CS计算机代考程序代写 dns cache assembly Hive Beehive

Beehive

Network security

, CSE 365 Fall 2021

mailto:

Outline

● Internet in a nutshell and the OSI model
– Ethernet, ARP, IP, TCP, BGP, etc.

● Attacks in different layers
– Off-path vs. in/on-path

● Firewalls and NIDSs
● VPNs
● Port scanning, SYN floods

Some comments

● Bits matter
● Self reliance

– Linux machine with root
● RTFTB doesn’t apply in this class, so really it’s

RTFSC and RTFM
● These slides have a lot of info, consider it to be

an overview and then use the homework as a
focal point

Internet in a nutshell…

You want to connect two machines…

● Machines = desktops, laptops, mobile devices,
routers, embedded devices, …

A “hop”

sulu kirk

A “hop”

sulu kirk

Ethernet

A “subnet”

sulu kirk

chekov

A “subnet”

sulu kirk

chekov

ARP = Address Resolution Protocol

A network with routers

kirk

bones

spock

uhura

scotty

sulu

chekov

More terminology

● IP = Internet protocol
● Forwarding, or “routing”

– How packets get across the network
● Interface

– WiFi, cellular, …
● Path (or “route”), reverse path

IP address

● IPv4 is 32-bits, broken into 4 bytes
– 192.168.7.8
– 64.106.46.20
– 8.8.8.8

● IPv6 is 128 bits
– 2001:0db8:85a3:0000:0000:8a2e:0370:7334

CIDR

● Classless Inter-
Domain Routing

● /27 has a net
mask of
255.255.255.224

From Wikipedia

A connection

● For now, just know TCP, UDP, and ICMP
– Stream sockets vs. datagrams

● TCP and UDP have “ports”
– Port helps identify a process for incoming packets
– Open port == “listening”

● Three-way handshake

Process?

Kernel

Process 1 Process 3Process 2

Separated by virtual memory, access system resources via system calls.

Hardware

Almost there…

● DNS for resolving hostnames to IPs
– breakpointingbad.com becomes 149.28.240.117

● BGP to scale to the size of the Internet
– Path vector protocol

● HTTP as another example of an application
layer protocol

Internet in Ecuador…

OSI model

● 1. Physical
● 2. Link
● 3. Network
● 4. Transport
● 5. Session
● 6. Presentation
● 7. Application

Attacks in different layers

Physical and link

● “Network adjacent”
● Can sniff (promiscuous mode)
● Can spoof

– ARP cache poisoning
– Goal is often to pretend to be the gateway

IP and transport layer

● Can spoof
● Can hijack

BGP or DNS

● Can spoof anything that doesn’t have crypto
● DNS cache poisoning
● BGP prefix attacks

Firewalls and NIDSs

● Basic idea is to sit in between two machines
and apply some policy

● Firewall… “no packets enter my network with
destination port 25”

● NIDS: Network Intrusion Detection System….
“Don’t allow TCP connections to send
‘%u9090%u6858%ucbd3%u7801%u9090%u68
58%ucbd3’”

https://citizenlab.ca/2015/04/chinas-great-cannon/