anddoesn[小学]tcp-ip day4 国外大学课件

国外ip  时间:2021-05-05  阅读:()

TCP/IP

ARP c ontinued,ARP c ache pois oning

ARP resolution–the details

 First, we' ll look at the format of an ARP message (see text, or look it up ongoogle) .

 The protocol has three aspects: it specifies what a requester is to do, what areceiver is to do, and what a responder is to do. A requester is a machine thatsends an ARP request, a receiver is a machine that receives any ARP message, anda responder is a machine that sends an ARP reply.

 On our Ethernet network, here' s the process in detail; for a requester:

Create an ARP message:

1. Set HW type to ' 1' (for Ethernet)

2. Set Protocol type to 080016 (for IP)

3. Set HLEN to 6 (6x8=48 bits)

4. Set PLEN to 4 (4x8=32 bits)

5. Set OPERATION to 1 (for ARP request)

6. Fill in SENDER' s HW ADD

7. Fill in SENDER' s PROT ADD

8. Set TARGET HW ADD to 0 (doesn' t know)

9. Fill in TARGET PROT ADD.

Broadcast the ARP message in an Ethernet frame.

For a receiver (of either an ARP request or reply) or responder

 Extract the ARP request

 If the SENDER' s PROT address in in my cache, update it with the SENDER' s HWaddress and reset the timer on that pairing

 If the TARGET PROT address is identical with my IP address, carry on, otherwise,quit

 Update my cache (again) , regardless of wh'ether an entry exists for that PROTaddress. (all this is done even if it isn t a request)

 [ [Here it would be possible for the arp request to contain a protocol addressidentical with the protocol address of the target. We noted that Windowsoperating systems detect this, and make a note on 'the console. I tested Linux,and i't simply ignores the arp request, i. e. , doesn t generate a reply, anddoesn t update its arp cache. ] ]

 If the OPERATION is a request, carry on; otherwise quit.

 Fill in TARGET HW address with my Ethernet address, swap SENDER and TARGETaddresses, and set OPERATION to 2

 Encapsulate ARP reply in a frame addressed to TARGET HW address.

QUESTIONS

 Why does the ARP request recipient try to update its cache twice before evenexamining whether the message is a request? And once before even examiningwhether it is the intended recipient ?

( ( 1st time: save on traffic ) )

( ( 2nd: save repeating the process in reverse ) )

Gratuitous ARP

 One other application of ARP that I' ll mention briefly is gratuitous ARP. Some OSs employs ARP to make sure that there are not duplicate IP addresses onthe physical network. (In fact OpenBSD does this. )

 It broadcasts an ARP looking for the HW address of itself, i.e. , of its IPaddress.

 If it receives a reply, it knows there is another host with its IP address, andputs a message on the console.

ARP Cache Poisoning

- ARP is a protocol which generates mappings between IP addresses and hardwareaddresses

- The basic idea, you will recall, is as follows:

- |A|-------|B|

- Host A wants to talk to host B, but A doesn’ t know B’ s HW addr

- A sends an ARP request to B, containing a mapping between A’ s HW and IPaddr

- B caches this mapping, and returns a reply with its mapping

- Communication proceeds

- There are three aspects to ARP cache poisoning that I want to discuss: (1)

What is it? (2) How do you do it? (3) Why do it?

- (1) ARP cache poisoning is when one machi’ne on a network, s’ay C, causes afalse entry to be placed in another host s, for example C s, ARP cache.- (2) It is very easy to poison ARP caches, and operating systems have triedvarious methods to protect against it, the main one being the creation of an

incomplete entry in the arp cache, and updating according to the steps aboveonly if that incomplete entry exists; this will go some way to protectingagainst unsolicited arp replies. ‘ However’ , this creates a race condition,poisoning i‘s still possible’by spaming unsolicited arp replies, in thehopes of winning the race against legitimate, solicited arp replies.

(3) Poisoning Effects

ARP cache poisoning can be used in various ways, the three most fundamentalof which are:

- (a) Eavesdropping

- Now suppose that an attacker, host C, wants to eavesdrop on communicationbetween host A and host B, but that the LAN is switched Ethernet. (How doesswitched Ethernet work?)

- |A|--------|B|

- |

- |C|

- If’ C could convince A that B’ s HW addr is C’ s, and could convince B thatA s is also C, then all traffic from B to A, and vice versa, would go to C.- Moreover, if C turned on forwarding, and had the correct HW-IP mappings, Cwould in effect become a kind of router between A and B, and would

consequently have access to all communication between A and B.

- The effect of this attack would be the disclosure of potentially confidentialinformation.

- (b) Denial of service

- On the other hand, perhaps C is not interested in eavesdropping, but wouldrather deny A and B the ability to communicate with one another.

- In this case, it would suffice for C to poison A’ s and B’ s caches withmappings eit’her to non-existent hardware addresses, or alternately, again useits own – C s – HW address, and simply not forward (the former makes iteasier for the attacker to hide his/her tracks) .

- (c) Hijacking

- Another possibility is that C is not interested in eavesdropping or DoS, butrather, wants to take over one end of the conversation.

- This would be a kind of combination of the previous two attacks: First, Cwould need to eavesdrop using the method previously outlined.

- Then, after (e.g. ) authentication, C performs a DoS on A, and takes over A’ srole in this 2-way conversation.o (Another example, besides authentication, that A might wait until thetwo hosts are communicating, is in order to sample TCP sequence andacknowledgement numbers, which is necessary in order to successfullyhijack a TCP session. This will make more sense when we come to TCP. )- This is called session hijacking (normally TCP sessions) , and there arevariations on this theme. E.g. , C could maintain the connection between Aand B, yet insert data into the communication channel.

- ARP Poisoning: not just a LAN issue

- These attacks are not limited to hosts on a single LAN. In fact, provided wehave LAN access to anynetwork on the path between A and B, these attacks arepossible.

- Examples:

- C

- |------------

- | |

- A B

- Here we merely poison A and R1.

- C

- |------------R1-----Internet----

- | |

- A B

- Poison B and R2

- C

- |------------R1-----Internet-----R2----R3---------|

- | |

- A B

- Poison R2 and R3

LOCVPS:VPS主机全场8折,德国/荷兰/美国KVM终身7折

LOCVPS发来了针对元旦新年的促销活动,除了全场VPS主机8折优惠外,针对德国/荷兰KVM #1/美国KVM#2 VPS提供终身7折优惠码(限量50名,先到先得)。LOCVPS是一家成立于2012年的国人VPS服务商,提供中国香港、韩国、美国、日本、新加坡、德国、荷兰、俄罗斯等地区VPS服务器,基于KVM或XEN架构(推荐优先选择KVM),均选择直连或者优化线路,国内延迟低,适合建站或远程办公使...

spinservers:10Gbps带宽高配服务器月付89美元起,达拉斯/圣何塞机房

spinservers是一家主营国外服务器租用和Hybrid Dedicated等产品的商家,Majestic Hosting Solutions LLC旗下站点,商家数据中心包括美国达拉斯和圣何塞机房,机器一般10Gbps端口带宽,且硬件配置较高。目前,主机商针对达拉斯机房机器提供优惠码,最低款Dual E5-2630L v2+64G+1.6TB SSD月付89美元起,支持PayPal、支付宝等...

HostYun 新增美国三网CN2 GIA VPS主机 采用美国原生IP低至月15元

在之前几个月中也有陆续提到两次HostYun主机商,这个商家前身是我们可能有些网友熟悉的主机分享团队的,后来改名称的。目前这个品牌主营低价便宜VPS主机,这次有可以看到推出廉价版本的美国CN2 GIA VPS主机,月费地址15元,适合有需要入门级且需要便宜的用户。第一、廉价版美国CN2 GIA VPS主机方案我们可看到这个类型的VPS目前三网都走CN2 GIA网络,而且是原生IP。根据信息可能后续...

国外ip为你推荐
伺服器win7水土保持ios8支持ipadeaccelerator开启eAccelerator内存优化就各种毛病,DZ到底用哪个内存优化比较好。。。win7关闭445端口win7系统怎么关闭445和135这两个端口tracerouteTRACEROUTE的作用是什么ipad上网新买的ipad怎么用。什么装程序 怎么上网用itunes备份如何使用itunes完整备份iPhone资料win7如何关闭445端口如何彻底永久取消win7粘滞键功能google图片搜索如何使用google图片搜索引擎?
深圳域名注册 高防服务器租用qy 荷兰vps fastdomain 分销主机 香港主机 好看的留言 美国php主机 毫秒英文 网站卫士 国外代理服务器地址 美国网站服务器 搜索引擎提交入口 国外视频网站有哪些 google台湾 腾讯总部在哪 丽萨 免费ftp 英雄联盟台服官网 东莞主机托管 更多