Network stack (dode) - attack patterns on each layer & how to defend it
From Computing and Software Wiki
Line 1: | Line 1: | ||
What each layer does: | What each layer does: | ||
- | - Application/Presentation | + | '''- Application/Presentation''': the final interface of a software, ex: the login page of a website, that checks user names against IPs and lets the user in the system |
+ | attack: | ||
+ | write a sql script that gives back the whole table of all IDs and Passwords | ||
- | + | defense: | |
- | |||
- | + | '''- Transport''': transports packets to the correct protocol | |
- | |||
+ | attack: | ||
+ | pirate gets all the ports that a server uses | ||
- | + | defense: | |
+ | make a table of how frequently each specific IP asks for ports and | ||
- | - | + | '''- Network:''' |
+ | IP: routed | ||
- | + | IPX: not routed | |
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
+ | attack: | ||
spoofing IPs: | spoofing IPs: | ||
Line 52: | Line 42: | ||
2.not defined: declare fake IPs, send Zillions, ttl | 2.not defined: declare fake IPs, send Zillions, ttl | ||
+ | defense: | ||
+ | |||
+ | |||
+ | |||
+ | '''- Data link''': Drive data to correct protocols | ||
+ | |||
+ | attack: | ||
- | |||
it is the easiest, & can only be done on local network | it is the easiest, & can only be done on local network | ||
Line 63: | Line 59: | ||
the pirate will fill the routing table with mc IDs saying you are all of them. (is is called spoofing) | the pirate will fill the routing table with mc IDs saying you are all of them. (is is called spoofing) | ||
+ | defense: | ||
+ | 1. read only routing table: preferred method | ||
- | + | 2. | |
- | - | + | '''- Physical:''' mcaddress |
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||
+ | attack: | ||
+ | some one can physically take away your network card or unplug your internet cable. | ||
- | + | defense: | |
+ | Don't let people touch your computer :) it gets more complicated with wireless technologies |
Revision as of 19:41, 22 March 2008
What each layer does:
- Application/Presentation: the final interface of a software, ex: the login page of a website, that checks user names against IPs and lets the user in the system
attack: write a sql script that gives back the whole table of all IDs and Passwords
defense:
- Transport: transports packets to the correct protocol
attack:
pirate gets all the ports that a server uses
defense: make a table of how frequently each specific IP asks for ports and
- Network:
IP: routed
IPX: not routed
attack:
spoofing IPs:
1. fire wall
2. internal
denial of service:
1. IP routing defined
2.not defined: declare fake IPs, send Zillions, ttl
defense:
- Data link: Drive data to correct protocols
attack:
it is the easiest, & can only be done on local network
Switch's routing table looks like this:
mcaddress ip ..blah...blah.. ..192.168.... ....blah blah.. ....192.168.1..
the pirate will fill the routing table with mc IDs saying you are all of them. (is is called spoofing)
defense: 1. read only routing table: preferred method
2.
- Physical: mcaddress
attack: some one can physically take away your network card or unplug your internet cable.
defense: Don't let people touch your computer :) it gets more complicated with wireless technologies