anddoesn[小学]tcp-ip day4 国外大学课件

国外ip  时间:2021-05-05  阅读:()

TCP/IP

ARP c ontinued,ARP c ache pois oning

ARP resolution–the details

 First, we' ll look at the format of an ARP message (see text, or look it up ongoogle) .

 The protocol has three aspects: it specifies what a requester is to do, what areceiver is to do, and what a responder is to do. A requester is a machine thatsends an ARP request, a receiver is a machine that receives any ARP message, anda responder is a machine that sends an ARP reply.

 On our Ethernet network, here' s the process in detail; for a requester:

Create an ARP message:

1. Set HW type to ' 1' (for Ethernet)

2. Set Protocol type to 080016 (for IP)

3. Set HLEN to 6 (6x8=48 bits)

4. Set PLEN to 4 (4x8=32 bits)

5. Set OPERATION to 1 (for ARP request)

6. Fill in SENDER' s HW ADD

7. Fill in SENDER' s PROT ADD

8. Set TARGET HW ADD to 0 (doesn' t know)

9. Fill in TARGET PROT ADD.

Broadcast the ARP message in an Ethernet frame.

For a receiver (of either an ARP request or reply) or responder

 Extract the ARP request

 If the SENDER' s PROT address in in my cache, update it with the SENDER' s HWaddress and reset the timer on that pairing

 If the TARGET PROT address is identical with my IP address, carry on, otherwise,quit

 Update my cache (again) , regardless of wh'ether an entry exists for that PROTaddress. (all this is done even if it isn t a request)

 [ [Here it would be possible for the arp request to contain a protocol addressidentical with the protocol address of the target. We noted that Windowsoperating systems detect this, and make a note on 'the console. I tested Linux,and i't simply ignores the arp request, i. e. , doesn t generate a reply, anddoesn t update its arp cache. ] ]

 If the OPERATION is a request, carry on; otherwise quit.

 Fill in TARGET HW address with my Ethernet address, swap SENDER and TARGETaddresses, and set OPERATION to 2

 Encapsulate ARP reply in a frame addressed to TARGET HW address.

QUESTIONS

 Why does the ARP request recipient try to update its cache twice before evenexamining whether the message is a request? And once before even examiningwhether it is the intended recipient ?

( ( 1st time: save on traffic ) )

( ( 2nd: save repeating the process in reverse ) )

Gratuitous ARP

 One other application of ARP that I' ll mention briefly is gratuitous ARP. Some OSs employs ARP to make sure that there are not duplicate IP addresses onthe physical network. (In fact OpenBSD does this. )

 It broadcasts an ARP looking for the HW address of itself, i.e. , of its IPaddress.

 If it receives a reply, it knows there is another host with its IP address, andputs a message on the console.

ARP Cache Poisoning

- ARP is a protocol which generates mappings between IP addresses and hardwareaddresses

- The basic idea, you will recall, is as follows:

- |A|-------|B|

- Host A wants to talk to host B, but A doesn’ t know B’ s HW addr

- A sends an ARP request to B, containing a mapping between A’ s HW and IPaddr

- B caches this mapping, and returns a reply with its mapping

- Communication proceeds

- There are three aspects to ARP cache poisoning that I want to discuss: (1)

What is it? (2) How do you do it? (3) Why do it?

- (1) ARP cache poisoning is when one machi’ne on a network, s’ay C, causes afalse entry to be placed in another host s, for example C s, ARP cache.- (2) It is very easy to poison ARP caches, and operating systems have triedvarious methods to protect against it, the main one being the creation of an

incomplete entry in the arp cache, and updating according to the steps aboveonly if that incomplete entry exists; this will go some way to protectingagainst unsolicited arp replies. ‘ However’ , this creates a race condition,poisoning i‘s still possible’by spaming unsolicited arp replies, in thehopes of winning the race against legitimate, solicited arp replies.

(3) Poisoning Effects

ARP cache poisoning can be used in various ways, the three most fundamentalof which are:

- (a) Eavesdropping

- Now suppose that an attacker, host C, wants to eavesdrop on communicationbetween host A and host B, but that the LAN is switched Ethernet. (How doesswitched Ethernet work?)

- |A|--------|B|

- |

- |C|

- If’ C could convince A that B’ s HW addr is C’ s, and could convince B thatA s is also C, then all traffic from B to A, and vice versa, would go to C.- Moreover, if C turned on forwarding, and had the correct HW-IP mappings, Cwould in effect become a kind of router between A and B, and would

consequently have access to all communication between A and B.

- The effect of this attack would be the disclosure of potentially confidentialinformation.

- (b) Denial of service

- On the other hand, perhaps C is not interested in eavesdropping, but wouldrather deny A and B the ability to communicate with one another.

- In this case, it would suffice for C to poison A’ s and B’ s caches withmappings eit’her to non-existent hardware addresses, or alternately, again useits own – C s – HW address, and simply not forward (the former makes iteasier for the attacker to hide his/her tracks) .

- (c) Hijacking

- Another possibility is that C is not interested in eavesdropping or DoS, butrather, wants to take over one end of the conversation.

- This would be a kind of combination of the previous two attacks: First, Cwould need to eavesdrop using the method previously outlined.

- Then, after (e.g. ) authentication, C performs a DoS on A, and takes over A’ srole in this 2-way conversation.o (Another example, besides authentication, that A might wait until thetwo hosts are communicating, is in order to sample TCP sequence andacknowledgement numbers, which is necessary in order to successfullyhijack a TCP session. This will make more sense when we come to TCP. )- This is called session hijacking (normally TCP sessions) , and there arevariations on this theme. E.g. , C could maintain the connection between Aand B, yet insert data into the communication channel.

- ARP Poisoning: not just a LAN issue

- These attacks are not limited to hosts on a single LAN. In fact, provided wehave LAN access to anynetwork on the path between A and B, these attacks arepossible.

- Examples:

- C

- |------------

- | |

- A B

- Here we merely poison A and R1.

- C

- |------------R1-----Internet----

- | |

- A B

- Poison B and R2

- C

- |------------R1-----Internet-----R2----R3---------|

- | |

- A B

- Poison R2 and R3

HostKvm新上联通CUVIP线路VPS,八折优惠后1G内存套餐$5.2/月起

最近上洛杉矶机房联通CUVIP线路主机的商家越来越多了,HostKvm也发来了新节点上线的邮件,适用全场8折优惠码,基于KVM架构,优惠后最低月付5.2美元起。HostKvm是一家成立于2013年的国人主机商,提供基于KVM架构的VPS主机,可选数据中心包括日本、新加坡、韩国、美国、中国香港等多个地区机房,君选择国内直连或优化线路,延迟较低,适合建站或者远程办公等。以洛杉矶CUVIP线路主机为例,...

LOCVPS新上日本软银线路VPS,原生IP,8折优惠促销

LOCVPS在农历新年之后新上架了日本大阪机房软银线路VPS主机,基于KVM架构,配备原生IP,适用全场8折优惠码,最低2GB内存套餐优惠后每月仅76元起。LOCVPS是一家成立于2012年的国人VPS服务商,提供中国香港、韩国、美国、日本、新加坡、德国、荷兰、俄罗斯等地区VPS服务器,基于KVM或XEN架构(推荐选择KVM),线路方面均选择国内直连或优化方案,访问延迟低,适合建站或远程办公使用。...

3G流量免费高防CDN 50-200G防御

简介酷盾安全怎么样?酷盾安全,隶属于云南酷番云计算有限公司,主要提供高防CDN服务,高防服务器等,分为中国境内CDN,和境外CDN和二个产品,均支持SSL。目前CDN处于内测阶段,目前是免费的,套餐包0.01一个。3G流量(高防CDN)用完了继续续费或者购买升级包即可。有兴趣的可以看看,需要实名的。官方网站: :点击进入官网云南酷番云计算有限公司优惠方案流量3G,用完了不够再次购买或者升级套餐流量...

国外ip为你推荐
在线考试系统要求及使用说明nested苹果5字符串divaccessroute支持ipad甘肃省政府采购支持ipad模块iphoneeaccelerator开启eAccelerator内存优化就各种毛病,DZ到底用哪个内存优化比较好。。。windows键是哪个Windows快捷键是什么
最便宜虚拟主机 新网域名解析 国外永久服务器 美元争夺战 BWH 华为网络硬盘 免费网站申请 100m免费空间 dd444 php空间申请 中国电信测速112 电信主机 最漂亮的qq空间 空间购买 空间登入 上海电信测速 qq金券 域名转入 攻击服务器 umax 更多