ITP 457Network Security

Networking Technologies II

UDP, IP, and NAT

Overview

UDP IP NAT

UDP

UDP – User Datagram Protocol Also member of TCP/IP TCP and UDP are cousins An application developer can choose to

transmit data using either TCP or UDP Both protocols cannot be used

simultaneously in an application

UDP Characteristics

Connectionless – the protocol doesn’t know or remember the state of a connection

Does not have concept of Session initiation Acknowledgement No error checking – does not retransmit lost

packets nor does it put them in proper order

UDP

UDP also called: “Unreliable Damn Protocol” It is inherently unreliable Unreliability is ok – IF it can buy you SPEED! Some applications more interested in getting

packets across the network and don’t need super high reliability.

Good protocol for a large number of connections

UDP

Services that use UDP are Streaming Video/ Audio DNS queries Online Games Voice-over-IP (VoIP) DHCP DNS SNMP RIP

UDP header

UDP source port UDP destination port

Message Length Checksum

Data

UDP Ports UDP – 65,535 ports Some typical ports:

53 – DNS (Domain Name Server) 67 – DHCP (Dynamic Host Control Protocol) 69 – TFTP (Trivial File Transfer Protocol) 161 – SNMP (Simple Network Management Protocol) 514 – Syslog 6112 – Battle.NET 14567 – Battlefield 1492 26000 – Quake Server 27015 – Halflife Server

For a searchable database of known ports: http://www.ports-services.com/

IS UDP less secure than TCP?

YES! Absence of three-way handshake implies no

Sequence numbers or no control bits. Difficult for firewalls and routers to track

where the ends systems are in their communications

We cannot completely turn off UDP, due to some of the necessary protocols that use UDP

Internet Protocol( IP)

IP handles end-to-end delivery Most commonly used network layer protocol All traffic on the internet uses IP

Internet Protocol ( IP)

Upon receiving packet from Transport layer, IP layer generates a header

Header includes : source and destination IP addresses

Header is added to front of TCP packet to create a resulting IP packet.

Purpose of IP is to carry packets end to end across a network.

IP header

Source IP address

Destination IP address

Data

IP addresses

Identify each individual machine on the internet

32 bits in length Hackers attempt to determine all IP address

in use on a target network – “network mapping”

Hackers generate bogus packets appearing to come from a given IP address – “IP address spoofing”

IP Addresses in depth

32 bits, with 8 bit groupings E.x: 192.168.0.1 Each number between the dots can be between 0

and 255 4 billion combinations

Not really Allocated in groups called address blocks

3 sizes, based on the class of the address Class A, Class B, and Class C

Class A Addresses Giant organizations There are no more available All IP addresses are of the form:

0 – 126.x.x.xx can be between 0 and 255

The first octet is assigned to the owner, with the rest being freely distributable to the nodes

Has a 24 bit address space Uses up to half of the total IP addresses available!!! Who owns these???

Internet Service Providers Large internet companies

Google, CNN, WB

Class B Addresses Large Campuses or Organizations

Example: Colleges, including USC These are running out!!! All Class B Addresses are of the form:

128 - 191.x.x.xWhere x can take any number between 0 and 255

The first two octets are assigned to the address block owner, with the last two being freely distributable Example: 128.125.x.x USC Example: 169.232.x.x UCLA

16-bit address space ¼ of all IP addresses belong to Class B Addresses

Class C Addresses

Small to mid-sized businesses A fair number left All Class C Addresses have the following

format:192-232.x.x.x

The first three octets are assigned, with the last being freely distributable Only 253 distributable addresses within a Class C

Address

Reserved Addresses

Private Networks (no public connections) 10.x.x.x 172.16.x.x 192.168.x.x

127.x.x.x – local network (loopback) 255.255.255.255 – broadcast – sends to

everyone on the network

Netmasks

IP address has 2 components Network address Host address

Determined by the address and the class of the address

Example (Class C): IP Address: 192.168.3.16 Network address: 192.168.3 Host address: 16

Packet Fragmentation

Various transmission media have different characteristics

Some require short packets others require longer packets

E.g. satellite – longer packets Local LAN – shorter packets

Packet Fragmentation

To optimize packet lengths for various communication links, IP offers network elements (routers and firewalls) the ability to slice up packets into smaller pieces, a process called fragmentation.

The end system’s IP layer is responsible for reassembling all fragments

Hackers use packet fragmentation to avoid being detected by Intrusion Detection Systems

Lack of Security in IP

IP version 4 does not include any security All components of packets are in clear text,

nothing is encrypted Anything in the header or data segment can

be viewed or modified by the hacker TCP/UDP Hijacking “Man-in-the-middle” attack

ICMP

ICMP – Internet Control Message Protocol It is the Network Plumber Its job is to transmit command and control

information between networks and systems

ICMP examples

“ping” request = ICMP Echo message If the “pinged” system is alive it will respond with

ICMP Echo Reply Message Try pinging

www.google.com www.yahoo.com www.cnn.com

Will they all work? Some sites have disabled ping. Why?

Ping-of-death a ping too big Ping flooding type of denial-of-service attack

Routers and packets

Routers Transfer packets from network to network They determine the path that a packet should

take across the network specifying from hop to hop which network segments the packets should bounce through as they travel across the network

Most networks use dynamic routing RIP, EIGRP We will be discussing these technologies later in

the course

Network address translation

NAT Blocks of addresses are allotted to ISP’s and

organizations Classes of IP Addresses

What happens when we have more computers than IP Addresses? We have a Class C address – allows 253

computers Our organization has 1000 computers What do we do???

Solution?

Reserve a range of IP addresses to build your own IP network 10.x.y.z - un-routable IP addresses 172.16.y.z 192.168.y.z

How to connect these machines to Internet?

Network Address Translation

Use a gateway /router to map invalid addresses to valid IP addresses Translates your local address to a routable address Router receives one IP Address

Either dynamically assigns addresses to all the nodes behind the router, or it is assigned statically using non-routable addresses If dynamic, uses DHCP (Dynamic Host Configuration Protocol)

When someone inside the network wants to access a computer outside the local network (the internet), the request is sent to the router, which uses NAT to send the request to the internet

NAT and security?

Does NAT improve security? It hides internal IP addresses from hacker NAT must be combined with “firewalls” for

optimum security

Firewalls

Firewalls

Network traffic cops Tools that control the flow of traffic going

between networks By looking at addresses associated with

traffic, firewalls determine whether connections should be transmitted or dropped

We will cover the setup and configuration of firewalls in great depth later in class