The Five-Layer TCP/IP Model: Description/Attacks/Defense
From Computing and Software Wiki
Revision as of 00:01, 23 March 2008
What each layer does, what attacks can happen, and how to defend it:
- Application/Presentation: the final interface of a software, ex: the login page of a website, that checks user names against IPs and lets the user in the system
attack: sql injection. write a sql script that gives back the whole table of all IDs and Passwords
defense:
2. forget about ip address at the application layer presentation layer is nothing, since it is presentation but for application
attack: sql injections (sql injection is the MOST used attack) that checks user names against IPs
defense:
defense to sql injection is snort signatures that recognize them
- Transport: transports packets to the correct protocol
attack: pirate gets all the ports that a server uses
defense: make a table of how frequently each specific IP asks for ports and
- Network:
IP: routed
IPX: not routed
attack:
spoofing IPs:
1. fire wall
2. internal
denial of service:
1. IP routing defined
2.not defined: declare fake IPs, send Zillions, ttl
defense:
- Data link: Drive data to correct protocols
attack: it is the easiest, & can only be done on local network
1. APR poisoning
2.Switch's routing table looks like this:
mcaddress ip ..blah...blah.. ..192.168.... ....blah blah.. ....192.168.1..
the pirate will fill the routing table with mc IDs saying you are all of them. (is is called spoofing)
defense:
1. read only routing table: preferred method
2.
- Physical: mcaddress
attack: some one can physically take away your network card or unplug your internet cable.
defense: Don't let people touch your computer :) it gets more complicated with wireless technologies