? • have taken a networking course ? • have used tools like ? ping, traceroute, ipconfig/ifconfig, nslookup netstat, netcat, nmap, wireshark • know what is : IP address, port, a canonical hostname client, server, router switch (or hub), gateway • can explain with a fair amount of details : Ethernet, WiFi IP, TCP ARP, BGP, DNS
and universities ➡ Trustworthy environment 2016 - ~ 6 billion hosts connected : network of networks ➡ Untrustworthy environment ➡ Internet (and its protocols) was not designed for untrustworthy environment
how communication should take place • defines the data encoding and/or format • defines the message sequence ➡ (most) protocols are standards defined by the IETF - The Internet Engineering Task Force HTTP GET /document.html HTTP 200 <!DOCTYPE html = …
are built on top of each as layers (modularity and encapsulation) • How two programs can send messages to each other ? • How to make sure that messages have been well transmitted ? • How to route messages through the network ? • How to encode messages to go through copper, fiber or air ? Link Layer Network Layer Transport Layer Application Layer
network and its hosts Sniffing - eavesdrop communications Spoofing - forge illegitimate messages DOS (Denial of Service) - disrupt the communications ➡ The attacker can target any layer in the network stack confidentiality integrity availability
or networks through multiple interfaces • Some are connected to a single host only (Point-to-Point) • Others are connected to a entire network (BUS) WiFi Ethernet USB
are connected to the same medium with a unique physical address called e.g. Ethernet and WiFi uses MAC Media Access Control addresses ➡ Easier for the attacker to intercept messages since they are all broadcasted to the same medium
transmitted on the medium with the MAC address of the recipient • Each network interface only picks messages that correspond to its MAC address ➡ An attacker can set its network interface in promiscuous mode to capture (sniff) all traffic e.g. Wireshark confidentiality
Receiver cannot tell that the source has been spoofed ➡ An attacker can generate raw IP packets with custom IP source fields e.g. DOS (blackhole) and MITM attacks integrity availability
a 64K ICMP payload would crash or reboot ➡ 64K bytes payload were assumed to be invalid by programmers ➡ An attacker could split a 64K payload, transmit it and would be reassembled by the receiver overflowing a buffer availability
connections ➡ Allows hosts to have multiple connections through ports ➡ Allows messages to be fragmented into small IP packets ➡ Make sure that all packets are received Link Network TCP UDP
into packets sequence number is attached to every packet • The receiver checks for packets errors, reassembles packets in correct order to recreate stream • ACK (acknowledgements) are sent when packets are well received and lost/corrupt packets are re-sent ➡ Connection state maintained on both ends
has an associated state sequence number ➡ An attacker can guess (sniff) the current sequence number for an existing connection and send packet with reset flag set, which will close the connection availability
non-opened port, the host replies with an ICMP Destination Unreachable ➡ An attacker can send a large number of UDP packets to all ports of a target host e.g Low Orbit Ion Canon availability
table that contains mapping between MAC and IP addresses ➡ Host broadcasts their own IP address and MAC address to others to build their ARP table Link ARP Network
a routing table to IP messages BGP is the protocol for establishing routes ➡ Routers advertise the best route to other nearby routers depending on the state of the network
thierrysans
akihiro_kokubo
marktimemedia
afnizarnur
rkendrick25
bermonpainter
jonoalderson
bcantrill
reverentgeek
watany
twada
ivargrimstad
jmmastey
