Slides - PRA Lab
Transcript
Slides - PRA Lab
%((" %, &% [email protected] Pattern Recognition and Applications Lab http://pralab.diee.unica.it • !'*& • ! + • !(! • $ – – $ – & Modulo 2 Protocolli di Rete & Sicurezza [email protected] 2 9=59;5:< "() • 2" "$+!#) !3 ""4)"!! 1 – !7& # /!+!/# $/ !# 8 – ##7&/#!#/6/5 8 – #7& //!/"## ""8 • ' Modulo 2 Protocolli di Rete & Sicurezza [email protected] 3 "(* • ), ""+!)""! !1 – ! • !&!"$"+/&! !# – • &!'0##!"" – ! • $,+" – # • ))"#"" """"#! * !+$!# ,+ – # Modulo 2 Protocolli di Rete & Sicurezza [email protected] 4 ; ',%')%(+ $ & ISO – OSI Stack TCP/IP Stack % % ! $ $( ) Protocolli di Rete & Sicurezza [email protected] Modulo 2 5 • #(*) – $ – $ • (+) – – $ • • $(,) – – ' (-) – – ! – "" Modulo 2 Protocolli di Rete & Sicurezza [email protected] 6 * (,&(*&)+ • %(& – % " – $$ • %)& – " – • #%*& – ' Protocolli di Rete & Sicurezza [email protected] Modulo 2 7 ! $! Modulo 2 HTTP protocol " TCP protocol IP protocol ! " Ethernet protocol " Protocolli di Rete & Sicurezza [email protected] 8 + !& !# "$ Livello 1 Physical Layer Modulo 2 Protocolli di Rete & Sicurezza [email protected] 9 • – – – – Modulo 2 Protocolli di Rete & Sicurezza [email protected] 10 % Livello 2 Link Layer Modulo 2 Protocolli di Rete & Sicurezza [email protected] 11 dest (48-bits) src type 48-bits) 16 bits) 0x800 Modulo 2 data (46-1500B) CRC (32 bits) IP Datagram Protocolli di Rete & Sicurezza [email protected] 12 ;B6;=6<? #* ) • $ ! ")$% * ") #*%#.. $ $#( * $ ( $%%).. 4 5$)")! %#()#) ). 2 • ")$% * $' %"#$! $&*#% – %##%81)% – =?%& !# )( # – =?%& 3%# %179)#$$ • -! – 1 1 • % % – ?A6$$ <@;;-% • – >=% ##. ## # $ Protocolli di Rete & Sicurezza [email protected] Modulo 2 13 ( • #$#869 – ()#%# #% • ipconfig / ifconfig869 – $%# )#. %# – $%##$$3%# – $%' sudo ifconfig en0 ether nu:ov:oM:AC:Ad:dr • iwconfig8, -9 % – )#)%#+#$$ $ Modulo 2 Protocolli di Rete & Sicurezza [email protected] 14 B 6;16817: Livello 3 Network Layer Modulo 2 Protocolli di Rete & Sicurezza [email protected] 15 $ • ) 9 "(+ $ #! #%) ##"$ • #$ 1 !" $ !") 9!" $ "!# – 0!" $ #((! 0$""$ – $ ;=73 ):4 – $"!" $ / . . • "'"#%!" $ – % ## – "#$2 "$$" Modulo 2 • )"*.$"$. "$ . 2(!% # "%$ • ' " !!.$!"."!*.#! Protocolli di Rete & Sicurezza [email protected] 16 < 8>18:19< 9=2####3)#"4 ?2# ) !' <2# !- <2# '!" ?2# ?2# !# 9;2#!#"# 9=2# !"& ;2# " 9=2#$$ ;:2#"&!!"" ;:2#"$$!"" $"3)4 #3)4 Protocolli di Rete & Sicurezza [email protected] Modulo 2 17 • !"3<#"4 – !!!#B<3'<4 • !#3<#"4 – &!/(!"0;:#.!,&" * • ) 3?#"4 – !!#)3;#"4, 3<#"4,&"39#4 • ##39=#"4 – &**##,!A$ • $$39=#"4 – A9!#! • "3;#"45"#"39;#"4 – $**$ !"$!!#*$ Modulo 2 Protocolli di Rete & Sicurezza [email protected] 18 @ :@5:<5;> • )6A$#7 – ("###$(!'!( '")"#" !"("#%, • "$6A$#7 – !%!!"$!#($$"607 • "#(6;?$#7 – $#($('2" • "###6=<B=<$#7 – !#"$#%, Protocolli di Rete & Sicurezza [email protected] Modulo 2 19 • ",,((,"## 2$"("$/ • "1 – – – – +"(%,,",,>A$ $*"+"(%,,",,=<$ )"($" '!##(%,,"#$2",,+"<6#*$ ##!#%)+"<3#4#%"",,7 • (,1 – 2$")!#($($"$$" – ##$#%"""#!,"",,"## Modulo 2 Protocolli di Rete & Sicurezza [email protected] 20 ;: 26/24/35 • &&-.0$%1 ,# ) • +# 7$%01 IP Header Frame Header Modulo 2 IP Data Frame Data Protocolli di Rete & Sicurezza [email protected] 21 • 0# *0x08061 $# &&" ,&& – 0 172.16.254.1311$## 0 172.16.254.1521 – "## 01# + arp who-has 172.16.254.152 tell 172.16.254.131 – && # – $ # 0#$#&&/1 – 0x0835$$# Modulo 2 Protocolli di Rete & Sicurezza [email protected] 22 33 '+%')%(* • • & – &" – && • && – $# – && • & Protocolli di Rete & Sicurezza [email protected] Modulo 2 23 Slides Credit: Christian Platzer, iSecLab Modulo 2 Protocolli di Rete & Sicurezza [email protected] 24 () Slides Credit: Christian Platzer, iSecLab Protocolli di Rete & Sicurezza [email protected] Modulo 2 25 Slides Credit: Christian Platzer, iSecLab Modulo 2 Protocolli di Rete & Sicurezza [email protected] 26 Slides Credit: Christian Platzer, iSecLab Protocolli di Rete & Sicurezza [email protected] Modulo 2 27 Slides Credit: Christian Platzer, iSecLab Modulo 2 Protocolli di Rete & Sicurezza [email protected] 28 */&*,&+- Slides Credit: Christian Platzer, iSecLab Modulo 2 Protocolli di Rete & Sicurezza [email protected] 29 • ipconfig / ifconfig( &) – " – % • arp( &) – ' – ! • ping( &) – () Modulo 2 Protocolli di Rete & Sicurezza [email protected] 30 +. 7=17918; • ****:92 * & 10000000 10000011 10101100 00000001 = 128.131.172.1 • &$9:9. ** ' &! – Direct delivery • Nella realtà la situazione è differente, e abbiamo necessità di raggruppare gli indirizzi IP – Subnetting Lo spazio di indirizzamento IP viene suddiviso in tante sotto-reti (subnet) Protocolli di Rete & Sicurezza [email protected] Modulo 2 31 • . *& & ' #'& 2 – ! & ') – &. & '' & () • & - – /0:9 & .**! &.** – 48 375 – .** ! & 2!& • .**!*! & . & #& ..!* & . Modulo 2 Protocolli di Rete & Sicurezza [email protected] 32 8< '+$')$(* • " – # – %& # # – • 192.168.1.100 192 255.255.255.0/24 1 168 100 1 1 0 0 0 0 0 0 1 0 1 0 1 0 0 0 0 0 0 0 0 0 0 1 0 1 1 0 0 1 0 0 255 255 255 0 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 Protocolli di Rete & Sicurezza [email protected] Modulo 2 33 • ( # – 192.168.1.255# 192.168.1.0/24 • %& – 10.0.0.0 – 172.16.0.0 – 192.168.0.0 – 10.255.255.255 – 172.16.31.255 – 192.168.255.255 • – 224.0.0.0 Modulo 2 – 239.255.255.255 Protocolli di Rete & Sicurezza [email protected] 34 (+ $ "!# • 192.167.1.16 255.255.255.0 192.167.1.1 • 192.167.1.77 – 192.167.1.77 192.167.1.16 192.168.1.16 192.168.1.0 192.168.1.77 192.168.1.0 Modulo 2 Direct Delivery Protocolli di Rete & Sicurezza [email protected] 35 • Viene utilizzato se l’incapsulamento all’interno dei protocolli di livello più basso richiede di dividere il data-gram in porzioni di dimensioni più piccole – Accade quando il datagram ha dimensioni maggiori dell’MTU (Maximum Transmission Unit) • Il datagram originario viene suddiviso in un insieme di datagram che vengono recapitati indipendentemente – Frammentazione gestita utilizzando IP flags (3 bit) + i 13 bits di offset • Se un frammento non giunge a destinazione (o giunge corrotto) l’intero datagram viene scartato Modulo 2 Protocolli di Rete & Sicurezza [email protected] 36 !% /4./1.03 • &1 – % (( – %% % ' % %# % " &% • &2 – % (( +(( – % – &% % &, " & - 1 Protocolli di Rete & Sicurezza [email protected] Modulo 2 37 Routing Table 172.16.1.1/24 172.16.1.0/24 Ethernet 1 172.16.2.0/24 Ethernet 2 172.16.3.0/24 Ethernet 3 Ethernet 3 172.16.1.2/24 LAN 1 Ethernet 1 Ethernet 2 LAN 3 LAN 2 172.16.2.1/24 Modulo 2 172.16.2.2/24 172.16.3.1/24 Protocolli di Rete & Sicurezza [email protected] 172.16.3.2/24 38 05 (,%(*%)+ Livelli 2/3 Attacchi Modulo 2 Protocolli di Rete & Sicurezza [email protected] 39 • & ' • ! !!! $ • – ! &## ' • – $ • – Modulo 2 Protocolli di Rete & Sicurezza [email protected] 40 *( 26124135 • "#!/ • &$"" )&) 0&#""! ))!#.. – !"" • )""!)$++#!*!"")""# – !"" • #&" – • "#!&!#!)"!*!')") – #! • !## Protocolli di Rete & Sicurezza [email protected] Modulo 2 41 • "#!/ • &$"" )&) 0&#""! ))!#.. – !"" • )""!)$++#!*!"")""# – !"" • #&" – • "#!&!#!)"!*!')") – #! • !## Modulo 2 Protocolli di Rete & Sicurezza [email protected] 42 43 :>7:<7;= • ! ! #,%&&!$&,*#,),%!"! #,! &$$!"$4$!/! , %$-/! – , /! &!, $& – %%!, %$-$. • )!- $//&!5%!-$$ !6%%& !! &5! %,$6&,)$%!$%82!$2 9 ,%%!%"! – !! )% – !! )% • !%3%&$,& !$- – 4)!- "!$&&!,'// !!& ! &"!$ & Modulo 2 Protocolli di Rete & Sicurezza [email protected] 43 • %&!%,!%"!! 4 $//! -* • $!,!$%,&&!, • 4) &%," 4 $//!$!%& $&,'// !! $//!%!$ &#,!-* • ,) ""$& '$&$%"! ! !" 5!$ !6)!-* Modulo 2 Protocolli di Rete & Sicurezza [email protected] 44 << Livello 3 ICMP Protocolli di Rete & Sicurezza [email protected] Modulo 2 45 ICMP (Internet Control Message Protocol) ! # # Modulo 2 Protocolli di Rete & Sicurezza [email protected] 7 46 Some ICMP Messages (*#" ()# $-'% +# $% ((# ,#" ! $ % *# Modulo 2 Protocolli di Rete & Sicurezza [email protected] 9 47 ICMP Echo Attacks ! " # Modulo 2 Protocolli di Rete & Sicurezza [email protected] 11 48 ICMP Destination Unreachable Modulo 2 Protocolli di Rete & Sicurezza [email protected] 15 49 ICMP Destination Unreachable Spoofing Modulo 2 Protocolli di Rete & Sicurezza [email protected] 16 50 Traceroute # " $ &% $ % ! Modulo 2 Protocolli di Rete & Sicurezza [email protected] 17 51 Livello 4 Transport Layer Modulo 2 Protocolli di Rete & Sicurezza [email protected] 52 ,0(,.(-/ -!!$ < '(%$')$ • # – # • ##( • $##*$#'#) • ! • %%!/$##,&,!"%$')#) !4 4#!!$#(#* 5(3226 • $##*$#!(( • ()$') • %%!/$##, $#"#)!!4 #!! $#(#*5(32 .%2)'"#6 %%!/$# '(#)*$# (($# '(%$')$ #)'#) )# Protocolli di Rete & Sicurezza [email protected] Modulo 2 ($ 53 $')'((# $'),"'# $')'$,% 898:; !*+ 98:;<?9=9 <?9=:>==;= (" • )##& ' Modulo 2 Protocolli di Rete & Sicurezza [email protected] 54 .0 >D8>@8?B • "##"%'9!%00"#%!!" 6"'7 • !"!!&&"!'%,"&'" #' !' !('6 7"--%"$,%,#4 !%00""&' !%00""&' "%'"&' "%'"&' • "!" !" #"&&-&,00%,!!" "!!&&"!*- netstat –a –p tcp netstat –a | grep ESTABLISHED Protocolli di Rete & Sicurezza 5 Modulo 2 55 [email protected] Modulo 2 ?C9'&",%#"%'!, % ?C9'&'5#"%'!, % A@9'&$,!!, % A@9'!". !'!, % &:C'&;3 B9'% %&%- 3333 ?C9'.!".&0 !' :C'&; ?C9'&, ?C9',%!'#"!'% "#("!&:!/; ':!/; ?C9'&",%#"%'!, % ?C9'&'5#"%'!, % ?C9'!' ?C9'&, ':!/; Protocolli di Rete & Sicurezza [email protected] 56 @E -1*-/*.0 • )" $ # * ##" +*, • # " " #""# – " – " $ " – #$"# • " # # # # $( Modulo 2 Protocolli di Rete & Sicurezza [email protected] 57 • ## " • " ' – "$$ – ) " $ # – )# # " $ Modulo 2 Protocolli di Rete & Sicurezza [email protected] 58 /2 &"# ! %* *%* *%* Modulo 2 Protocolli di Rete & Sicurezza [email protected] 59 ! ('' ! )'' Modulo 2 Protocolli di Rete & Sicurezza [email protected] ! 60 :@5:<5;> • #%0)$$$)) !%$$$)3 4 – "))")$)%) • 2!# !$$)!%)# 3#%##%4*)!()(; %7$1!#$$*#$8 – %# – (%7+%8 – $$$$!#$2$($"))# Modulo 2 Protocolli di Rete & Sicurezza [email protected] 61 ;?6%$)#!#%)# ;?6%$%1!#%)# =<6%$"))# =<6%+%)# >6%# #$#* 78 ;?6%++$- % 7?%$8 ;?6%$) ;?6%)#%!%# !&$7,8 %7,8 Modulo 2 Protocolli di Rete & Sicurezza [email protected] 62 =; 16.13.25 ! • !#)%"""%% #"""%,- – %% %"%#% • +!""%#%! ,!#!!#-&%$%$2# /"*!""&!"0 #! $#/'#0 """"!"+"$" %%! # ## # )) – * – – – – Modulo 2 Protocolli di Rete & Sicurezza [email protected] 63 #! $ (+211 +212(+411) +412(+212 ! % Banale se l’attaccante può vedere il nostro traffico TCP… Modulo 2 Protocolli di Rete & Sicurezza [email protected] 64 43 Slides Credit: Vern Paxson TCPs Rate Management Unless theres loss, TCP doubles data in flight every round-trip. All TCPs expected to obey (fairness). Mechanism: for each arriving ack for new data, increase by 1 maximum-sized packet allowed data Time E.g., suppose maximum-sized Protocolli di Retepacket & Sicurezza = 100 bytes Modulo 2 [email protected] 83 65 Slides Credit: Vern Paxson Protocol Cheating How can the destination (receiver) get data to come to them faster than normally allowed? ACK-Splitting: each ack, even though partial, increases allowed data by one maximum-sized packet Time How do we defend against Protocolli this? di Rete & Sicurezza Modulo 2 [email protected] Change rule to require full ack for all data sent in a packet 84 66 Slides Credit: Vern Paxson Protocol Cheating How can the destination (receiver) still get data to come to them faster than normally allowed? Opportunistic acking: acknowledge data not yet seen! Time How do we defend against Protocolli this? di Rete & Sicurezza Modulo 2 85 67 [email protected] Keeping Receivers Honest Slides Credit: Vern Paxson Approach #1: if you receive an ack for data you havent sent, kill the connection Works only if receiver acks too far ahead Approach #2: follow the round trip time (RTT) and if ack arrives too quickly, kill the connection Flaky: RTT can vary a lot, so you might kill innocent connections Approach #3: make the receiver prove they Note: a protocol change received the data Add a nonce (random marker) & require receiver to include it in ack. Kill connections w/ incorrect nonces Modulo 2 o (nonce could be function computed over payload, so sender doesnt explicitlyProtocolli transmit, only implicitly) di Rete & Sicurezza 86 [email protected] 68 &,"&("'* TCP Security Issues, cont Slides Credit: Vern Paxson TCP limits the rate at which senders transmit: TCP relies on endpoints behaving properly to achieve fairness in how network capacity is used Protocol lacks a mechanism to prevent cheating Senders can cheat by just not abiding by the limits o Remains a significant vulnerability: essentially nothing today prevents Receivers can manipulate honest senders into sending too fast because senders trust that receivers are honest To a degree, sender can validate (e.g., partial acks) A nonce can force receiver to only act on data theyve seen Such rate manipulation remains a vulnerability today General observation: tension between ease/power of protocols that assume everyone follows vs. violating Security problems persist due to difficulties of retrofitting investment in installed base Modulo 2 Protocolli di Rete & Sicurezza [email protected] 89 69 • • • • • $ % # • !!# ! Modulo 2 Protocolli di Rete & Sicurezza [email protected] 70 )+ '-#')#(+ • • " – – – – $ !% • – – $ % – – Protocolli di Rete & Sicurezza [email protected] Modulo 2 71 ! " # Slides Credit: Christian Platzer, iSecLab Modulo 2 Protocolli di Rete & Sicurezza [email protected] 24 72 *, #" $" $" ! ! Slides Credit: Christian Platzer, iSecLab Modulo 2 Protocolli di Rete & Sicurezza [email protected] 25 73 DHCP Issues Modulo 2 Protocolli di Rete & Sicurezza [email protected] 74 Dynamic Host Configuration Protocol DHCP server new client offer message includes IP address, DNS server, gateway router, and how long client can have these (lease time) Slides Credit: Modulo 2 Protocolli di Rete & Sicurezza Vern Paxson [email protected] 92 75 Dynamic Host Configuration Protocol DHCP server new client offer message includes IP address, DNS server, gateway router, and how long client can have these (lease time) Threats? Slides Credit: Modulo 2 Protocolli di Rete & Sicurezza Vern Paxson [email protected] 93 76 Dynamic Host Configuration Protocol DHCP server new client offer message includes IP address, DNS server, gateway router, and how long client can have these (lease time) Attacker on same subnet can hear new hosts DHCP request Slides Credit: Modulo 2 Protocolli di Rete & Sicurezza Vern Paxson [email protected] 94 77 Dynamic Host Configuration Protocol DHCP server new client Slides Credit: Vern 2Paxson Modulo offer message includes IP address, DNS server, gateway router, and how long client can have these (lease time) Attacker can race the actual server; if they win, replace DNS server and/or gateway router Protocolli di Rete & Sicurezza 95 78 [email protected] DHCP Threats Slides Credit: Vern Paxson Substitute a fake DNS server Redirect any of a hosts lookups to a machine of attackers choice Substitute a fake gateway Intercept all of a hosts off-subnet traffic o (even if not preceded by a DNS lookup) Relay contents back and forth between host and remote server o Modify however attacker chooses An invisible Man In The Middle (MITM) Victim host has no way of knowing its happening o (Cant necessarily alarm on peculiarity of receiving multiple DHCP replies, since that can happen benignly) Protocolli di Rete & Sicurezza How can we fix this? Hard [email protected] Modulo 2 96 79 Domain Name System Modulo 2 Protocolli di Rete & Sicurezza [email protected] 80 28.24.36 • !!" #,- • $$$)) • !"! ! +%%435)427)54)32 – !%(+%%* • !#%075(/ 1 #!,#-! !%% Modulo 2 Protocolli di Rete & Sicurezza [email protected] 81 # Modulo 2 Protocolli di Rete & Sicurezza [email protected] 82 63 :@2:<2;> • % & & ". &> 4=<3!5 &? 4;<A!5 4 5 ( & • %"!)dignslookup !! • • • • • & • %"**nslookupdig ! &'- 0%/!1/ Modulo 2 Protocolli di Rete & Sicurezza [email protected] 83 • !. – & !%!)2!2 ! 4 !% !/!(!' 5 – % &!&& • ' .ipconfig /displaydns /flushdns • %(.7 %2!2!/2 !! – !"!$ && • &&$!% 01$* Modulo 2 Protocolli di Rete & Sicurezza [email protected] 84 >< Modulo 2 Protocolli di Rete & Sicurezza [email protected] 85 Livelli 5,6,7 Sessione, Presentazione, Applicazione Modulo 2 Protocolli di Rete & Sicurezza [email protected] 86 5:257269 ")%*%+ % %# • (+$)9#$2 )#%$ 2 '")"#8) "%/ – )&/#( #$("".$" ("###)"3# '")"# 1(%++ +*40 – *&#/)#( #%" # %0 – +&#/)1 +)" " "0!(#$) " "$ .. ..$0 Modulo 2 Protocolli di Rete & Sicurezza [email protected] 87 ' Modulo 2 + "# "$ $*" Protocolli di Rete & Sicurezza [email protected] 88 99 valdanito 172.16.19.115 DNS Server www.diee.unica.it ! " " ! Modulo 2 Protocolli di Rete & Sicurezza [email protected] 89 Comandi Utili Modulo 2 Protocolli di Rete & Sicurezza [email protected] 90 7<27928: • ping – !( ' !%(' – !( ! '" / • 1 ! !1'' ''!( 1 ! • % ("')4 !!'"++!5 • 1 !'! • arp – !(!'"!!! +++ 3 Protocolli di Rete & Sicurezza [email protected] Modulo 2 91 • nslookup – !! ( – 1 "49<5!* !' ('!'!0 • netstat – !(1 !%( – 1 !1'!'!!.++.!0 • traceroute/tracert – !( $'!! !' ! Modulo 2 Protocolli di Rete & Sicurezza [email protected] 92 :; 37035046 • " "!"+ – &! (!& "1!&( &!& &!2 – " &(" " – ' !('"&." &!/ • + – – • -!!&#(( ! &! " 1" '((" 2 Modulo 2 Protocolli di Rete & Sicurezza [email protected] 93 • ! " !&- ! "& !!! &"!"" !&" ((+ • !&" , "#% Modulo 2 Protocolli di Rete & Sicurezza [email protected] 94 67 )-&)+&*, • '$ &!*" % • '$% • '$ % • '$"&& ##&% • '$"&& # #&% Modulo 2 Protocolli di Rete & Sicurezza [email protected] 95 ,.