TCP/IP – Attacks Involving the Internet Architecture

Spoofing – malicious users attacks the system by altering the source IP address.

Denial of Service (DoS) – involve using so much important resources that legitimate users are denied service.

Distributed Denial of Service (DDoS) – uses many sending computers in clogging the network with so much traffic.

Unauthorized access – accessing information or resources in an unauthorized fashion. Examples are exploiting protocol implementations bugs, malware, botnets.

TCP/IP – Standardization Process

Several governing bodies are responsible for specifying and standardizing the various protocols and how they operate.

Internet Engineering Task Force (IETF) – they are responsible in developing, discussing and agreeing on standards for the Internet’s “core” protocols. They elect leadership groups called Internet Architecture Board (IAB) and Internet Engineering Steering Group (IESG)

Internet Architecture Board (IAB) – provide architectural guidance to activities in IETF and to perform a number of other tasks such as appointing liaisons to other standards-defining organizations (SDOs)

Internet Engineering Steering Group (IESG) – decision-making authority regarding the creation and approval of new standards, along with modifications to existing standards.

Internet Research Task Force (IRTF) – explores protocols, architectures and procedures that are not deemed mature enough for standardization.

Internet Society (ISOC) – help influence and promote worldwide policies and education regarding Internet technologies and usage

Request for Comments (RFC) – it is what official and published standards in the Internet community are called.

Categories of RFC

  • Standards-track – considered to be official standards
  • Best current practice (BCP)
  • Informational
  • Expiremental
  • Historic

RFCs’s range in size from a few pages to several hundred, each identified by a no. They are all available for free from a no. of websites such as www.rfc-editor.org

TCP/IP – Designing Applications

Network applications are typically structured according to a small no. of design patterns. The most common are

Client/Server

Server provides some type of service to clients such as access to files on the server host. Servers are categorized into 2 classes:

Iterative – server process client request one at a time.

Concurrent – server initiates another server instances to handle multiple client requests.

Peer-to-Peer

Applications are designed in a distributed fashion where each application acts both as a client and as a server or sometimes both.

Application Programming Interfaces (APIs)

It provides the desired network operations of an application.

TCP/IP – Internet, Intranets and Extranets

internet – means multiple networks connected together, using a common protocol suite.

Internet – collection of hosts around the world that can communicate with each other using TCP/IP

Intranet – a private network usually run by a business or other enterprise.

Extranets – consist of computers attached outside the serving enterprise’s firewall.

TCP/IP – The Architecture and Protocols of the TCP/IP suite

The ARPANET Reference Model (ARM)

The model adopted by TCP/IP suite and it has 5 layers.

Layer 2.5

The “unofficial” layer. Several protocols operate here but the most important is called the Address Resolution Protocol (ARP) which converts between the addresses used by the IP layer and the addresses used by the link layer.

Layer 3

The main network-layer protocol for the TCP/IP suite.

It utilizes a PDU called an IP datagram or simply a packet which is 64KB in size for IPv4 and 4GB for IPv6.

Each packet contain address of the layer 3 sender and recipient, which is called IP addresses and are 32-bits long for IPv4 and 128-bits long for IPv6. There are 3 types of IP addresses:

  1. unicast – destined for a single host
  2. broadcast – destined for all hosts
  3. multicast – destined for a set of hosts that belong to a multicast group

Layer 3.5

Network “unofficial” layer. Helps accomplish setup, management and security for the network layer. Some of the protocols here are the following.

Internet Control Message Protocol (ICMP) – used by the IP layer to exchange error messages and other vital information with the IP layer in another host or router. It also functions as address auto-configuration and neighbor discovery for IPv6 . Popular tools that utilizes ICMP are ping and traceroute

Internet Group Management Protocol (IGMP) – used with multicast addressing and delivery to manage which hosts are members of a multicast group.

Layer 4

Called the transport layer. The 2 most widely used transport protocols are TCP and UDP which are described below.

Transmission Control Protocol (TCP) – deals with problems such as packet loss, duplication and re-ordering that are not repaired by the IP layer.

User Datagram Protocol (UDP) – imposes no rate control or error control

Worth mentioning are the 2 relatively new transport protocols.

Datagram Congestion Control Protocol (DCCP) – provides type of service midway between TCP and UDP. Connection-oriented exchange of unreliable datagrams but with congestion control.

Stream Control Transmission Protocol (SCTP) – provides reliable delivery like TCP but does not require the sequencing of data to be strictly maintained.

Layer 7

Called the application layer. Concerned with the details of the application and not with the movement of data across the network.

Multiplexing, demultiplexing and encapsulation in TCP/IP

At each layer there is an identifier that allows a receiving system to determine which protocol or data streams belongs together.

Port numbers

16-bit non-negative no. (0-65535), it doesn’t refer to anything physical. Each IP address has 65,536 associated port no.

Standard port no. are assigned by the Internet Assigned Numbers Authority (IANA). It is divided into special ranges below.

  • Well-known port no. (0-1023)
  • Registered port no. (1024-45151)
  • Dynamic/private port no. (49152-65535)

Names, Addresses and DNS

It provides mapping between host names and IP addresses (vice-versa)

TCP/IP – Design and Implementation

Architecture principle suggest a certain approach to implementation. Whereas, implementation architecture defines how the concepts in a protocol architecture may be rendered into existence.

Layering

It allows developers to evolve different portions of the system separately.

The most popular one is the Open Systems Interconnect (OSI) model which consists of 7 layers described below.

  1. Physical layer – defines methods for moving digital information across a communication medium such as a phone line or fiber-optic cable.
  2. Data-link layer – defines those protocols and methods for establishing connectivity to a neighbor sharing the same medium
  3. Network layer – implements addressing scheme for hosts and routing algorithms that choose where packets go when sent from one machine to another.
  4. Transport layer – specifies methods for connections. May also implement reliable delivery.
  5. Session layer – handles communication sessions. These may include closing connections, restart and checkpointing.
  6. Presentation layer – responsible for format conversion
  7. Application layer – most visible to the users.

Mutliplexing, Demultiplexing and Encapsulation in layered implementation

One major benefits of layered approach is its natural ability to perform protocol multiplexing. Wherein, it allows multiple different protocols to coexist on the same infrastructure. It also allows multiple instantiations of the same protocol object to be used simultaneously without being confused.

Each layer uses identifier (i.e. MAC address, IP address, Port no.) in determining which protocol belongs together. Encapsulating each packet by its own protocol identifier before passing to another layer.

A layer prepends the PDU with its own header, the header is used for multiplexing data when sending and de-multiplexing by the receiver.

TCP/IP – Architectural Principles

A protocol suite that implements the Internet architecture and draws its origins from the ARPANET Reference Model (ARM)

It serves as a basis to the creation of the Internet

It is connection-oriented and connectionless

The primary goal of the Internet architecture is that it should be able to interconnect multiple distinct networks and that multiple activities should be able to run simultaneously on the resulting inter connected network.

Initial concept was based largely on the telephone network where a call was established by a connection from one telephone and another. This was called circuit switching.

Packet switching was developed in the 1960’s. Packets are carried though the network somewhat independently. Packets coming from different sources or senders can be mixed together and pulled apart later, which is called multiplexing.

Packets are stored in buffer memory and processed in first-in first-out (FIFO) method.

It has 3 different multiplexing methods:

  1. Statistical multiplexing
  2. Time-division multiplexing (TDM)
  3. Static multiplexing

It is categorized as connection-oriented network. Examples are X.25 and Frame Relay

In the late 1960’s, datagram was developed. It is a special type of packet in which all the identifying information of the source and final destination resides inside the packet itself. Thus, connectionless network could be built.

End to End Argument and Fate Sharing

End-to-End argument – It states that important functions (i.e. error control, encryption) should usually not be implemented at low levels but on the end host.

Fate sharing – Placing all the necessary state to maintain an active communication association at the same location with the communicating endpoints.

Error Control and Flow Control

Circuit-switched or virtual circuit switched networks constitute some overhead when dealing with errors (i.e. connection establishment) as an alternative best-effort delivery was adopted by Frame Relay and the Internet protocol. It does not expend much effort to ensure data is delivered without error. It uses check sums to detect errors.