2. Network security: ARP, TCP/IP and its vulnerabilities Flashcards
What does ARP stand for?
Address Resolution Protocol
What does ARP do?
Maps IP addresses to MAC addresses
How does ARP work?
ARP broadcasts ‘who has IP C’. Machine C responds ‘IP C is at MAC C’. Machine A caches response.
What layer does ARP operate at?
Link layer
How does an ARP cache poisoning work?
Eve sends ARP response to Alice and Bob (gateway) with Eve’s MAC, thus all traffic between Alice and Bob routes through Eve
What are static ARP tables?
Network admin sets up ARP cache manually, inconvenient when new device joins but mitigates ARP cache poisoning
How many bits are ports?
16
Which ports are reserved?
0-1023
Which ports are user ports?
1024-49151
Which port does HTTPS use?
443
Which port does SSH use?
22
Which port does SMTP use?
25
Which port does FTP use?
21
Which port does HTTP use?
80
How is a TCP connection established?
Three-way handshake
- Client sends SYN packet
- Server responds with SYN/ACK packet
- Client responds with ACK packet
How is a TCP connection terminated
4-way handshake
- Client sends FIN
- Other client responds ACK
- Other client sends FIN
- Client sends ACK
How is the order of packets in TCP insured?
Each packet has a sequence number
How is deliver of packets in TCP insured?
Client sends an ACK for each each packet (absent -> resend)
How is the contents of a TCP packet insured?
Data is compared to checksum encoded in packet
What is SYN flooding?
Eve sends SYN packet to Alice without acknowledging response, Alice can’t handle all the SYN packets
What are the problems with SYN flooding?
Attribution - Attackers IP can be traced
Bandwidth - Limited by attackers bandwidth
How does a smurfing attack work?
Send a ping with a forged source to a smurf amplifier who swamps the target with replies
