T C P I P Weaknesses And Solutions
Upcoming SlideShare
Loading in...5

Like this? Share it with your network

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 5

http://www.slideshare.net 5

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 1.
    • &
    • Enis Karaaslan
    • Ege University
    • International Computer Institute
    • 35100 Bornova-İZMİR
    • [email_address]
  • 2. Presentation Content
    • TCP/IP Protocol Suite
    • IP Security Problems
      • TCP/IP Weaknesses
      • IP Based Attacks
    • Case Story - Attack on HTTP
    • Protection Methods
    • IPv6
    • SECURE IP –Ipsec
    • Discussion & Conclusion
  • 3. TCP/IP Protocol Suite
    • TCP/IP is a protocol suite which is used to transfer data through networks. It consists of several protocols. The most important is IP.
    •   IP : mainly takes care of specifying where to send data.
    • The main protocols associated with it are :
      • TCP (Transmission Control Protocol)
      • UDP ( User Datagram Protocol)
      • ICMP (Internet Control Message Protocol) :
  • 4. Relevant points about TCP/IP
    • The TCP/IP protocol suite contains all protocols necessary to facilitate data transfer over the Internet
    • The TCP/IP protocol suite provides quick, reliable networking without consuming heavy network resources
    • TCP/IP is implemented on almost all computing platforms
  • 5. Addressing in TCP/IP
    • Today millions of computers interact with eachother. There is a need to establish :
      • A globally accepted method of identifying computers.
      • To provide a universal communication service.
  • 6. Internet Address Classification
    • IP Addresses (version 4)
    • Five classes (A,B,C,D,E) Addresses are 32-bits.
      • Class A - (0) – ( more than 65,536 (2^16) hosts )
      • Class B - (10) – (between 256 (2^8) and 65,536 (2^16) hosts )
      • Class C - (110) (less than 256 (2^8) hosts)
      • Class D - (1110) - Multicast addressing.
      • Class E - (11110) - Reserved for future use.
    • IPv6 (proposed) uses 128 -bits.
  • 7. Port Numbers
    • TCP/IP communication uses special port number which it connects to. Some well-known port numbers are:
    • 21 - FTP (File Transfer Protocol)
    • 23 - Telnet
    • 25 - SMTP (Simple Mail Transfer Protocol)
    • 80 - HTTP (HyperText Transfer Protocol)
  • 8. IP Security Problems
    • Having security problems depends on the facts that :
      • IP was designed for use in a hostile environment, but it’s designers didn’t throug h ly anticipate how hostile the network itself might one day come.
      • IP wasn’t designed to provide security
      • IP is an evolving protocol
  • 9. TCP/IP Weaknesses
    • Protection through the use of privileged ports (0-1000) has little value since PCs have become TCP/IP clients.
    • No traffic priority (easy to flood the network).
    • Traffic can be injected, packets can be stolen or hijacked.
    • UDP (datagram based) offers no authentication.
    • TCP (connection based) offers weak authentication.
  • 10. TCP/IP Weaknesses (cont.)
    • No confidentiality (no encryption).
    • IP spoofing is easy (weak authentication), machines can lie about IP addresses. Routers can be tricked. Header checksums are not sufficient.
    • Checksums are easy to cheat (weak algorithm).
    • Three Way Handshake
    • However, TCP/IP is reliable, robust and the de-facto standard.
  • 11. Some IP Based Attacks
    • Network Sniffers (packet sniffing or eavesdropping):
    • Attack to Confidentiality
    • IP spoofing attacks : Masquarede
    • Connection hijacking : Attack to Integrity
    • Data Spoofing : Attack to Integrity
  • 12. Some IP Based Attacks (cont.)
    • To halt computers (disabling their intended use:
    • Attack to Availability Denial of Service
      • WinNuke(Nuking)
      • TearDrop
      • Ssping
      • SYN Flooding
      • Smurf
    • Attacks to Nameservice - DNS
      • Client flooding
      • Bogus nameserver cache loading
      • Rogue DNS servers
  • 13. C ase S tudy : Attack on HTTP
    • We can not restrict access if we have a Internet Site – WWW. A site (www.companyname.com) on a machine is open to attacks.
    • A computer having an IP address connects to our site.
    • Question : Is this IP correct? Can it be a masquerade?
    • TCP makes three-way handshake to establish a connection. Meanwhile the connection information must be kept on a buffer.
    • Question : What should be the buffer size? How long should the information be kept?
  • 14. C ase S tudy: Syn Attack (cont.)
  • 15. Case Study: Solutions
    • Minimize the time that takes the sistem before emptying the connection information from the buffer.
    • Increase the buffer capacity.
    • Use Syn-cookies method. (This is used in Linux Systems)
    • Watch the LAN with security programs.
    • Network Security
      • Know your weaknesses
      • Use encryption techniques
      • Protect your network from outside (firewall, router access list ... Etc)
      • Intrusion Detection, Network Monitoring
      • IP v6 ?
      • IPSec ?
  • 17. IPv6 (IPng)
    • IPv6 is short for "Internet Protocol Version 6". IPv6 is the "next generation" protocol designed by the IETF to replace the current version Internet Protocol, IP Version 4 ("IPv4").
    • A larger address (128 bit): Most of today's internet uses IPv4, which is now nearly twenty years old. There is a growing shortage of IPv4 addresses
    • It also adds many improvements to IPv4 in areas such as routing and network autoconfiguration. IPv6 is expected to gradually replace IPv4, with the two coexisting for a number of years during a transition period.
    • Class of Service Improvements
    • Supports Encryption
    • For detailed IPv6 info http://www.ipv6.org
  • 18. IPv6 versus IPv4
    • The major differences :
    • Extended and hierarchical address space - 128bits instead of 32bits and the hierarchical nature improve the efficiency of the network.
    • Plug and Play auto-configuration - Eases configuration, an enabler for IP in domestic appliances.
    • Built in support for IP Security .
    • Fixed length and simplified IP header - optimised for hardware implementation ( domestic appliances )
    • Extension Headers - Aids streamlining, simplicity, flexibility and makes the protocol future-proof.
    • Improved support of Quality of Services, Multicast and Mobile IP.
  • 19. IPsec
    • IPsec protocols are designed to provide authentication, integrity and confidentiality services to both the current IP protocol (IPv4) and IPv6.
    • Benefits of IPSec
      • IPSec is below the transport layer and thus transparent to applications
      • IPSec can be transparent to end users
      • IPSec can even provide security for individual users if needed.
      • IPSec is on its way becoming an Internet standard
  • 20. Discussion & Conclusion
    • IP Security is a very important concern that must be taken into consideration seriously. To provide security in a WAN or LAN :
    • Encryption techniques must be standardizized.
    • Firewalls are a must for corparate networks.
    • Number of attacks are increasing day by day. It’s becouse TCP/IP became very popular, and there are a lot of people who are familiar with its strengths and weaknesses.
  • 21. Discussion & Conclusion (continued)
    • Watch out for New Attacks on the Net and take your precautions.
    • IPsec will provide authentication, integrity and confidentiality services but it will take more years for it to be put into use.
    • Using Network Monitoring Tools and careful Management is essential.
    • IPv6 and Ipsec will solve many of the problems.
  • 22.
    • THE END
    • Thank you very much for your kind attention