TCP IP - PowerPoint PPT Presentation

1 / 31
About This Presentation
Title:

TCP IP

Description:

These scans can also tell what Operating Systems and versions ... Can scan entire subnets. Can scan stealthily. Scans hosts for ... Scans. The slow scan ... – PowerPoint PPT presentation

Number of Views:633
Avg rating:3.0/5.0
Slides: 32
Provided by: DENN238
Category:
Tags: tcp | scan

less

Transcript and Presenter's Notes

Title: TCP IP


1
TCP IP
  • Fact
  • Fiction
  • Fundamentals

Dennis Pollutro CTO
2
TCP / IP History
  • What is TCP IP ?
  • Where did it come from ?
  • Why do we use it ?
  • What are the issues ?

3
What it is
  • Protocols adopted in 1969 as part of ARPA net
  • Transmission Control
  • Internet
  • Two different Layers of OSI model

4
Time Line
  • 1969 ARPANET
  • 1980 NSF DDS
  • 1984 Split Unclassified Classified
  • 1995 NSF tide shift to public
  • Sprint, UUNET, MCI, PSINet, Ect.

5
What it Does
  • Helps Network Cohesion
  • Easy to communicate
  • Helps Network Expansion
  • Easy to deploy distributed networks
  • Helps Network Insecurity
  • Easy to Hack

6
The IP Packet
7
TCP Header Anatomy
8
Example
  • 3 way Handshake
  • C-gt S SYN ( ISN C )
  • S-gt C SYN ( ISN S ), ACK ( ISN C )
  • C-gt S ACK ( ISN S )
  • C-gt S data

9
QA
  • Next section Architecture
  • The Good the Bad the Ugly

10
TCP IP
  • The Good the Bad the Ugly

11
The good
  • Helps Network Cohesion
  • Easy to communicate
  • Helps Network Expansion
  • Easy to deploy distributed networks
  • Helps Network Insecurity
  • Easy to Hack

12
TCP the Bad
  • SYN/ACK stealth scan
  • Packet flagged as if it is the SYN/ACK reply to
    a SYN connect request
  • No TCP connection is being verified
  • RST (reset) packet is sent back to source
  • FIN stealth scan
  • Packet have the FIN flag set
  • No TCP connection is in place to close
  • RST (reset) packet is sent back to source
  • These are considered stealthy because no
    connection information is logged at target.

13
The Ugly
  • ISN Prediction
  • ISN is not really random
  • ISN is incremented by a constant amount once per
    second, and by half that amount each time a
    connection is made
  • Latency

14
The Ugly Continued
  • Passive attacks
  • Sniffing
  • Active attacks
  • Spoofing
  • Blind attacks
  • Session Hijacking

15
First clues of a Upcoming Attack
  • The first clue is often scans of your network
  • These scans are to map out what IP addresses are
    in use
  • These scans can also tell what Operating Systems
    and versions you are running

16
Easily found tools to scan with
  • PING
  • NMAP ( http//www.insecure.org/nmap/ )
  • Can scan entire subnets
  • Can scan stealthily
  • Scans hosts for ports in use
  • Can identify many Operating Systems
  • Installed as part of many Linux distributions

17
More advanced tools to scan with
  • SAINT ( http//www.wwdsi.com/saint/ )
  • Runs in a web browser
  • Whole subnets can be scanned
  • Will test all know vulnerabilities for each OS
  • Will even attempt some password guessing
  • NESSUS ( http//www.nessus.org/ )
  • Runs as an X-Windows program
  • Tests for security holes
  • Detailed output

18
Why pay attention to network scans?
  • Scans are often the scouting mission of a
    possible attacker.
  • Scanning tools like Nmap allow the mapping out an
    entire network including
  • IP addresses in use
  • Times the IP addresses are in use
  • Operating Systems being used
  • Accessible services with known vulnerabilities

19
Common Scan Tactics
  • Ping broadcast to a subnet
  • Subnet sweep looking for specific ports
  • Port 7 - echo
  • Port 21 - ftp
  • Port 23 - telnet
  • Port 25 - email
  • Port 80 - web
  • Ports 137 - NetBIOS
  • Port 443 - secure web

20
Harder to Detect Scans
  • The slow scan
  • Scanning each possible IP address one with a one
    second or more delay between queries
  • Leap frog
  • Scanning multiple subnets at once changing subnet
    queried after each IP scanned

21
QA
  • Next section Resolution
  • Stop the leaking Dam

22
Design for security
  • Layers
  • Layers
  • Layers

23
OSI 7 Layer Model
  • 7. Application File System
  • 6. Presentation Syntax of Data
  • 5. Session Data sequence
  • 4. Transport Delivery
  • 3. Network Routing
  • 2. Data Link Packets
  • 1. Physical Server and card

24
So What Now
  • Routers
  • ACLs
  • Firewalls
  • Gateways
  • Proxy servers
  • IDS

25
Security Manager
26
Threshold
  • Company Tolerance VS- Budget
  • Industry Tolerance VS- Governance
  • Personal Tolerance VS- Bandwidth

27
Value
  • Importance
  • Realistic
  • Result of Loss
  • Credibility
  • Bottom line Effect

28
Diligence
  • Process
  • Procedure
  • Policy
  • Governance

29
Improve
  • New technologies
  • 3rd Party Specialist
  • Events
  • Education

30
The Answer
  • Keep moving forward
  • Stay alert to new technology
  • Address all layers
  • Use experts
  • Meet Tolerance levels.

31
QA
  • Thank You
Write a Comment
User Comments (0)
About PowerShow.com