cis 3360: security in computing pre-knowledge: internet and networking cliff zou spring 2012
TRANSCRIPT
CIS 3360: Security in ComputingPre-Knowledge: Internet and
Networking
Cliff ZouSpring 2012
2
Objectives
Obtain the basic knowledge of computer networking and the Internet Concepts of network applications, Internet Basic knowledge of network protocols: TCP/IP
Reading assignment: Wikipiedia tutorials:
http://en.wikipedia.org/wiki/Internet http://en.wikipedia.org/wiki/TCP/IP
Reference book: Computer Networking: A Top Down Approach
Featuring the Internet, 5th edition. Jim Kurose, Keith Ross, Addison-Wesley, Pearson Education, 2010
Lecture Materials
Some of these slides are adapted from the slides copyrighted by
Jim Kurose, Keith RossAddison-Wesley, Pearson Education2010.
Computer Networking: A Top Down Approach Featuring the Internet, 5th edition.
3
4
A Little Bit of Internet History
1961: Kleinrock - queueing theory shows effectiveness of packet-switching
1967: ARPAnet conceived by Advanced Research Projects Agency 1969: First ARPAnet node operational 1972: 15 nodes in ARPAnet; First e-mail program 1973: Metcalfe’s PhD thesis proposes Ethernet 1974: Cerf and Kahn - architecture for interconnecting networks 1983: deployment of TCP/IP 1982: smtp e-mail protocol defined 1983: DNS defined for name-to-IP-address translation early 1990s: Web Late 1990’s – 2000’s: instant messaging, P2P file sharing; network
security, est. 50 million host, 100 million+ users, backbone links running at Gbps
5
Cerf and Kahn’s internetworking principles: minimalism, autonomy - no internal
changes required to interconnect networks
best effort service model stateless routers decentralized control
define today’s Internet architecture
6
What is the Internet?
Application Application
Network Network
Data Link
Transport Transport
Data Link
Physical link
Web, Email…
TCP, UDP
IP
Ethernet, cellular
Some Internet applications
E-mail Web Instant messaging Remote login P2P file sharing Multi-user network
games Streaming stored video
clips
Internet telephone Real-time video
conference Massive parallel
computing
8 8
Internet
Internet: loosely hierarchical “network of networks”
Major Components: Hosts, Routers, Communication links
Protocols: for sending, receiving of msgs
e.g., TCP, IP, HTTP, FTP, PPP Internet standards RFC: Request for comments IETF: Internet Engineering Task
Force
local ISP
companynetwork
regional ISP
router workstation
servermobile
9 9
Internet: Three Components
End systems (hosts): millions of connected computing devices executing network applications
Routers: forwarding packets (chunks of data)
Communication links:Connecting hosts and routers
fiber, copper, radio, satellite transmission rate =
bandwidth
local ISP
companynetwork
regional ISP
router workstation
servermobile
1010
Internet Service
Communication infrastructure enables distributed applications:
Web, email, games, e-commerce, file sharing
Communication services provided to applications: Connectionless unreliable connection-oriented reliable
1111
Internet structure: network of networks
roughly hierarchical at center: “tier-1” ISPs (e.g., UUNet, BBN/Genuity, Sprint,
AT&T), national/international coverage treat each other as equals
Tier 1 ISP
Tier 1 ISP
Tier 1 ISP
Tier-1 providers interconnect (peer) privately
NAP
Tier-1 providers also interconnect at public network access points
(NAPs)
1212
Internet structure: network of networks
“Tier-2” ISPs: smaller (often regional) ISPs Connect to one or more tier-1 ISPs, possibly other tier-2 ISPs
Tier 1 ISP
Tier 1 ISP
Tier 1 ISP
NAP
Tier-2 ISPTier-2 ISP
Tier-2 ISP Tier-2 ISP
Tier-2 ISP
Tier-2 ISP pays tier-1
ISP for connectivity
to rest of Internet
tier-2 ISP is customer of
tier-1 provider
Tier-2 ISPs also peer privately with each
other, interconnec
t at NAP
1313
Internet structure: network of networks
“Tier-3” ISPs and local ISPs last hop (“access”) network (closest to end systems)
Tier 1 ISP
Tier 1 ISP
Tier 1 ISP
NAP
Tier-2 ISPTier-2 ISP
Tier-2 ISP Tier-2 ISP
Tier-2 ISP
localISPlocal
ISPlocalISP
localISP
localISP Tier 3
ISP
localISP
localISP
localISP
Local and tier- 3 ISPs
are customers
ofhigher tier
ISPsconnecting
them to rest of Internet
1414
Internet structure: network of networks
a packet passes through many networks!
Tier 1 ISP
Tier 1 ISP
Tier 1 ISP
NAP
Tier-2 ISPTier-2 ISP
Tier-2 ISP Tier-2 ISP
Tier-2 ISP
localISPlocal
ISPlocalISP
localISP
localISP Tier 3
ISP
localISP
localISP
localISP
“Real” Internet delays and routes
What do “real” Internet delay & loss look like? Traceroute program: provides delay measurement
from source to router along end-end Internet path towards destination. For all i:
sends three packets that will reach router i on path towards destination
router i will return packets to sender sender times interval between transmission and reply.
3 probes
3 probes
3 probes
“Real” Internet delays and routes
1 cs-gw (128.119.240.254) 1 ms 1 ms 2 ms2 border1-rt-fa5-1-0.gw.umass.edu (128.119.3.145) 1 ms 1 ms 2 ms3 cht-vbns.gw.umass.edu (128.119.3.130) 6 ms 5 ms 5 ms4 jn1-at1-0-0-19.wor.vbns.net (204.147.132.129) 16 ms 11 ms 13 ms 5 jn1-so7-0-0-0.wae.vbns.net (204.147.136.136) 21 ms 18 ms 18 ms 6 abilene-vbns.abilene.ucaid.edu (198.32.11.9) 22 ms 18 ms 22 ms7 nycm-wash.abilene.ucaid.edu (198.32.8.46) 22 ms 22 ms 22 ms8 62.40.103.253 (62.40.103.253) 104 ms 109 ms 106 ms9 de2-1.de1.de.geant.net (62.40.96.129) 109 ms 102 ms 104 ms10 de.fr1.fr.geant.net (62.40.96.50) 113 ms 121 ms 114 ms11 renater-gw.fr1.fr.geant.net (62.40.103.54) 112 ms 114 ms 112 ms12 nio-n2.cssi.renater.fr (193.51.206.13) 111 ms 114 ms 116 ms13 nice.cssi.renater.fr (195.220.98.102) 123 ms 125 ms 124 ms14 r3t2-nice.cssi.renater.fr (195.220.98.110) 126 ms 126 ms 124 ms15 eurecom-valbonne.r3t2.ft.net (193.48.50.54) 135 ms 128 ms 133 ms16 194.214.211.25 (194.214.211.25) 126 ms 128 ms 126 ms17 * * *18 * * *19 fantasia.eurecom.fr (193.55.113.142) 132 ms 128 ms 136 ms
traceroute: gaia.cs.umass.edu to www.eurecom.frThree delay measurements from
gaia.cs.umass.edu to cs-gw.cs.umass.edu
* means no response (probe lost, router not replying)
trans-oceaniclink
Under Windows is “tracert”
Traceroute from My Home Computer
Where a Router is Placed?
There are many public websites provide IP location service www.geobytes.com/iplocator.htm http://www.iplocation.net/
Based on traceroute and IP locator, you can know the complete routing path of a connection Major reason why many networks block
traceroute traffic
19
Protocolnetwork protocols: all communication activity in Internet governed by
protocols
Protocols define format, order of messages sent and received among network entities, and actions taken on message transmission, receipt
What’s a protocol?a human protocol and a computer network protocol:
Hi
Hi
Got thetime?
2:00
TCP connection request
TCP connectionresponseGet http://www.awl.com/kurose-
ross
<file>time
2222
A closer look at network structure:
network edge: applications and hosts
network core: routers network of networks
Connection: communication links
The network edge: end systems (hosts):
run application programs e.g. Web, email at “edge of network”
client/server model client host requests, receives
service from always-on server e.g. Web browser/server; email
client/server peer-peer model:
minimal (or no) use of dedicated servers
e.g. Gnutella, KaZaA
Network edge: connection-oriented service
TCP [ Transmission Control Protocol ] reliable, in-order : byte-stream data transfer
loss: acknowledgements and retransmissions flow control:
sender won’t overwhelm receiver congestion control:
senders “slow down sending rate” when network congested
Examples of applications using TCP: HTTP (Web), FTP (file transfer), SSH
(remote secure login), SMTP (email)
Network edge: connectionless service
UDP [User Datagram Protocol] connectionless unreliable data transfer no flow control no congestion control
Examples of applications using UDP: streaming media, teleconferencing, DNS, Internet
telephony
The Network Core
mesh of interconnected routers
data transfer methods through net circuit switching:
dedicated circuit per call: telephone net
packet-switching: data sent through net in discrete “chunks”
Circuit Switching
End-end resources reserved for “call”
call setup required link bandwidth, switch
capacity dedicated resources: no
sharing circuit-like (guaranteed)
performance
Packet-switched networks
Move packets through routers from source to destination
datagram network: destination address in packet determines next hop routes may change during session
virtual circuit network: each packet carries tag (virtual circuit ID), tag determines next
hop fixed path determined at call setup time, remains fixed thru call routers maintain per-call state
Internet protocol stack application: supporting network
applications FTP, SMTP, HTTP
transport: host-host data transfer TCP, UDP
network: routing of datagrams from source to destination
IP, routing protocols link: data transfer between neighboring
network elements PPP, Ethernet
physical: bits “on the wire or wireless”
application
transport
network
link
physical
messagesegment
datagram
frame
sourceapplicati
ontransportnetwork
linkphysical
HtHnHl M
HtHn M
Ht M
M
destination
application
transport
networklink
physical
HtHnHl M
HtHn M
Ht M
M
networklink
physical
linkphysical
HtHnHl M
HtHn M
HtHnHl M
HtHn M
HtHnHl M HtHnHl M
router
switch
Encapsulation
Message Flow
transport segment from sending to receiving host on sending side encapsulates segments into
datagrams on receiving side, delivers segments to transport
layer network layer protocols in every host, router router examines header fields in all IP datagrams
passing through it
application
transportnetworkdata linkphysical
application
transportnetworkdata linkphysical
networkdata linkphysical network
data linkphysical
networkdata linkphysical
networkdata linkphysical
networkdata linkphysical
networkdata linkphysical
networkdata linkphysical
networkdata linkphysical
networkdata linkphysical
networkdata linkphysicalnetwork
data linkphysical
31
TCP/IP Introduction
32
TCP Transport Layer
IP Network Layer
Networking security mainly deals with these two services/protocols
33
Transport Layer TCP - connection-oriented service
Provide reliable data transmission Used by most data-based, not time-sensitive network
applications Email, Web, file transfer….
Require to set up TCP connection channel first UDP – connectionless service
Unreliable data transmission Error packets will be discarded without retransmission
No additional delay for future incoming packets Used for time-sensitive, error-tolerant applications
VOIP, video streaming, DNS….
34
Transport vs. network layer
network layer: logical communication between hosts transport layer: logical communication between
processes relies on, enhances, network layer services
A
B
C
DSport:4625 Dport: 80
Sport:8050 Dport: 25
Addressing processes
to receive messages, process must have identifier identifier includes both IP address and port numbers
associated with process on host. host device has unique 32-bit IP address
IP address is for addressing a host/computer Example port numbers:
HTTP server: 80 Mail server: 25
to send HTTP message to gaia.cs.umass.edu web server:
IP address: 128.119.245.12 Port number: 80
TCP and UDP Port Numbers
16 bits (0 – 65535) Internet Assigned Numbers Authority
(IANA) www.iana.org Well known ports (0 -1023)
Example: HTTP – 80, SMTP – 25 Registered ports (1024 – 49151)
Example: HTTP alternate 8080 used for web proxy and caching server
Dynamic and/or private ports: (49152–65535)
Each TCP connection is identified by 4-tuple: source IP address source port number dest IP address dest port number
These four values are widely used in network filtering and intrusion detection
38
UDP Packet Header
UDP packet header is 8 bytes long
Port number is 16 bits long
Checksum for verifying packet error
39
source port # dest port #
32 bits
Applicationdata
(message)
UDP segment format
length checksumLength, in
bytes of UDPsegment,including
header
UDP Transmission Process
40
Host A
Packet 2
time
Host B
Packet 1
Packet 3
Packet 4
Packet 5
X
No acknowledgement from recipient
Sending rate is controlled by sender (bounded by sender’s bandwidth)
TCP Transmission Process (simplified without considering piplining)
41
Need sequence # and acknowledge # to distinguish each packet
TCP segment structure (Header is 20 bytes normally)
source port # dest port #
32 bits
applicationdata
(variable length)
sequence numberacknowledgement numberReceive window
Urg data pnterchecksum
FSRPAUheadlen
notused
Options (variable length)
URG: urgent data (generally not used)
ACK: ACK #valid
PSH: push data now
RST, SYN, FIN:connection estab(setup, teardown
commands)
# bytes rcvr willingto accept
countingby bytes of data(not segments!)
Internetchecksum
(as in UDP)
TCP seq. #’s and ACKs
Seq. #’s: byte stream “number” of first byte in segment’s data
ACKs: seq # of next byte expected from other side Cumulative ack ack to receive all bytes until the
specified #Q: how receiver handles out-of-order segments?
TCP spec doesn’t say Practical approach: save in buffer
Q: How TCP implement duplex communication? Seq. # for sending data, Ack# for receiving data
An example of TCP Duplex Communication
Host A Host B
Seq=42, ACK=79, data = ‘john’
Seq=79, ACK=46, data = ‘pass’
Seq=46, ACK=83 data =‘CNT4704’
User
host ACKsreceipt, send
back use password
host ACKsreceipt, echoes
back ‘pass’
timesimple telnet scenario
4279
Sequence number is based on bytes, not packets!
ACK Only in Duplex Communication ?
45
Seq=79, ACK=46, data = ‘pass’
Seq=46, ACK=83 data =‘CNT4704’
host ACKsreceipt, send
back use password
time
Seq= 83 , ACK=53, no data section
ACK only packet, seq# is the first byte to be transmitted in the future
(the packet has no data section)
TCP: retransmission scenarios
Host A
Seq=100, 20 bytes data
ACK=100
timepremature timeout
Host B
Seq=92, 8 bytes data
ACK=120
Seq=92, 8 bytes data
Seq
=92 t
imeou
t
ACK=120
Host A
Seq=92, 8 bytes data
ACK=100
losstim
eou
t
lost ACK scenario
Host B
X
Seq=92, 8 bytes data
ACK=100
time
Seq
=92 t
imeou
tSendBase
= 100
SendBase= 120
SendBase= 120
Sendbase= 100
TCP retransmission scenarios (more)
Host A
Seq=92, 8 bytes data
ACK=100
losstim
eou
tCumulative ACK scenario
Host B
X
Seq=100, 20 bytes data
ACK=120
time
SendBase= 120
Host A
Seq=100, 20 bytes data
ACK=100
timepremature timeout
Host B
Seq=92, 8 bytes data
ACK=120
Seq=92, 8 bytes data
Seq
=92 t
imeou
t
ACK=120
Seq
=92 t
imeou
t
SendBase= 120
SendBase= 120
Sendbase= 100
TCP Connection Setup --- Three-Way Handshaking
Step 1: client host sends TCP SYN segment to server specifies initial seq # no data
Step 2: server host receives SYN, replies with SYN/ACK segment
server allocates buffers specifies server initial
seq. #Step 3: client receives
SYN/ACK, replies with ACK segment, which may contain data
client
SYN, seq=client_seq
server
SYN/ACK,
seq=server_seq,
ack=client_seq+1
ACK, seq=client_seq+1ack=server_seq+1
TCP Connection Setup
Most firewalls, packet capturing software, and intrusion detection software use TCP connection setup packets to determine how to deal with the new connection Very important to understand the three-way
handshake
49
TCP Connection Management (cont.)
Closing a connection:
close();
Step 1: client end system sends TCP/FIN control
segment to server
Step 2: server receives FIN, replies with ACK. Closes connection, sends FIN.
client
FIN
server
ACK
ACK
FIN
close
close
closed
tim
ed
wait
TCP Connection Management (cont.)
Step 3: client receives FIN, replies with ACK.
Enters “timed wait” - will respond with ACK to received FINs
Step 4: server, receives ACK. Connection closed.
client
FIN
server
ACK
ACK
FIN
closing
closing
closed
tim
ed
wait
closedSome applications simply send RST to terminate TCP connections immediately