Slides - PRA Lab

Transcript

Slides - PRA Lab

%(("
%,
&%
[email protected]
Pattern Recognition and
Applications Lab
http://pralab.diee.unica.it
•  !'*&
•  !
+
•  !(!
•  $
–  –  $
–  &
Modulo 2
Protocolli di Rete & Sicurezza
[email protected]
2
9=59;5:<
"()
•  2" "$+!#)
!3 ""4)"!!
1
–  !7& # /!+!/# $/
!# 8
–  ##7&/#!#/6/5
8
–  #7&
//!/"##
""8
•  ' Modulo 2
[email protected]
3
"(*
•  ), ""+!)""!
!1
–  !
•  !&!"$"+/&! !#
–  •  &!'0##!""
–  !
•  $,+"
–  #
•  ))"#"" """"#! *
!+$!#
,+
–  # Modulo 2
[email protected]
4
;
',%')%(+
$
&
ISO – OSI Stack
TCP/IP Stack
%
%
!
$
$( )
[email protected]
Modulo 2
5
• 
#(*)
–  $
–  $
• 
(+)
–  –  $ • 
• 
$(,)
–  –  '
(-)
–  –  !
–  ""
Modulo 2
[email protected]
6
*
(,&(*&)+
•  %(&
–  % "
–  $$
•  %)&
–  "
–  •  #%*&
–  '
[email protected]
Modulo 2
7
! $! Modulo 2
HTTP protocol
"
TCP protocol
IP protocol
!
"
Ethernet protocol
"
[email protected]
8
+
!& !# "$
Livello 1
Physical Layer
Modulo 2
[email protected]
9
•  –  –  –  –  Modulo 2
[email protected]
10
%
Livello 2
Link Layer
Modulo 2
[email protected]
11
dest
(48-bits)
src
type
48-bits) 16 bits)
0x800
Modulo 2
data
(46-1500B)
CRC
(32 bits)
IP Datagram
[email protected]
12
;B6;=6<?
#*
)
•  $ ! ")$% * ") #*%#.. $ $#( * $ ( $%%).. 4 5$)")! %#()#)
). 2
•  ")$% * $' %"#$! $&*#%
–  %##%81)%
–  =?%& !# )( #
–  =?%& 3%#
%179)#$$
•  -!
–  1
1
•  %
%
–  ?A6$$ <@;;-%
•  –  >=% ##. ## #
$
[email protected]
Modulo 2
13
(
•  #$#869
–  ()#%# #%
•  ipconfig / ifconfig869
–  $%# )#. %#
–  $%##$$3%#
–  $%'
sudo ifconfig en0 ether nu:ov:oM:AC:Ad:dr
•  iwconfig8, -9
%
–  )#)%#+#$$
$
Modulo 2
[email protected]
14
B
6;16817:
Livello 3
Network Layer
Modulo 2
[email protected]
15
$
•  ) 9 "(+ $
#! #%) ##"$
•  #$
1
!" $ !") 9!" $ "!#
–  0!" $ #((! 0$""$
–  $ ;=73
):4
–  $"!" $ /
.
.
•  "'"#%!" $ –  % ##
–  "#$2 "$$"
Modulo 2
•  )"*.$"$. "$ . 2(!% # "%$
•  ' " !!.$!"."!*.#! Protocolli di Rete & Sicurezza
[email protected]
16
<
8>18:19<
9=2####3)#"4
?2#
) !'
<2#
!-
<2#
'!"
?2#
?2# !#
9;2#!#"#
9=2#
!"&
;2#
"
9=2#$$
;:2#"&!!""
;:2#"$$!""
$"3)4
#3)4
[email protected]
Modulo 2
17
•  !"3<#"4
–  !!!#B<3'<4
•  !#3<#"4
–  &!/(!"0;:#.!,&" *
•  ) 3?#"4
–  !!#)3;#"4,
3<#"4,&"39#4
•  ##39=#"4
–  &**##,!A$
•  $$39=#"4
–  A9!#!
•  "3;#"45"#"39;#"4
–  $**$ !"$!!#*$
Modulo 2
[email protected]
18
@
:@5:<5;>
•  )6A$#7
–  ("###$(!'!( '")"#"
!"("#%,
•  "$6A$#7
–  !%!!"$!#($$"607
•  "#(6;?$#7
–  $#($('2"
•  "###6=<B=<$#7
–  !#"$#%,
[email protected]
Modulo 2
19
•  ",,((,"##
2$"("$/
•  "1
– 
– 
– 
– 
+"(%,,",,>A$
$*"+"(%,,",,=<$
)"($"
'!##(%,,"#$2",,+"<6#*$
##!#%)+"<3#4#%"",,7
•  (,1
–  2$")!#($($"$$"
–  ##$#%"""#!,"",,"##
Modulo 2
[email protected]
20
;:
26/24/35
•  &&-.0$%1
,#
)
•  +# 7$%01
IP Header
Frame Header
Modulo 2
IP Data
Frame Data
[email protected]
21
•  0# *0x08061
$# &&" ,&&
–  0
172.16.254.1311$##
0
172.16.254.1521
–  "##
01# +
arp who-has 172.16.254.152 tell 172.16.254.131
–  &&
# –  $ #
0#$#&&/1
–  0x0835$$#
Modulo 2
[email protected]
22
33
'+%')%(*
•  •  &
–  &"
–  &&
•  &&
–  $#
–  &&
•  &
[email protected]
Modulo 2
23
Slides Credit:
Christian Platzer, iSecLab
Modulo 2
[email protected]
24
()
Slides Credit:
[email protected]
Modulo 2
25
Slides Credit:
Modulo 2
[email protected]
26
Slides Credit:
[email protected]
Modulo 2
27
Slides Credit:
Modulo 2
[email protected]
28
*/&*,&+-
Slides Credit:
Modulo 2
[email protected]
29
•  ipconfig / ifconfig(
&)
–  "
–  %
•  arp(
&)
–  '
–  !
•  ping(
&)
–  ()
Modulo 2
[email protected]
30
+.
7=17918;
•  ****:92 *
& 10000000 10000011 10101100 00000001 = 128.131.172.1
•  &$9:9. ** ' &!
–  Direct delivery
•  Nella realtà la situazione è differente, e abbiamo necessità di
raggruppare gli indirizzi IP
–  Subnetting Lo spazio di indirizzamento IP viene suddiviso in
tante sotto-reti (subnet)
[email protected]
Modulo 2
31
•  . *& & '
#'& 2
–  ! & ')
–  &. & '' & ()
•  & -
–  /0:9 & .**! &.**
–  48
375
–  .** ! & 2!&
•  .**!*! & .
& #& ..!*
& . Modulo 2
[email protected]
32
8<
'+$')$(*
•  "
–  #
–  %&
#
#
–  •  192.168.1.100
192
255.255.255.0/24
1
168
100
1 1 0 0 0 0 0 0 1 0 1 0 1 0 0 0 0 0 0 0 0 0 0 1 0 1 1 0 0 1 0 0
255
255
255
0
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0
[email protected]
Modulo 2
33
•  (
#
–  192.168.1.255#
192.168.1.0/24
•  %&
–  10.0.0.0
–  172.16.0.0
–  192.168.0.0
– 10.255.255.255
– 172.16.31.255
– 192.168.255.255
•  –  224.0.0.0
Modulo 2
– 239.255.255.255
[email protected]
34
(+
$ "!#
•  192.167.1.16 255.255.255.0
192.167.1.1
•  192.167.1.77 –  192.167.1.77
192.167.1.16
192.168.1.16 192.168.1.0
192.168.1.77 192.168.1.0
Modulo 2
Direct Delivery
[email protected]
35
•  Viene utilizzato se l’incapsulamento all’interno dei protocolli di
livello più basso richiede di dividere il data-gram in porzioni di
dimensioni più piccole
–  Accade quando il datagram ha dimensioni maggiori dell’MTU
(Maximum Transmission Unit)
•  Il datagram originario viene suddiviso in un insieme di
datagram che vengono recapitati indipendentemente
–  Frammentazione gestita utilizzando IP flags (3 bit) + i 13 bits di offset
•  Se un frammento non giunge a destinazione (o giunge
corrotto) l’intero datagram viene scartato
Modulo 2
[email protected]
36
!%
/4./1.03
•  &1
–  % ((
–  %%
%
'
%
%#
%
"
&%
•  &2
–  % ((
+((
–  %
–  &%
%
&,
"
&
-
1
[email protected]
Modulo 2
37
Routing Table
172.16.1.1/24
172.16.1.0/24
Ethernet 1
172.16.2.0/24
Ethernet 2
172.16.3.0/24
Ethernet 3
Ethernet 3
172.16.1.2/24
LAN 1
Ethernet 1
Ethernet 2
LAN 3
LAN 2
172.16.2.1/24
Modulo 2
172.16.2.2/24
172.16.3.1/24
[email protected]
172.16.3.2/24
38
05
(,%(*%)+
Livelli 2/3
Attacchi
Modulo 2
[email protected]
39
•  &
'
•  ! !!!
$ •  –  ! &##
'
•  –  $
•  –  Modulo 2
[email protected]
40
*(
26124135
•  "#!/
•  &$"" )&)
0&#""! ))!#..
–  !""
•  )""!)$++#!*!"")""#
–  !""
•  #&"
–  •  "#!&!#!)"!*!')")
–  #!
•  !##
[email protected]
Modulo 2
41
•  "#!/
•  &$"" )&)
0&#""! ))!#..
–  !""
•  )""!)$++#!*!"")""#
–  !""
•  #&"
–  •  "#!&!#!)"!*!')")
–  #!
•  !##
Modulo 2
[email protected]
42
43
:>7:<7;=
•  ! ! #,%&&!$&,*#,),%!"!
#,! &$$!"$4$!/! , %$-/!
–  , /! &!, $&
–  %%!, %$-$.
•  )!- $//&!5%!-$$ !6%%& !!
&5! %,$6&,)$%!$%82!$2 9
,%%!%"! –  !! )%
–  !! )%
•  !%3%&$,& !$-
–  4)!- "!$&&!,'// !!& ! &"!$ &
Modulo 2
[email protected]
43
•  %&!%,!%"!! 4 $//! -*
•  $!,!$%,&&!, •  4) &%," 4 $//!$!%&
$&,'// !! $//!%!$ &#,!-*
•  ,) ""$& '$&$%"! ! !" 5!$ !6)!-*
Modulo 2
[email protected]
44
<<
Livello 3
ICMP
[email protected]
Modulo 2
45
ICMP (Internet Control Message Protocol)
!
# #
Modulo 2
[email protected]
7 46
Some ICMP Messages
(*#" ()#
$-'%
+#
$%
((#
,#" !
$ %
*#
Modulo 2
[email protected]
9 47
ICMP Echo Attacks
!
"
#
Modulo 2
[email protected]
11 48
ICMP Destination Unreachable
Modulo 2
[email protected]
15 49
ICMP Destination Unreachable
Spoofing
Modulo 2
[email protected]
16 50
Traceroute
# "
$
&%
$
%
!
Modulo 2
[email protected]
17 51
Livello 4
Transport Layer
Modulo 2
[email protected]
52
,0(,.(-/
-!!$
<
'(%$')$
•  #
–  #
•  ##(
• $##*$#'#)
• !
• %%!/$##,&,!"%$')#)
!4
4#!!$#(#*
5(3226
• $##*$#!((
• ()$')
• %%!/$##,
$#"#)!!4
#!!
$#(#*5(32
.%2)'"#6
%%!/$#
'(#)*$#
(($#
'(%$')$
#)'#)
)# Protocolli di Rete & Sicurezza
[email protected]
Modulo 2
($
53
$')'((#
$'),"'#
$')'$,%
898:;
!*+
98:;<?9=9
<?9=:>==;=
("
• )##&
'
Modulo 2
[email protected]
54
.0
>D8>@8?B
• "##"%'9!%00"#%!!" 6"'7
• !"!!&&"!'%,"&'" #' !'
!('6
7"--%"$,%,#4
!%00""&'
!%00""&'
"%'"&'
"%'"&'
• "!" !"
#"&&-&,00%,!!"
"!!&&"!*-
netstat –a –p tcp
netstat –a | grep ESTABLISHED
5
Modulo 2
55
[email protected]
Modulo 2
?C9'&",%#"%'!, % ?C9'&'5#"%'!, %
A@9'&$,!!,
% A@9'!".
!'!, %
&:C'&;3
B9'%
%&%-
3333 ?C9'.!".&0
!'
:C'&;
?C9'&, ?C9',%!'#"!'%
"#("!&:!/;
':!/;
?C9'&",%#"%'!,
%
?C9'&'5#"%'!, %
?C9'!'
?C9'&, ':!/;
[email protected]
56
@E
-1*-/*.0
•  )"
$
#
*
##"
+*,
•  #
" "
#""#
–  "
–  "
$
"
–  #$"#
•  "
#
#
#
#
$(
Modulo 2
[email protected]
57
•  ##
"
•  "
'
–  "$$
–  )
"
$
#
–  )#
#
"
$
Modulo 2
[email protected]
58
/2
&"#
!
%*
*%*
*%*
Modulo 2
[email protected]
59
!
(''
!
)''
Modulo 2
[email protected]
!
60
:@5:<5;>
•  #%0)$$$))
!%$$$)3
4
–  "))")$)%)
•  2!# !$$)!%)#
3#%##%4*)!()(;
%7$1!#$$*#$8
–  %#
–  (%7+%8
–  $$$$!#$2$($"))#
Modulo 2
[email protected]
61
;?6%$)#!#%)# ;?6%$%1!#%)#
=<6%$"))#
=<6%+%)#
>6%#
#$#*
78 ;?6%++$-
%
7?%$8
;?6%$)
;?6%)#%!%#
!&$7,8
%7,8
Modulo 2
[email protected]
62
=;
16.13.25
!
•  !#)%"""%%
#"""%,-
–  %% %"%#%
•  +!""%#%!
,!#!!#-&%$%$2#
/"*!""&!"0
#!
$#/'#0
""""!"+"$" %%!
# ##
#
))
–  *
– 
– 
– 
– 
Modulo 2
[email protected]
63
#!
$
(+211
+212(+411)
+412(+212
!
% Banale se l’attaccante può vedere il nostro traffico TCP…
Modulo 2
[email protected]
64
43
Slides Credit:
Vern Paxson
TCPs Rate Management
Unless theres loss, TCP doubles data in flight
every round-trip. All TCPs expected to obey
(fairness).
Mechanism: for each arriving ack for new data,
increase
by 1 maximum-sized
packet
allowed data
Time
E.g., suppose maximum-sized
Protocolli di Retepacket
& Sicurezza = 100 bytes
Modulo 2
[email protected]
83 65
Slides Credit:
Vern Paxson
Protocol Cheating
How can the destination (receiver) get data to come
to them faster than normally allowed?
ACK-Splitting: each ack, even though partial, increases
allowed data by one maximum-sized packet
Time
How do we defend against
Protocolli this?
di Rete & Sicurezza
Modulo 2
[email protected]
Change rule to require
full ack for all data
sent in a packet 84 66
Slides Credit:
Vern Paxson
Protocol Cheating
How can the destination (receiver) still get data to
come to them faster than normally allowed?
Opportunistic acking: acknowledge data not yet seen!
Time
How do we defend against
Protocolli this?
di Rete & Sicurezza
Modulo 2
85 67
[email protected]
Keeping Receivers Honest
Slides Credit:
Vern Paxson
Approach #1: if you receive an ack for data you
havent sent, kill the connection
Works only if receiver acks too far ahead
Approach #2: follow the round trip time (RTT)
and if ack arrives too quickly, kill the connection
Flaky: RTT can vary a lot, so you might kill innocent
connections
Approach #3: make the receiver prove they
Note: a protocol change
received the data
Add a nonce (random marker) & require receiver to
include it in ack. Kill connections w/ incorrect nonces
Modulo 2
o (nonce could be function computed over payload, so sender
doesnt explicitlyProtocolli
transmit,
only implicitly)
di Rete & Sicurezza
86
[email protected]
68
&,"&("'*
TCP Security Issues, cont
Slides Credit:
Vern Paxson
TCP limits the rate at which senders transmit:
TCP relies on endpoints behaving properly to achieve fairness in
how network capacity is used
Protocol lacks a mechanism to prevent cheating
Senders can cheat by just not abiding by the limits
o Remains a significant vulnerability: essentially nothing today prevents
Receivers can manipulate honest senders into sending too
fast because senders trust that receivers are honest
To a degree, sender can validate (e.g., partial acks)
A nonce can force receiver to only act on data theyve seen
Such rate manipulation remains a vulnerability today
General observation: tension between ease/power of
protocols that assume everyone follows vs. violating
Security problems persist due to difficulties of retrofitting investment in installed base
Modulo 2
[email protected]
89 69
• 
• 
• 
• 
• 
$
%
#
•  !!#
!
Modulo 2
[email protected]
70
)+
'-#')#(+
•  •  "
– 
– 
– 
– 
$
!%
•  –  –  $
%
–  –  Protocolli di Rete & Sicurezza
[email protected]
Modulo 2
71
!
" # Slides Credit:
Modulo 2
[email protected]
24 72
*,
#"
$"
$"
!
!
Slides Credit:
Modulo 2
[email protected]
25 73
DHCP Issues
Modulo 2
[email protected]
74
Dynamic Host Configuration Protocol
DHCP server
new
client
offer message
includes IP address,
DNS server, gateway
router, and how long
client can have these
(lease time)
Slides Credit:
Modulo 2
Protocolli
di Rete
& Sicurezza
Vern
Paxson
[email protected]
92 75
DHCP server
new
client
offer message
DNS server, gateway
(lease time)
Threats?
Slides Credit:
Modulo 2
Protocolli
di Rete
& Sicurezza
Vern
Paxson
[email protected]
93 76
DHCP server
new
client
offer message
DNS server, gateway
(lease time)
Attacker on same
subnet can hear
new hosts
DHCP request
Slides Credit:
Modulo 2
Protocolli
di Rete
& Sicurezza
Vern
Paxson
[email protected]
94 77
DHCP server
new
client
Slides Credit:
Vern 2Paxson
Modulo
offer message
DNS server, gateway
(lease time)
Attacker can race the actual
server; if they win, replace DNS
server and/or gateway router
95 78
[email protected]
DHCP Threats
Slides Credit:
Vern Paxson
Substitute a fake DNS server
Redirect any of a hosts lookups to a machine of
attackers choice
Substitute a fake gateway
Intercept all of a hosts off-subnet traffic
o (even if not preceded by a DNS lookup)
Relay contents back and forth between host and
remote server
o Modify however attacker chooses
An invisible Man In The Middle (MITM)
Victim host has no way of knowing its happening
o (Cant necessarily alarm on peculiarity of receiving multiple
DHCP replies, since that can happen benignly)
How can we fix this?
Hard
[email protected]
Modulo 2
96 79
Domain Name System
Modulo 2
[email protected]
80
28.24.36
•  !!"
#,-
•  $$$))
•  !"!
! +%%435)427)54)32
–  !%(+%%*
•  !#%075(/
1 #!,#-!
!%%
Modulo 2
[email protected]
81
#
Modulo 2
[email protected]
82
63
:@2:<2;>
•  % & & ".
&> 4=<3!5
&? 4;<A!5
4 5
(
&
•  %"!)dignslookup !!
• 
• 
• 
• 
• 
&
•  %"**nslookupdig !
&'- 0%/!1/
Modulo 2
[email protected]
83
•  !.
–  & !%!)2!2 ! 4 !% !/!(!' 5
–  % &!&&
•  ' .ipconfig /displaydns /flushdns
•  %(.7 %2!2!/2 !!
–  !"!$ &&
•  &&$!%
01$*
Modulo 2
[email protected]
84
><
Modulo 2
[email protected]
85
Livelli 5,6,7
Sessione, Presentazione,
Applicazione
Modulo 2
[email protected]
86
5:257269
")%*%+
% %#
•  (+$)9#$2
)#%$ 2
'")"#8)
"%/
–  )&/#( #$("".$"
("###)"3# '")"#
1(%++ +*40
–  *&#/)#( #%"
#
%0
–  +&#/)1 +)" " "0!(#$) " "$ ..
..$0
Modulo 2
[email protected]
87
'
Modulo 2
+
"# "$
$*"
[email protected]
88
99
valdanito
172.16.19.115
DNS Server
www.diee.unica.it
! "
" ! Modulo 2
[email protected]
89
Comandi Utili
Modulo 2
[email protected]
90
7<27928:
•  ping –  !( ' !%('
–  !( ! '" /
•  1 ! !1'' ''!( 1 !
•  %
("')4
!!'"++!5
•  1 !'! •  arp
–  !(!'"!!!
+++
3 Protocolli di Rete & Sicurezza
[email protected]
Modulo 2
91
•  nslookup –  !! (
–  1 "49<5!*
!' ('!'!0
•  netstat
–  !(1 !%(
–  1 !1'!'!!.++.!0
•  traceroute/tracert
–  !( $'!!
!' !
Modulo 2
[email protected]
92
:;
37035046
•  " "!"+
–  &! (!& "1!&(
&!& &!2
–  " &(" "
–  ' !('"&." &!/
•  +
–  –  •  -!!&#(( ! &!
" 1" '(("
2
Modulo 2
[email protected]
93
•  ! " !&-
! "&
!!! &"!"" !&" ((+
•  !&" ,
"#%
Modulo 2
[email protected]
94
67
)-&)+&*,
•  '$
&!*"
%
•  '$%
•  '$ %
•  '$"&&
##&%
•  '$"&&
# #&%
Modulo 2
[email protected]
95
,.

Slides - PRA Lab

Transcript

Documenti analoghi

PROGRAMMA DI STORIA DELL`ARTE CLASSE 4 H Rinascimento

curriculum vitae - Ministero Dell`Interno

CV Cabassi.indd - Concorso Busoni

Davide Villella dal 2014 professionista con la Liquigas

corso di alto perfezionamento pianistico2013

sintesi

Scarica - VR Slot

IDEM e le AAI per le infrastrutture di ricerca

APPUNTI DI VIAGGIO Parole e immagini dal diario di Adriana +

Sard Ant 34 schema