DOCSLIB.ORG

Network Models

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Network Models The OSI Standard Model of ISO Figure 2.3 The interaction between layers in the OSI model 2.7 Figure 2.4 An exchange using the OSI model 2.8 -- 7 layers proto stack, with 7 corresponding protocols. -- Peer to peer processes at each layer in different machines. -- What is a "layer"? What is a layer's "protocol"? --Why do we need the OSI stack of layered protocols, i.e., Network Software? 1) Physical Layer: PDU N/A, bit stream. Figure 2.5 Physical layer 2.10 ** The Physical Layer moves bit sequence over a physical link. ** Links/Media high quality/reliability play a major factor of the design complexity of upper layers' protocols, some layers might be significantly reduced or even finished. Defines the following: a) Physical characteristics of EIA (Electronic Industries Alliances) 422/485 balanced mode interfaces and medium. b) Bit representation: encoding/decoding, electrical/optical. c) Data rate: (b/s) bit TX duration. d) Bits synch: sender and receiver clock synch and same data rate. e) Line configuration: Point-to-point, Multipoint f) Physical Topology: Mesh, ring, bus, and hybrid. g) Transfer mode: Simplex, F/D, and H/D. h) Physical Media: Coaxial, TP, Fiber, Wireless. 2) Data Link Layer: PDU frame with header/trailer , Address Physical MAC address Figure 2.6 Data link layer 2.12 Two Sublayers: 1) Logic Link Control (LLC): **Source-Destination DL-PDUs (frames) delivery. a. Framing/Deframing. b. Physical Addressing: Sender/receiver addresses in the frame header. c. Flow Control: To prevent fast sender from flooding a slower receiver with frames. d. Error Control: To Increase physical layer reliability by adding mechanism to detect and ReTx damages and lost frames. (Trailer) 2) Medium Access Control (MAC): **Control the access to the shared and limited physical medium among all connected devices.(Ethernet, FDDI, 802.11, TR,TB, ...). [?] Inter-LANing (Bridging)- **Moving frames between different LANs with different MACs' protocols, resolving all conflicts due to the different protocol syntax (frame format) and semantics (frame interpretation and control procedure/steps). Figure 2.7 Hop-to-hop delivery 2.14 3) Network Layer: PDUpacket Address logical address (IP) Figure 2.8 Network layer 2.15 Figure 2.9 Source-to-destination delivery 2.17 Two Major Functions:(Sublayers??? not yet!!?) 1- Routing: To route packets over the subnet (cloud of routers and switches), makes the optimal routing decisions (src/destination). Source to destination host system delivery, utilizing the data link layer for peer-to-peer delivery. Physical addresses at the D.L are not enough; we need to add logical addressing in the packet header, of the sender and receiver. 2- Internetworking: resolve any Network protocol conflicts while moving in the subnet. (IPX-Netware, IP, X.25, AFP-Apple talk, etc) 4) Transport Layer: PDUsegment , Addressing "Service Access Point (SAP)" Figure 2.10 Transport layer 2.18 The most important layer since it abstracts the complicated details of the subnet to the user, allowing for QoS over the Network protocol. It communicates a meaningful data unit called message (group of related packets) between users over the subnet trying for the most optimal utilization of the subnet. Responsibilities (ISO TP-4): a) Service Access Point Addressing: (SAP) The network logical address (i.e., IP) is for src_system to dest_system not src_user_process to destination_user_process, hence we need another addressing mechanism => SAP addresses (port numbers) within the same system for message delivery between user's processes, where each process assigned to do specific service is tied to certain port number. b) Segmentation and Reassembly: segment <=> packets A process (user) message is divided, at the sender side into segments (if needed), each with a segment sequence number to aid in assembly (in a correct order) of related segments into the original user’s message, at the receiver side. c) Connection Control: 1) Connection reliable service. "Connection oriented" TP guarantees delivery in order with ACK'ment of segments back from the receiver to the sender. 2) Connectionless unreliable service (no ACK, no safe arrival guarantee) d) Flow Control: same mechanism as in the Data-Link Layer (DLL), but applied at the message level between “end-users” processes. e) Error Control: Like the DLL, but process_to_process delivery of messages. Errors(damaged, lost or duplicate) cause retransmission of messages. We should state that there is another major TL functions remains such as Gatewaying to resolve conflicts when moving between different TL protocols. Figure 2.11 Reliable process-to-process delivery of a message 2.20 5) Session Layer: a. Dialog Controls H/D or F/D. b. Synchronization: Checkpoints are added to data streams for dividing into units of independent ACK. Communication robustness in case of crashes. 6) Presentation Layer: a. Translation: ASCII,--.EBCDIC. Abstract syntax notation (ASN). b. Encryption: To secure information Tx for privacy c. Compression: For efficient utilization of bandwidth. 7) Application Layer: 1) Virtual terminal”putty”to allow remote logins (emulations) 2) File transfer 3) Mail Service, 4) Directory service. SMTP, HTTP, DNS, SNMP, TELNET. TCP/IP Protocol Suite (Stack) Figure 2.16 TCP/IP and OSI model 2.29 Application STMP FTP HTTP DNS SNMP TELNET Presentation Session SCTP TCP UDP Transport ICMP IGMP Network (internet) IP RARP/ARP DataLink Physical Host-to-network (LAN/MAN/WAN) Figure 2.17 Addresses in TCP/IP 2.31 Figure 2.18 Relationship of layers and addresses in TCP/IP 2.32 1) Physical Layer: Intentionally left very vague!?! It can be a LAN, MAN, or WAN with Synchronous Optical NETork (SONET), Asynchronous Transfer Mode (ATM), all-fiber Ultra Dense Wave Division Muxing (UDWDM) physical carriers technologies. 2) Network Layer: Best-Effort-Delivery Internet Protocol (IP) Unreliable connectionless datagram protocol (no end control flow). At the network layer there are other companion protocols to help the poor performance IP: A) Internet Control Message Protocol (ICMP): It is an IP companion that helps in reporting any failure/congestion in subnet, via host-management queries which is not part of the IP protocol, hence alleviating the IP deficiencies. With the ICMP, a host/admin can enquire the status of another host or router in the subnet cloud. Such knowledge can aid in the efficient management of the subnet utilization, identifying subnet problems via the ICMP query messages. Ping and traceroute (UNIX)/tracert (Windows) utilize ICMP. traceroute & tracert - print the route packets take to network host destination. ICMPv6: (IPv6-- 128 bit address): (Reference: http://www.tcpipguide.com/free/t_ICMPv6RouterRenumberingMessages.htm) ICMPv6 informational messages of which are used in matching pairs. Echo Request and Echo Reply messages-- used for network connectivity testing. Router Advertisement and Router Solicitation messages-- used to let hosts discover local routers and learn necessary parameters from them. Neighbor Advertisement and Neighbor Solicitation messages-- used for various communications between hosts on a local network, including IPv6 address resolution. Redirect messages-- which let routers inform hosts of better first-hop routers, and Router Renumbering messages-- With the huge 12-bit addressing, a network administrator (NA) has the potential to make large network migrations and merges much simpler. A NA selects a machine to generate one or more Router Renumbering Command messages. These messages provide a list of prefixes of routers that are to be renumbered. Each router processes these messages to see if the addresses on any of their interfaces match the specified prefixes. If so, they change the matched prefixes to the new ones specified in the message. B) Internet Group Message Protocol (IGMP): It is an IP companion that aids in expanding the IP to have multicasting capability to a group of destinations, by managing group membership to help routing at the network's multicast routers. Address Resolutions: C) Address Resolution Protocol (ARP): Logical to Physical The destination IP address (known at a sender from the DNS) is not enough to get to the destination machine (physical at the MAC). Hence the sender will seek the help of ARP (via query packet) to get the destination's MAC physical address (needed to form the MAC frame's destination address), i.e., to map: IP (logical) MAC (physical) destination address. ARP proxy -- It represents a set of hosts, providing its own MAC for any of those hosts’ query, i.e., temporary destination, then when receiving any of the hosts’ actual IP packets, it directs it to the intended host MAC sublayer, via a mapping table, IPMAC. Security Issue: Read about ARP Spoofing (Poisoning) & Mitigation Techniques. Attacks: (stemmed from the fact that ARP DOES NOT authenticate) (Reference: http://www.watchguard.com/infocenter/editorial/135324.asp) Denial of Service-- Falsely associating your network's router (NR) IP address to the intruder machine MAC address (IMAC); hence all of the attacked network users' traffic is gone into a black hole sink machine!, Man in the Middle-- 1) The attacker issues an ARP reply (with no previous ARP request) to your NR, falsely associating the IMAC to your IP address, i.e., playing you to the NR! 2) The hacker then sends a false ARP reply to your machine associating the IMAC to the NR's IP address, playing NR to you. 3) The hacker uses the IP forwarding OS utility to forward your traffic (after sniffing/hijacking it) to the NR! MAC
Load more

Recommended publications
  • Draft Stable Implementation Agreement for Open
    NBS PUBLICATIONS U.S. DEPARTMENT OF COMMERCE National Bureau of Standards Institute for Computer Sciences and Technology A 11 IDE 7 E T M NBSIR 87-3674 Draft Stable Implementation Agreements for Open Systems Interconnection Protocols NBS Workshop for Implementors of Open Systems Interconnection Version 1 Edition 0 October 1987 DRAFT STABLE IMPLEMENTATION AGREEMENTS Based on the Proceeding of the NBS/OSI Implementor’s Workshop Plenary Assembly Held October 9, 1987 National Bureau of Standards Gaithersburg, MD 20899 U.S. DEPARTMENT OF COMMERCE NATIONAL BUREAU OF STANDARDS — QC 100 - U 5 6 87-3674 1987 C • 2 U.S. DEPARTMENT OF COMMERCE National Bureau of Standards Institute for Computer Sciences and Technology Research Information Center NBSIR 87-3674 National r>ureau of Standards Gaithersburg, Maryland 20899 A) BSc DRAFT STABLE IMPLEMENTATION QCtoo AGREEMENTS FOR OPEN SYSTEMS < USy INTERCONNECTION PROTOCOLS m., 1921 c.> NBS Workshop for Implementors of Open Systems Interconnection Version 1 Edition 0 October 1987 DRAFT STABLE IMPLEMENTATION AGREEMENTS Based on the Proceeding of the NBS/OSI Implementor’s Workshop Plenary Assembly Held October 9, 1987 National Bureau of Standards Gaithersburg, MD 20899 U.S. DEPARTMENT OF COMMERCE, C. William Verity, Acting Secretary NATIONAL BUREAU OF STANDARDS, Ernest Ambler, Director 21 Table of Contents 1. GENERAL INFORMATION 1 1.1 PURPOSE OF THIS DOCUMENT * 1 1.2 PURPOSE OF THE WORKSHOP 1 1.3 WORKSHOP ORGANIZATION 1 2. SUB NETWORKS 1 2.1 LOCAL AREA NETWORKS 1 2.1.1 IEEE 802.2 LOGICAL LINK CONTROL 1 2.1.2 IEEE 802.3 CSMA/CD ACCESS METHOD 1 2.1.3 IEEE 802.4 TOKEN BUS ACCESS METHOD 1 2.1.4 IEEE 802.5 Token Ring Access Method 3 2.2 WIDE AREA NETWORKS 4 2.2.1 CCITT RECOMMENDATION X.25 4 2.3 PRIVATE SUBNETWORKS 4 2.3.1 PRIVATE SUBNETWORKS' 4 3.
    [Show full text]
  • QUESTION 20-1/2 Examination of Access Technologies for Broadband Communications
    International Telecommunication Union QUESTION 20-1/2 Examination of access technologies for broadband communications ITU-D STUDY GROUP 2 3rd STUDY PERIOD (2002-2006) Report on broadband access technologies eport on broadband access technologies QUESTION 20-1/2 R International Telecommunication Union ITU-D THE STUDY GROUPS OF ITU-D The ITU-D Study Groups were set up in accordance with Resolutions 2 of the World Tele- communication Development Conference (WTDC) held in Buenos Aires, Argentina, in 1994. For the period 2002-2006, Study Group 1 is entrusted with the study of seven Questions in the field of telecommunication development strategies and policies. Study Group 2 is entrusted with the study of eleven Questions in the field of development and management of telecommunication services and networks. For this period, in order to respond as quickly as possible to the concerns of developing countries, instead of being approved during the WTDC, the output of each Question is published as and when it is ready. For further information: Please contact Ms Alessandra PILERI Telecommunication Development Bureau (BDT) ITU Place des Nations CH-1211 GENEVA 20 Switzerland Telephone: +41 22 730 6698 Fax: +41 22 730 5484 E-mail: [email protected] Free download: www.itu.int/ITU-D/study_groups/index.html Electronic Bookshop of ITU: www.itu.int/publications © ITU 2006 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. International Telecommunication Union QUESTION 20-1/2 Examination of access technologies for broadband communications ITU-D STUDY GROUP 2 3rd STUDY PERIOD (2002-2006) Report on broadband access technologies DISCLAIMER This report has been prepared by many volunteers from different Administrations and companies.
    [Show full text]
  • Medium Access Control Layer
    Telematics Chapter 5: Medium Access Control Sublayer User Server watching with video Beispielbildvideo clip clips Application Layer Application Layer Presentation Layer Presentation Layer Session Layer Session Layer Transport Layer Transport Layer Network Layer Network Layer Network Layer Univ.-Prof. Dr.-Ing. Jochen H. Schiller Data Link Layer Data Link Layer Data Link Layer Computer Systems and Telematics (CST) Physical Layer Physical Layer Physical Layer Institute of Computer Science Freie Universität Berlin http://cst.mi.fu-berlin.de Contents ● Design Issues ● Metropolitan Area Networks ● Network Topologies (MAN) ● The Channel Allocation Problem ● Wide Area Networks (WAN) ● Multiple Access Protocols ● Frame Relay (historical) ● Ethernet ● ATM ● IEEE 802.2 – Logical Link Control ● SDH ● Token Bus (historical) ● Network Infrastructure ● Token Ring (historical) ● Virtual LANs ● Fiber Distributed Data Interface ● Structured Cabling Univ.-Prof. Dr.-Ing. Jochen H. Schiller ▪ cst.mi.fu-berlin.de ▪ Telematics ▪ Chapter 5: Medium Access Control Sublayer 5.2 Design Issues Univ.-Prof. Dr.-Ing. Jochen H. Schiller ▪ cst.mi.fu-berlin.de ▪ Telematics ▪ Chapter 5: Medium Access Control Sublayer 5.3 Design Issues ● Two kinds of connections in networks ● Point-to-point connections OSI Reference Model ● Broadcast (Multi-access channel, Application Layer Random access channel) Presentation Layer ● In a network with broadcast Session Layer connections ● Who gets the channel? Transport Layer Network Layer ● Protocols used to determine who gets next access to the channel Data Link Layer ● Medium Access Control (MAC) sublayer Physical Layer Univ.-Prof. Dr.-Ing. Jochen H. Schiller ▪ cst.mi.fu-berlin.de ▪ Telematics ▪ Chapter 5: Medium Access Control Sublayer 5.4 Network Types for the Local Range ● LLC layer: uniform interface and same frame format to upper layers ● MAC layer: defines medium access ..
    [Show full text]
  • A Black Hole Attack Model for Reactive Ad-Hoc Protocols Christopher W
    Air Force Institute of Technology AFIT Scholar Theses and Dissertations Student Graduate Works 3-22-2012 A Black Hole Attack Model for Reactive Ad-Hoc Protocols Christopher W. Badenhop Follow this and additional works at: https://scholar.afit.edu/etd Part of the Computer Sciences Commons Recommended Citation Badenhop, Christopher W., "A Black Hole Attack Model for Reactive Ad-Hoc Protocols" (2012). Theses and Dissertations. 1077. https://scholar.afit.edu/etd/1077 This Thesis is brought to you for free and open access by the Student Graduate Works at AFIT Scholar. It has been accepted for inclusion in Theses and Dissertations by an authorized administrator of AFIT Scholar. For more information, please contact [email protected]. A BLACK HOLE ATTACK MODEL FOR REACTIVE AD-HOC PROTOCOLS THESIS Christopher W. Badenhop AFIT/GCO/ENG/12-01 DEPARTMENT OF THE AIR FORCE AIR UNIVERSITY AIR FORCE INSTITUTE OF TECHNOLOGY Wright-Patterson Air Force Base, Ohio APPROVED FOR PUBLIC RELEASE; DISTRIBUTION UNLIMITED The views expressed in this Thesis are those of the author and do not reflect the official policy or position of the United States Air Force, Department of Defense, or the United States Government. This material is declared a work of the U.S. Government and is not subject to copyright protection in the United States. AFIT/GCO/ENG/12-01 A BLACK HOLE ATTACK MODEL FOR REACTIVE AD-HOC PROTOCOLS THESIS Presented to the Faculty Department of Electrical & Computer Engineering Graduate School of Engineering and Management Air Force Institute of Technology Air University Air Education and Training Command In Partial Fulfillment of the Requirements for the Degree of Master of Science Christopher W.
    [Show full text]
  • Solution for TCP/IP Flooding
    1 Solution for TCP/IP Flooding (Data Communication and Networking Report ) +Dr. Kiramat Ullah, -Minhaj Ansari, -Yahya Bakhtiar, -Talha Bilal and Zeeshan* *Arid Agriculture University, Rawalpindi, Pakistan - , PIEAS, University Pakistan + Derby University, UK Abstract: TCP stands for transmission control protocol. It was defined by Internet Engineering Task Force (IETF). It is used in establishing and maintaining communication between applications on different computers and provide full duplex acknowledgement and flow control service to upper layer protocol and application. [2][3][4][5] In this report proposes solution for TCP SYN flood. Key Words— TCP (Transmission Control Protocol). SYN (Synchronous), DoS (Denial of Service), DDos (Distributed DoS) I. INTRODUCTION The entire internet protocol suite -- a set of rules and procedures -- is commonly referred to as TCP/IP, though others are included in the suite. TCP/IP specifies how data is exchanged over the internet by providing end-to-end communications that identify how it should be broken into packets, addressed, transmitted, routed and received at the destination. TCP/IP requires little central management, and it is designed to make networks reliable, with the ability to recover automatically from the failure of any device on the network. The two main protocols in the internet protocol suite serve specific functions. TCP defines how applications can create channels of communication across a network. It also manages how a message is assembled into smaller packets before they are then transmitted over the internet and reassembled in the right order at the destination address. IP defines how to address and route each packet to make sure it reaches the right destination.
    [Show full text]
  • Medium Access Control Sublayer
    Telematics Chapter 5: Medium Access Control Sublayer User Server watching with video Beispielbildvideo clip clips Application Layer Application Layer Presentation Layer Presentation Layer Session Layer Session Layer Transport Layer Transport Layer Network Layer Network Layer Network Layer Prof. Dr. Mesut Güneş Data Link Layer Data Link Layer Data Link Layer Computer Systems and Telematics (CST) Physical Layer Physical Layer Physical Layer Distributed, embedded Systems Institute of Computer Science Freie Universität Berlin http://cst.mi.fu-berlin.de Contents ● Design Issues ● Metropolitan Area Networks ● Network Topologies (()MAN) ● The Channel Allocation Problem ● Wide Area Networks (WAN) ● Multiple Access Protocols ● Frame Relay ● Ethernet ● ATM ● IEEE 802.2 – Logical Link Control ● SDH ● Token Bus ● Network Infrastructure ● Token Ring ● Virtual LANs ● Fiber Distributed Data Interface ● Structured Cabling Prof. Dr. Mesut Güneş ▪ cst.mi.fu-berlin.de ▪ Telematics ▪ Chapter 5: Medium Access Control Sublayer 5.2 Design Issues Prof. Dr. Mesut Güneş ▪ cst.mi.fu-berlin.de ▪ Telematics ▪ Chapter 5: Medium Access Control Sublayer 5.3 Design Issues ● Two kinds of connections in networks ● Point-to-point connections OSI Reference Model ● Broadcast (Multi-access channel, Application Layer Random access channel) Presentation Layer ● In a network with broadcast Session Layer connections ● Who gets the channel? Transport Layer Network Layer ● PtProtoco ls use dtdtd to determ ine w ho gets next access to the channel Data Link Layer ● Medium Access Control (()MAC) sublay er Phy sical Laye r Prof. Dr. Mesut Güneş ▪ cst.mi.fu-berlin.de ▪ Telematics ▪ Chapter 5: Medium Access Control Sublayer 5.4 Network Types for the Local Rang e ● LLC layer: uniform interface and same frame format to upper layers ● MAC layer: defines medium access - LLC IEEE 802.2 Logical Link Control ..
    [Show full text]
  • NIST Firewall Guide and Policy Recommendations
    Special Publication 800-41 Guidelines on Firewalls and Firewall Policy Recommendations of the National Institute of Standards and Technology John Wack, Ken Cutler, Jamie Pole NIST Special Publication 800-41 Guidelines on Firewalls and Firewall Policy Recommendations of the National Institute of Standards and Technology John Wack, Ken Cutler*, Jamie Pole* C O M P U T E R S E C U R I T Y Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930 *MIS Training Institute January 2002 U.S. Department of Commerce Donald L. Evans, Secretary Technology Administration Phillip J. Bond, Under Secretary for Technology National Institute of Standards and Technology Arden L. Bement, Jr., Director ii Reports on Computer Systems Technology The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing tech- nical leadership for the Nation’s measurement and standards infrastructure. ITL de- velops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of information technology. ITL’s responsibilities include the development of technical, physical, ad- ministrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in Federal computer systems. This Special Publication 800-series reports on ITL’s research, guidance, and outreach ef- forts in computer security, and its collaborative activities with industry, government, and academic organizations. National Institute of Standards and Technolog y Special Publication 800-41 Natl. Inst. Stand. Technol. Spec. Publ. 800-41, 75 pages (Jan.
    [Show full text]
  • Chapter 5: Blocking Spammers with DNS Blacklists 63
    Color profile: Generic CMYK printer profile Hacking / Anti-Spam Tool Kit / Wolfe, Scott, Erwin / 3167-x / Chapter 5 Composite Default screen 5 Blocking Spammers with DNS Blacklists 61 P:\010Comp\Hacking\167-x\ch05.vp Monday, February 23, 2004 9:44:07 AM Color profile: Generic CMYK printer profile Hacking / Anti-Spam Tool Kit / Wolfe, Scott, Erwin / 3167-x / Chapter 5 Composite Default screen 62 Anti-Spam Tool Kit n Chapter 4 we introduced you to DNS Blacklists as one of several means for fighting spam. In this chapter, we will look at popular individual DNS Blacklists, explain how Ito implement them on a mail server, and help you decide which list is the best one to use. When referring to DNS Blacklists, the shorthand DNSBL is often used, and that’s how we’ll refer to them throughout this chapter. Before we talk about specific blacklists and how to implement them, we’ll delve into what DNSBLs are and how they work. UNDERSTANDING DNS BLACKLISTS DNSBLs are an integral part of any spam-fighting toolkit. The fact that many, many users on the Internet are updating them means you get the benefit of block- ing a spammer before the first piece of spam even hits you. To understand how DNSBLs help, you need to know the types of DNSBLs available and how they work. Types of DNSBLs Currently, two different types of DNS Blacklists are used: ■ IP-based blacklists ■ Domain-based blacklists The majority of DNSBLs are IP-based, which look at the Internet Protocol (IP) ad- dress of the server sending the mail.
    [Show full text]
  • Milkyway Networks Black Hole Firewall Version 3.01E2, Against the Requirements Specified by the Common Criteria for Information Technology Security Evaluation [COM96]
    Security Target MILKYWAY NETWORKS BLACK HOLE FIREWALL Version 3.01E2 for SPARCstations November 1997 CEPL-5b Milkyway Networks Black Hole Firewall - Security Target v3.01E2 Executive Summary The Communications Security Establishment (CSE) operates the Trusted Product Evaluation Program (TPEP), the goal of which is to provide third-party critical analysis and testing of commercially developed computer security products which might be used by the Government of Canada. One type of computer security product evaluated within the TPEP is the firewall. This TPEP security target documents the results of the CSE evaluation of Milkyway Networks Black Hole Firewall version 3.01E2, against the requirements specified by the Common Criteria for Information Technology Security Evaluation [COM96]. Details of Black Hole, in terms of its architecture, features, and evaluated configuration, can be found in the document entitled Final Evaluation Report for Milkyway Networks Black Hole Firewall Version 3.01E2 for SPARCstations [CSE97a]. Black Hole is designed to protect resources on an internal (private) network from users on an external (public) network. Access through the firewall is mediated on the basis of rules defined by the administrator, who defines the firewall’s users, services, and rules. Black Hole includes support for user identification and authentication. It also supports host-to-host connection restrictions of: common Internet services (such as Telnet, File Transfer Protocol [FTP], HyperText Transfer Protocol [HTTP], and Gopher); the connection-oriented Transmission Control Protocol (TCP) service; and the connectionless User Datagram Protocol (UDP) service. Black Hole-protected networks can also communicate with one another through the use of a virtual private network (VPN), which establishes an encrypted channel through the external network.
    [Show full text]
  • Security Problems in the TCP/IP Protocol Suite S.M
    Security Problems in the TCP/IP Protocol Suite S.M. Bellovin* [email protected] AT&T Bell Laboratories Murray Hill, New Jersey 07974 ABSTRACT The TCP/IP protocol suite, which is very widely used today, was developed under the sponsorship of the Department of Defense. Despite that, there are a number of serious security flaws inherent in the protocols, regardless of the correctness of any implementations. We describe a variety of attacks based on these flaws, including sequence number spoofing, routing attacks, source address spoofing, and authentication attacks. We also present defenses against these attacks, and conclude with a discussion of broad-spectrum defenses such as encryption. 1. INTRODUCTION The TCP/IP protocol suite[1][2], which is very widely used today, was developed under the sponsorship of the Department of Defense. Despite that, there are a number of serious security flaws inherent in the protocols. Some of these flaws exist because hosts rely on IP source address for authentication; the Berkeley ‘‘r-utilities’’[3] are a notable example. Others exist because network control mechanisms, and in particular routing protocols, have minimal or non-existent authentication. When describing such attacks, our basic assumption is that the attacker has more or less complete control over some machine connected to the Internet. This may be due to flaws in that machine’s own protection mechanisms, or it may be because that machine is a microcomputer, and inherently unprotected. Indeed, the attacker may even be a rogue system administrator. 1.1 Exclusions We are not concerned with flaws in particular implementations of the protocols, such as those used by the Internet ‘‘worm’’[4][5][6].
    [Show full text]
  • Chapter 2. Network Interfaces
    Chapter 2. Network interfaces This chapter provides an overview of the protocols and interfaces that allow TCP/IP traffic to flow over various kinds of physical networks. TCP/IP, as an internetwork protocol suite, can operate over a vast number of physical networks. The most common and widely used of these protocols is, of course, Ethernet. The number of network protocols that have provisions for natively supporting IP is clearly beyond the scope of this redbook. However, we provide a summary of some of the different networks most commonly used with TCP/IP. 2.1 Ethernet and IEEE 802.x Local Area Networks (LANs) Two frame formats can be used on the Ethernet coaxial cable: 1. The standard issued in 1978 by Xerox Corporation, Intel Corporation and Digital Equipment Corporation, usually called Ethernet (or DIX Ethernet). 2. The international IEEE 802.3 standard, a more recently defined standard. See Figure 6 for more details. The difference between the two standards is in the use of one of the header fields, which contains a protocol-type number for Ethernet and the length of the data in the frame for IEEE 802.3. Dest Source Preamble Addr Addr Type Info FCS 8bytes 6bytes 6bytes 2bytes 46<=N<=1500 bytes 4 bytes Ethernet IEEE 802.2 header Dest Source Preamble SFD Addr Addr Length DSAP SSAP Ctrl Info FCS 7 bytes1byte 6 bytes 6 bytes 2 bytes 1byte 1byte 1byte variable 4bytes IEEE 802.3 3376\3376F2AE Figure 6. ARP - Frame formats for Ethernet and IEEE 802.3 • The type field in Ethernet is used to distinguish between different protocols running on the coaxial cable, and allows their coexistence on the same physical cable.
    [Show full text]
  • Computer Networks(2015 Pattern) Unit I- Physical Layer
    Computer Networks(2015 Pattern) Unit I- Physical Layer By Prof. B.A.Khivsara Note: Material for this presentations are taken from Internet and books and only being used for student reference Outline Introduction of LAN; MAN; WAN; PAN, Ad-hoc Network Topologies Network Architectures OSI Model TCP/IP Model Design issues for Layers Transmission Mediums Network Devices Manchester and Differential Manchester Encodings; IEEE802.11: Frequency Hopping (FHSS) and Direct Sequence (DSSS) Introduction of Network Network: A network is defined as a group of two or more computer systems linked together. Types of Networks: LAN MAN WAN PAN Ad-hoc Network Local Area Networks (LAN) floor/building-wide single communication medium no routing, broadcast segments connected by switches or hubs high bandwidth, low latency Ethernet - 10Mbps, 100Mbps, 1Gbps no latency guarantees LAN- Local Area Network It is designed for small physical areas such as an office, group of buildings or a factory. LANs are used widely as it is easy to design and to troubleshoot. Personal computers and workstations are connected to each other through LANs. We can use different types of topologies through LAN, these are Star, Ring, Bus, Tree etc. LAN can be a simple network like connecting two computers, to share files and network among each other while it can also be as complex as interconnecting an entire building. LAN networks are also widely used to share resources like printers, shared hard-drive etc. LAN Diagram LAN Advantages • Cost reductions through sharing of information and databases, resources and network services. • Increased information exchange between different departments in an organization, or between individuals.
    [Show full text]