
At the IP Level,
Datagram
At the Media Level,
Frame
5
Transmit
and
receive
data flows
6
Layers Described
7
Application Layer
Interface between application program and
lower-layer protocols
Application program is what you see and
touch
Includes HTTP
FTP
TFTP
SNMP
SMTP
8
TCP/IP Application Protocols
9
Transport Layer
TCP
Encapsulates TCP data
into segments
TCP is connection-oriented
TCP connections begin
with a three-way
handshake
Computer A sends a SYN
packet
Computer B replies with a
SYN-ACK packet
Computer A replies with an
ACK packet
UDP
Encapsulates UDP data
into datagrams
UDP is connectionless
SSL also operates at
this level …
10
TCP Segment Headers
Critical components:
Flags
Ports source and destination
Initial Sequence Number (ISN)
To identify vulnerabilities, can be (actively)
abused
NMap
Hping
Other packet shapers
11
TCP Header
12
TCP Flags
Each flag is one bit
Either 0 (off) or 1 (on)
Six flags
SYN: synchronization
ACK: acknowledge
PSH: push
URG: urgent
RST: reset
FIN: finish
13
Initial Sequence Number (ISN)
32-bit number
Tracks packets received
Enables reassembly of large packets
Set on steps 1 and 2 of the TCP three-way handshake
14
Transport Level Ports
Port
Logical, connection component
Typically used to map a packet to a running
process
Two socket components (IP:Port)
Port numbers are 16-bit integers
216 X 2 possible ports
Both source and destination ports are utilized
Enables unneeded services to be identified
Unneeded open ports represent, potentially
serious, vulnerabilities
15
Port Categories
Well-known ports are defined as the first (lower)
1024 (Numbered 0 – 1023) ports
Well known means that they have an assigned service
In Linux, only privileged system or root processes can use
lower level ports
Example: HTTP uses port 80
Internet Assigned Numbers Authority (IANA)
maintains well-known ports list (www.iana.org)
Ports 1024 to 49151 are called the Registered Ports
Ports 49152 to 65535 are called Dynamic or Private
Ports
16
TCP Port Examples
Ports 20 and 21 File Transfer Protocol (FTP)
Use for sharing files over the Internet
Requires a logon name and password
Port 25 Simple Mail Transfer Protocol (SMTP)
E-mail servers listen on this port
Port 53 Domain Name Service (DNS)
Helps users connect to Web sites using URLs instead of IP addresses
Port 69 Trivial File Transfer Protocol
Used for transferring router configurations
17
TCP Port Examples Expanded
Port 80 Hypertext Transfer Protocol
(HTTP)
Used when connecting to a Web server
Port 110 Post Office Protocol 3
(POP3)
Used for retrieving e-mail
Port 389 Active Directory
Port 135 Remote Procedure Call
(RPC)
Critical for the operation of Microsoft Exchange Server and Active Directory
Port 139 NetBIOS
Used by Microsoft’s NetBIOS Session Service
Port 143 Internet Message Access
Protocol 4 (IMAP4)
Used for retrieving e-mail
Better than POP3
18
User Datagram Protocol (UDP)
Fast, unreliable (connectionless) transport
layer protocol
No delivery verification
Does not even check that receiver is listening
Higher TCP/IP stack layers may provide
reliability
19
Internet Layer
Responsible for:
1. Logical addressing and
2. Routing packets to their destination
Uses a logical IP addresses
IP is connectionless
20
Internet Layer
Nothing can be directly sent to a logical (IP) Address.
Information can only be directly sent to physical i.e. MAC Addresses
ARP translates between IP and MAC Addresses
DHCP offers IP configuration services
21
ICMP
Internet Control Message Protocol (ICMP)
Used to send messages relating to network
operations
Aides network troubleshooting
Example commands include:
Ping
Traceroute
Note:
Can be misused as in a Smurf DoS attack
22
23
IPv4 Address
Four bytes, 32 bits
Two components
Network address
Host address
Classes
Class A
Class B
Class C
24
IPv6
Described in RFC 2460
Uses 128 bit address
Space for 2128 individual addresses
64 bit Host address with 64 bit Network address
Mandates IPSec support
25
IPv4 Address Classes
26
Class A IP Address
Class A
First byte network address
Last three bytes host address
Supports more than 16 million host computers
Limited number of Class A networks
Format: network.node.node.node
27
Class B IP Addressing
Class B
First two bytes for network address
Last two bytes host address
Supports more than 65,000 host computers
Assigned to large corporations and Internet Service
Providers (ISPs)
Format: network.network.node.node
28
Class C IP Addressing
Class C
First three bytes for network address
Last byte for host address
Supports up to 254 host computers
Usually available for small business and home
networks
Format: network.network.network.node
29
Subnetting
Subnetting
Each network can be assigned a
subnet mask
Helps separate the network address
bits from the host address bits
RFC 950
http://tools.ietf.org/html/rfc950
30
Class C Subnets
In the final
column, red
represents the
number of
host bits,
while blue
represents the
number of
borrowed
subnet bits.
31
Planning IP Address Assignments
Each network segment requires a unique network
address
Addresses containing all 0s or all 1s cannot be hosts
All 1s is a broadcast
All 0s represents a network
Accessing entities and services on other networks
Requires gateway
Subnet mask used to determine destination computer’s
network address
If addresses are different, packets relayed to gateway
Gateway forwards packet to its next destination
Packet eventually reaches destination
32
Numbering Systems Overview
Binary
Octal
Hexadecimal
33
Reviewing the Binary Numbering
System Uses the number 2 as its base
Binary digits (bits): 0 and 1
Byte
8 bit group
Can represent 28 = 256 different values
Linux file permissions can be represented
with bits
0 means removing the permission
1 means granting the permission
111 (rwx) means all permissions apply
34
Examples of Determining Binary
Values Each position represents a power of 2 value
Usually the bit on the right is the less significant
bit
Converting 1011 to decimal
1 x 20 = 1
1 x 21 = 2
0 x 22 = 0
1 x 23 = 8
1 + 2 + 8 = 11 (decimal value)
35
Understanding Nibbles
Half a byte or four bits
Helps with reading the number by separating
the byte
1111 1010
Components
High-order nibble (left side)
Low-order nibble (right side)
36
Understanding Nibbles (continued)
Converting 1010 1010 to decimal
Low-order nibble
1010 = 10 (base 10)
Multiply high-order nibble by 16
1010 = 10 x 16 = 160 (base 10)
160 + 10 = 170 (base 10)
37
Octal Numbering System
Uses 8 as base
Supports digits from 0 to 7
Octal digits can be represented with three
bits
Permissions on UNIX
Owner permissions (rwx)
Group permissions (rwx)
Other permissions (rwx)
Example binary: 111 101 001
Octal representation 751
38
Hexadecimal Numbering System
Uses 16 as its base
Support numbers from 0 to 15
Hex number consists of two characters
Each character represents a nibble
Value contains alphabetic letters (A … F)
A representing 10 and F representing 15
Sometimes expressed with “0x” in front
Represent hex number in binary or decimal
Convert each nibble to binary
Convert binary value to decimal
39
Questions???
