TCP/IP Overview and Vulnerabilities, continued
Examining each of the four layers.....
- the Internet layer protocols primarily consist of the
Internet protocol (IP),
and the Internet Control Message Protocol (ICMP) provide the
actual routed delivery of messages between source and destination,
and provide only a basic network management function by reporting
any observed errors.
IPv4, particularly, is vulnerable to attack and may be exploited to
not deliver messages,
deliver messages to the wrong destination,
or 'confuse' a destination to the extent that it may stop providing any
service.
As examples,
IP datagrams may be transmitted from one (attacking) host
while claiming to be from another,
and forged ICMP messages may make a destination network or host
appear unreachable.
- physical layer protocols are not strictly part of the TCP/IP
suite, but define how packets or frames are received via hardware,
and provided to the IP (software) layer above.
By its nature,
interface hardware must see all packets destined for,
or passing by,
the interface,
and most hardware may be configured by software (the operating system) to
report all activity seen.
Trivially,
on a shared network,
an operating system (and probably some of its programs) may capture all
packets that are visible on a network.
In combination, we have multiple points of vulnerability
in the network protocols themselves.
This is before we consider that the network makes hosts more
vulnerable to remote attack.
In addition, each operating system's implementation of the TCP/IP stack
has its own idiosyncrasies.
Specifically, each operating system responds
differently to a variety of malformed packets.
Software performing protocol fingerprinting determines
an operating system from the way it 'appears' externally.
CITS3002 Computer Networks, Lecture 11, Security of TCP/IP, p2, 15th May 2024.
|
CITS3002