Issues |
Sub |
Problems/Possible Attacks |
Defenses/Countermeasures |
TCP Sequence
Number Prediction |
1. Makes “r” possibly execute malicious commands2. Generates queue overflows so that trusted client lost messages (DoS)3. Further session hijacking attack |
1. A cryptographic hash function to create a separate sequence number space for each “connection”, a connection being defined per RFC791 as the unique 4-tuple <localhost, localport, remotehost, remoteport>.2. Random ISN generation à negative effects on the correctness of TCP in the presence of duplicate packets, the sum of a sequence
of random increments will have a normal distribution, which implies that the actual range
of the ISNs is quite small with Central limit theorem (CERT CA-2001-09) |
Routing Issues |
Source
Routing |
1. Addr-based authentication |
1. Configure routers to reject external packets2. Use firewall,3. Reject src-routed packets at border routers |
RIP Attack |
1. No authentication allows an intruder to send bogus routing info, whose entries are visible widely2. AS 7007 attack3. Spammers hijack route, inject spam, and then withdraw the route. |
1. Filter out packets with bogus source. (Network ingress filtering) |
EGP |
1. Impersonates a second E/G for AS2. Claims reachability for some network where the real GW is down. |
1. Reasonably secure due to restricted topologies, but now BGP |
ICMP |
1. ARP Spoofing |
1. Includes plausible sequence number2. ICMP redirect disabled |
“Authentication” Server |
|
1. Do not use it |
Applications |
Finger |
1. Displaying useful info. about users |
1. Firewall blocks the finger protocol |
Email(POP) |
|
1. Use encryption mode – SSL |
DNS |
1. DNS Sequence number attack2. Intercepts virtually all requests to translate names to IP addresses, and supply the address of a subverted machine instead3. DNS Zone transfer (AXFR): no authentication on the request |
1. DNSSec provides digitally signed resource records |
FTP |
1. FTP authentication in plaintext2. Anonymous FTP – bounce attack |
1. Cryptographic protection for FTP |
SNMP |
1. No authentication reveals MIB |
1. Use community string (simple plaintext pass)2. SNMPv3 defines user-based security model which provides cryptographic authentication |
Remote Booting |
1. RARP with TFTP2. BOOTP with TFTP3. Impersonate the server and send false DATA packets |
1. 4 byte random transaction id2. DHCP |
Trivial Attacks |
1. LAN vulnerable to eavesdropping (ARP poisoning, smurf attack)2. TFTP with no authentication3. Reserved Ports |
|