程序代写代做代考 python DHCP cache dns CSE 523S:

CSE 523S:
Systems Security

Computer & Network
Systems Security

Spring 2018
Jon Shidal

Plan for Today
• Announcements

– You should have completed the Python tutorial
– Get started on HW2… There is an account

creation step that requires operator approval.
Don’t wait until the last minute, the operator
may not be available…

• Security News? Questions?

• Assignment

• System Design & Security
– [x] Why are our computer systems vulnerable?
– Why are our networks vulnerable?

Assignment

• Wednesday
– HTAOE: Ch. 2 81-114

• Monday
– HW2 due
– HTAOE: Ch. 4 195-223

WHY ARE OUR NETWORKS
VULNERABLE?

Networks are Vulnerable
• IP has an any-to-any communications model

– Within IP you cannot control who sends you a packet

• Networks have weak authentication
– When a packet arrives, you trust the source address

• Binding between layers and between names &
addresses are based on trust
– Insecure services map between network layers (eg, IP to

Ethernet), and names to addresses

• Secure the “channel” only
– You really want to secure the data and its source, not an

address

Understanding Networks

Wash U Network

In
te

rn
et

MAC:
IP:

00:1f:16:37:34:6e

192.168.1.6
MAC:

IP:
00:14:6c:ff:55:4e

192.168.1.1

MAC:
IP:

?
?

Python!
>>> import urllib2 as u2
>>> f = u2.urlopen(“http://xkcd.com”)
>>> f.read()

Console

User

Kernel

IP

Ethernet

TCP/UDP

What do we need to know to answer these
questions:

How does the request find its way to the
server?

How does the reply find its way back to the
client?

Once at the client, how does the reply find
its way back to the app?

Internet

Packets are bit strings

If we knew the format rules we understand this
packet to be… we’ll decode it in a later slide

ffffffffffff001f
1637346e08060001
080006040001001f
1637346ec0a80106
000000000000c0a8
0101000000000000
0000000000000000
00000000

char pkt[] =
“\xff\xff\xff\xff\xff\x
ff\x00\x1f\x16\x37\x34\
x6e\x08\x06\x00\x01\x08
\x00\x06\x04\x00\x01\x0
0\x1f\x16\x37\x34\x6e\x
c0\xa8\x01\x06\x00\x00\
x00\x00\x00\x00\xc0\xa8
\x01\x01\x00\x00\x00\x0
0\x00\x00\x00\x00\x00\x
00\x00\x00\x00\x00\x00\
x00\x00\x00”;

Network Layering
• Network protocols are layered; they have well-defined interfaces and

separation of concerns

• Typical Internet layering
– Application
– TCP
– IP
– Ethernet
– Physical link: wired or wifi

• Network packets encapsulate one protocol inside another
– (Ethernet (IP (TCP ( Application ) ) ) )

• Applications typically use the “sockets” interface, and specify TCP or UDP
– All lower-level details are the concern of the OS and underlying infrastructure

• Our concern is with TCP/IP and Ethernet

Ethernet
• Is the dominant wired-LAN technology

• Much to learn about its history, in your spare time
– Used to be proprietary, now an IEEE standard
– Used to be shared medium, now is switched
– Always gets faster: 1M, 10M, 100M, 1G, 10G, …
– Is rapidly becoming the only wired protocol that matters (LAN,

campus, metro, …)

• Ethernet features
– Variable length packets
– Point-to-point communication between machines with MAC

addresses
– Broadcast: send packet to all nodes on local network
– Virtual LANs (VLANs): limit broadcast domains to a VLAN
– Uses “type” field to help receiver know what to do next

Ethernet II Frame Format

0 1 2 3 4 5 6 7

Preamble (pattern 10101010 repeated 7 times) SFD10101011

Destination MAC address Source MAC address

Source MAC address, continued VLAN tag (opt)

Type

32-bit CRC Interframe gap

Interframe gap, continued

42-1500 payload octets

Byte
Offset

0

8

16

24

68 to
1526

72 to
1532

Ethernet II Illustrated Frame

ffffffffffff001f
1637346e08060001
080006040001001f
1637346ec0a80106
000000000000c0a8
0101000000000000
0000000000000000
00000000

Destination MAC
Source MAC
Type

payload

Padding to 60
bytes

Internet Protocol, IP
• IP allows distinct networks to be connected

• From 30,000 feet
– Each network is assigned an IP address range

• WU: 128.252.0.0 – 128.252.255.255 (128.252.0.0/16)
– A dynamic, globally distributed protocol is used to create

routes between address ranges
– A dynamic, globally distributed service is used to map

domain names to IP addresses
– IP supports multiple protocols for communications: UDP,

TCP, ICMP, …

• Two aspects of IP to understand
– Node model
– Packet format

Internet

IP Nodes and Routes

128.252.0.0/16

74.125.0.0/16

72.26.192.0/19
hosted by voxel.net

Note: In reality,
Google is its own
“cloud”, with many
connections

Internet

IP Nodes and Routes

128.252.0.0/16

74.125.0.0/16

72.26.192.0/19
hosted by voxel.net

1 2

3
4

Matching
Prefix

Link

128.252/16 1

72.26.192/19 2

74.125/16 3

Note: In reality,
Google is its own
“cloud”, with many
connections

IP Packet Format

0 1 2 3 4 5 6 7 8 9
1
0

1
1

1
2

1
3

1
4

1
5

1
6

1
7

1
8

1
9

2
0

2
1

2
2

2
3

2
4

2
5

2
6

2
7

2
8

2
9

3
0

3
1

Version HeaderLength DiffServ
ECN Total Datagram Length (bytes)

Identification Flags Fragment Offset

Time to live Protocol Header checksum

Source IP address

Destination IP address

0 to 10 IP option words

0 to 16384 data words

Bit
Offset

0

32

64

96

128

160

160 to
480

UDP & TCP
• Two primary protocols for applications

– UDP: unreliable datagrams
– TCP: reliable, in-order byte streams

• “Ports” are used to demultiplex to apps on hosts
– Example in a few slides

User Datagram Protocol, UDP

• Connection-less communications
– Messages are sent, no in-protocol means for

reliability

• Not reliable
– May not arrive
– May arrive out of order
– May be duplicated

• No support for managing congestion

UDP Packet Format

0 1 2 3 4 5 6 7 8 9
1
0

1
1

1
2

1
3

1
4

1
5

1
6

1
7

1
8

1
9

2
0

2
1

2
2

2
3

2
4

2
5

2
6

2
7

2
8

2
9

3
0

3
1

Destination port number

Length

Bit
Offset

0

32

64

Source port number (opt)

Datagram checksum (opt)

0 to 16376 data words

Transport Control Protocol, TCP
• Connection-oriented

– 3-way handshake used between communicating end
hosts

• SYN, SYN-ACK, ACK

• Reliable, ordered delivery of byte streams
– All will arrive
– Will arrive in order
– Will not be duplicated

• Includes provision for “congestion control” so that
sender-receiver pairs scale up/down their data rates
in response to (un)dropped packets.

Sender Receiver
SYN

ACK

SYN-ACK

TCP Packet Format

0 1 2 3 4 5 6 7 8 9
1
0

1
1

1
2

1
3

1
4

1
5

1
6

1
7

1
8

1
9

2
0

2
1

2
2

2
3

2
4

2
5

2
6

2
7

2
8

2
9

3
0

3
1

Destination port number

Bit
Offset

0

32

64

Source port number

Options and data

Sequence number

Acknowledgement number

Data
offset Res

NS
C
W
R

E
C
E

U
R
G

A
C
K

P
S
H

R
S
T

S
Y
N

F
I
N

Window size (bytes)

Urgent pointerChecksum

96

128

160

Sockets
• Apps primarily use sockets API to connect

– Create a socket by specifying address family (AF_INET),
and type (SOCK_DGRAM or SOCK_STREAM)

– Connect it to an address and port
– Send and receive
– Library also includes helper functions

• Network byte ordering is distinct from host byte ordering
– Little-endian: least significant byte at lower address
– Big-endian: most significant byte at lower address
– X86: little-endian; network: big-endian
– Apps must convert to and from network byte order:
ntohl(), htonl()

Two Machines on an Ethernet LAN

MAC:
IP:

00:1f:16:37:34:6e

192.168.1.6
MAC:

IP:
00:14:6c:ff:55:4e

192.168.1.1

import socket as s
sock = s.socket(s.AF_INET,
s.SOCK_DGRAM)
sock.connect((“192.168.1.7”,7777))
sock.send(“Mr. Watson–come here\
–I want to see you.”)
sock.close()

Python Console

User

Kernel

IP

Ethernet

TCP/UDP

MAC:
IP:

00:1f:42:81:e4:a1

192.168.1.7

import socket as s
sock = s.socket(s.AF_INET,
s.SOCK_DGRAM)
sock.bind((”,7777))
while 1:
data, addr = sock.recvfrom(1024)
if not data: break
print “From “, addr, “: “, data
s.close()

Python Console

User

Kernel

IP

Ethernet

TCP/UDP

7777

Sender app:
sends UDP
packet to IP:port.

Recv app: listens
on UDP port

Sender OS:
Which MAC has
dest IP address?

How?

Address Resolution, ARP

• General protocol for mapping between protocol
layers

• In practice, a protocol for mapping IP addresses to
Ethernet MAC addresses
– Not part of TCP/IP per-se, but you won’t find a network

without it

• Two operations
– Request: Who has ? Tell
– Reply: is at

ARP Ethernet:IP Packet Format

0 1

HW Addr Len
(Eth is 6)

Proto Addr Len
(IP is 4)

Hardware type (Eth is 1) Protocol type (IP is 0x0800)

Operation (1 request, 2 reply)

Sender HW Address (SHA)

2 3

SHA, continued Sender Protocol Address (SPA)

SPA, continued Target HW Address (THA)

THA, continued

Target Protocol Address (TPA)

Byte
Offset

0

4

8

12

16

20

24

ARP Illustrated Packet

ffffffffffff001f
1637346e08060001
080006040001001f
1637346ec0a80106
000000000000c0a8
0101000000000000
0000000000000000
00000000

Destination MAC
Source MAC
Type

ARP packet

Padding to 60
bytes

Internet Names and Addresses
• The Domain Name System,

DNS, maps names to addresses
– Dynamic, globally distributed

system
– Uses port 53, UDP (infreq. TCP)

Wash U Network

In
te

rn
et

MAC:
IP:

00:1f:16:37:34:6e

192.168.1.6
MAC:

IP:
00:14:6c:ff:55:4e

192.168.1.1

Python!
>>> import urllib2 as u2
>>> f = u2.urlopen(“http://xkcd.com”)
>>> f.read()

Console

User

Kernel

IP

Ethernet

TCP/UDP

DNS
Resolver

Cache

Try local DNS lookup

Else, try Wash U DNS lookup

Else, try ISP’s DNS lookup

1

2

3

1

2

3

Other questions to answer

• How do we get a MAC address?
– Pre-configured or set it yourself

• How do we get an IP address?
– Static allocation or via DHCP

• How do we get to the Internet from within LAN?
– Default gateway. How do we find it?

Understanding Networks

Wash U Network

In
te

rn
et

MAC:
IP:

00:1f:16:37:34:6e

192.168.1.6
MAC:

IP:
00:14:6c:ff:55:4e

192.168.1.1

MAC:
IP:

?
?

How does the request find its way to
the server?

How does the reply find its way back
to the client?

Once at the client, how does the
reply find its way back to the app?

Python!
>>> import urllib2 as u2
>>> f = u2.urlopen(“http://xkcd.com”)
>>> f.read()

Console

User

Kernel

IP

Ethernet

TCP/UDP

DNS
Resolver

Cache

Issues we will revisit

• Where do protocols assume trust?
– Are addresses valid?
– Are gateways valid?
– Are name:address bindings valid?

• What can someone else observe?

Helpful Tools

• On your machine
– wireshark to log and inspect packets
– host, dig and nslookup to map names to addresses

• On the Internet
– ARIN’s service to name:address mappings and

prefix owners
• https://www.arin.net/

Assignment

• Wednesday
– HTAOE: Ch. 2 81-114

• Monday
– hw2 due
– HTAOE: Ch. 4 195-223