D15 Sicurezza Reti Parte I

7/29/2019 D15 Sicurezza Reti Parte I

1/25

ComputerNetworks


2/25

Circuitand

Packet

Switching

Circuitswitching

Legacyphone

network

Singleroutethrough

sequenceofhardware

devicesestablished

when

twonodesstart

communication

Datasent

along

route

Routemaintaineduntil

communicationends

Packetswitching

Internet

Datasplitintopackets

Packetstransported

independentlythrough

network

Eachpackethandledona

bestefforts

basis

Packetsmayfollow

differentroutes


3/25

PacketSwitching

A

C

B

D

F

D

3 2 1


4/25

PacketSwitching

A

C

B

D

F

D

3 2

1


5/25

PacketSwitching

A

C

B

D

F

D

3

21


6/25

PacketSwitching

A

C

B

D

F

D

321


7/25

Protocols

Aprotocoldefinestherulesforcommunicationbetweencomputers

Protocolsarebroadlyclassifiedasconnectionlessandconnectionoriented

Connectionlessprotocol

Sendsdata

out

as

soon

as

there

is

enough

data

to

be

transmitted

E.g.,userdatagramprotocol(UDP)

Connectionorientedprotocol Providesareliableconnectionstreambetweentwonodes

Consistsof

set

up,

transmission,

and

tear

down

phases

Createsvirtualcircuitswitchednetwork

E.g.,transmissioncontrolprotocol(TCP)


8/25

Encapsulation

Apackettypicallyconsistsof

Controlinformationforaddressingthepacket:headerandfooter

Data:payload

AnetworkprotocolN1canusetheservicesofanother

networkprotocolN2

A

packet

p1

of

N1

is

encapsulated

into

a

packet

p2

of

N2

Thepayloadofp2isp1

Thecontrolinformationofp2isderivedfromthatofp1

Header

Payload

FooterHeader Payload Footer


9/25

NetworkLayers

Networkmodelstypicallyuseastackoflayers

Higherlayers

use

the

services

of

lower

layers

via

encapsulation

Alayercanbeimplementedinhardwareorsoftware

Thebottommost

layer

must

be

in

hardware

Anetworkdevicemayimplementseverallayers

Acommunicationchannelbetweentwonodesis

establishedfor

each

layer

Actualchannelatthebottomlayer

Virtualchannelathigherlayers


10/25

InternetLayers

Application

Transport

Network

Link

Application

Transport

Network

Link

Network

Link

Network

Link

EthernetFiber

OpticsWi-Fi

Physical Layer


11/25

IntermediateLayers

Linklayer

Localareanetwork:Ethernet,WiFi,opticalfiber

48bit

media

access

control

(MAC)

addresses

Packetscalledframes

Networklayer

Internetwidecommunication

Bestefforts

32bitinternetprotocol(IP)addressesinIPv4

128bitIPaddressesinIPv6

Transportlayer

16bitaddresses(ports)forclassesofapplications

Connectionorientedtransmissionlayerprotocol(TCP)

Connectionlessuserdatagramprotocol(UDP)


12/25

InternetPacket

Encapsulation

ApplicationPacket

TCP DataTCP

Header

IPHeader

FrameHeader

FrameFooter Link Layer

Network Layer

Transport Layer

IP Data

Frame Data

Application Layer


13/25

InternetPacket

Encapsulation

Datalinkframe

IPpacket

TCPorUDPpacket

Applicationpacket

Datalink

header

IP

header

TCP

orUDP

header

App

lication

packet

Datalink

footer


14/25

TheOSI

Model

TheOSI(OpenSystem

Interconnect)

Reference

Modelisanetwork

modelconsistingof

sevenlayers

Createdin

1983,

OSI

is

promotedbythe

InternationalStandard

Organization(ISO)


15/25

NetworkInterfaces

Networkinterface:deviceconnectingacomputertoa

network Ethernetcard

WiFiadapter

Acomputermayhavemultiplenetworkinterfaces

Packetstransmitted

between

network

interfaces

Mostlocalareanetworks,(includingEthernetandWiFi)

broadcastframes

Inregularmode,eachnetworkinterfacegetstheframes

intendedfor

it

Trafficsniffingcanbeaccomplishedbyconfiguringthe

networkinterfacetoreadallframes(promiscuousmode)


16/25

MACAddresses

MostnetworkinterfacescomewithapredefinedMACaddress

AMACaddressisa48bitnumberusuallyrepresentedinhex

E.g.,001A92D4BF86

ThefirstthreeoctetsofanyMACaddressareIEEEassignedOrganizationallyUniqueIdentifiers

E.g.,Cisco001AA1,DLink001B11,ASUSTek001A92

Thenextthreecanbeassignedbyorganizationsastheyplease,withuniquenessbeingtheonlyconstraint

OrganizationscanutilizeMACaddressestoidentifycomputersontheirnetwork

MACaddresscanbereconfiguredbynetworkinterfacedriversoftware


17/25

Switch

Aswitchisacommon

network

device

Operatesatthelinklayer

Hasmultipleports,each

connectedtoacomputer

Operationof

aswitch

LearntheMACaddressof

eachcomputerconnectedtoit

Forwardframes

only

to

the

destinationcomputer


18/25

CombiningSwitches

Switchescanbearranged

intoatree

EachportlearnstheMAC

addressesofthemachines

inthesegment(subtree)

connected

to

it

Fragmentstounknown

MACaddressesare

broadcast

Framesto

MAC

addresses

inthesamesegmentasthe

senderareignored


19/25

MACAddress

Filtering

AswitchcanbeconfiguredtoprovideserviceonlytomachineswithspecificMACaddresses

AllowedMACaddressesneedtoberegisteredwithanetworkadministrator

AMACspoofingattackimpersonatesanothermachine

Findout

MAC

address

of

target

machine

ReconfigureMACaddressofroguemachine

Turnofforunplugtargetmachine

Countermeasures Block

port

of

switch

when

machine

is

turned

off

or

unplugged

DisableduplicateMACaddresses


20/25

Viewingand

Changing

MAC

Addresses

ViewingtheMACaddressesoftheinterfacesofamachine Linux: ifconfig

Windows:ipconfig

/all

ChangingaMACaddressinLinux Stopthenetworkingservice:/etc/init.d/networkstop

ChangetheMACaddress:ifconfigeth0hwether

Startthe

networking

service:

/etc/init.d/network

start

ChangingaMACaddressinWindows OpentheNetworkConnectionsapplet

Accessthepropertiesforthenetworkinterface

ClickConfigure

Intheadvancedtab,change thenetworkaddresstothedesiredvalue

ChangingaMACaddressrequiresadministratorprivileges


21/25

ARP Theaddressresolutionprotocol(ARP)connectsthenetworklayertothedata

layerbyconvertingIPaddressestoMACaddresses

ARPworksbybroadcastingrequestsandcachingresponsesforfutureuse

Theprotocol

begins

with

acomputer

broadcasting

amessage

of

the

form

whohastell

WhenthemachinewithoranARPserverreceivesthismessage,itsbroadcaststheresponse

is

TherequestorsIPaddress iscontainedinthelinkheader

TheLinuxandWindowscommandarp adisplaystheARPtableInternet Address Physical Address Type

128.148.31.1 00-00-0c-07-ac-00 dynamic

128.148.31.15 00-0c-76-b2-d7-1d dynamic

128.148.31.71 00-0c-76-b2-d0-d2 dynamic

128.148.31.75 00-0c-76-b2-d7-1d dynamic

128.148.31.102 00-22-0c-a3-e4-00 dynamic

128.148.31.137 00-1d-92-b6-f1-a9 dynamic


22/25

ARPSpoofing

TheARPtableisupdatedwheneveranARP

responseis

received

Requestsarenottracked

ARP

announcements

are

not

authenticated

Machinestrusteachother

Aroguemachinecanspoofothermachines


23/25

ARPPoisoning

(ARP

Spoofing)

Accordingtothestandard,almostallARP

implementationsare

stateless

Anarpcacheupdateseverytimethatitreceivesan

arpreplyevenifitdidnotsendanyarprequest!

Itis

possible

to

poison

an

arp

cache

by

sending

gratuitousarpreplies

Usingstaticentriessolvestheproblembutitis

almostimpossible

to

manage!


24/25

ARPCaches

IP: 192.168.1.1MAC: 00:11:22:33:44:01

IP: 192.168.1.105MAC: 00:11:22:33:44:02

ARPCache192.168.1.105 00:11:22:33:44:02

ARPCache192.168.1.1 00:11:22:33:44:01

Data

192.168.1.1isat00:11:22:33:44:01192.168.1.105

is

at

00:11:22:33:44:02


25/25

PoisonedARP

Caches

192.168.1.105isat00:11:22:33:44:03

PoisonedARPCache192.168.1.1 00:11:22:33:44:03

PoisonedARPCache192.168.1.105 00:11:22:33:44:03

Data Data

192.168.1.1isat00:11:22:33:44:03

192.168.1.100:11:22:33:44:01

192.168.1.10500:11:22:33:44:02

192.168.1.10600:11:22:33:44:03

D15 Sicurezza Reti Parte I

Documents

Transcript of D15 Sicurezza Reti Parte I