anddoesn[小学]tcp-ip day4 国外大学课件

国外ip  时间:2021-05-05  阅读:()

TCP/IP

ARP c ontinued,ARP c ache pois oning

ARP resolution–the details

 First, we' ll look at the format of an ARP message (see text, or look it up ongoogle) .

 The protocol has three aspects: it specifies what a requester is to do, what areceiver is to do, and what a responder is to do. A requester is a machine thatsends an ARP request, a receiver is a machine that receives any ARP message, anda responder is a machine that sends an ARP reply.

 On our Ethernet network, here' s the process in detail; for a requester:

Create an ARP message:

1. Set HW type to ' 1' (for Ethernet)

2. Set Protocol type to 080016 (for IP)

3. Set HLEN to 6 (6x8=48 bits)

4. Set PLEN to 4 (4x8=32 bits)

5. Set OPERATION to 1 (for ARP request)

6. Fill in SENDER' s HW ADD

7. Fill in SENDER' s PROT ADD

8. Set TARGET HW ADD to 0 (doesn' t know)

9. Fill in TARGET PROT ADD.

Broadcast the ARP message in an Ethernet frame.

For a receiver (of either an ARP request or reply) or responder

 Extract the ARP request

 If the SENDER' s PROT address in in my cache, update it with the SENDER' s HWaddress and reset the timer on that pairing

 If the TARGET PROT address is identical with my IP address, carry on, otherwise,quit

 Update my cache (again) , regardless of wh'ether an entry exists for that PROTaddress. (all this is done even if it isn t a request)

 [ [Here it would be possible for the arp request to contain a protocol addressidentical with the protocol address of the target. We noted that Windowsoperating systems detect this, and make a note on 'the console. I tested Linux,and i't simply ignores the arp request, i. e. , doesn t generate a reply, anddoesn t update its arp cache. ] ]

 If the OPERATION is a request, carry on; otherwise quit.

 Fill in TARGET HW address with my Ethernet address, swap SENDER and TARGETaddresses, and set OPERATION to 2

 Encapsulate ARP reply in a frame addressed to TARGET HW address.

QUESTIONS

 Why does the ARP request recipient try to update its cache twice before evenexamining whether the message is a request? And once before even examiningwhether it is the intended recipient ?

( ( 1st time: save on traffic ) )

( ( 2nd: save repeating the process in reverse ) )

Gratuitous ARP

 One other application of ARP that I' ll mention briefly is gratuitous ARP. Some OSs employs ARP to make sure that there are not duplicate IP addresses onthe physical network. (In fact OpenBSD does this. )

 It broadcasts an ARP looking for the HW address of itself, i.e. , of its IPaddress.

 If it receives a reply, it knows there is another host with its IP address, andputs a message on the console.

ARP Cache Poisoning

- ARP is a protocol which generates mappings between IP addresses and hardwareaddresses

- The basic idea, you will recall, is as follows:

- |A|-------|B|

- Host A wants to talk to host B, but A doesn’ t know B’ s HW addr

- A sends an ARP request to B, containing a mapping between A’ s HW and IPaddr

- B caches this mapping, and returns a reply with its mapping

- Communication proceeds

- There are three aspects to ARP cache poisoning that I want to discuss: (1)

What is it? (2) How do you do it? (3) Why do it?

- (1) ARP cache poisoning is when one machi’ne on a network, s’ay C, causes afalse entry to be placed in another host s, for example C s, ARP cache.- (2) It is very easy to poison ARP caches, and operating systems have triedvarious methods to protect against it, the main one being the creation of an

incomplete entry in the arp cache, and updating according to the steps aboveonly if that incomplete entry exists; this will go some way to protectingagainst unsolicited arp replies. ‘ However’ , this creates a race condition,poisoning i‘s still possible’by spaming unsolicited arp replies, in thehopes of winning the race against legitimate, solicited arp replies.

(3) Poisoning Effects

ARP cache poisoning can be used in various ways, the three most fundamentalof which are:

- (a) Eavesdropping

- Now suppose that an attacker, host C, wants to eavesdrop on communicationbetween host A and host B, but that the LAN is switched Ethernet. (How doesswitched Ethernet work?)

- |A|--------|B|

- |

- |C|

- If’ C could convince A that B’ s HW addr is C’ s, and could convince B thatA s is also C, then all traffic from B to A, and vice versa, would go to C.- Moreover, if C turned on forwarding, and had the correct HW-IP mappings, Cwould in effect become a kind of router between A and B, and would

consequently have access to all communication between A and B.

- The effect of this attack would be the disclosure of potentially confidentialinformation.

- (b) Denial of service

- On the other hand, perhaps C is not interested in eavesdropping, but wouldrather deny A and B the ability to communicate with one another.

- In this case, it would suffice for C to poison A’ s and B’ s caches withmappings eit’her to non-existent hardware addresses, or alternately, again useits own – C s – HW address, and simply not forward (the former makes iteasier for the attacker to hide his/her tracks) .

- (c) Hijacking

- Another possibility is that C is not interested in eavesdropping or DoS, butrather, wants to take over one end of the conversation.

- This would be a kind of combination of the previous two attacks: First, Cwould need to eavesdrop using the method previously outlined.

- Then, after (e.g. ) authentication, C performs a DoS on A, and takes over A’ srole in this 2-way conversation.o (Another example, besides authentication, that A might wait until thetwo hosts are communicating, is in order to sample TCP sequence andacknowledgement numbers, which is necessary in order to successfullyhijack a TCP session. This will make more sense when we come to TCP. )- This is called session hijacking (normally TCP sessions) , and there arevariations on this theme. E.g. , C could maintain the connection between Aand B, yet insert data into the communication channel.

- ARP Poisoning: not just a LAN issue

- These attacks are not limited to hosts on a single LAN. In fact, provided wehave LAN access to anynetwork on the path between A and B, these attacks arepossible.

- Examples:

- C

- |------------

- | |

- A B

- Here we merely poison A and R1.

- C

- |------------R1-----Internet----

- | |

- A B

- Poison B and R2

- C

- |------------R1-----Internet-----R2----R3---------|

- | |

- A B

- Poison R2 and R3

蓝速数据(58/年)秒杀服务器独立1核2G 1M

蓝速数据金秋上云季2G58/年怎么样?蓝速数据物理机拼团0元购劲爆?蓝速数据服务器秒杀爆产品好不好?蓝速数据是广州五联科技信息有限公司旗下品牌云计算平台、采用国内首选Zkeys公有云建设多种开通方式、具有IDC、ISP从业资格证IDC运营商新老用户值得信赖的商家。我司主要从事内地的枣庄、宿迁、深圳、绍兴、成都(市、县)。待开放地区:北京、广州、十堰、西安、镇江(市、县)。等地区数据中心业务,均KV...

RangCloud19.8元/月,香港cn2云主机,美国西雅图高防云主机28元/月起

rangcloud怎么样?rangcloud是去年年初开办的国人商家,RangCloud是一家以销售NAT起步,后续逐渐开始拓展到VPS及云主机业务,目前有中国香港、美国西雅图、韩国NAT、广州移动、江门移动、镇江BGP、山东联通、山东BGP等机房。目前,RangCloud提供香港CN2线路云服务器,电信走CN2、联通移动直连,云主机采用PCle固态硬盘,19.8元/月起,支持建站使用;美国高防云...

美得云(15元/月)美国cera 2核4G 15元/月 香港1核 1G 3M独享

美得云怎么样?美得云好不好?美得云是第一次来推广软文,老板人脾气特别好,能感觉出来会用心对待用户。美得云这次为大家提供了几款性价比十分高的产品,美国cera 2核4G 15元/月 香港1核 1G 3M独享 15元/月,并且还提供了免费空间给大家使用。嘻嘻 我也打算去白嫖一个空间了。新用户注册福利-8折优惠码:H2dmBKbF 截止2021.10.1结束。KVM架构,99.99%高可用性,依托BGP...

国外ip为你推荐
小学生fastreport2学生微信5FDCphp孩子appleiphonewifi苹果手机怎样设置Wi-Fi静态IP?联通版iphone4s苹果4s怎么分移动版联通版电信版?win7关闭135端口win7系统 怎么关闭135 445 端口 修改注册表 创建IP安全策略 也试过 就是关不了 还望高手指教firefoxflash插件火狐安装不了FLASH为什么?下载完后明明安装完成,火狐却仍然提示“缺少插件”ipad无法加入网络我的IPAD无法加入网络杀毒软件免费下载2013排行榜免费杀毒软件最好的是那个?在那下载
便宜域名 nerd 外国空间 evssl 国外网站代理服务器 铁通流量查询 天互数据 什么是刀片服务器 服务器硬件防火墙 新睿云 starry 国内域名 wordpress中文主题 镇江高防 江苏双线 北京主机托管 香港ip websitepanel asp介绍 文件传输 更多