Network/Internet Background
Internet History 101
DARPA – Defense Advanced Research Projects Agency
ARPANET
- World’s first operational packet switching network
- Predecessor of global Internet
Started in 1969 with 4 routers @ UCLA, Stanford, UC Santa Barbara, Utah
TCP/IP in 1983
What is the Internet?
A collection of independently operated autonomous systems (ASes)
A network of networks!
Goals of the Internet
Fundamental goal: Inter-connect multiple networks of different types (wired and wireless) via store-and-forward gateways
Second-level goals:
- Robust in face of failures
- Support multiple types of services
- Support a variety of networks
- Allow distributed management
- Cost effective
Internet communication via sockets
The image below shows two computers, labeled HostA and HostB, involved in a simple communication scenario. The message has the following details:
- Source: HostA (client), SrcPort=1234
- Destination: HostB (server), DestPort=80
- Content: “Hello world”
In the first image, a message is being sent from HostA to HostB, where HostA is the client sending data from port 1234.
In the second image, HostB is receiving the message on port 80 (typically used for HTTP). The content of the message is “Hello world.”
The structure of the Internet: The ISO/OSI Architecture
ISO/OSI architecture describes functions of communication systems
ISO: International Standards Organization
OSI: Open System Interface
Breaks communication systems into layers, with each layer serving as an abstraction to layer above
Who Does What?
Lower three layers are implemented everywhere
Next four layers are implemented only at hosts
Physical Communication
Communication goes down to physical network, then to peer, then up to relevant layer
Switched Network
- End-hosts connected to switches
- Switches:
- Forwarding nodes
- At least two links
- Also known as bridges or routers
Datagram Packet Switching
- Packets – discrete blocks of data
- Each packet is independently switched
- Each packet header contains destination address
- Routing protocol is used to compute next hop
Internet Communication
Network Security: The high bits
The Internet is a huge open system …which adheres to the end-to-end principle
smart end-points, dumb network
(easy to exploit!)
The network is …
… a collection of interconnected computers
… with resources that must be protected
… from unwanted inspection or modification
… while maintaining adequate quality of service.
Transport Layer (4)
Service:
- Process-to-process channels
- Demultiplexing (via ports) to different processes
- Optional: error-free and flow-controlled delivery
Interface: send message to specific destination (address and port)
Protocol: implements reliability and flow control
- Examples:
- TCP (reliable)
- UDP (unreliable)
Ports are for multiplexing
- Destination port tells OS to which application (service) it should send incoming message
- Internet Assigned Numbers Authority (IANA) defines list of reserved ports
- Look at /etc/services on your computer
- In reality, program can listen to any port in [1,216)
- Ports below 1024 require admin privileges
- For new apps, best to choose a high-numbered port (e.g., 9999)
Port Number | Service |
22 | ssh (secure terminal) |
25 | Email server |
80 | Web server (HTTP) |
443 | Secure web server (HTTPS) |
User Datagram Protocol (UDP)
- Unreliable transport
- Provides integrity protection
- Doesn’t handle:
- out of order delivery
- lost packets
- duplication
Transmission Control Protocol (TCP)
- Handles loss, duplication, and out-of-order delivery
- relies on ACKnowledgements
- Provides flow control: prevent congestion
- Provides congestion control: handle congestion
TCP’s “three-way handshake”
Network Layer (3)
- Service:
- Deliver a packet to specified network destination
- Perform segmentation/reassembly
- Interface: send a packet to a specified destination
(network address) - Protocol: define global unique addresses;
construct routing tables
Example: IP
Internet Protocol (IP)
- IP allows networks to interoperate (IP is what allows internet to be multiple independent networks)
- Any network technology that supports IP can exchange packets
- Allows applications to function on all networks
- Applications that can run on IP can use any network
Network Address Translation (NAT)
Problem: There are a fixed number of IPv4 addresses (232), so they are managed by dedicated authorities
Solution: Private IPv4 address ranges
RFC1918 name | IP address range | Largest CIDR block (subnet mask) |
24-bit block | 10.0.0.0 – 10.255.255.255 | 10.0.0.0/8 (255.0.0.0) |
20-bit block | 172.16.0.0 – 172.31.255.255 | 172.16.0.0/12 (255.240.0.0) |
16-bit block | 192.168.0.0 – 192.168.255.255 | 192.168.0.0/16 (255.255.0.0) |
Internet Control Message Protocol (ICMP)
- ICMP is used as a control plane for IP messages
- Ping (connectivity probe)
- Destination unreachable (error notification)
- Time-to-live exceeded (error notification)
Datalink Layer (2)
- Service:
- Combine stream of bits into frames (attach frame separators)
- Send data frames between peers
- Interface: send a data unit (frame) to a machine (MAC address) connected to the same physical media
- Protocol: Medium Access Control (MAC)
- Examples:
- Ethernet (LAN)
- 802.11 (wireless)
- Examples:
Address Resolution Protocol
- ARP locates a host’s link-layer (MAC) address
- Problem: How does Alice communicate with Bob over a LAN?
- Assume Alice (10.0.0.1) knows Bob’s (10.0.0.2) IP
- LANs operate at layer 2 (there is no router inside of the LAN)
- Messages are sent to the switch, and addressed by a host’s link-layer (MAC) address
Protocol:
- Alice broadcasts: “Who has 10.0.0.2?”
- Bob responses: “I do! And I’m at MAC f8:1e:df:ab:33:56.”
ARP Spoofing
- Each ARP response overwrites the previous entry in ARP table
- last response wins!
- Attack: Forge ARP response
- Effects:
- Middle-person attacks
- Denial-of-service
- Also called ARP Poisoning or ARP Flooding
Do this at home (safely): http://try.cybersecurity.ieee.org/trycybsi/
Dynamic Host Configuration Protocol
- DHCP is the canonical protocol for dynamically assigning IP addresses to hosts in a network
- Also configures gateway and DNS info
- Many networks use static DHCP, which always gives the same IP address to a MAC address
Virtual LANs (VLANs)
- VLANs provide flexible network segmentation without the need to run multiple physical networks
- IEEE 802.1Q: Ethernet packet to specify 12-bit VLAN ID (VID)
- Each port on a switch can be assigned either
- A specific VID (also known as an “access” port)
- Or propagate received VID (also known as a “trunk” port)
- Can also specify a set of allowed VIDs
VLAN Hopping
- Switch spoofing: attacker pretends to be a trunking switch
- This works if the switch port is configured to negotiate a trunk (vs. access port)
- Double tagging: works when port configured as a trunk with a “native” tag, which don’t apply a VLAN tag when sending
- Attacker prepends two VLAN tags to a frame
- Outer tag: attackers VLAN
- Inner tag: target VLAN
- The next switch uses the inner VLAN tag
- Reply traffic does not reach the attacker