Umu logo Umeå universitet
Teknisk-naturvetenskaplig fakultet
Institutionen för datavetenskap



TCPIP Overview from a Security Perspective

IP: remember: anybody with the right software can send an arbitrary IP packet

IP spoofing: sending fake IP packets with intention to fool the reciever into beliving that you may access this service

TCP: handshakes and sequence numbers make it hard, but still possible to spoof. This is known as a sequence number attack. Vulnerable: r-services

UDP: no handshakes and no sequence numbers make it easy to spoof. An application should not trust a UDP packet just because of it's source address (like NFS & DNS)

ICMP: ICMP messages such as "port unreachable" are often related to a single connection and therefore include original IP header and 64 bits of transport header. However, older versions of TCP/IP don't work that way

ICMP: "ICMP redirect" messages can be used to take over a route to a server or client, which is a Bad Thing.
At least ICMP messages are not routed.

IP Routing

DNS

SMTP and sendmail software... brrr...

Telnet: password entering means open for eavesdropping and trojan horses

Syslog: many impementaions suffer from fixed-buffer problems. Have been exploited

NTP: can be spoofed to set a system's clock. This can in turn be used for replay attacks

RPC

NIS

NFS

AFS: kerberos-based, considered secure

TFTP: UDP, no passwords, should never run unrestricted, but still it does at many sites...

FSP: Sneaky File Tranfser Protocol -- known as a hacker tool

X11


Senast ändrad 1996-05-10 av Jonas Engström (jonas@cs.umu.se)