anddoesn[小学]tcp-ip day4 国外大学课件

国外ip  时间:2021-05-05  阅读:()

TCP/IP

ARP c ontinued,ARP c ache pois oning

ARP resolution–the details

 First, we' ll look at the format of an ARP message (see text, or look it up ongoogle) .

 The protocol has three aspects: it specifies what a requester is to do, what areceiver is to do, and what a responder is to do. A requester is a machine thatsends an ARP request, a receiver is a machine that receives any ARP message, anda responder is a machine that sends an ARP reply.

 On our Ethernet network, here' s the process in detail; for a requester:

Create an ARP message:

1. Set HW type to ' 1' (for Ethernet)

2. Set Protocol type to 080016 (for IP)

3. Set HLEN to 6 (6x8=48 bits)

4. Set PLEN to 4 (4x8=32 bits)

5. Set OPERATION to 1 (for ARP request)

6. Fill in SENDER' s HW ADD

7. Fill in SENDER' s PROT ADD

8. Set TARGET HW ADD to 0 (doesn' t know)

9. Fill in TARGET PROT ADD.

Broadcast the ARP message in an Ethernet frame.

For a receiver (of either an ARP request or reply) or responder

 Extract the ARP request

 If the SENDER' s PROT address in in my cache, update it with the SENDER' s HWaddress and reset the timer on that pairing

 If the TARGET PROT address is identical with my IP address, carry on, otherwise,quit

 Update my cache (again) , regardless of wh'ether an entry exists for that PROTaddress. (all this is done even if it isn t a request)

 [ [Here it would be possible for the arp request to contain a protocol addressidentical with the protocol address of the target. We noted that Windowsoperating systems detect this, and make a note on 'the console. I tested Linux,and i't simply ignores the arp request, i. e. , doesn t generate a reply, anddoesn t update its arp cache. ] ]

 If the OPERATION is a request, carry on; otherwise quit.

 Fill in TARGET HW address with my Ethernet address, swap SENDER and TARGETaddresses, and set OPERATION to 2

 Encapsulate ARP reply in a frame addressed to TARGET HW address.

QUESTIONS

 Why does the ARP request recipient try to update its cache twice before evenexamining whether the message is a request? And once before even examiningwhether it is the intended recipient ?

( ( 1st time: save on traffic ) )

( ( 2nd: save repeating the process in reverse ) )

Gratuitous ARP

 One other application of ARP that I' ll mention briefly is gratuitous ARP. Some OSs employs ARP to make sure that there are not duplicate IP addresses onthe physical network. (In fact OpenBSD does this. )

 It broadcasts an ARP looking for the HW address of itself, i.e. , of its IPaddress.

 If it receives a reply, it knows there is another host with its IP address, andputs a message on the console.

ARP Cache Poisoning

- ARP is a protocol which generates mappings between IP addresses and hardwareaddresses

- The basic idea, you will recall, is as follows:

- |A|-------|B|

- Host A wants to talk to host B, but A doesn’ t know B’ s HW addr

- A sends an ARP request to B, containing a mapping between A’ s HW and IPaddr

- B caches this mapping, and returns a reply with its mapping

- Communication proceeds

- There are three aspects to ARP cache poisoning that I want to discuss: (1)

What is it? (2) How do you do it? (3) Why do it?

- (1) ARP cache poisoning is when one machi’ne on a network, s’ay C, causes afalse entry to be placed in another host s, for example C s, ARP cache.- (2) It is very easy to poison ARP caches, and operating systems have triedvarious methods to protect against it, the main one being the creation of an

incomplete entry in the arp cache, and updating according to the steps aboveonly if that incomplete entry exists; this will go some way to protectingagainst unsolicited arp replies. ‘ However’ , this creates a race condition,poisoning i‘s still possible’by spaming unsolicited arp replies, in thehopes of winning the race against legitimate, solicited arp replies.

(3) Poisoning Effects

ARP cache poisoning can be used in various ways, the three most fundamentalof which are:

- (a) Eavesdropping

- Now suppose that an attacker, host C, wants to eavesdrop on communicationbetween host A and host B, but that the LAN is switched Ethernet. (How doesswitched Ethernet work?)

- |A|--------|B|

- |

- |C|

- If’ C could convince A that B’ s HW addr is C’ s, and could convince B thatA s is also C, then all traffic from B to A, and vice versa, would go to C.- Moreover, if C turned on forwarding, and had the correct HW-IP mappings, Cwould in effect become a kind of router between A and B, and would

consequently have access to all communication between A and B.

- The effect of this attack would be the disclosure of potentially confidentialinformation.

- (b) Denial of service

- On the other hand, perhaps C is not interested in eavesdropping, but wouldrather deny A and B the ability to communicate with one another.

- In this case, it would suffice for C to poison A’ s and B’ s caches withmappings eit’her to non-existent hardware addresses, or alternately, again useits own – C s – HW address, and simply not forward (the former makes iteasier for the attacker to hide his/her tracks) .

- (c) Hijacking

- Another possibility is that C is not interested in eavesdropping or DoS, butrather, wants to take over one end of the conversation.

- This would be a kind of combination of the previous two attacks: First, Cwould need to eavesdrop using the method previously outlined.

- Then, after (e.g. ) authentication, C performs a DoS on A, and takes over A’ srole in this 2-way conversation.o (Another example, besides authentication, that A might wait until thetwo hosts are communicating, is in order to sample TCP sequence andacknowledgement numbers, which is necessary in order to successfullyhijack a TCP session. This will make more sense when we come to TCP. )- This is called session hijacking (normally TCP sessions) , and there arevariations on this theme. E.g. , C could maintain the connection between Aand B, yet insert data into the communication channel.

- ARP Poisoning: not just a LAN issue

- These attacks are not limited to hosts on a single LAN. In fact, provided wehave LAN access to anynetwork on the path between A and B, these attacks arepossible.

- Examples:

- C

- |------------

- | |

- A B

- Here we merely poison A and R1.

- C

- |------------R1-----Internet----

- | |

- A B

- Poison B and R2

- C

- |------------R1-----Internet-----R2----R3---------|

- | |

- A B

- Poison R2 and R3

PacificRack(19.9美元/年)内存1Gbps带vps1GB洛杉矶QN机房,七月特价优惠

pacificrack怎么样?pacificrack商家发布了七月最新优惠VPS云服务器计划方案,推出新款优惠便宜VPS云服务器采用的是国产魔方管理系统,也就是PR-M系列,全系基于KVM虚拟架构,这次支持Windows server 2003、2008R2、2012R2、2016、2019、Windows 7、Windows 10以及Linux等操作系统,最低配置为1核心2G内存1Gbps带宽1...

819云互联 香港 日本 美国 2核4G 18元 8核8G 39元 免费空间 免费CDN 香港 E3 16G 20M 230元/月

819云互联是海外领先的互联网业务平台服务提供商。专注为用户提供低价高性能云计算产品,致力于云计算应用的易用性开发,并引导云计算在国内普及。目前平台研发以及运营云服务基础设施服务平台(IaaS),面向全球客户提供基于云计算的IT解决方案与客户服务,拥有丰富的海外资源、香港,日本,美国等各国优质的IDC资源。官方网站:https://www.819yun.com香港特价物理服务器:地区CPU内存带宽...

EdgeNat 新年开通优惠 - 韩国独立服务器原生IP地址CN2线路七折优惠

EdgeNat 商家在之前也有分享过几次活动,主要提供香港和韩国的VPS主机,分别在沙田和首尔LG机房,服务器均为自营硬件,电信CN2线路,移动联通BGP直连,其中VPS主机基于KVM架构,宿主机采用四路E5处理器、raid10+BBU固态硬盘!最高可以提供500Gbps DDoS防御。这次开年活动中有提供七折优惠的韩国独立服务器,原生IP地址CN2线路。第一、优惠券活动EdgeNat优惠码(限月...

国外ip为你推荐
力学迅雷Createdwin7支持ipad支持ipad流量支付宝支持ipad城乡居民社会养老保险人脸识别生存认证C1:山东品牌商品馆联通合约机iphone5联通苹果5合约机套餐费morphvoxpro怎么用怎么使用morphvox pro
jsp虚拟主机 域名投资 3322动态域名注册 cn域名价格 gitcafe info域名 申请空间 一元域名 国外网站代理服务器 howfile 谁的qq空间最好看 域名转接 免费美国空间 网游服务器 东莞服务器 网站在线扫描 云营销系统 上海电信测速 杭州电信 新疆服务器 更多