The Five-Layer TCP/IP Model: Description/Attacks/Defense

From Computing and Software Wiki

(Difference between revisions)
Jump to: navigation, search

Revision as of 00:00, 23 March 2008

What each layer does, what attacks can happen, and how to defend it:

- Application/Presentation: the final interface of a software, ex: the login page of a website, that checks user names against IPs and lets the user in the system

attack: sql injection. write a sql script that gives back the whole table of all IDs and Passwords

defense:


2. forget about ip address at the application layer presentation layer is nothing, since it is presentation but for application

attack: sql injections (sql injection is the MOST used attack) that checks user names against IPs


defense: defense to sql injection is snort signatures that recognize them


- Transport: transports packets to the correct protocol

attack: pirate gets all the ports that a server uses

defense: make a table of how frequently each specific IP asks for ports and


- Network:

IP: routed

IPX: not routed


attack: spoofing IPs:

1. fire wall

2. internal


denial of service:

1. IP routing defined

2.not defined: declare fake IPs, send Zillions, ttl


defense:


- Data link: Drive data to correct protocols


attack: it is the easiest, & can only be done on local network

1. APR poisoning


2.Switch's routing table looks like this:

      mcaddress              ip
   ..blah...blah..        ..192.168....
   ....blah blah..        ....192.168.1..
  

the pirate will fill the routing table with mc IDs saying you are all of them. (is is called spoofing)


defense:

1. read only routing table: preferred method

2.


- Physical: mcaddress

attack: some one can physically take away your network card or unplug your internet cable.

defense: Don't let people touch your computer :) it gets more complicated with wireless technologies

Personal tools