3 - Network- & Transport-Layer Security (Scanning) Flashcards
What are the tasks of the Network Layer?
- Forwarding packets from the sender to the intended receiver(s)
- Addressing (IP)
- Routing
What are the tasks of the Transport Layer?
- End-to-end communication services (Reliability, Flow Control, Congestion Control, …)
- Connection-less and connection-oriented communication
- Port Multiplexing
Explain IP.
32-bit address used to identify a host in a network.
Explain ARP.
Address Resolution Protocol converts and IP address to a MAC address to communicate in a local network.
Explain ICMP.
Internet Control Message Protocol is used to communicate network-level information, such as error reporting, network status, ping, etc…
Differentiate TCP and UDP.
Transmission Control Protocol offers reliable conection-oriented data transfer.
User Datagram Protocol offers unreliable conection-less data transfer.
How to perform scanning of a local network?
Using ping or nmap.
How does nmap works?
Nmap tries to connect to ports for each target IP address. It resets the connection before the OS report the failed connection setup to the server.
What is the general rule for mitigation of scanning?
General rule: never respond to echo protocols (such as ping).
What is port knocking? Explain.
Port knocking is a mitigation technique for scanning. It consists of the client sending a secret sequence to the server to open a port and accept one incoming connection. The secret can be enconded in port sequence, packet payload or inter-arrival time of packets (not practical).
How is port knocking implemented and why is it dangerous?
It is usually implemented as a application-layer daemon and it poses a risk because creates a single point of failure (in the case of the daemon crashing, the whole server is unreachable).
