Network stack (dode) - attack patterns on each layer & how to defend it
From Computing and Software Wiki
(m) |
|||
| Line 1: | Line 1: | ||
| + | What each layer does: | ||
- Application/Presentation | - Application/Presentation | ||
| Line 7: | Line 8: | ||
- Network: | - Network: | ||
| + | |||
IP: routed | IP: routed | ||
| Line 17: | Line 19: | ||
- Physical: mcaddress | - Physical: mcaddress | ||
| + | |||
| + | |||
| + | |||
| + | ---- | ||
| + | |||
| + | |||
| + | Examples of Attacks on each layer: | ||
| + | |||
| + | '''- Application/Presentation:''' | ||
| + | |||
| + | |||
| + | '''- Session''' | ||
| + | |||
| + | |||
| + | '''- Transport''' | ||
| + | |||
| + | |||
| + | '''- Network:''' | ||
| + | |||
| + | |||
| + | spoofing: | ||
| + | |||
| + | 1. fire wall | ||
| + | |||
| + | 2. internal | ||
| + | |||
| + | |||
| + | denial of service: | ||
| + | |||
| + | 1. IP routing defined | ||
| + | |||
| + | 2.not defined: declare fake IPs, send Zillions, ttl | ||
| + | |||
| + | |||
| + | '''- Data link:''' | ||
| + | it is the easiest, & can only be done on local network | ||
| + | |||
| + | Switch's routing table looks like this: | ||
| + | mcaddress ip | ||
| + | ..blah...blah.. ..192.168.... | ||
| + | ....blah blah.. ....192.168.1.. | ||
| + | |||
| + | the pirate will fill the routing table with mc IDs saying you are all of them. (is is called spoofing) | ||
| + | |||
| + | |||
| + | '''- Physical''' : some one can physically take away your network card or unplug your internet cable. | ||
| + | |||
| + | |||
| + | ---- | ||
| + | |||
| + | |||
| + | How to defend each attack on each layer: | ||
| + | |||
| + | |||
| + | - Application/Presentation | ||
| + | |||
| + | |||
| + | - Session | ||
| + | |||
| + | |||
| + | - Transport | ||
| + | |||
| + | |||
| + | - Network | ||
| + | |||
| + | |||
| + | - Data link: | ||
| + | |||
| + | 1. read only routing table: preferred method | ||
| + | |||
| + | 2. | ||
| + | |||
| + | |||
| + | - Physical : Don't let people touch your computer :) it gets more complicated with wireless technologies | ||
Revision as of 19:20, 22 March 2008
What each layer does:
- Application/Presentation
- Transport: transports packets to the correct protocol
- Network:
IP: routed
IPX: not routed
- Data link: Drive data to correct protocols
- Physical: mcaddress
Examples of Attacks on each layer:
- Application/Presentation:
- Session
- Transport
- Network:
spoofing:
1. fire wall
2. internal
denial of service:
1. IP routing defined
2.not defined: declare fake IPs, send Zillions, ttl
- Data link:
it is the easiest, & can only be done on local network
Switch's routing table looks like this:
mcaddress ip ..blah...blah.. ..192.168.... ....blah blah.. ....192.168.1..
the pirate will fill the routing table with mc IDs saying you are all of them. (is is called spoofing)
- Physical : some one can physically take away your network card or unplug your internet cable.
How to defend each attack on each layer:
- Application/Presentation
- Session
- Transport
- Network
- Data link:
1. read only routing table: preferred method
2.
- Physical : Don't let people touch your computer :) it gets more complicated with wireless technologies
