2024年05月30日
- Local Area Network
-
-
connect a group of local machines
-
all machines are connected to all other machines in LAN
-
infeasible to connect every machine in the world, a router is introduced
-
- Router
-
-
a machine that is connected to two or more LANs
-
- Wide Area Network
-
-
connect the entire world with enough routers
-
basis of the internet
-
- OSI 7-layer model
-
- Layer 2 (link layer)
-
-
uses 48-bit (6-byte) MAC addresses to uniquely identify each machine on the LAN
-
contains MAC addresses
-
- Layer 3 (IP layer)
-
-
uses 32-bit (4-byte) IP Addresses to uniquely identify each machine globally
-
contains IP addresses
-
only guarantees best-effort delivery
-
does not handle any errors
-
- MAC addresses
-
-
usually written as 6 pairs of hex numbers such as
ca:fe:f0:0d:be:ef -
special broadcast address
ff:ff:ff:ff:ff:ff`that says "send this message to everyoen on the local network"
-
- port number
-
16-bit
- Packets
-
-
usually limited to a fixed length
-
can be corrupted in transite or even fial to send entirely
-
rely on higher layers for correctness and security
-
- Network Adversaries
-
- Off-path
-
-
cannot read or modify any packets sent over the connection
-
- On-path
-
-
can read, but not modify packets
-
- In-path
-
-
can read, modify, and block packets
-
also known as man-in-the-middle
-
| all adversaries can send packets of their own, including faking or spoofing the packet headers to appear like the message si coming from somebody else |
Address Resolution Protocol (ARP)
- layer
-
link (2)
- purpose
-
translate IP address to MAC addresses
- vulnerability
-
On-path attackers can see the requests and send spoofed malicious responses
- defense
-
switches, arpwatch
translates Layer 3 IP addresses into Layer 2 MAC addresses
- Sniffing Packets
-
-
ethernet devices can enter promiscuous mode
-
Dynamic Host Configuration Protocol (DHCP)
-
responsible for setting up configurations when a computer first joins a local network
-
considered as layer 2-3 protocol
DHCP follows four steps, between you (the client) and the server (who can give you the needed IP addresses)
-
Client Discover: the client broadcasts a request for a configuration
-
Server Offer: any server a ble to offer IP addresses respond with some configuration settings (usually only one server replies)
-
Client Request: the client broadcasts which configuration it has chosen
-
Server Acknowledge: the chosen server confirms that its configuration has been chosen
- DHCP lease
-
-
configuration information provided in step 2 (server offer)
-
include a lease time
-
after the time expires, the client mut ask to renew the lease to keep using that configuration, or else the DHCP server will free up those settings for other devices that request leases later
-
Network Address Translation
-
there are more computers than IPv$ address
-
not all networks support IPv6 (expanded address space)
-
DHCP supports NAT
-
allows multiple computers on a local network to share an IP address
Attack
-
almost identical to ARP spoofing
-
at the server offer step, an attacker can send a forged configuration, which the client will accept if it arrives before the legitimate configuration reply
-
The attacker can also become a man-in-the-middle by manipulating the DNS server address, which lets the attacker supply malicious translations between human-readable host names (www.google.com) and IP addresses (6.6.6.6)
Border Gateway Protocol
-
operates by having each Autonomous Systems advertise which networks it is responsible for to its neighboring Autonomous Systems
Attack
-
operates on trust (assumes all ASs are effectively honest)
-
an Autonomous System can lie and say that it is responsible for a network it isn’t, resulting in all traffic being redirected to the lying AS
| Why do the checksums not prevent a malicious AS from modifying packets? Checksums are not cryptographic. The malicious AS could modify the packet and create a new checksum for the modified packet |