New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR...
Transcript of New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR...
![Page 1: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/1.jpg)
NETWORKINGBASICS
CMSC 414APR 26 2018
![Page 2: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/2.jpg)
WHY DOES THE INTERNET WORK?
1. PROTOCOLS Agreements on how to communicate
Publicly standardized, esp. via Requests for Comments (RFCs)
RFC 826: ARP RFC 103{4,5}: DNS RFC 793: TCP
Code to the protocol and your product will work with other products
![Page 3: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/3.jpg)
WHY DOES THE INTERNET WORK?
4-bitVersion
4-bitHeader len
8-bitType of service (TOS)
16-bitTotal length (bytes)
16-bitIdentification
3-bitFlags
13-bitFragment offset
8-bitTime-to-live (TTL)
8-bitProtocol
16-bitHeader checksum
32-bitSource IP address
32-bitDestination IP address
Payload
20-byte header
The payload is the “data” that IP is delivering: May contain another protocol’s header & payload, and so on
![Page 4: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/4.jpg)
WHY DOES THE INTERNET WORK?2. THE NETWORK IS DUMB
End-hosts are the periphery (users, devices)
Routers and switches are interior nodes that
Route (figure out where to forward)
Forward (actually send)
• Principle: the routers have no knowledge of ongoing connections through them • They do “destination-based” routing and forwarding
- Given the destination in the packet, send it to the “next hop” that is best suited to help ultimately get the packet there
![Page 5: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/5.jpg)
WHY DOES THE INTERNET WORK?2. THE NETWORK IS DUMB
End-hosts are the periphery (users, devices)
Routers and switches are interior nodes that
Route (figure out where to forward)
Forward (actually send)
• Principle: the routers have no knowledge of ongoing connections through them • They do “destination-based” routing and forwarding
- Given the destination in the packet, send it to the “next hop” that is best suited to help ultimately get the packet there
Mental model: The postal system
![Page 6: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/6.jpg)
WHY DOES THE INTERNET WORK?3. LAYERS
• The design of the Internet is strongly partitioned into layers • Each layer relies on the services provided by the layer
immediately below it… • … and provides service to the layer immediately above it
![Page 7: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/7.jpg)
LAYERS OF THE INTERNET
PHYSICAL Send / receive bit Broadcasts on shared link
![Page 8: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/8.jpg)
LAYERS OF THE INTERNET
PHYSICAL Send / receive bit Broadcasts on shared link
LINK Local send/recvAdds framing & destination; Still assumes shared link
![Page 9: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/9.jpg)
LAYERS OF THE INTERNET
PHYSICAL Send / receive bit Broadcasts on shared link
LINK Local send/recvAdds framing & destination; Still assumes shared link
NETWORK (IP) Global send/recvAdds global addresses; Requires routing
![Page 10: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/10.jpg)
LAYERS OF THE INTERNET
PHYSICAL Send / receive bit Broadcasts on shared link
LINK Local send/recvAdds framing & destination; Still assumes shared link
NETWORK (IP) Global send/recvAdds global addresses; Requires routing
TRANSPORT (TCP,UDP) Process send/recvE2E communication between processes; Adds ports/reliability
![Page 11: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/11.jpg)
LAYERS OF THE INTERNET
PHYSICAL Send / receive bit Broadcasts on shared link
LINK Local send/recvAdds framing & destination; Still assumes shared link
NETWORK (IP) Global send/recvAdds global addresses; Requires routing
TRANSPORT (TCP,UDP) Process send/recvE2E communication between processes; Adds ports/reliability
APPLICATION Arbitrary Application-specific semantics
![Page 12: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/12.jpg)
Hop-by-hop vs. end-to-end layers
End-host A
End-host B
End-host C End-host D
Router 1
Router 6
Router 2
Router 3
Router 4Router 5
End-host E
Host C communicates with host A
![Page 13: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/13.jpg)
Hop-by-hop vs. end-to-end layers
End-host A
End-host B
End-host C End-host D
Router 1
Router 6
Router 2
Router 3
Router 4Router 5
End-host E
Different physical & link layers
WiFi
Ethernet
![Page 14: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/14.jpg)
Hop-by-hop vs. end-to-end layers
End-host A
End-host B
End-host C End-host D
Router 1
Router 6
Router 2
Router 3
Router 4Router 5
End-host E
Same network, transport, and application layers (3/4/7)Routers ignore transport & application
E.g., HTTP over TCP over IP
![Page 15: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/15.jpg)
IP packet “header”4-bit
Version4-bit
Header len8-bit
Type of service (TOS)16-bit
Total length (bytes)
16-bitIdentification
3-bitFlags
13-bitFragment offset
8-bitTime-to-live (TTL)
8-bitProtocol
16-bitHeader checksum
32-bitSource IP address
32-bitDestination IP address
Payload
20-byte header
![Page 16: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/16.jpg)
IP Packet Header Fields (1)• Version number (4 bits)
• Indicates the version of the IP protocol • Necessary for knowing what fields follow • “4” (for IPv4) or “6” (for IPv6)
• Header length (4 bits) • How many 32-bit words (rows) in the header • Typically 5 • Can provide IP options, too
• Type-of-service (8 bits) • Allow packets to be treated differently based on different needs • Low delay for audio, high bandwidth for bulk transfer, etc.
![Page 17: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/17.jpg)
• Two IP addresses • Source (32 bits) • Destination (32 bits)
• Destination address • Unique identifier/locator for the receiving host • Allows each node (end-host and router) to make
forwarding decisions
• Source address • Unique identifier/locator for the sending host • Recipient can decide whether to accept the packet • Allows destination to reply to the source
IP Packet Header Fields (2)
![Page 18: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/18.jpg)
IP: “Best effort” packet delivery• Routers inspect destination address, determine
“next hop” in the forwarding table
• Best effort = “I’ll give it a try” • Packets may be lost • Packets may be corrupted • Packets may be delivered out of order
Fixing these is the job of the transport layer!
![Page 19: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/19.jpg)
Attacks on IP
![Page 20: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/20.jpg)
Attacks on IP
Source-spoofThere is nothing in IP that enforces that your source
IP address is really “yours”
![Page 21: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/21.jpg)
Attacks on IP
Source-spoofThere is nothing in IP that enforces that your source
IP address is really “yours”
Eavesdrop / Tamper
IP provides no protection of the payload or header
![Page 22: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/22.jpg)
Source-spoofing• Why source-spoof?
• Consider spam: send many emails from one computer
• Easy defense: block many emails from a given (source) IP address
• Easy countermeasure: spoof the source IP address • Counter-countermeasure?
• How do you know if a packet you receive has a spoofed source?
![Page 23: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/23.jpg)
Salient network features• Recall: The Internet operates via destination-based
routing
• attacker: pkt (spoofed source) -> destination destination: pkt -> spoofed source
• In other words, the response goes to the spoofed source, not the attacker
![Page 24: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/24.jpg)
Defending against source-spoofing
• How do you know if a packet you receive has a spoofed source? • Send a challenge packet to the (possibly spoofed)
source (e.g., a difficult to guess, random nonce) • If the recipient can answer the challenge, then likely
that the source was not spoofed
• So do you have to do this with every packet?? • Every packet should have something that’s difficult to
guess • Recall the query ID in the DNS queries! Easy to
predict => Kaminsky attack
![Page 25: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/25.jpg)
Source spoofing• Why source-spoof?
• Consider DoS attacks: generate as much traffic as possible to congest the victim’s network
• Easy defense: block all traffic from a given source near the edge of your network
• Easy countermeasure: spoof the source address
• Challenges won’t help here; the damage has been done by the time the packets reach the core of our network
• Ideally, detect such spoofing near the source
![Page 26: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/26.jpg)
Egress filtering• The point (router/switch) at which traffic enters your
network is the ingress point
• The point (router/switch) at which traffic leaves your network is the egress point
• You don’t know who owns all IP addresses in the world, but you do know who in your own network gets what IP addresses • If you see a packet with a source IP address that
doesn’t belong to your network trying to cross your egress point, then drop it
Egress filtering is not widely deployed
![Page 27: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/27.jpg)
Eavesdropping / Tampering
• No security built into IP
• => Deploy secure IP over IP
![Page 28: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/28.jpg)
Virtual Private Networks (VPNs)Trusted network
Trusted Client
Untrusted network
C
Goal: Allow the client to connect to the trusted network from within an untrusted network
Example: Connect to your company’s network (for payroll, file access, etc.) while visiting a competitor’s office
servers
![Page 29: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/29.jpg)
Virtual Private Networks (VPNs)Trusted network
Trusted Client
Untrusted network
C S
Idea: A VPN “client” and “server” together create end-to-end encryption/authentication
serversEncrypted
Not necessarilyencrypted
Predominate way of doing this: IPSec
![Page 30: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/30.jpg)
IPSec• Operates in a few different modes
• Transport mode: Simply encrypt the payload but not the headers
• Tunnel mode: Encrypt the payload and the headers
• But how do you encrypt the headers? How does routing work? • Encrypt the entire IP packet and make that the
payload of another IP packet •
![Page 31: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/31.jpg)
Tunnel mode
Trusted Client
C S serversEncrypted
Not necessarilyencrypted
Packet {E(P)}P
The VPN server decrypts and then sends the payload (itself a full IP packet) as if it had just
received it from the network
From the client/servers’ perspective: Looks like the client is physically connected to the network!
![Page 32: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/32.jpg)
Layer 4: Transport layer
Application
Transport
(Inter)network
Link
Physical
7
4
3
2
1
• End-to-end communication between processes
• Different types of services provided:
• UDP: unreliable datagrams
• TCP: reliable byte stream
• “Reliable” = keeps track of what data were received properly and retransmits as necessary
![Page 33: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/33.jpg)
TCP: reliability• Given best-effort deliver, the goal is to ensure
reliability • All packets are delivered to applications • … in order • … unmodified (with reasonably high probability)
• Must robustly detect and retransmit lost data
![Page 34: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/34.jpg)
TCP’s bytestream service• Process A on host 1:
• Send byte 0, byte 1, byte 2, byte 3, …
• Process B on host 2: • Receive byte 0, byte 1, byte 2, byte 3, …
• The applications do not see: • packet boundaries (looks like a stream of bytes) • lost or corrupted packets (they’re all correct) • retransmissions (they all only appear once)
![Page 35: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/35.jpg)
TCP bytestream service
byte1 byte 2 byte 3 byte 4 byte 5 byte 6 byte 7 byte 8
byte1 byte 2 byte 3 byte 4 byte 5 byte 6 byte 7 byte 8
Process A on host H1
Process B on host H2
Abstraction: Each byte reliably delivered in order
![Page 36: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/36.jpg)
TCP bytestream service
byte1 byte 2 byte 3 byte 4 byte 5 byte 6 byte 7 byte 8
Reality: Packets sometimes retransmitted, sometimes arrive out of order
Packet 1 Packet 2 Packet 3
Needs to be retransmitted Needs to be
buffered
![Page 37: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/37.jpg)
TCP bytestream service
byte1 byte 2 byte 3 byte 4 byte 5 byte 6 byte 7 byte 8
Reality: Packets sometimes retransmitted, sometimes arrive out of order
Packet 1 Packet 2 Packet 3
Needs to be retransmitted Needs to be
bufferedTCP’s first job: achieve the abstraction while
hiding the reality from the application
![Page 38: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/38.jpg)
How does TCP achieve reliability?A B
Tim
e
Waterfalldiagram
![Page 39: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/39.jpg)
How does TCP achieve reliability?A B
Expecting byte 1000
Tim
e
Waterfalldiagram
![Page 40: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/40.jpg)
How does TCP achieve reliability?A B
Bytes 1000-1500 Expecting byte 1000
Tim
e
Waterfalldiagram
![Page 41: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/41.jpg)
How does TCP achieve reliability?A B
Bytes 1000-1500 Expecting byte 1000
Expecting byte 1501
Tim
e
Waterfalldiagram
![Page 42: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/42.jpg)
How does TCP achieve reliability?A B
Bytes 1000-1500 Expecting byte 1000
Expecting byte 1501
Tim
e
Waterfalldiagram ACK 1501
![Page 43: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/43.jpg)
How does TCP achieve reliability?A B
Bytes 1000-1500 Expecting byte 1000
Expecting byte 1501
Tim
e
Waterfalldiagram ACK 1501
Reliability through acknowledgments to determine whether something was received.
![Page 44: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/44.jpg)
How does TCP achieve reliability?A B
Tim
e
Waterfalldiagram
![Page 45: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/45.jpg)
How does TCP achieve reliability?A B
Expecting byte 1000
Tim
e
Waterfalldiagram
![Page 46: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/46.jpg)
How does TCP achieve reliability?A B
Bytes 1000-1500 Expecting byte 1000
Tim
e
Waterfalldiagram
![Page 47: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/47.jpg)
How does TCP achieve reliability?A B
Bytes 1000-1500
Bytes 1501-2000
Expecting byte 1000
Tim
e
Waterfalldiagram
![Page 48: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/48.jpg)
How does TCP achieve reliability?A B
Bytes 1000-1500
Bytes 1501-2000Bytes 2001-3000
Expecting byte 1000
Tim
e
Waterfalldiagram
![Page 49: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/49.jpg)
How does TCP achieve reliability?A B
Bytes 1000-1500
Bytes 1501-2000Bytes 2001-3000
Expecting byte 1000
Still expecting byte 1000
Tim
e
Waterfalldiagram
![Page 50: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/50.jpg)
How does TCP achieve reliability?A B
Bytes 1000-1500
Bytes 1501-2000Bytes 2001-3000
Expecting byte 1000
Still expecting byte 1000
Tim
e
Waterfalldiagram
ACK 1000
![Page 51: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/51.jpg)
How does TCP achieve reliability?A B
Bytes 1000-1500
Bytes 1501-2000Bytes 2001-3000
Expecting byte 1000
Still expecting byte 1000Still expecting byte 1000Ti
me
Waterfalldiagram
ACK 1000
![Page 52: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/52.jpg)
How does TCP achieve reliability?A B
Bytes 1000-1500
Bytes 1501-2000Bytes 2001-3000
Expecting byte 1000
Still expecting byte 1000Still expecting byte 1000Ti
me
Waterfalldiagram
ACK 1000
ACK 1000
![Page 53: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/53.jpg)
How does TCP achieve reliability?A B
Bytes 1000-1500
Bytes 1501-2000Bytes 2001-3000
Expecting byte 1000
Bytes 1000-1500
Still expecting byte 1000Still expecting byte 1000Ti
me
Waterfalldiagram
ACK 1000
ACK 1000
![Page 54: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/54.jpg)
How does TCP achieve reliability?A B
Bytes 1000-1500
Bytes 1501-2000Bytes 2001-3000
Expecting byte 1000
Bytes 1000-1500
Still expecting byte 1000Still expecting byte 1000
Expecting packet 3001
Tim
e
Waterfalldiagram
ACK 1000
ACK 1000
![Page 55: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/55.jpg)
How does TCP achieve reliability?A B
Bytes 1000-1500
Bytes 1501-2000Bytes 2001-3000
Expecting byte 1000
Bytes 1000-1500
Still expecting byte 1000Still expecting byte 1000
Expecting packet 3001
Tim
e
Waterfalldiagram
ACK 1000
ACK 1000
ACK 3001
![Page 56: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/56.jpg)
How does TCP achieve reliability?A B
Bytes 1000-1500
Bytes 1501-2000Bytes 2001-3000
Expecting byte 1000
Bytes 1000-1500
Still expecting byte 1000Still expecting byte 1000
Expecting packet 3001
Tim
e
Waterfalldiagram
ACK 1000
ACK 1000
ACK 3001
Buffer these until
![Page 57: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/57.jpg)
TCP congestion control
• Try to use as much of the network as is safe (does not adversely affect others’ performance) and efficient (makes use of network capacity)
• Dynamically adapt how quickly you send based on the network path’s capacity
• When an ACK doesn’t come back, the network may be beyond capacity: slow down.
TCP’s second job: don’t break the network!
![Page 58: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/58.jpg)
TCP header16-bit
Source port16-bit
Destination port32-bit
Sequence number32-bit
Acknowledgment4-bit
Header Length
Reserved 6-bitFlags
16-bitAdvertised window
16-bitChecksum
16-bitUrgent pointer
Options (variable) Padding
Data
![Page 59: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/59.jpg)
TCP header16-bit
Source port16-bit
Destination port32-bit
Sequence number32-bit
Acknowledgment4-bit
Header Length
Reserved 6-bitFlags
16-bitAdvertised window
16-bitChecksum
16-bitUrgent pointer
Options (variable) Padding
Data
IP Header
![Page 60: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/60.jpg)
TCP ports• Ports are associated with OS processes
• Sandwiched between IP header and the application data
• {src IP/port, dst IP/port} : this 4-tuple uniquely identifies a TCP connection
• Some port numbers are well-known • 80 = HTTP • 53 = DNS
![Page 61: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/61.jpg)
TCP header16-bit
Source port16-bit
Destination port32-bit
Sequence number32-bit
Acknowledgment4-bit
Header Length
Reserved 6-bitFlags
16-bitAdvertised window
16-bitChecksum
16-bitUrgent pointer
Options (variable) Padding
Data
IP Header
![Page 62: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/62.jpg)
TCP seqno• Each byte in the byte stream has a unique
“sequence number” • Unique for both directions
• “Sequence number” in the header = sequence number of the first byte in the packet’s data
• Next sequence number = previous seqno + previous packet’s data size
• “Acknowledgment” in the header = the next seqno you expect from the other end-host
![Page 63: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/63.jpg)
TCP header16-bit
Source port16-bit
Destination port32-bit
Sequence number32-bit
Acknowledgment4-bit
Header Length
Reserved 6-bitFlags
16-bitAdvertised window
16-bitChecksum
16-bitUrgent pointer
Options (variable) Padding
Data
IP Header
![Page 64: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/64.jpg)
TCP flags• SYN
• Used for setting up a connection
• ACK • Acknowledgments, for data and “control” packets
• FIN
• RST
![Page 65: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/65.jpg)
Setting up a connectionA B
Tim
e
Waterfalldiagram
Three-way handshake
![Page 66: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/66.jpg)
Setting up a connectionA B
SYN
Tim
e
Waterfalldiagram
Three-way handshake
![Page 67: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/67.jpg)
Setting up a connectionA B
SYN
Tim
e
Waterfalldiagram
Three-way handshake
Let’s SYNchronizesequence numbers
![Page 68: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/68.jpg)
Setting up a connectionA B
SYN
Tim
e
Waterfalldiagram SYN + ACK
Three-way handshake
Let’s SYNchronizesequence numbers
![Page 69: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/69.jpg)
Setting up a connectionA B
SYN
Tim
e
Waterfalldiagram SYN + ACK
Three-way handshake
Let’s SYNchronizesequence numbers
Got yours; here’s mine
![Page 70: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/70.jpg)
Setting up a connectionA B
SYN
Tim
e
Waterfalldiagram SYN + ACK
ACK
Three-way handshake
Let’s SYNchronizesequence numbers
Got yours; here’s mine
![Page 71: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/71.jpg)
Setting up a connectionA B
SYN
Tim
e
Waterfalldiagram SYN + ACK
ACK
Three-way handshake
Let’s SYNchronizesequence numbers
Got yours; here’s mine
Got yours, too
![Page 72: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/72.jpg)
Setting up a connectionA B
SYN
Tim
e
Waterfalldiagram SYN + ACK
ACK
Data
Three-way handshake
Let’s SYNchronizesequence numbers
Got yours; here’s mine
Got yours, too
![Page 73: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/73.jpg)
Setting up a connectionA B
SYN
Tim
e
Waterfalldiagram SYN + ACK
ACK
DataData
Three-way handshake
Let’s SYNchronizesequence numbers
Got yours; here’s mine
Got yours, too
![Page 74: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/74.jpg)
Setting up a connectionA B
SYN
Tim
e
Waterfalldiagram SYN + ACK
ACK
DataDataData
Three-way handshake
Let’s SYNchronizesequence numbers
Got yours; here’s mine
Got yours, too
![Page 75: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/75.jpg)
Setting up a connectionA B
SYN seqno=x
Tim
e
Waterfalldiagram SYN seqno=y
+ACK x+1
ACK y+1
DataDataData
Three-way handshake
Let’s SYNchronizesequence numbers
Got yours; here’s mine
Got yours, too
![Page 76: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/76.jpg)
TCP flags• SYN
• ACK
• FIN: Let’s shut this down (two-way) • FIN • FIN+ACK
• RST: I’m shutting you down • Says “delete all your local state, because I don’t know
what you’re talking about
![Page 77: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/77.jpg)
Attacks• SYN flooding
• Injection attacks
• Opt-ack attack
![Page 78: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/78.jpg)
SYN flooding
![Page 79: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/79.jpg)
SYN floodingA B
Tim
e
Waterfalldiagram
Recall the three-way handshake:
![Page 80: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/80.jpg)
SYN floodingA B
SYN
Tim
e
Waterfalldiagram
Recall the three-way handshake:
![Page 81: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/81.jpg)
SYN floodingA B
SYN
Tim
e
Waterfalldiagram
Recall the three-way handshake:
At this point, B allocates state for this newconnection (incl. IP, port,maximum segment size)
![Page 82: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/82.jpg)
SYN floodingA B
SYN
Tim
e
Waterfalldiagram
Recall the three-way handshake:
At this point, B allocates state for this newconnection (incl. IP, port,maximum segment size)
IP/port, MSS,…
![Page 83: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/83.jpg)
SYN floodingA B
SYN
Tim
e
Waterfalldiagram
SYN + ACK
Recall the three-way handshake:
At this point, B allocates state for this newconnection (incl. IP, port,maximum segment size)
IP/port, MSS,…
![Page 84: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/84.jpg)
SYN floodingA B
SYN
Tim
e
Waterfalldiagram
SYN + ACK
Recall the three-way handshake:
At this point, B allocates state for this newconnection (incl. IP, port,maximum segment size)
IP/port, MSS,…
ACK
![Page 85: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/85.jpg)
SYN floodingA B
SYN
Tim
e
Waterfalldiagram
SYN + ACK
Recall the three-way handshake:
At this point, B allocates state for this newconnection (incl. IP, port,maximum segment size)
IP/port, MSS,…
ACK
SYN + ACK
![Page 86: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/86.jpg)
SYN floodingA B
SYN
Tim
e
Waterfalldiagram
SYN + ACK
Recall the three-way handshake:
At this point, B allocates state for this newconnection (incl. IP, port,maximum segment size)
IP/port, MSS,…
ACK
B will hold onto this local state and retransmit SYN+ACK’s until it hears back or times out (up to 63 sec).
SYN + ACK
![Page 87: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/87.jpg)
SYN floodingA B
The attackC
![Page 88: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/88.jpg)
SYN floodingA B
SYN
The attackC
![Page 89: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/89.jpg)
SYN floodingA B
SYN
The attack
IP/port, MSS,…
C
![Page 90: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/90.jpg)
SYN floodingA B
SYN
The attack
IP/port, MSS,…SYN
C
![Page 91: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/91.jpg)
SYN floodingA B
SYN
The attack
IP/port, MSS,…SYN
IP/port, MSS,…
C
![Page 92: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/92.jpg)
SYN floodingA B
SYN
The attack
IP/port, MSS,…SYN
IP/port, MSS,…SYN
C
![Page 93: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/93.jpg)
SYN floodingA B
SYN
The attack
IP/port, MSS,…SYN
IP/port, MSS,…SYN
IP/port, MSS,…
C
![Page 94: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/94.jpg)
SYN floodingA B
SYN
The attack
IP/port, MSS,…SYN
IP/port, MSS,…SYN
IP/port, MSS,…
SYNSYNSYNSYNSYNSYNSYNSYN
C
![Page 95: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/95.jpg)
SYN floodingA B
SYN
The attack
IP/port, MSS,…SYN
IP/port, MSS,…SYN
IP/port, MSS,…
SYNSYNSYNSYNSYNSYNSYNSYNIP/port, MSS,…IP/port, MSS,…IP/port, MSS,…IP/port, MSS,…
C
![Page 96: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/96.jpg)
SYN floodingA B
SYN
The attack
IP/port, MSS,…SYN
IP/port, MSS,…SYN
IP/port, MSS,…
SYNSYNSYNSYNSYNSYNSYNSYNIP/port, MSS,…IP/port, MSS,…IP/port, MSS,…IP/port, MSS,…
Exhaust memory at the victim B.
C
![Page 97: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/97.jpg)
SYN floodingA B
SYN
The attack
IP/port, MSS,…SYN
IP/port, MSS,…SYN
IP/port, MSS,…
SYNSYNSYNSYNSYNSYNSYNSYNIP/port, MSS,…IP/port, MSS,…IP/port, MSS,…IP/port, MSS,…
Exhaust memory at the victim B.
C
SYN
![Page 98: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/98.jpg)
SYN floodingA B
SYN
The attack
IP/port, MSS,…SYN
IP/port, MSS,…SYN
IP/port, MSS,…
SYNSYNSYNSYNSYNSYNSYNSYNIP/port, MSS,…IP/port, MSS,…IP/port, MSS,…IP/port, MSS,…
Exhaust memory at the victim B.
C
SYN
New connectionswill fail (insufficientmemory)
![Page 99: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/99.jpg)
SYN flooding details• Easy to detect many incomplete handshakes from a
single IP address
• Spoof the source IP address • It’s just a field in a header: set it to whatever you like
• Problem: the host who really owns that spoofed IP address may respond to the SYN+ACK with a RST, deleting the local state at the victim
• Ideally, spoof an IP address of a host you know won’t respond
![Page 100: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/100.jpg)
SYN cookiesA B
The defense
![Page 101: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/101.jpg)
SYN cookiesA B
SYN
The defense
![Page 102: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/102.jpg)
SYN cookiesA B
SYN
The defense
IP/port, MSS,…
![Page 103: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/103.jpg)
SYN cookiesA B
SYN
The defense
IP/port, MSS,…
Rather than store this data, send it to the host who is initiating the connection and have him return it to you
![Page 104: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/104.jpg)
SYN cookiesA B
SYN
The defense
IP/port, MSS,…
Rather than store this data, send it to the host who is initiating the connection and have him return it to youSYN + ACK
seqno = f(data)
Store the necessary state in your seqno
![Page 105: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/105.jpg)
SYN cookiesA B
SYN
The defense
Rather than store this data, send it to the host who is initiating the connection and have him return it to youSYN + ACK
seqno = f(data)
Store the necessary state in your seqno
![Page 106: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/106.jpg)
SYN cookiesA B
SYN
The defense
Rather than store this data, send it to the host who is initiating the connection and have him return it to youSYN + ACK
seqno = f(data)
Store the necessary state in your seqno
ACK f(data)+1
![Page 107: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/107.jpg)
SYN cookiesA B
SYN
The defense
Rather than store this data, send it to the host who is initiating the connection and have him return it to youSYN + ACK
seqno = f(data)
Store the necessary state in your seqno
ACK f(data)+1Check that f(data) is valid for this connection. Only at that point do you allocate state.
![Page 108: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/108.jpg)
SYN cookiesA B
SYN
The defense
Rather than store this data, send it to the host who is initiating the connection and have him return it to youSYN + ACK
seqno = f(data)
Store the necessary state in your seqno
ACK f(data)+1Check that f(data) is valid for this connection. Only at that point do you allocate state.IP/port,
MSS,…
![Page 109: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/109.jpg)
SYN cookie format A B
SYN
SYN + ACK
seqno = f(data)
ACK f(data)+1
IP/port, MSS,…
The secure hash makes it difficult for the attacker to guess what f() will be, and therefore the attacker cannot guess a correct ACKif he spoofs.
f(.) = Slow-moving timestamp MSS Secure hash
Preventsreplayattacks
The info weneed for thisconnection
Includes:IPs/ports, MSS,
timestamp
32-bit seqno
![Page 110: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/110.jpg)
Injection attacks• Suppose you are on the path between src and dst;
what can you do? • Trivial to inject packets with the correct sequence
number
• What if you are not on the path? • Need to guess the sequence number • Is this difficult to do?
![Page 111: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/111.jpg)
Initial sequence numbers• Initial sequence numbers used to be deterministic
• What havoc can we wreak? • Send RSTs • Inject data packets into an existing connection (TCP
veto attacks) • Initiate and use an entire connection without ever
hearing the other end
![Page 112: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/112.jpg)
Mitnick attack
X-terminalserver
Server that X-term trusts
Attacker
Any connection initiated from this IP address isallowed access to theX-terminal server
![Page 113: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/113.jpg)
Mitnick attack
X-terminalserver
Server that X-term trusts
Attacker
Any connection initiated from this IP address isallowed access to theX-terminal server
1. SYN flood the trusted server
![Page 114: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/114.jpg)
Mitnick attack
X-terminalserver
Server that X-term trusts
Attacker
Any connection initiated from this IP address isallowed access to theX-terminal server
1. SYN flood the trusted server
![Page 115: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/115.jpg)
Mitnick attack
X-terminalserver
Server that X-term trusts
Attacker
Any connection initiated from this IP address isallowed access to theX-terminal server
1. SYN flood the trusted server2. Spoof trusted server’s IP addr in SYN to X-terminal
![Page 116: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/116.jpg)
Mitnick attack
X-terminalserver
Server that X-term trusts
Attacker
Any connection initiated from this IP address isallowed access to theX-terminal server
1. SYN flood the trusted server2. Spoof trusted server’s IP addr in SYN to X-terminal
SYN src:
![Page 117: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/117.jpg)
Mitnick attack
X-terminalserver
Server that X-term trusts
Attacker
Any connection initiated from this IP address isallowed access to theX-terminal server
1. SYN flood the trusted server2. Spoof trusted server’s IP addr in SYN to X-terminal
SYN src:
SYN+ACK seqno
![Page 118: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/118.jpg)
Mitnick attack
X-terminalserver
Server that X-term trusts
Attacker
Any connection initiated from this IP address isallowed access to theX-terminal server
1. SYN flood the trusted server2. Spoof trusted server’s IP addr in SYN to X-terminal
SYN src:
SYN+ACK seqno
3. Trusted server too busy to RST
![Page 119: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/119.jpg)
Mitnick attack
X-terminalserver
Server that X-term trusts
Attacker
Any connection initiated from this IP address isallowed access to theX-terminal server
1. SYN flood the trusted server2. Spoof trusted server’s IP addr in SYN to X-terminal
SYN src:
SYN+ACK seqno
3. Trusted server too busy to RST4. ACK with the guessed seqno
![Page 120: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/120.jpg)
Mitnick attack
X-terminalserver
Server that X-term trusts
Attacker
Any connection initiated from this IP address isallowed access to theX-terminal server
1. SYN flood the trusted server2. Spoof trusted server’s IP addr in SYN to X-terminal
SYN src:
SYN+ACK seqno
3. Trusted server too busy to RST
ACK src:seqno+1
4. ACK with the guessed seqno
![Page 121: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/121.jpg)
Mitnick attack
X-terminalserver
Server that X-term trusts
Attacker
Any connection initiated from this IP address isallowed access to theX-terminal server
1. SYN flood the trusted server2. Spoof trusted server’s IP addr in SYN to X-terminal
SYN src:
SYN+ACK seqno
3. Trusted server too busy to RST
ACK src:seqno+1
4. ACK with the guessed seqno“echo ++ >> ./rhosts”
![Page 122: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/122.jpg)
Mitnick attack
X-terminalserver
Server that X-term trusts
Attacker
Any connection initiated from this IP address isallowed access to theX-terminal server
1. SYN flood the trusted server2. Spoof trusted server’s IP addr in SYN to X-terminal
SYN src:
SYN+ACK seqno
3. Trusted server too busy to RST
ACK src:seqno+1
4. ACK with the guessed seqno“echo ++ >> ./rhosts”
5. Grant access to all sources
![Page 123: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/123.jpg)
Mitnick attack
X-terminalserver
Server that X-term trusts
Attacker
Any connection initiated from this IP address isallowed access to theX-terminal server
1. SYN flood the trusted server2. Spoof trusted server’s IP addr in SYN to X-terminal
SYN src:
SYN+ACK seqno
3. Trusted server too busy to RST
ACK src:seqno+1
4. ACK with the guessed seqno“echo ++ >> ./rhosts”
5. Grant access to all sources
ACK
![Page 124: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/124.jpg)
Mitnick attack
X-terminalserver
Server that X-term trusts
Attacker
Any connection initiated from this IP address isallowed access to theX-terminal server
1. SYN flood the trusted server2. Spoof trusted server’s IP addr in SYN to X-terminal
SYN src:
SYN+ACK seqno
3. Trusted server too busy to RST
ACK src:seqno+1
4. ACK with the guessed seqno“echo ++ >> ./rhosts”
5. Grant access to all sources
ACK
6. RSTs to trusted server (cleanup)
![Page 125: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/125.jpg)
Mitnick attack
X-terminalserver
Server that X-term trusts
Attacker
Any connection initiated from this IP address isallowed access to theX-terminal server
1. SYN flood the trusted server2. Spoof trusted server’s IP addr in SYN to X-terminal
SYN src:
SYN+ACK seqno
3. Trusted server too busy to RST
ACK src:seqno+1
4. ACK with the guessed seqno“echo ++ >> ./rhosts”
5. Grant access to all sources
ACK
6. RSTs to trusted server (cleanup)
![Page 126: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/126.jpg)
Defenses• Initial sequence number must be difficult to predict!
![Page 127: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/127.jpg)
Opt-ack attackA B
TCP uses ACKs not only for reliability, but also for congestion control:
the more ACKs come back, the faster I can send
![Page 128: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/128.jpg)
Opt-ack attackA B
Expecting byte 1000
TCP uses ACKs not only for reliability, but also for congestion control:
the more ACKs come back, the faster I can send
![Page 129: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/129.jpg)
Opt-ack attackA B
Bytes 1000-1500 Expecting byte 1000
TCP uses ACKs not only for reliability, but also for congestion control:
the more ACKs come back, the faster I can send
![Page 130: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/130.jpg)
Opt-ack attackA B
Bytes 1000-1500 Expecting byte 1000
Expecting byte 1501
TCP uses ACKs not only for reliability, but also for congestion control:
the more ACKs come back, the faster I can send
![Page 131: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/131.jpg)
Opt-ack attackA B
Bytes 1000-1500 Expecting byte 1000
Expecting byte 1501ACK 1501
TCP uses ACKs not only for reliability, but also for congestion control:
the more ACKs come back, the faster I can send
![Page 132: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/132.jpg)
Opt-ack attackA B
Bytes 1000-1500 Expecting byte 1000
Expecting byte 1501ACK 1501
TCP uses ACKs not only for reliability, but also for congestion control:
the more ACKs come back, the faster I can send
Bytes 1501-2001
![Page 133: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/133.jpg)
Opt-ack attackA B
Bytes 1000-1500 Expecting byte 1000
Expecting byte 1501ACK 1501
TCP uses ACKs not only for reliability, but also for congestion control:
the more ACKs come back, the faster I can send
Bytes 1501-2001Bytes 2002-2502
![Page 134: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/134.jpg)
Opt-ack attackA B
Bytes 1000-1500
ACK 1501
Bytes 1501-2001Bytes 2002-2502
![Page 135: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/135.jpg)
Opt-ack attackA B
Bytes 1000-1500
ACK 1501
Bytes 1501-2001Bytes 2002-2502 If I could convince you to send REALLY quickly, then you would effectively DoS your own network!
![Page 136: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/136.jpg)
Opt-ack attackA B
Bytes 1000-1500
ACK 1501
Bytes 1501-2001Bytes 2002-2502 If I could convince you to send REALLY quickly, then you would effectively DoS your own network!
But to get you to send faster, I need to get data in order to ACK, so I need to receive quickly
![Page 137: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/137.jpg)
Opt-ack attackA B
Bytes 1000-1500
ACK 1501
Bytes 1501-2001Bytes 2002-2502 If I could convince you to send REALLY quickly, then you would effectively DoS your own network!
But to get you to send faster, I need to get data in order to ACK, so I need to receive quickly …or do I?
![Page 138: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/138.jpg)
Opt-ack attackA B
![Page 139: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/139.jpg)
Opt-ack attackA B
Bytes 1000-1500
![Page 140: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/140.jpg)
Opt-ack attackA B
Bytes 1000-1500If I can predict what the last seqno will be and when A will send it
![Page 141: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/141.jpg)
Opt-ack attackA B
Bytes 1000-1500If I can predict what the last seqno will be and when A will send it
ACK 1501
![Page 142: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/142.jpg)
Opt-ack attackA B
Bytes 1000-1500If I can predict what the last seqno will be and when A will send it
ACK 1501 Then I could ACK early! (“optimistically”)
![Page 143: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/143.jpg)
Opt-ack attackA B
Bytes 1000-1500If I can predict what the last seqno will be and when A will send it
ACK 1501 Then I could ACK early! (“optimistically”)ACK 2001
![Page 144: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/144.jpg)
Opt-ack attackA B
Bytes 1000-1500If I can predict what the last seqno will be and when A will send it
ACK 1501 Then I could ACK early! (“optimistically”)ACK 2001ACK 2502
![Page 145: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/145.jpg)
Opt-ack attackA B
Bytes 1000-1500If I can predict what the last seqno will be and when A will send it
ACK 1501
Bytes 1501-2001
Then I could ACK early! (“optimistically”)ACK 2001ACK 2502
![Page 146: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/146.jpg)
Opt-ack attackA B
Bytes 1000-1500If I can predict what the last seqno will be and when A will send it
ACK 1501
Bytes 1501-2001Bytes 2002-2502
Then I could ACK early! (“optimistically”)ACK 2001ACK 2502
![Page 147: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/147.jpg)
Opt-ack attackA B
Bytes 1000-1500If I can predict what the last seqno will be and when A will send it
ACK 1501
Bytes 1501-2001Bytes 2002-2502
Then I could ACK early! (“optimistically”)
A will think “what a fast, legit connection!”
ACK 2001ACK 2502
![Page 148: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/148.jpg)
Opt-ack attackA B
Bytes 1000-1500If I can predict what the last seqno will be and when A will send it
ACK 1501
Bytes 1501-2001Bytes 2002-2502
Then I could ACK early! (“optimistically”)
A will think “what a fast, legit connection!”
ACK 2001ACK 2502
Eventually, A’s outgoing packets will start to get dropped.
![Page 149: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/149.jpg)
Opt-ack attackA B
Bytes 1000-1500If I can predict what the last seqno will be and when A will send it
ACK 1501
Bytes 1501-2001Bytes 2002-2502
Then I could ACK early! (“optimistically”)
A will think “what a fast, legit connection!”
ACK 2001ACK 2502
Eventually, A’s outgoing packets will start to get dropped.
![Page 150: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/150.jpg)
Opt-ack attackA B
Bytes 1000-1500If I can predict what the last seqno will be and when A will send it
ACK 1501
Bytes 1501-2001Bytes 2002-2502
Then I could ACK early! (“optimistically”)
A will think “what a fast, legit connection!”
ACK 2001ACK 2502
ACK Eventually, A’s outgoing packets will start to get dropped.
![Page 151: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/151.jpg)
Opt-ack attackA B
Bytes 1000-1500If I can predict what the last seqno will be and when A will send it
ACK 1501
Bytes 1501-2001Bytes 2002-2502
Then I could ACK early! (“optimistically”)
A will think “what a fast, legit connection!”
ACK 2001ACK 2502
ACK Eventually, A’s outgoing packets will start to get dropped.
But so long as I keep ACKing correctly, it doesn’t matter.
![Page 152: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/152.jpg)
Opt-ack attackA B
Bytes 1000-1500If I can predict what the last seqno will be and when A will send it
ACK 1501
Bytes 1501-2001Bytes 2002-2502
Then I could ACK early! (“optimistically”)
A will think “what a fast, legit connection!”
ACK 2001ACK 2502
ACK Eventually, A’s outgoing packets will start to get dropped.
But so long as I keep ACKing correctly, it doesn’t matter.
![Page 153: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/153.jpg)
Amplification• The big deal with this attack is its Amplification
Factor • Attacker sends x bytes of data, causing the victim to
send many more bytes of data in response • Recent examples: NTP, DNSSEC
• Amplified in TCP due to cumulative ACKs • “ACK x” says “I’ve seen all bytes up to but not
including x”
![Page 154: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/154.jpg)
Opt-ack’s amplification factor• Max bytes sent by victim per ACK:
• Max ACKs attacker can send per second:
![Page 155: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/155.jpg)
Opt-ack’s amplification factor• Max bytes sent by victim per ACK:
Max window sizeMSS
x (14 + 40 + MSS)
Packets sent per ACK Bytes per packet
Etherne
t
TCP/IP
Payloa
d
• Max ACKs attacker can send per second:
![Page 156: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/156.jpg)
Opt-ack’s amplification factor• Max bytes sent by victim per ACK:
Max window sizeMSS
x (14 + 40 + MSS)
Packets sent per ACK Bytes per packet
Etherne
t
TCP/IP
Payloa
d
• Max ACKs attacker can send per second:
Attacker bandwidth (bytes/sec)(14 + 40)
Size of ACK packet
![Page 157: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/157.jpg)
Opt-ack’s amplification factor• Boils down to max window size and MSS
• Default max window size: 65,536 • Default MSS: 536
• Default amp factor: 65536 * (1/536 + 1/54) ~ 1336x
• Window scaling lets you increase this by a factor of 2^14
• Window scaling amp factor: ~1336 * 2^14 ~ 22M
• Using minimum MSS of 88: ~ 32M
![Page 158: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/158.jpg)
Opt-ack defenses• Is there a way we could defend against opt-ack in
a way that is still compatible with existing implementations of TCP?
• An important goal in networking is incremental deployment: ideally, we should be able to benefit from a system/modification when even a subset of hosts deploy it.
![Page 159: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/159.jpg)
NAMING
• IP addresses allow global connectivity
• But they’re pretty useless for humans! • Can’t be expected to pick their own IP address • Can’t be expected to remember another’s IP address
• DHCP : Setting IP addresses
• DNS : Mapping a memorable name to a routable IP address
![Page 160: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/160.jpg)
DHCP
New host DHCP server
DYNAMIC HOST CONFIGURATION PROTOCOL
![Page 161: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/161.jpg)
DHCP
New host DHCP serverDoesn’t have an IP address yet (can’t set src addr)
DYNAMIC HOST CONFIGURATION PROTOCOL
![Page 162: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/162.jpg)
DHCP
New host DHCP serverDoesn’t have an IP address yet (can’t set src addr)
Doesn’t know who to ask for one
DYNAMIC HOST CONFIGURATION PROTOCOL
![Page 163: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/163.jpg)
DHCP
New host DHCP serverDoesn’t have an IP address yet (can’t set src addr)
Doesn’t know who to ask for one
Solution: Discover one on the local subnet
DYNAMIC HOST CONFIGURATION PROTOCOL
![Page 164: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/164.jpg)
DHCP
New host DHCP server
DHCP discover(L2 broadcast)
Doesn’t have an IP address yet (can’t set src addr)
Doesn’t know who to ask for one
Solution: Discover one on the local subnet
DYNAMIC HOST CONFIGURATION PROTOCOL
![Page 165: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/165.jpg)
DHCP
New host DHCP server
DHCP discover(L2 broadcast)
DHCP offer
Doesn’t have an IP address yet (can’t set src addr)
Doesn’t know who to ask for one
Solution: Discover one on the local subnet
DYNAMIC HOST CONFIGURATION PROTOCOL
![Page 166: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/166.jpg)
DHCP
New host DHCP server
DHCP discover(L2 broadcast)
DHCP offer
Doesn’t have an IP address yet (can’t set src addr)
Doesn’t know who to ask for one
Solution: Discover one on the local subnet
offer includes: IPaddress, DNS server,gateway router, and duration of this offer (“lease” time)
DYNAMIC HOST CONFIGURATION PROTOCOL
![Page 167: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/167.jpg)
DHCP
New host DHCP server
DHCP discover(L2 broadcast)
DHCP offer
Doesn’t have an IP address yet (can’t set src addr)
Doesn’t know who to ask for one
Solution: Discover one on the local subnet
offer includes: IPaddress, DNS server,gateway router, and duration of this offer (“lease” time)
DHCP request(L2 broadcast)
DYNAMIC HOST CONFIGURATION PROTOCOL
![Page 168: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/168.jpg)
DHCP
New host DHCP server
DHCP discover(L2 broadcast)
DHCP offer
Doesn’t have an IP address yet (can’t set src addr)
Doesn’t know who to ask for one
Solution: Discover one on the local subnet
offer includes: IPaddress, DNS server,gateway router, and duration of this offer (“lease” time)
DHCP request(L2 broadcast)request asks for the offered IP address
DYNAMIC HOST CONFIGURATION PROTOCOL
![Page 169: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/169.jpg)
DHCP
New host DHCP server
DHCP discover(L2 broadcast)
DHCP offer
Doesn’t have an IP address yet (can’t set src addr)
Doesn’t know who to ask for one
Solution: Discover one on the local subnet
offer includes: IPaddress, DNS server,gateway router, and duration of this offer (“lease” time)
DHCP request(L2 broadcast)
DHCP ACK request asks for the offered IP address
DYNAMIC HOST CONFIGURATION PROTOCOL
![Page 170: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/170.jpg)
DHCP ATTACKS
• Requests are broadcast: attackers on the same subnet can hear new host’s request
• Race the actual DHCP server to replace: • DNS server
- Redirect any of a host’s lookups (“what IP address should I use when trying to connect to google.com?”) to a machine of the attacker’s choice
• Gateway - The gateway is where the host sends all of its outgoing traffic (so
that the host doesn’t have to figure out routes himself) - Modify the gateway to intercept all of a user’s traffic - Then relay it to the gateway (MITM) - How could the user detect this?
![Page 171: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/171.jpg)
HOSTNAMES AND IP ADDRESSES
gold:~ dml$ ping google.com PING google.com (74.125.228.65): 56 data bytes 64 bytes from 74.125.228.65: icmp_seq=0 ttl=52 time=22.330 ms 64 bytes from 74.125.228.65: icmp_seq=1 ttl=52 time=6.304 ms 64 bytes from 74.125.228.65: icmp_seq=2 ttl=52 time=5.186 ms 64 bytes from 74.125.228.65: icmp_seq=3 ttl=52 time=12.805 ms
![Page 172: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/172.jpg)
HOSTNAMES AND IP ADDRESSES
gold:~ dml$ ping google.com PING google.com (74.125.228.65): 56 data bytes 64 bytes from 74.125.228.65: icmp_seq=0 ttl=52 time=22.330 ms 64 bytes from 74.125.228.65: icmp_seq=1 ttl=52 time=6.304 ms 64 bytes from 74.125.228.65: icmp_seq=2 ttl=52 time=5.186 ms 64 bytes from 74.125.228.65: icmp_seq=3 ttl=52 time=12.805 ms
![Page 173: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/173.jpg)
HOSTNAMES AND IP ADDRESSES
gold:~ dml$ ping google.com PING google.com (74.125.228.65): 56 data bytes 64 bytes from 74.125.228.65: icmp_seq=0 ttl=52 time=22.330 ms 64 bytes from 74.125.228.65: icmp_seq=1 ttl=52 time=6.304 ms 64 bytes from 74.125.228.65: icmp_seq=2 ttl=52 time=5.186 ms 64 bytes from 74.125.228.65: icmp_seq=3 ttl=52 time=12.805 ms
![Page 174: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/174.jpg)
HOSTNAMES AND IP ADDRESSES
gold:~ dml$ ping google.com PING google.com (74.125.228.65): 56 data bytes 64 bytes from 74.125.228.65: icmp_seq=0 ttl=52 time=22.330 ms 64 bytes from 74.125.228.65: icmp_seq=1 ttl=52 time=6.304 ms 64 bytes from 74.125.228.65: icmp_seq=2 ttl=52 time=5.186 ms 64 bytes from 74.125.228.65: icmp_seq=3 ttl=52 time=12.805 ms
google.com is easy to remember, but not routable
74.125.228.65 is routable
Name resolution:The process of mapping from one to the other
![Page 175: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/175.jpg)
TERMINOLOGY• www.cs.umd.edu = “domain name”
• www.cs.umd.edu is a “subdomain” of cs.umd.edu
• Domain names can map to a set of IP addressesgold:~ dml$ dig google.com
; <<>> DiG 9.8.3-P1 <<>> google.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35815 ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION: ;google.com. IN A
;; ANSWER SECTION: google.com. 105 IN A 74.125.228.70 google.com. 105 IN A 74.125.228.66 google.com. 105 IN A 74.125.228.64 google.com. 105 IN A 74.125.228.69 google.com. 105 IN A 74.125.228.78 google.com. 105 IN A 74.125.228.73 google.com. 105 IN A 74.125.228.68 google.com. 105 IN A 74.125.228.65 google.com. 105 IN A 74.125.228.72
We’ll understand thismore in a bit; for now, note that google.com is mapped to many
IP addresses
![Page 176: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/176.jpg)
TERMINOLOGY• www.cs.umd.edu = “domain name”
• www.cs.umd.edu is a “subdomain” of cs.umd.edu
• Domain names can map to a set of IP addressesgold:~ dml$ dig google.com
; <<>> DiG 9.8.3-P1 <<>> google.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35815 ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION: ;google.com. IN A
;; ANSWER SECTION: google.com. 105 IN A 74.125.228.70 google.com. 105 IN A 74.125.228.66 google.com. 105 IN A 74.125.228.64 google.com. 105 IN A 74.125.228.69 google.com. 105 IN A 74.125.228.78 google.com. 105 IN A 74.125.228.73 google.com. 105 IN A 74.125.228.68 google.com. 105 IN A 74.125.228.65 google.com. 105 IN A 74.125.228.72
We’ll understand thismore in a bit; for now, note that google.com is mapped to many
IP addresses
![Page 177: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/177.jpg)
TERMINOLOGY• “zone” = a portion of the DNS namespace, divided
up for administrative reasons • Think of it like a collection of hostname/IP address
pairs that happen to be lumped together - www.google.com, mail.google.com, dev.google.com, …
• Subdomains do not need to be in the same zone • Allows the owner of one zone (umd.edu) to delegate
responsibility to another (cs.umd.edu)
![Page 178: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/178.jpg)
NAMESPACE HIERARCHY
www.cs.umd.edu
cs.umd.edu
umd.edu
edu
.
com net
duke.edu
Zones
![Page 179: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/179.jpg)
TERMINOLOGY• “Nameserver” = A piece of code that answers
queries of the form “What is the IP address for foo.bar.com?” • Every zone must run ≥2 nameservers • Several very common nameserver implementations:
BIND, PowerDNS (more popular in Europe)
• “Authoritative nameserver”: • Every zone has to maintain a file that maps IP
addresses and hostnames (“www.cs.umd.edu is 128.8.127.3”)
• One of the name servers in the zone has the master copy of this file. It is the authority on the mapping.
![Page 180: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/180.jpg)
TERMINOLOGY• “Resolver” - while name servers answer queries,
resolvers ask queries.
• Every OS has a resolver. Typically small and pretty dumb. All it typically does it forward the query to a local…
• “Recursive nameserver” - a nameserver which will do the heavy lifting, issuing queries on behalf of the client resolver until an authoritative answer returns.
• Prevalence • There is almost always a local (private) recursive name server • But very rare for name servers to support recursive queries
otherwise
![Page 181: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/181.jpg)
TERMINOLOGY• “Record” (or “resource record”) = usually think of it
as a mapping between hostname and IP address
• But more generally, it can map virtually anything to virtually anything
• Many record types: • (A)ddress records (IP <-> hostname) • Mail server (MX, mail exchanger) • SOA (start of authority, to delineate different zones) • Others for DNSSEC to be able to share keys
• Records are the unit of information
![Page 182: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/182.jpg)
TERMINOLOGY
• Authoritative answers (A) for hostnames in that zone • The umd.edu zone’s nameservers must be able to tell us
what the IP address for umd.edu is
• Pointers to name servers (NS) who host zones in its subdomains • The umd.edu zone’s nameservers must be able to tell us
what the name and IP address of the cs.umd.edu zone’s nameservers
“A” record: umd.edu = 54.84.241.99
Nameservers within a zone must be able to give:
54.84.241.99 is a valid IP address for umd.edu
“NS” record: cs.umd.edu = ipa01.cs.umd.edu. Ask ipa01.cs.umd.edu for allcs.umd.edu subdomains
![Page 183: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/183.jpg)
TERMINOLOGY
• Authoritative answers (A) for hostnames in that zone • The umd.edu zone’s nameservers must be able to tell us
what the IP address for umd.edu is
• Pointers to name servers (NS) who host zones in its subdomains • The umd.edu zone’s nameservers must be able to tell us
what the name and IP address of the cs.umd.edu zone’s nameservers
“A” record: umd.edu = 54.84.241.99
Nameservers within a zone must be able to give:
54.84.241.99 is a valid IP address for umd.edu
“NS” record: cs.umd.edu = ipa01.cs.umd.edu. Ask ipa01.cs.umd.edu for allcs.umd.edu subdomains
![Page 184: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/184.jpg)
DNSDomain Name Service at a very high level
Requesting host
What is an IP address for cs.umd.edu?
![Page 185: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/185.jpg)
DNSDomain Name Service at a very high level
Requesting host
What is an IP address for cs.umd.edu?
Local nameserver
![Page 186: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/186.jpg)
DNSDomain Name Service at a very high level
Requesting host
What is an IP address for cs.umd.edu?
Local nameserver
1
![Page 187: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/187.jpg)
DNSDomain Name Service at a very high level
Requesting host
What is an IP address for cs.umd.edu?
Local nameserver
Root DNS server “.”
1
![Page 188: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/188.jpg)
DNSDomain Name Service at a very high level
Requesting host
What is an IP address for cs.umd.edu?
Local nameserver
Root DNS server “.”
1
2
![Page 189: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/189.jpg)
DNSDomain Name Service at a very high level
Requesting host
What is an IP address for cs.umd.edu?
Local nameserver
Root DNS server “.”
1
23
![Page 190: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/190.jpg)
DNSDomain Name Service at a very high level
Requesting host
What is an IP address for cs.umd.edu?
Local nameserver
Root DNS server “.”
1
23
TLD DNS server
NS
![Page 191: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/191.jpg)
DNSDomain Name Service at a very high level
Requesting host
What is an IP address for cs.umd.edu?
Local nameserver
Root DNS server “.”
1
23
4 TLD DNS server
NS
![Page 192: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/192.jpg)
DNSDomain Name Service at a very high level
Requesting host
What is an IP address for cs.umd.edu?
Local nameserver
Root DNS server “.”
1
23
4
5
TLD DNS server
NS
![Page 193: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/193.jpg)
DNSDomain Name Service at a very high level
Requesting host
What is an IP address for cs.umd.edu?
Local nameserver
Root DNS server “.”
1
23
4
5
TLD DNS server
Authoritative DNS server
NS
NS
![Page 194: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/194.jpg)
6
DNSDomain Name Service at a very high level
Requesting host
What is an IP address for cs.umd.edu?
Local nameserver
Root DNS server “.”
1
23
4
5
TLD DNS server
Authoritative DNS server
NS
NS
![Page 195: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/195.jpg)
6
DNSDomain Name Service at a very high level
Requesting host
What is an IP address for cs.umd.edu?
Local nameserver
Root DNS server “.”
1
23
4
5
7
TLD DNS server
Authoritative DNS server
NS
NS
![Page 196: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/196.jpg)
6
DNSDomain Name Service at a very high level
Requesting host
What is an IP address for cs.umd.edu?
Local nameserver
Root DNS server “.”
1
23
4
5
7
TLD DNS server
Authoritative DNS server
cs.umd.edu
NS
NS
A
![Page 197: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/197.jpg)
6
DNSDomain Name Service at a very high level
Requesting host
What is an IP address for cs.umd.edu?
Local nameserver
Root DNS server “.”
1
23
4
5
78
TLD DNS server
Authoritative DNS server
cs.umd.edu
NS
NS
A
![Page 198: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/198.jpg)
6
DNSDomain Name Service at a very high level
Requesting host
What is an IP address for cs.umd.edu?
Local nameserver
Root DNS server “.”
1
23
4
5
78
9
TLD DNS server
Authoritative DNS server
cs.umd.edu
NS
NS
A
![Page 199: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/199.jpg)
6
DNSDomain Name Service at a very high level
Requesting host
What is an IP address for cs.umd.edu?
Local nameserver
Root DNS server “.”
1
23
4
5
78
Caching responses iscritical to DNS’s successEvery response (3,5,7,8) has a time-to-live (TTL).
TTLs should be reasonably long (days), but some
are minutes.
9
TLD DNS server
Authoritative DNS server
cs.umd.edu
NS
NS
A
![Page 200: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/200.jpg)
HOW DO THEY KNOW THESE IP ADDRESSES?
• Local DNS server: host learned this via DHCP
• A parent knows its children: part of the registration process
• Root nameserver: hardcoded into the local DNS server (and every DNS server) • 13 root servers (logically): A-root, B-root, …, M-root • These IP addresses change very infrequently • UMD runs D-root.
- IP address changed beginning of 2013!! - For the most part, the change-over went alright, but Lots of weird
things happened — ask me some time.
![Page 201: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/201.jpg)
CACHING
• Central to DNS’s success
• Also central to attacks
• “Cache poisoning”: filling a victim’s cache with false information
![Page 202: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/202.jpg)
QUERIES
Requesting host
What is an IP address for cs.umd.edu?
Local nameserver
Root DNS server “.”
1
23
4
5
6
78
9
TLD DNS server
Authoritative DNS server
(“umd.edu”)
cs.umd.edu
Every query (2,4,6) has the same request in it (“what is the IP address for cs.umd.edu?”)
But different: - dst IP (port = 53) - query ID
NS
NS
A
![Page 203: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/203.jpg)
WHAT’S IN A RESPONSE?
• Many things, but for the attacks we’re concerned with…
• A record: gives “the authoritative response for the IP address of this hostname”
• NS record: describes “this is the name of the nameserver who should know more about how to answer this query than I do” • Often also contains “glue” records (IP addresses of those
name servers to avoid chicken and egg problems) • Resolver will generally cache all of this information
![Page 204: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/204.jpg)
QUERY IDS
• The local resolver has a lot of incoming/outgoing queries at any point in time.
• To determine which response maps to which queries, it uses a query ID
• Query ID: 16-bit field in the DNS header • Requester sets it to whatever it
wants • Responder must provide the same
value in its response
Local nameserver
23
4
5
6
7
![Page 205: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/205.jpg)
QUERY IDS
• The local resolver has a lot of incoming/outgoing queries at any point in time.
• To determine which response maps to which queries, it uses a query ID
• Query ID: 16-bit field in the DNS header • Requester sets it to whatever it
wants • Responder must provide the same
value in its response
Local nameserver
23
4
5
6
7
How would you implement query IDs at a resolver?
![Page 206: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/206.jpg)
QUERY IDS USED TO INCREMENT
• Global query ID value
• Map outstanding query ID to local state of who to respond to (the client)
• Basically: new Packet(queryID++)
Local nameserver
16322
16322
16323
1632316328
16328
![Page 207: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/207.jpg)
QUERY IDS USED TO INCREMENT
• Global query ID value
• Map outstanding query ID to local state of who to respond to (the client)
• Basically: new Packet(queryID++)
Local nameserver
16322
16322
16323
1632316328
16328
How would you attack this?
![Page 208: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/208.jpg)
CACHE POISONING
Local nameserver
Bad guy 6.6.6.6
![Page 209: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/209.jpg)
CACHE POISONING
Local nameserver
Bad guy
www.bank.com
6.6.6.6
![Page 210: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/210.jpg)
CACHE POISONING
Local nameserver
Bad guy
www.bank.com
Authoritative DNS server
6.6.6.6
![Page 211: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/211.jpg)
CACHE POISONING
Local nameserver
16322
Bad guy
www.bank.com
Authoritative DNS server
6.6.6.6
![Page 212: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/212.jpg)
CACHE POISONING
Local nameserver
16322
Bad guy
www.bank.com
Authoritative DNS server
16322: 6.6.6.6
![Page 213: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/213.jpg)
CACHE POISONING
Local nameserver
16322
16322
Bad guy
www.bank.com
Authoritative DNS server
16322: 6.6.6.6
![Page 214: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/214.jpg)
CACHE POISONING
Local nameserver
16322
16322
Bad guy
www.bank.com
Authoritative DNS server
16322:Will cachewww.bank.com = 6.6.6.6 and ignore authority’s answer
6.6.6.6
![Page 215: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/215.jpg)
CACHE POISONING
Local nameserver
16322
16322
Bad guy
www.bank.com
Authoritative DNS server
How do you guess this?
16322:Will cachewww.bank.com = 6.6.6.6 and ignore authority’s answer
6.6.6.6
![Page 216: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/216.jpg)
CACHE POISONING
Local nameserver
16322
16322
Bad guy
www.bank.com
Authoritative DNS server
www.bad.com
How do you guess this?
16322:Will cachewww.bank.com = 6.6.6.6 and ignore authority’s answer
6.6.6.6
![Page 217: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/217.jpg)
CACHE POISONING
Local nameserver
16322
16322
Bad guy
www.bank.com
Authoritative DNS server
www.bad.com
16321
How do you guess this?
16322:Will cachewww.bank.com = 6.6.6.6 and ignore authority’s answer
6.6.6.6
![Page 218: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/218.jpg)
CACHE POISONING
Local nameserver
16322
16322
Bad guy
www.bank.com
Authoritative DNS server
www.bad.com
16321
How do you guess this?
16322:
Next is likely 16322
Will cachewww.bank.com = 6.6.6.6 and ignore authority’s answer
6.6.6.6
![Page 219: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/219.jpg)
DETAILS OF GETTING THE ATTACK TO WORK
• Must guess query ID: ask for it, and go from there • Partial fix: randomize query IDs • Problem: small space • Attack: issue a Lot of query IDs
• Must guess source port number • Typically constant for a given server (often always 53)
• The answer must not already be in the cache • It will avoid issuing a query in the first place
![Page 220: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/220.jpg)
CACHE POISONING
Local nameserver
Bad guy
com. TLD
Can we do more harm than a single record?
6.6.6.6
![Page 221: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/221.jpg)
CACHE POISONING
Local nameserver
Bad guy
com. TLD
www.bad.com
Can we do more harm than a single record?
6.6.6.6
![Page 222: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/222.jpg)
CACHE POISONING
Local nameserver
Bad guy
com. TLD
www.bad.com
16321
Can we do more harm than a single record?
6.6.6.6
![Page 223: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/223.jpg)
CACHE POISONING
Local nameserver
Bad guy
com. TLD
www.bad.com
16321
Next is likely 16322
Can we do more harm than a single record?
6.6.6.6
![Page 224: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/224.jpg)
CACHE POISONING
Local nameserver
Bad guy
com. TLD
www.bad.com
16321
somethingnotcached.bank.com
Next is likely 16322
Can we do more harm than a single record?
6.6.6.6
![Page 225: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/225.jpg)
CACHE POISONING
Local nameserver
16322
Bad guy
com. TLD
www.bad.com
16321
somethingnotcached.bank.com
Next is likely 16322
Can we do more harm than a single record?
6.6.6.6
![Page 226: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/226.jpg)
CACHE POISONING
Local nameserver
16322
Bad guy
com. TLD
www.bad.com
16321
somethingnotcached.bank.com
16322: NS bank.com = ns.bank.comA ns.bank.com = 6.6.6.6 Next is likely 16322
Can we do more harm than a single record?
6.6.6.6
![Page 227: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/227.jpg)
CACHE POISONING
Local nameserver
16322
16322
Bad guy
com. TLD
www.bad.com
16321
somethingnotcached.bank.com
16322: NS bank.com = ns.bank.comA ns.bank.com = 6.6.6.6 Next is likely 16322
Can we do more harm than a single record?
6.6.6.6
![Page 228: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/228.jpg)
CACHE POISONING
Local nameserver
16322
16322
Bad guy
com. TLD
www.bad.com
16321
somethingnotcached.bank.com
16322: NS bank.com = ns.bank.comA ns.bank.com = 6.6.6.6 Next is likely 16322
Will cache “theperson to ask for ALLbank.com queriesis 6.6.6.6”
Can we do more harm than a single record?
6.6.6.6
![Page 229: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/229.jpg)
SOLUTIONS?
• Randomizing query ID? • Not sufficient alone: only 16 bits of entropy
• Randomize source port, as well • There’s no reason for it stay constant • Gets us another 16 bits of entropy
• DNSSEC?
![Page 230: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/230.jpg)
DNSSECRoot DNS server “.”
www.cs.umd.edu?
![Page 231: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/231.jpg)
DNSSECRoot DNS server “.”Ask “.edu”
.edu’s public key = PKedu (Plus “.”’s sig of this zone-key binding)
www.cs.umd.edu?
![Page 232: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/232.jpg)
DNSSECRoot DNS server “.”Ask “.edu”
.edu’s public key = PKedu (Plus “.”’s sig of this zone-key binding)
www.cs.umd.edu?
TLD DNS server
www.cs.umd.edu?
![Page 233: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/233.jpg)
DNSSECRoot DNS server “.”Ask “.edu”
.edu’s public key = PKedu (Plus “.”’s sig of this zone-key binding)
www.cs.umd.edu?
TLD DNS server
www.cs.umd.edu?
Ask “umd.edu”umd.edu’s public key = PKumd (Plus “edu”’s sig of this zone-key binding)
![Page 234: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/234.jpg)
DNSSECRoot DNS server “.”Ask “.edu”
.edu’s public key = PKedu (Plus “.”’s sig of this zone-key binding)
www.cs.umd.edu?
TLD DNS server
www.cs.umd.edu?
Authoritative DNS server
www.cs.umd.edu?
Ask “umd.edu”umd.edu’s public key = PKumd (Plus “edu”’s sig of this zone-key binding)
![Page 235: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/235.jpg)
DNSSECRoot DNS server “.”Ask “.edu”
.edu’s public key = PKedu (Plus “.”’s sig of this zone-key binding)
www.cs.umd.edu?
TLD DNS server
www.cs.umd.edu?
Authoritative DNS server
www.cs.umd.edu?
Ask “umd.edu”umd.edu’s public key = PKumd (Plus “edu”’s sig of this zone-key binding)
IN A www.cs.umd.edu 128.8.127.3 (Plus “umd.edu”’s signature of
the answer
![Page 236: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/236.jpg)
DNSSECRoot DNS server “.”Ask “.edu”
.edu’s public key = PKedu (Plus “.”’s sig of this zone-key binding)
www.cs.umd.edu?
TLD DNS server
www.cs.umd.edu?
Authoritative DNS server
www.cs.umd.edu?
Ask “umd.edu”umd.edu’s public key = PKumd (Plus “edu”’s sig of this zone-key binding)
IN A www.cs.umd.edu 128.8.127.3 (Plus “umd.edu”’s signature of
the answer
Only theauthoritative
answer issigned
![Page 237: New NETWORKING BASICS - University Of Maryland · 2018. 4. 26. · NETWORKING BASICS CMSC 414 APR 26 2018. WHY DOES THE INTERNET WORK? 1. PROTOCOLS Agreements on how to communicate](https://reader035.fdocuments.net/reader035/viewer/2022071216/6047dfea6b335e6070669ae7/html5/thumbnails/237.jpg)
PROPERTIES OF DNSSEC
• If everyone has deployed it, and if you know the root’s keys, then prevents spoofed responses • Very similar to PKIs in this sense
• But unlike PKIs, we still want authenticity despite the fact that not everyone has deployed DNSSEC • What if someone replies back without DNSSEC? • Ignore = secure but you can’t connect to a lot of hosts • Accept = can connect but insecure
• Back to our notion of incremental deployment • DNSSEC is not all that useful incrementally