CITS3002 Computer Networks  
next CITS3002 help3002 CITS3002 schedule  

TCP/IP Overview and Vulnerabilities

We shall examine, in some detail, aspects of the widely deployed TCP/IP internetworking suite that make it vulnerable to attack.

While the TCP/IP suite works extremely well in practice, it is the 'trusting' nature observed in the suite's history and evolution that has recently exposed it to attackers.

We need to examine each of the four layers of the TCP/IP suite to locate its potential vulnerabilities:

  • application layer protocols, such as telnet, FTP, HTTP, and SMTP, run on (possibly remote) machines to which attackers may not otherwise have physical access. On a case-by-case basis, each of the application services may need to authenticate its remote client, and may use local operating system authentication to perform this, or (dangerously) employ its own mechanism.

    Individual applications offering the networked services are themselves also vulnerable - they may have been poorly written (coded), exposing them to attacks which makes them perform in a manner outside of their expected domain.

  • transport layer protocols, primarily provided by the reliable, streaming transport control protocol (TCP), and the user datagram protocol (UDP) meet the data delivery requirements of most Internet applications.

    However, their very design introduces vulnerabilities, because applications and operating systems expect the protocols to perform in certain ways. Incorrect interpretation (coding) of protocol RFCs, or attacks against well known sequences of actions in protocols, makes them perform not as expected, or not at all.

CITS3002 Computer Networks, Lecture 11, Security of TCP/IP, p1, 20th May 2020.