anddoesn[小学]tcp-ip day4 国外大学课件

国外ip  时间:2021-05-05  阅读:()

TCP/IP

ARP c ontinued,ARP c ache pois oning

ARP resolution–the details

 First, we' ll look at the format of an ARP message (see text, or look it up ongoogle) .

 The protocol has three aspects: it specifies what a requester is to do, what areceiver is to do, and what a responder is to do. A requester is a machine thatsends an ARP request, a receiver is a machine that receives any ARP message, anda responder is a machine that sends an ARP reply.

 On our Ethernet network, here' s the process in detail; for a requester:

Create an ARP message:

1. Set HW type to ' 1' (for Ethernet)

2. Set Protocol type to 080016 (for IP)

3. Set HLEN to 6 (6x8=48 bits)

4. Set PLEN to 4 (4x8=32 bits)

5. Set OPERATION to 1 (for ARP request)

6. Fill in SENDER' s HW ADD

7. Fill in SENDER' s PROT ADD

8. Set TARGET HW ADD to 0 (doesn' t know)

9. Fill in TARGET PROT ADD.

Broadcast the ARP message in an Ethernet frame.

For a receiver (of either an ARP request or reply) or responder

 Extract the ARP request

 If the SENDER' s PROT address in in my cache, update it with the SENDER' s HWaddress and reset the timer on that pairing

 If the TARGET PROT address is identical with my IP address, carry on, otherwise,quit

 Update my cache (again) , regardless of wh'ether an entry exists for that PROTaddress. (all this is done even if it isn t a request)

 [ [Here it would be possible for the arp request to contain a protocol addressidentical with the protocol address of the target. We noted that Windowsoperating systems detect this, and make a note on 'the console. I tested Linux,and i't simply ignores the arp request, i. e. , doesn t generate a reply, anddoesn t update its arp cache. ] ]

 If the OPERATION is a request, carry on; otherwise quit.

 Fill in TARGET HW address with my Ethernet address, swap SENDER and TARGETaddresses, and set OPERATION to 2

 Encapsulate ARP reply in a frame addressed to TARGET HW address.

QUESTIONS

 Why does the ARP request recipient try to update its cache twice before evenexamining whether the message is a request? And once before even examiningwhether it is the intended recipient ?

( ( 1st time: save on traffic ) )

( ( 2nd: save repeating the process in reverse ) )

Gratuitous ARP

 One other application of ARP that I' ll mention briefly is gratuitous ARP. Some OSs employs ARP to make sure that there are not duplicate IP addresses onthe physical network. (In fact OpenBSD does this. )

 It broadcasts an ARP looking for the HW address of itself, i.e. , of its IPaddress.

 If it receives a reply, it knows there is another host with its IP address, andputs a message on the console.

ARP Cache Poisoning

- ARP is a protocol which generates mappings between IP addresses and hardwareaddresses

- The basic idea, you will recall, is as follows:

- |A|-------|B|

- Host A wants to talk to host B, but A doesn’ t know B’ s HW addr

- A sends an ARP request to B, containing a mapping between A’ s HW and IPaddr

- B caches this mapping, and returns a reply with its mapping

- Communication proceeds

- There are three aspects to ARP cache poisoning that I want to discuss: (1)

What is it? (2) How do you do it? (3) Why do it?

- (1) ARP cache poisoning is when one machi’ne on a network, s’ay C, causes afalse entry to be placed in another host s, for example C s, ARP cache.- (2) It is very easy to poison ARP caches, and operating systems have triedvarious methods to protect against it, the main one being the creation of an

incomplete entry in the arp cache, and updating according to the steps aboveonly if that incomplete entry exists; this will go some way to protectingagainst unsolicited arp replies. ‘ However’ , this creates a race condition,poisoning i‘s still possible’by spaming unsolicited arp replies, in thehopes of winning the race against legitimate, solicited arp replies.

(3) Poisoning Effects

ARP cache poisoning can be used in various ways, the three most fundamentalof which are:

- (a) Eavesdropping

- Now suppose that an attacker, host C, wants to eavesdrop on communicationbetween host A and host B, but that the LAN is switched Ethernet. (How doesswitched Ethernet work?)

- |A|--------|B|

- |

- |C|

- If’ C could convince A that B’ s HW addr is C’ s, and could convince B thatA s is also C, then all traffic from B to A, and vice versa, would go to C.- Moreover, if C turned on forwarding, and had the correct HW-IP mappings, Cwould in effect become a kind of router between A and B, and would

consequently have access to all communication between A and B.

- The effect of this attack would be the disclosure of potentially confidentialinformation.

- (b) Denial of service

- On the other hand, perhaps C is not interested in eavesdropping, but wouldrather deny A and B the ability to communicate with one another.

- In this case, it would suffice for C to poison A’ s and B’ s caches withmappings eit’her to non-existent hardware addresses, or alternately, again useits own – C s – HW address, and simply not forward (the former makes iteasier for the attacker to hide his/her tracks) .

- (c) Hijacking

- Another possibility is that C is not interested in eavesdropping or DoS, butrather, wants to take over one end of the conversation.

- This would be a kind of combination of the previous two attacks: First, Cwould need to eavesdrop using the method previously outlined.

- Then, after (e.g. ) authentication, C performs a DoS on A, and takes over A’ srole in this 2-way conversation.o (Another example, besides authentication, that A might wait until thetwo hosts are communicating, is in order to sample TCP sequence andacknowledgement numbers, which is necessary in order to successfullyhijack a TCP session. This will make more sense when we come to TCP. )- This is called session hijacking (normally TCP sessions) , and there arevariations on this theme. E.g. , C could maintain the connection between Aand B, yet insert data into the communication channel.

- ARP Poisoning: not just a LAN issue

- These attacks are not limited to hosts on a single LAN. In fact, provided wehave LAN access to anynetwork on the path between A and B, these attacks arepossible.

- Examples:

- C

- |------------

- | |

- A B

- Here we merely poison A and R1.

- C

- |------------R1-----Internet----

- | |

- A B

- Poison B and R2

- C

- |------------R1-----Internet-----R2----R3---------|

- | |

- A B

- Poison R2 and R3

野草云99元/月 ,香港独立服务器 E3-1230v2 16G 30M 299元/月 香港云服务器 4核 8G

野草云月末准备了一些促销,主推独立服务器,也有部分云服务器,价格比较有性价比,佣金是10%循环,如果有时间请帮我们推推,感谢!公司名:LucidaCloud Limited官方网站:https://www.yecaoyun.com/香港独立服务器:CPU型号内存硬盘带宽价格购买地址E3-1230v216G240GB SSD或1TB 企盘30M299元/月点击购买E5-265016G240GB SS...

Hostodo,美国独立日特价优惠,四款特价VPS云服务器7折,KVM虚拟架构,NVMe阵列,1核512M内存1Gbps带宽3T月流量,13.99美元/月,赠送DirectAdmin授权

Hostodo近日发布了美国独立日优惠促销活动,主要推送了四款特价优惠便宜的VPS云服务器产品,基于KVM虚拟架构,NVMe阵列,1Gbps带宽,默认分配一个IPv4+/64 IPv6,采用solusvm管理,赠送收费版DirectAdmin授权,服务有效期内均有效,大致约为7折优惠,独立日活动时间不定,活动机型售罄为止,有需要的朋友可以尝试一下。Hostodo怎么样?Hostodo服务器好不好?...

数脉科技香港自营,10Mbps CN2物理机420元/月

数脉科技怎么样?数脉科技品牌创办于2019,由一家从2012年开始从事idc行业的商家创办,目前主营产品是香港服务器,线路有阿里云线路和自营CN2线路,均为中国大陆直连带宽,适合建站及运行各种负载较高的项目,同时支持人民币、台币、美元等结算,提供支付宝、微信、PayPal付款方式。本次数脉科技给发来了新的7月促销活动,CN2+BGP线路的香港服务器,带宽10m起,配置E3-16G-30M-3IP,...

国外ip为你推荐
addresschromeabolishingios11owned163centrescss支持ipad支持ipadwindows键是哪个Win键是什么?iphonewifi苹果手机怎么扫二维码连wifiicloudiphone苹果手机显示"已停用,连接itunes"是什么意思csshack关于CSS hack的写法
hostgator 电影服务器 256m内存 seovip 地址大全 免费全能空间 域名接入 vip购优惠 下载速度测试 石家庄服务器托管 网页加速 美国迈阿密 phpwind论坛 qq空间打开很慢 侦探online suspended翻译 丹弗润滑油 最好的空间日志 个人web服务器软件 北京摇号申请网站入口 更多