Review For Exam 1 (February 6, 2013) © Abdou Illia – Spring 2013

Review For Exam 1

(February 6, 2013)

© Abdou Illia – Spring 2013

Introduction to Systems Security

3

The PTP framework

Any security system must have 3 key elements

People (users and IT staff)

Technology (firewall, IDS, antivirus, etc.)

Policies (Safe-Use policy, password policy, privacy policy, etc.)

People are usually the weakest link

4

Preventing Security Threats Use anti-virus software

Use software firewall

Use hardware/appliance firewall

Use Intrusion Defense Systems

Use Intrusion Prevention Systems

Install OS updates

Install applications’ updates

Not open file attachments from unknown sources

Not click URL in emails from unknown sources

Social engineering tests/Mock phishing schemes

Awareness training

Acceptable computer use policy

Password policy

Etc.

5

Countermeasures

Tools used to thwart attacks

Also called safeguards, protections, and controls

Types of countermeasures Preventative

Detective

Corrective

Question: Match each of the countermeasures from the previous slide with its type.

6

Dominates security management thinking

The Plan-Protect-Respond cycle

Figure 2-6

6

7

Dialog attack: Eavesdropping

Client PCBob Server

Alice

Dialog

Attacker (Eve) interceptsand reads messages

Hello

Hello

Intercepting confidential message being transmitted over the network

8

Dialog attack: Message Alteration

Client PCBob

ServerAlice

Dialog

Attacker (Eve) interceptsand alters messages

Balance =$1

Balance =$1 Balance =

$1,000,000

Balance =$1,000,000

Intercepting confidential messages and modifying their content

9

Denial-of-Service (DoS) attack

Message Flood

ServerOverloaded ByMessage Flood

Attacker

Resources Access Control

Resources Access ControlPart 1

12

Break-in and Dialog attacks: Security Goal If eavesdropping, message alteration attacks

succeeded, in which of the following ways the victims could be affected?

a) Data files stored on hard drives might be deleted

b) Data files stored on hard drives might be altered

c) Corporate trade secret could be stolen

d) Competitors might get the victim company’s licensed info

e) Users might not be able to get network services for a certain period of time

f) The network might slow down

Confidentiality = Main goal in implementing defense systems against eavesdropping and message alteration.Defense tool: encryption, hashing, etc.

13

Malware attacks: Security Goal

If virus attacks succeeded, in which of the following ways the victims could be affected?







Integrity = Main goal of implementing defense systems against malware attacks.Defense tool: antivirus, IDS, IPS

14

DoS attack: Security Goal

If a DoS attack succeeded, in which of the following ways the victims could be affected?







Availability = Main goal of implementing defense systems against DoS attacks.Defense tools: firewalls, IDS, IPS

15

Security GoalsThree main security goals:

Confidentiality of communications and proprietary information

Integrity of corporate data

Availability of network services and resources

CIA Authenticity: ensuring that the data, transactions, communications or documents are genuine. Also

validating that both parties involved are who they claim to be.

Non-repudiation: Ensuring that one party of a transaction cannot deny having received a transaction nor can the other party deny having sent a transaction.

16

Opening Question

Which of the following action may be taken in order to strengthen the confidentiality of companies’ proprietary information?

a) Prevent employees from accessing files not needed in their job

b) Limit the number of computers each employee could use for logging in to the network

c) Encrypt any communications involving passwords

d) All of the above

17

What is Access Control?

Access control is the policy-driven limitation of access to systems, data, and dialogs

Access control prevents attackers from gaining access to systems’ resources, and helps stop them if they do

18

What is Access Control?

AAA process

Authentication: supplicant sends credentials to verifier to authenticate the supplicant

Authorization: what permissions the authenticated user will have

What resources he or she can get to at all

What he or she can do with these resources

Auditing: recording what people do in log files

Detecting attacks

19

Reusable Passwords

Used to repeatedly to get access to a resource on multiple occasions

Bad because attacker could have time to crack it

Difficult to crack by remote guessing

Usually cut off after a few attempts

However, if intruder steals the password file, he/she can crack passwords at leisure

20

Password Cracking

With physical access or with password file in hand, attacker can use password cracking programs

Program Windows Linux

L0phtcrack (now LC5) √

Ophcrack √

John The Ripper √ √

RainbowCrack (uses lookup tables and hash functions) √ √

Crack √

Cain & Abel √

Programs usually come with "dictionaries" with thousands or even millions of entries of several kinds

Programs use brute-force cracking method Used by network admins to locate users with weak

password, and by attackers.

21

22

Brute-force password cracking Dictionary cracking vs. hybrid cracking

Try all possible character combinations

Longer passwords take longer to crack

Combining types of characters makes cracking harder

Alphabetic, no case (26 possibilities)

Alphabetic, case (52)

Alphanumeric (letters and numbers) (62)

All keyboard characters (~80)

23

Figure 2-3: Password Length

PasswordLength In

Characters

1

2 (N2)

4 (N4)

6

8

10

Alphanumeric:Letters &

Digits (N=62)

62

3,844

14,776,336

56,800,235,584

2.1834E+14

8.39299E+17

All KeyboardCharacters

(N=~80)

80

6,400

40,960,000

2.62144E+11

1.67772E+15

1.07374E+19

Alphabetic,Case

(N=52)

52

2,704

7,311,616

19,770,609,664

5.34597E+13

1.44555E+17

Alphabetic,No Case

(N=26)

26

676

456,976

308,915,776

2.08827E+11

1.41167E+14

Q: Your password policy is: (a) the password must be 6 character long, (b) the password should include only decimal digits and lower case alphabetic characters. What is the maximum number of passwords the attacker would try in order to crack a password in your system?

24

Dictionary and Hybrid cracking

Dictionary cracking1

Try common words (“password”, “ouch,” etc.) There are only a few thousand of these Cracked very rapidly

Hybrid cracking2

Used when dictionary cracking fails Common word with one or few digits at end, etc.

1 Also called dictionary attack2 Also called to as hybrid attack

25

Password Policies Good password policy

At least 8 characters long

Change of case not at beginning

Digit (0 through 9) not at end

Other keyboard characters not at end

Example: triV6#ial

Completely random passwords are best but usually are written down

Password duration

Regularly test the strength of internal passwords

Disable passwords no longer valid

26

Password Policies (cont)

Shared passwords Not a good policy

Remove ability to learn who took actions; loses accountability

Usually is not changed often or at all because of need to inform all sharers

27

Questions

Q.1. ABC Inc. has a network with three users. The users have the following

usernames: aillia, jwillems, vhampton. A shared-password policy implemented by

the network administrator allowed the users to logon with the password abc123.

Last night someone committed an attack stealing sensitive corporate information

after elevating the privileges associated with the account they used to logon.

Which of the following is true? (Choose all that apply)

a) the audit log file could be checked to determine at what time the attacker logged in

b) the audit log file could be checked to determine which user account was used in committing the attack

c) the audit log file could be checked to determine who committed the attack

d) all of the above.

Q.2. If your answer to Q.1 above indicates that at least one of the statements is not

true, explain why.

________________________________________________________________

________________________________________________________________

28

Summary Questions

What are the three main security goals?

What security goal is jeopardized by a successful eavesdropping attack?

What is the difference between dictionary cracking and hybrid cracking?

What is a shared password? Do you recommend shared passwords? Why?

29

Alternativesto password

Access Cards Magnetic stripe cards Smart cards

Have a microprocessor and RAM

Can implement public key encryption for challenge/response authentication

Token Constantly changing password devices for one-

time passwords USB plug-in tokens

30

Alternatives to password (cont.)

Proximity Access Tokens

Use Radio Frequency ID (RFID) technology

Supplicant only has to be near a door or computer to be recognized

Two-Factor Authentication◦ Access card: 1st factor◦ PINs for the second factor

Short: 4 to 6 digits Can be short because attempts are manual Should not choose obvious combinations (1111,

1234) or important dates

31


Biometric Authentication

Authentication based on biological (bio) measurements (metrics).

Biometric authentication is based on something you are (your fingerprint, iris pattern, face, hand geometry, and so forth)

Or something you do (write, type, and so forth)

The major promise of biometrics is to make reusable passwords obsolete

32


Resources Access ControlPart 2

34

Wireless telecomm control

IEEE* is a professional association that Is dedicated to advancing technological

innovations

Develops standards for wired LAN devices

Develops standards for Wireless LAN (WLAN) devices

Wi-Fi Alliance is a trade association that at promotes Wireless LAN technology

Certifies products if they conform to certain standards

* Institute of Electrical and Electronics Engineers

35

802.11b 802.11a 802.11g

2.4 GHz 5 GHz 2.4 GHzUnlicensed Band

≤11 Mbps ≤ 54 Mbps ≤ 54 MbpsRated Speed

IEEE 802.11 WLAN standards

802.11n

2.4 GHz or 5 GHz

≤ 150 Mbps

3 12 13# of channels 13

* Under development

AM radio channels have a 10KHz bandwidth FM radio channels: 200KHz bandwidth

Service band 2.4 - 2.4835 GHz divided into 13 channels Each channel is 40 MHz wide Channels spaced 5 MHz apart Channel 1 centered on 2412 MHz. Channel 13 centered on 2472 MHz Transmissions spread across multiple channels 802.11b and 802.11g devices use only Channel 1, 6, 11 to avoid transmission overlap.

802.11ac*

2.4/5 GHz?

≤866 Mbps

802.11n

36

802.11 FrameContaining Packet

802.11 Wireless LAN operation

802.11 refers to the IEEE Wireless LAN standards

Notebookwith wireless NIC

EthernetSwitch

AccessPoint

Server


(2)

(3)

Client PC

(1)

37

802.11 Wireless LAN operation

NotebookWith PC CardWireless NIC

EthernetSwitch

AccessPoint

Server



(2)

(1)

Client PC

(3)

1. If the AP is 802.11n-compliant, it could communicate with the notebook even if the notebook has a 802.11a NIC. T F

2. Given what you know about WLAN operation, where (i.e. on which device) security should be implemented to prevent unauthorized devices from accessing network services?

38

Summary Question (1)

Which of the following is among Wireless Access Points’ functions?

a) Convert electric signal into radio wave

b) Convert radio wave into electric signal

c) Forward messages from wireless stations to devices in a wired LAN

d) Forward messages from one wireless station to another

e) All of the above

f) Only c and d

39

MAC Filtering

The Access Point could be configured to only allow mobile devices with specific MAC addresses

Today, attack programs exist that could sniff MAC addresses, and then spoof them to gain access

AccessPoint

MAC Access Control List

O9-2X-98-Y6-12-TR

10-U1-7Y-2J-6R-11

U1-E2-13-6D-G1-90

01-23-11-23-H1-80

……………………..

40

IP Address Filtering

The Access Point could be configured to only allow mobile devices with specific IP addresses

Attacker could Get IP address by guessing based on companies

range of IP addresses Sniff IP addresses, then spoof them to gain access

AccessPoint

IP Address Access Control List

139.67.180.1/24-139.67.180.30/24

139.67.180.75

139.67.180.80

139.67.180.110

……………………..

41

Access control at EIU

What is used at EIU today to control access to the WLAN?

42

SSID: Apparent 802.11 Security Service Set Identifier (SSID)

It’s a “Network name” of up to 32 characters Access Points come with default SSID. Example: “tsunami”

for Cisco or “linksys” for Linksys All Access Points in a WLAN have same SSID Mobile devices must know the SSID to “talk” to the access

points SSID frequently broadcasted by the access point for ease

of discovery. SSID in frame headers are transmitted in clear text SSID broadcasting could be disabled but it’s a weak

security measure Sniffer programs (e.g. Kismet, inSSIDer) can find SSIDs

easily

43

Wired Equivalent Privacy (WEP) Standard originally intended to make wireless networks

as secure as wired networks

With WEP, mobile devices need to provide a shared key to be authenticated and gain access Typical WEP key length: 40-bit, 128-bit, 256-bit

If a hacker intercepts, decrypts, and compares two messages encrypted with the same key, he/she will know the key

Question: Besides through hacking, how can a WEP key be leaked? What can be done to limit access by unauthorized users?

1. Wireless station sends authentication request to AP2. AP sends back a 128 bits challenge text in plaintext3. Wireless station uses the RC4 encryption scheme to encrypt the challenge text

and its WEP key and sends result to AP4. AP regenerate the WEP key from received result, then compare WEP key to its

own WEP key5. AP sends a success or failure message

WEP authentication process

aircrack-ngweplabWEPCrack airsnort

Open Source WEP Cracking software

44

Wired Equivalent Privacy (WEP)

Using a Initialization Vectors (IV) To make the shared key hard to crack, WEP

uses a per-frame key that is the shared key plus a 24-bit initialization vector (IV) that is different for each frame/packet.

However, many frames “leak” a few bits of the key

With high traffic, an attacker using readily available software can crack a shared key in 2 or 3 minutes

45

Wi-Fi Protected Access (WPA) WPA extends the security of WEP/RC4 primarily by:

increasing the IV from 24 bits to 48 bits

Implementing a system for automatic rekeying called TKIP (Temporal Key Integrity Protocol)

Cryptographic Characteristic

WEP WPA 802.11i (WPA2)

Cipher for Confidentiality

RC4 with a flawed implementation

RC4 with 48-bit initialization vector (IV)

AES with 128-bit keys

Automatic Rekeying None Temporal Key Integrity Protocol (TKIP), which has been partially cracked

AES-CCMP Mode

Overall Cryptographic Strength

Negligible Weaker but no complete crack to date

Extremely strong

46

802.11i (or WPA2)

In 2004, the IEEE 802.11 working group developed a security standard called 802.11i to be implement in 802.11 networks.

802.11i tightens security through the use of the AES encryption scheme with a 128-bit key

802.11i can be added to existing AP and NICs

The128-bit key changes

47

Other protocols used in 802.11i

Authentication and data integrity in 802.11i and 802.11x rely on the Extensible Authentication Protocol (EAP) which has different options: Wireless Transport Layer Security (WTLS) protocol

Server and mobile devices must have digital certificates

Requires that Public Key Infrastructure (PKI) be installed to manage digital certificates

Tunneled WTLS Digital certificates are installed on the server only

Once server is securely authenticated to the client via its Certificate Authority, a secured tunnel is created.

Server authenticates the client through the tunnel.

Client could use passwords as mean of authentication

48

Using Authentication server

AccessPoint

1.Authentication

Request

2.Pass on Request to

RADIUS Server

3.Get User Lee’s Data(Optional; RADIUSServer May Store

Authentication Data)

4. AcceptApplicant Key=XYZ 5. OK

UseKey XYZ

DirectoryServer orKerberos

Server

RADIUS Server / WAP Gateway

RADIUS is an AAA (Authentication, Authorization, Accounting) protocol Once user authenticated, AP assigns user individual key, avoiding shared key.

Applicant(Lee)

TCP/IP Internetworking

50

Layered Communications: Encapsulation – De-encapsulation Application programs on different computers cannot

communicate directly There is no direct connection between them! They need to use an indirect communication system

called layered communications or layer cooperation

BrowserBrowser

TransportTransport

InternetInternet

Data LinkData Link

PhysicalPhysical

User PC

Web AppWeb App

TransportTransport

InternetInternet

Data LinkData Link

PhysicalPhysical

Webserver

HTTP RequestHTTP Request

51

PPP-TPPP-T

Layer Cooperation on the User PC

Encapsulation on the sending machine Embedding message received from upper layer

in a new message

ApplicationApplication

TransportTransport

InternetInternet

Data LinkData Link

HTTP req.HTTP req.

PhysicalUser PC

HTTP req.HTTP req. TCP-HTCP-H

HTTP req.HTTP req. TCP-HTCP-H IP-HIP-H

HTTP req.HTTP req. TCP-HTCP-H IP-HIP-H PPP-HPPP-H

IP Packet

TCPsegment

HTTP request

Frame

Encapsulation of HTTPrequest in data field ofa TCP segment

52

Layer Cooperation on the Web server

De-encapsulation Other layers pass successive data fields (containing next-lower layer

messages) up to the next-higher layer

ApplicationApplication

TransportTransport

InternetInternet

Data LinkData Link

Transmission mediaWebserver

PPP-TPPP-T

HTTP req.HTTP req.

HTTP req.HTTP req. TCP-HTCP-H

HTTP req.HTTP req. TCP-HTCP-H IP-HIP-H

HTTP req.HTTP req. TCP-HTCP-H IP-HIP-H PPP-HPPP-H

IP Packet

TCPsegment

HTTP request

Frame

53

Questions

1. What is encapsulation? On what machine does it occur: sending or receiving machine?

2. If a layer creates a message, does that layer or the layer below it encapsulate the message?

3. What layer creates frames? Segments? Packets?

54

IP Packet

Total Length(16 bits)

Identification (16 bits)

Header Checksum (16 bits)Time To Live

(8 bits)

Flags

Protocol (8 bits)1=ICMP, 6=TCP,17=UDP

Bit 0 Bit 31IP Version 4 Packet

Source IP Address (32 bits)

Fragment Offset (13 bits)

QoS(8 bits)

HeaderLength(4 bits)

Version(4 bits)

Destination IP Address (32 bits)

Options (if any) Padding

Data Field

0100

QoS: Also called Type of Service, indicates the priority level the packet should have Identification tag: to help reconstruct the packet from several fragments Flags: indicates whether packet could be fragmented or not (DF: Don't fragment), indicates whether more fragments of a packet follow (MF: More Fragments or NF: No More Fragments) Fragment offset: identify which fragment this packet is attached to TTL: Indicates maximum number of hops (or routers) the packet could pass before a hop discards it. Header checksum: to check for errors in the headers only

55

Questions

What is the main version of the Internet Protocol in use today? What is the other version?

What does a router do with an IP packet if it decrements its TTL value to zero?

Assume that a router received an IP packet with the Protocol in header set to 6. What Transport layer protocol is used in the message: TCP, UDP, or ICMP?

56

IP Fragmentation

When a packet arrives at a router, the router selects the port and subnet to forward the packet to

If packet too large for the subnet to handle, router fragments the packet; ie.

Divides packet’s data field into fragments Gives each fragment same Identification tag value, i.e. the

Identification tag of original packet First fragment is given Fragment Offset value of 0

Subsequent fragments get Fragment Offset values consistent with their data’s place in original packet

Last fragment’s Flag is set to “No More Fragments”

Destination host reassemble fragments based on the offsets.

Identification (16 bits) Flags Fragment Offset (13 bits)

Subnet 1

Subnet 2

57

Firewalls and Fragmented IP Packet

5. Firewall 60.168.47.47

Can Only Filter TCP

Header in First Fragment

Attacker 1.34.150.37

2. Second Fragment

4. TCP Data Field

NoTCP Header

IP Header

TCP Data Field

1. First Fragment

IP Header

3. TCP Header Only in First Fragment

Fragmentation makes it hard for firewalls to filter individual packets TCP or UDP header appears only in the first fragment

Firewall might drop the first fragment, but not subsequent fragments Some firewalls drop all fragmented packets

Router

58

TCP Segment

Source Port Number (16 bits) Destination Port Number (16 bits)

Bit 0 Bit 31

Acknowledgment Number (32 bits)

Sequence Number (32 bits)

TCP Checksum (16 bits)

Window Size(16 bits)

Flag Fields:ACK, SYN,…

(6 bits)

Reserved(6 bits)

HeaderLength(4 bits)

Urgent Pointer (16 bits)

Data Port number: identifies sending and receiving application programs. Sequence number: Identifies segment’s place in the sequence. Allows receiving Transport layer to put arriving TCP segments in order. Acknowledgement number: identifies which segment is being acknowledged Flag fields: Six one-bit flags: ACK, SYN, FIN, RST, URG, PSH. Can be set to 0 (off) or 1 (on). e.g. SYN=1 means a request for connection/synchronization.

Q: If the ACK flag is set to 1, what other field must also be set to allow the receiver know what TCP segment is being acknowledged?

59

TCP and use of Flags TCP is a connection-oriented protocol

Sender and receiver need to establish connection Sender and receiver need to agree to “talk” Flags are used for establishing connection

Sender requests connection opening: SYN flag set to 1 If receiver is ready to “talk”, it responds by a SYN/ACK segment Sender acknowledges the acknowledgment

If sender does not get ACK, it resends the segment

PCTransport Process

WebserverTransport Process

1. SYN (Open)

2. SYN, ACK (1) (Acknowledgment of 1)

3. ACK (2)

Note: With connectionless protocols like UDP, there is no flags. Messages are just sent. If part of sent messages not received, there is no retransmission.

3-way Handshake

Flag Fields(6 bits)

ACK SYN FIN RSTURG PSH

60

Communication during a normal TCP Session

Note: At any time, either process can send a TCP RST (reset) segment with RST bit set to 1 to drop the connection (i.e. to abruptly end the connection).

Q1: How many segments are sent in a normal TCP communication opening? ____

Q2: How many segments are sent in a normal TCP communication closing? ____

61

SYN/ACK Probing Attack

SYN/ACK Segment

Victim 60.168.47.47

Attacker 1.34.150.37

1. Probe 60.168.47.47

5. 60.168.47.47

is Live! 4. Source IP Addr=

60.168.47.473. Go Away!

2. No SYN (Open): Makes No Sense!

IP Hdr RST Segment

Sending SYN/ACK segments helps attackers locate “live” targets

Older Windows OS could crash when they receive a SYN/ACK probe

62

TCP and use of Port numbers Port Number identify applications

Well-known ports (0-1023): used by major server applications running at root authority.

HTTP web service=80, Telnet=23, FTP=21, SMTP email =25

Registered ports (1024-49151): Used by client and server applications.

Ephemeral/dynamic/private ports (49152-65535) Not permanently assigned by ICANN.

Web server applicationswww:80 FTP:21 SMTP:25

Operating System

Computer hardware

HDRAM chip

Processor

Socket notation:IP address:Port #

Source Port Number (16 bits) Destination Port Number (16 bits)

63

Questions

A host sends a TCP segment with source port number 25 and destination port number 49562.

1) Is the source host a server or a client? Why?

2) If the host is a server, what kind of service does it provide?

3) Is the destination host a server or a client ? Why?

64

TCP and Port spoofing

Most companies set their firewall to accept packet to and from port 80

Attackers set their client program to use well-know port 80

Attackers set their application to use well-known port despite not being the service associated with the port

65

Questions1. What is IP Fragmentation? Does IP fragmentation

make it easier for firewall to filter incoming packets? Why?

2. What is SYN/ACK probing attack?

3. What kind of port numbers do major server applications, such as email service, use?

4. What kind of port numbers do client applications usually use?

5. What is socket notation?

6. What is port spoofing?

7. How many well-known TCP ports are vulnerable to being scanned, exploited, or attacked?

66

IP Routing

Network60.x.x.x

Packet to 60.3.47.129

Router B

Router C

Interface1

Interface2

Network60.x.x.x

IP Routing

Network60.3.x.x

Route

123456

IP AddressRange

60.3.x.x128.171.x.x60.3.47.x10.5.3.x

128.171.17.x10.4.3.x

Metric

928622

Router A

Routing Table for Router A

Host60.3.45.129

Next-HopRouter

BBCB

LocalC

Routing

Matches

Host60.3.47.129

Because of multiple alternative routes in router meshes,routers may have several rows that match an IP address.

Routers must find All matches and then select the BEST ONE.This is slow and therefore expensive compared to switching.

Router A

67

Vertical Communication on Routers

Port 1DL

Port 2DL

Port 3DL

Port 4DL

PHY PHY PHY PHY

Internet Layer Process Packet

Frame

Router 1A

Decapsulation

Notes:A. Router R1 receives frame in Port 1.

Port 1 Data Link decapsulates the IP packet.Port 1 Data Link passes packet to internet Layer.

68

Vertical Communication on Routers

Port 1DL

Port 2DL

Port 3DL

Port 4DL

PHY PHY PHY PHY

Internet Layer Process Packet

Frame

Router 1

Router 2

B

Encapsulation

B. Internet layer sends packet out on Port 4.Data Link process on Port 4 encapsulates packet in a DL frame.Data Link process passes frame to Port 4 PHY.

69

Summary Questions (Part 1)

How many layers are there in a router? Can a router be a software program? Suppose that Computer 1 sends a message to

Computer 2. Assume that there are two routers (R1 and R2) along the route that leads to Computer 2. Assume that a frame from the message is received by R1 in Port 2. Which of the following will happen next?

a) The Data Link layer process in Port 1 will de-encapsulate the IP packet from the frame

b) The Physical layer will pass the frame to the Data Link layer process in Port 2

c) The Data Link layer process in Port 2 will de-encapsulate the IP packet from the frame

d) None of the above

70

IP Address IP is a connectionless protocol

IP address is like postal addresses Postal addresses are hierarchical: state, city, postal zone, street, house

address

IP Addresses have the following hierarchy

Network number (tells what network the host is on)

Subnet number (tells what segment of network the host is on)

Computer number (identifies a particular computer on the segment)

Routers look at network part (and segment part for some) to make routing decisions

Final router looks at Host part

71

Hierarchical IP Address

Network Part (not always 16 bits)

Subnet Part (not always 8 bits)

Host Part (not always 8 bits)

Total always is 32 bits.

139.67.130.13

Host 13139.67.130.13

School of Business Subnet(130)

EIU Network(139.67)

The Internet 13

72

IP Address notations IP addresses

Are really strings of 32 bits (1s and 0s) Example: 10000000101010100001000100001101

Usually represented by four number segments separated by dots: dotted decimal notation

Example: 128.171.17.13

127.18.47.145127.47.17.47

73

IP Address Spoofing

Trusted Server60.168.4.6

Victim Server60.168.47.47

1. Trust Relationship

From: 60.168.4.6To: 60.168.47.47

2. Spoofed Source IP Address

60.168.4.6 is used.

Attacker’s Client PC1.34.150.37

Reasons for IP spoofing: Anonymity Exploiting trust relationship

IP address spoofing is sending a message with a false IP address with the intent to mislead the receiving device and gain access

74

Questions

1. Make sure you can answer the TCP/IP questions posted to the Notes’ section of the class website

Documents

Review For Exam 1 (February 6, 2013) © Abdou Illia – Spring 2013