link-layer - UW Computer Sciences User...
Transcript of link-layer - UW Computer Sciences User...
![Page 1: link-layer - UW Computer Sciences User Pagespages.cs.wisc.edu/~ace/media/lectures/link-layer.pdfInternet protocol stack Application TCP IP Ethernet user data user data Appl hdr user](https://reader031.fdocuments.net/reader031/viewer/2022021509/5b0b9b7a7f8b9adc138e3926/html5/thumbnails/1.jpg)
![Page 3: link-layer - UW Computer Sciences User Pagespages.cs.wisc.edu/~ace/media/lectures/link-layer.pdfInternet protocol stack Application TCP IP Ethernet user data user data Appl hdr user](https://reader031.fdocuments.net/reader031/viewer/2022021509/5b0b9b7a7f8b9adc138e3926/html5/thumbnails/3.jpg)
todayCrypto exercise in-class
Link layer (in-)security
IP, TCP (in-)security
![Page 4: link-layer - UW Computer Sciences User Pagespages.cs.wisc.edu/~ace/media/lectures/link-layer.pdfInternet protocol stack Application TCP IP Ethernet user data user data Appl hdr user](https://reader031.fdocuments.net/reader031/viewer/2022021509/5b0b9b7a7f8b9adc138e3926/html5/thumbnails/4.jpg)
exercisecrypto
![Page 5: link-layer - UW Computer Sciences User Pagespages.cs.wisc.edu/~ace/media/lectures/link-layer.pdfInternet protocol stack Application TCP IP Ethernet user data user data Appl hdr user](https://reader031.fdocuments.net/reader031/viewer/2022021509/5b0b9b7a7f8b9adc138e3926/html5/thumbnails/5.jpg)
Internet
backbone
ISP1 ISP2
Localareanetwork(LAN)
Internet
Ethernet
802.11BGP(bordergatewayprotocol)
DNS(domainnamesystem)
Alice
Bob
TCP/IP
![Page 6: link-layer - UW Computer Sciences User Pagespages.cs.wisc.edu/~ace/media/lectures/link-layer.pdfInternet protocol stack Application TCP IP Ethernet user data user data Appl hdr user](https://reader031.fdocuments.net/reader031/viewer/2022021509/5b0b9b7a7f8b9adc138e3926/html5/thumbnails/6.jpg)
Internetprotocolstack
Application HTTP,FTP,SMTP,SSH,etc.
Transport TCP,UDP
Network IP,ICMP,IGMP
Link 802x(802.11,Ethernet)
Application
Transport
Network
Link
Application
Transport
Network
Link
Network
Link
![Page 7: link-layer - UW Computer Sciences User Pagespages.cs.wisc.edu/~ace/media/lectures/link-layer.pdfInternet protocol stack Application TCP IP Ethernet user data user data Appl hdr user](https://reader031.fdocuments.net/reader031/viewer/2022021509/5b0b9b7a7f8b9adc138e3926/html5/thumbnails/7.jpg)
Internetprotocolstack
Application
TCP
IP
Ethernet
userdata
userdataApplhdr
userdataApplhdr
TCPhdr
userdataApplhdr
TCPhdr
IPhdr
userdataApplhdr
TCPhdr
IPhdrENethdr
ENettlr
TCPsegment
IPdatagram
Ethernetframe
14 20 20
46to1500bytes
![Page 8: link-layer - UW Computer Sciences User Pagespages.cs.wisc.edu/~ace/media/lectures/link-layer.pdfInternet protocol stack Application TCP IP Ethernet user data user data Appl hdr user](https://reader031.fdocuments.net/reader031/viewer/2022021509/5b0b9b7a7f8b9adc138e3926/html5/thumbnails/8.jpg)
Addressresolutionprotocol
IProuting:FigureoutwheretosendanIPpacketbasedondestinationaddress.
LinklayerandIPmustcooperatetoroutepackets
ARPenablesthiscooperationbymappingIPstoMACs
32-bitIPaddress
48-bitMACaddress
ARP
![Page 9: link-layer - UW Computer Sciences User Pagespages.cs.wisc.edu/~ace/media/lectures/link-layer.pdfInternet protocol stack Application TCP IP Ethernet user data user data Appl hdr user](https://reader031.fdocuments.net/reader031/viewer/2022021509/5b0b9b7a7f8b9adc138e3926/html5/thumbnails/9.jpg)
ARPcaches
• HostsmaintaincacheofARPdata– justatablemappingbetweenIPsandMACs
![Page 10: link-layer - UW Computer Sciences User Pagespages.cs.wisc.edu/~ace/media/lectures/link-layer.pdfInternet protocol stack Application TCP IP Ethernet user data user data Appl hdr user](https://reader031.fdocuments.net/reader031/viewer/2022021509/5b0b9b7a7f8b9adc138e3926/html5/thumbnails/10.jpg)
ARPhasnoauthentication
• Easytosniffpacketson(non-switched)ethernet
• Whatelsecanwedo?
EasyDenialofService(DoS):SendARPreplyassociatinggateway192.168.1.1withanon-usedMACaddress
![Page 11: link-layer - UW Computer Sciences User Pagespages.cs.wisc.edu/~ace/media/lectures/link-layer.pdfInternet protocol stack Application TCP IP Ethernet user data user data Appl hdr user](https://reader031.fdocuments.net/reader031/viewer/2022021509/5b0b9b7a7f8b9adc138e3926/html5/thumbnails/11.jpg)
ARPhasnoauthentication
• Easytosniffpacketson(non-switched)ethernet
• Whatelsecanwedo?
192.168.1.2MAC2
192.168.1.3MAC3
192.168.1.1MAC1
ActiveMan-in-the-Middle:
ARPreplytoMAC2192.168.1.1->MAC3
ARPreplytoMAC1192.168.1.2->MAC3
Nowtraffic“routed”throughmaliciousbox
![Page 12: link-layer - UW Computer Sciences User Pagespages.cs.wisc.edu/~ace/media/lectures/link-layer.pdfInternet protocol stack Application TCP IP Ethernet user data user data Appl hdr user](https://reader031.fdocuments.net/reader031/viewer/2022021509/5b0b9b7a7f8b9adc138e3926/html5/thumbnails/12.jpg)
802.11(wifi)
http://technet.microsoft.com/en-us/library/cc757419(WS.10).aspx
STA=stationAP=accesspoint
BSS=basicservicesetDS=distributionserviceESS=extendedserviceset
SSID(servicesetidentifier)identifiesthe802.11network
TypicalWiFimodes:UnsecuredWirelessProtectedAccess(WPA2)-passwordauthenticated,encrypted
![Page 13: link-layer - UW Computer Sciences User Pagespages.cs.wisc.edu/~ace/media/lectures/link-layer.pdfInternet protocol stack Application TCP IP Ethernet user data user data Appl hdr user](https://reader031.fdocuments.net/reader031/viewer/2022021509/5b0b9b7a7f8b9adc138e3926/html5/thumbnails/13.jpg)
802.11association
AP
Proberequest
SSID:“linksys”,BSSID:MAC1
AuthrequestMAC1
Authresponse
AssociaterequestMAC1
Associateresponse
802.11association AP
![Page 14: link-layer - UW Computer Sciences User Pagespages.cs.wisc.edu/~ace/media/lectures/link-layer.pdfInternet protocol stack Application TCP IP Ethernet user data user data Appl hdr user](https://reader031.fdocuments.net/reader031/viewer/2022021509/5b0b9b7a7f8b9adc138e3926/html5/thumbnails/14.jpg)
802.11association
Proberequest
AuthrequestMAC2
MAC1
MAC2SSID:“linksys”,BSSID:MAC1SSID:“linksys”,BSSID:MAC2
ChooseoneofMAC1,MAC2
…
TwoAPsforsamenetworkAP1
AP2
![Page 15: link-layer - UW Computer Sciences User Pagespages.cs.wisc.edu/~ace/media/lectures/link-layer.pdfInternet protocol stack Application TCP IP Ethernet user data user data Appl hdr user](https://reader031.fdocuments.net/reader031/viewer/2022021509/5b0b9b7a7f8b9adc138e3926/html5/thumbnails/15.jpg)
802.11eviltwinsBasicidea: -AttackerpretendstobeanAPtointercepttrafficorcollectdata
EviltwinMAC1
MAC2
Proberequest
SSID:“linksys”,BSSID:MAC1
AuthrequestMAC2
SSID:“linksys”,BSSID:MAC2ChooseoneofMAC1,MAC2
…
Basicattack:rogueAPAP1
![Page 16: link-layer - UW Computer Sciences User Pagespages.cs.wisc.edu/~ace/media/lectures/link-layer.pdfInternet protocol stack Application TCP IP Ethernet user data user data Appl hdr user](https://reader031.fdocuments.net/reader031/viewer/2022021509/5b0b9b7a7f8b9adc138e3926/html5/thumbnails/16.jpg)
ParrotARdroneDroneisaWiFiaccesspointUsesunsecured802.11connection(WiFi)ControlledfromiPadoriPhonewithanappUsesMACaddressforsecurity
![Page 17: link-layer - UW Computer Sciences User Pagespages.cs.wisc.edu/~ace/media/lectures/link-layer.pdfInternet protocol stack Application TCP IP Ethernet user data user data Appl hdr user](https://reader031.fdocuments.net/reader031/viewer/2022021509/5b0b9b7a7f8b9adc138e3926/html5/thumbnails/17.jpg)
Internetprotocolstack
Application
TCP
IP
Ethernet
userdata
userdataApplhdr
userdataApplhdr
TCPhdr
userdataApplhdr
TCPhdr
IPhdr
userdataApplhdr
TCPhdr
IPhdrENethdr
ENettlr
TCPsegment
IPdatagram
Ethernetframe
14 20 20
46to1500bytes
![Page 18: link-layer - UW Computer Sciences User Pagespages.cs.wisc.edu/~ace/media/lectures/link-layer.pdfInternet protocol stack Application TCP IP Ethernet user data user data Appl hdr user](https://reader031.fdocuments.net/reader031/viewer/2022021509/5b0b9b7a7f8b9adc138e3926/html5/thumbnails/18.jpg)
IPprotocol(IPv4)
• Connectionless– nostate
• Unreliable– noguarantees
• ICMP(InternetControlMessageProtocol)– errormessages,etc.
– oftenusedbytoolssuchasping,traceroute
![Page 19: link-layer - UW Computer Sciences User Pagespages.cs.wisc.edu/~ace/media/lectures/link-layer.pdfInternet protocol stack Application TCP IP Ethernet user data user data Appl hdr user](https://reader031.fdocuments.net/reader031/viewer/2022021509/5b0b9b7a7f8b9adc138e3926/html5/thumbnails/19.jpg)
IPv4
dataENethdr
ENettlr
EthernetframecontainingIPdatagram
IPhdr
4-bitversion
4-bithdrlen
8-bittypeofservice
16-bitidentification
16-bittotallength(inbytes)
3-bitflags
13-bitfragmentationoffset
8-bittimetolive(TTL)
8-bitprotocol
16-bitheaderchecksum
32-bitsourceIPaddress
32-bitdestinationIPaddress
options(optional)
![Page 20: link-layer - UW Computer Sciences User Pagespages.cs.wisc.edu/~ace/media/lectures/link-layer.pdfInternet protocol stack Application TCP IP Ethernet user data user data Appl hdr user](https://reader031.fdocuments.net/reader031/viewer/2022021509/5b0b9b7a7f8b9adc138e3926/html5/thumbnails/20.jpg)
backbone
SecurityissueswithIP
ISP1 ISP2
Routinghasissues,we’llgettothatlaterWhatelse? -Nosourceaddressauthenticationingeneral
5.6.7.8
1.2.3.4
![Page 21: link-layer - UW Computer Sciences User Pagespages.cs.wisc.edu/~ace/media/lectures/link-layer.pdfInternet protocol stack Application TCP IP Ethernet user data user data Appl hdr user](https://reader031.fdocuments.net/reader031/viewer/2022021509/5b0b9b7a7f8b9adc138e3926/html5/thumbnails/21.jpg)
DenialofService(DoS)attacks
ISP1 ISP2
1.2.3.4
5.6.7.8
Backbone
Goal:preventlegitimateusersfromaccessingvictim(1.2.3.4)
ICMPpingflood
![Page 22: link-layer - UW Computer Sciences User Pagespages.cs.wisc.edu/~ace/media/lectures/link-layer.pdfInternet protocol stack Application TCP IP Ethernet user data user data Appl hdr user](https://reader031.fdocuments.net/reader031/viewer/2022021509/5b0b9b7a7f8b9adc138e3926/html5/thumbnails/22.jpg)
8-bitcode
ICMP (InternetControlMessageProtocol)
ICMPmessageIPhdr
8-bittype
16-bitchecksum
ICMPhdr
4-bytemoreofheader(dependsontype)
message…
![Page 23: link-layer - UW Computer Sciences User Pagespages.cs.wisc.edu/~ace/media/lectures/link-layer.pdfInternet protocol stack Application TCP IP Ethernet user data user data Appl hdr user](https://reader031.fdocuments.net/reader031/viewer/2022021509/5b0b9b7a7f8b9adc138e3926/html5/thumbnails/23.jpg)
DenialofService(DoS)attacks
ISP1 ISP2
1.2.3.4
5.6.7.8
Backbone
Goalistopreventlegitimateusersfromaccessingvictim(1.2.3.4)
ICMPpingflood- AttackersendsICMPpingsasfastaspossibletovictim- WhenwillthisworkasaDoS?- Howcanthisbeprevented? Ingressfilteringnearvictim
Attackerresources>victim’s
![Page 24: link-layer - UW Computer Sciences User Pagespages.cs.wisc.edu/~ace/media/lectures/link-layer.pdfInternet protocol stack Application TCP IP Ethernet user data user data Appl hdr user](https://reader031.fdocuments.net/reader031/viewer/2022021509/5b0b9b7a7f8b9adc138e3926/html5/thumbnails/24.jpg)
DenialofService(DoS)attacks
ISP1 ISP2
1.2.3.4
5.6.7.8
Backbone
Howcanattackeravoidingressfiltering?
AttackercansendpacketwithfakesourceIP“spoofed”packetPacketwillgetroutedcorrectlyReplieswillnot
source:8.7.3.4dest:1.2.3.4
SendIPpacketwith from5.6.7.8
ISP3
8.7.3.4
Filterbasedonsourcemaybeincorrect
![Page 25: link-layer - UW Computer Sciences User Pagespages.cs.wisc.edu/~ace/media/lectures/link-layer.pdfInternet protocol stack Application TCP IP Ethernet user data user data Appl hdr user](https://reader031.fdocuments.net/reader031/viewer/2022021509/5b0b9b7a7f8b9adc138e3926/html5/thumbnails/25.jpg)
DoSreflectionattacks
ISP1 ISP2
Noteavalidpacketsendsareplyto8.7.3.4 -Attackercanbounceanattackagainst8.7.3.4off1.2.3.4 -“Frame”1.2.3.4 -Single-packetexploit(1.2.3.4inforeigncountry)
1.2.3.4
5.6.7.8
Backbone
ISP3
8.7.3.4
![Page 26: link-layer - UW Computer Sciences User Pagespages.cs.wisc.edu/~ace/media/lectures/link-layer.pdfInternet protocol stack Application TCP IP Ethernet user data user data Appl hdr user](https://reader031.fdocuments.net/reader031/viewer/2022021509/5b0b9b7a7f8b9adc138e3926/html5/thumbnails/26.jpg)
DenialofService(DoS)attacks
ISP1 ISP2
1.2.3.4
5.6.7.8
Backbone
DoSworksbetterwhenthereisasymmetrybetweenvictimandattacker- Attackerusesfewresourcestocausevictimto
consumelotsofresources
![Page 27: link-layer - UW Computer Sciences User Pagespages.cs.wisc.edu/~ace/media/lectures/link-layer.pdfInternet protocol stack Application TCP IP Ethernet user data user data Appl hdr user](https://reader031.fdocuments.net/reader031/viewer/2022021509/5b0b9b7a7f8b9adc138e3926/html5/thumbnails/27.jpg)
DenialofService(DoS)attacks
ISP1 ISP21.2.3.4
5.6.7.8
Backbone
DoSworksbetterwhenthereisasymmetrybetweenvictimandattacker- Attackerusesfewresourcestocausevictimto
consumelotsofresources
Oldexample:SmurfattackRouterallowsattackertosendbroadcastICMPpingonnetwork.AttackerspoofsSRCaddresstobe1.2.3.4
![Page 28: link-layer - UW Computer Sciences User Pagespages.cs.wisc.edu/~ace/media/lectures/link-layer.pdfInternet protocol stack Application TCP IP Ethernet user data user data Appl hdr user](https://reader031.fdocuments.net/reader031/viewer/2022021509/5b0b9b7a7f8b9adc138e3926/html5/thumbnails/28.jpg)
DenialofService(DoS)attacks
ISP1 ISP2
1.2.3.4
5.6.7.8
Backbone
Morerecent:DNSreflectionattacksSendDNSrequestw/spoofedtargetIP(~65byterequest)DNSrepliessenttotarget(~512byteresponse)
ISP3
8.7.3.4
ShortDNSrequest
LongerDNSreply
DoSworksbetterwhenthereisasymmetrybetweenvictimandattacker- Attackerusesfewresourcestocausevictimto
consumelotsofresources
![Page 29: link-layer - UW Computer Sciences User Pagespages.cs.wisc.edu/~ace/media/lectures/link-layer.pdfInternet protocol stack Application TCP IP Ethernet user data user data Appl hdr user](https://reader031.fdocuments.net/reader031/viewer/2022021509/5b0b9b7a7f8b9adc138e3926/html5/thumbnails/29.jpg)
recap
In-class exercise / Hybrid encryption, digital signatures, PBKDF
Network Security / ARP cache poisoning, MitM, DoS / WiFi Evil Twins / IP (in-security)
Exit slips / 1 thing you learned / 1 thing you didn't understand