Lecture 17                                                                    Date: March 23, 2006

 

Lecture about: TCP and UDP

 

A brief description about the protocol stack:

A commonly used protocol stack looks like this

+- - - - - -+
| HTTP      |
+- - - - - -+
| TCP       |
+- - - - - -+
| IP        |
+- - - - - -+
| Ethernet  |
+- - - - - -+

 

  1. Here Ethernet incorporates both the physical and the data-link layer. It defines all the electrical and physical specifications of the devices, establishment and termination of a connection, contention resolution and flow control, modulation. The same applies to the other local-area networks, such as Token ring, FDDI. It also provides functional and procedural means to transfer data between network entities and detect and correct errors.
  2. IP forms the network layer and provides the functional and procedural means of transferring variable length data sequences from a source to a destination via one or more networks while maintaining the quality of service requested by the Transport layer. It gives a way of addressing hosts on the network. IP runs all the intermediate nodes around like gateways and servers.
  3. TCP/UDP forms the Transport layer. It provides transparent transfer of data between end users, thus relieving the upper layers from any concern with providing reliable and cost-effective data transfer. The transport layer controls the reliability of a given link. However TCP/UDP wasn’t designed with security in mind, suffers from problems like authenticating host.

 

Application / Network

 

 

 

 

UDP

 

 

 

 

TCP

Flow Control Mechanism (TCP Receiver and Sender) (Additive increase and multiplicative decrease.)

 

 

 

 

 

 

Network Vulnerabilities

 

 

·        Lack of authentication – anybody can hack the initial connection since we are just generating a particular packet with sequence number. This leads to real problem of denial service attack. Server has no was of knowing whether it is a legitimate connection. Just receivneg one of the SYN requires a book keeping action. Quick check – Before creating a book keeping action challenge the user before connection and then set up the connecton based on the users input. Once the server checks the hash function it maintains initial state.

·        Functions which are hard to compute and easy to verify can be used to prevent the denial service attack

·        We can’t look at IP address to stop this attack since the IP addresses are spoofable.

·        Distributed denial services attack – the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and direct the attack. With enough such slave hosts, the services of even the largest and most well-connected websites can be denied.

·        You can write your version of TCP and change the protocol since TCP does not force to use its protocol.

·        Syn flood attack – the receiver has to keep a state for open TCP connection. It might have room for just 20 messages and it might overload that capacity Timer expires which signifies that the client was not able to complete 3WH protocol and we get a session timeout saying that it was unable to connect to the server.