Professional Documents
Culture Documents
Module 13 Packet Filtering and Proxy Server
Module 13 Packet Filtering and Proxy Server
Network Security
Administrator
Module XIII:
Packet Filtering and
Proxy Server
Module Objective
Copyright © by EC-Council
EC-Council All Rights reserved. Reproduction is strictly prohibited
Module Flow
Copyright © by EC-Council
EC-Council All Rights reserved. Reproduction is strictly prohibited
Application Layer Gateway
Copyright © by EC-Council
EC-Council All Rights reserved. Reproduction is strictly prohibited
Network Address Translation
Copyright © by EC-Council
EC-Council All Rights reserved. Reproduction is strictly prohibited
Network Address Translation (cont’d)
11.0.0.6
11.0.01
11.0.0.5
Router 11.0.0.2
11.0.0.4
Server gets request
Firewall 24.44.8.0 Request comes
from 24.44.8.0
from 11.0.0.3
Private Network
Internet
Packet filters checks the data header, conceals the header with new
header, and then sends it to the intended location in the network.
Copyright © by EC-Council
EC-Council All Rights reserved. Reproduction is strictly prohibited
Approaches to Packet Filtering
The TCP/IP rearranges the file into the original format before
sending.
The packets also have the timestamp so that the packets can be
recognized fully.
If the packet not reorganized into the proper sequence, the entire
message is discarded or is of no use.
Copyright © by EC-Council
EC-Council All Rights reserved. Reproduction is strictly prohibited
Packet Prioritization
The working of fragmentation: The datagram is split into smaller packets for
transmission and are organized or reassembled at the receiving host.
The exception in this rule is when the Internet datagram are marked as ‘don’t
fragment’.
Any Internet datagram that has the ‘do not fragment’ bit set, if not delivered, is
discarded and even in any condition it is not fragmented.
Copyright © by EC-Council
EC-Council All Rights reserved. Reproduction is strictly prohibited
Packet Fragmentation (cont’d)
Copyright © by EC-Council
EC-Council All Rights reserved. Reproduction is strictly prohibited
Signature Analysis
The signature can also contain a key phrase or the trigger of the
command which is associated with an attack.
It consults the state table and the rule base when a packet is
encountered.
Copyright © by EC-Council
EC-Council All Rights reserved. Reproduction is strictly prohibited
Stateful Packet Filtering (cont’d)
Internet
Router
6. Packets allowed
to pass
Copyright © by EC-Council
EC-Council
Figure: Stateful Packet Filtering All Rights reserved. Reproduction is strictly prohibited
Stateless Packet Filtering
Copyright © by EC-Council
EC-Council All Rights reserved. Reproduction is strictly prohibited
Dynamic Packet Filtering
Copyright © by EC-Council
EC-Council All Rights reserved. Reproduction is strictly prohibited
Advantages of Filtering
Advantages of filtering:
Copyright © by EC-Council
EC-Council All Rights reserved. Reproduction is strictly prohibited
Disadvantages of Filtering
Copyright © by EC-Council
EC-Council All Rights reserved. Reproduction is strictly prohibited
Transmission Control Protocol (TCP)
There are six different types of flags used in the TCP header:
• URG
• ACK
• PSH
• RST
• SYN
• FIN
Copyright © by EC-Council
EC-Council All Rights reserved. Reproduction is strictly prohibited
Transmission Control Protocol (cont’d)
The URG is urgent pointer; it is used to identify the incoming packet as urgent.
The urgent pointer is mostly used during the stream of data transfer.
If data processing halts due to transmission error, then the abort signal is sent
with the URG pointer set, then it is processed first.
If the URG pointer flag is set to ‘1’, the remote machine will not wait for the other
segments, the abort is processed first.
Copyright © by EC-Council
EC-Council All Rights reserved. Reproduction is strictly prohibited
TCP: ACK Flag
If the flow of the packet is traversed, there are many cases where
the acknowledgement follows with the send or receive signal.
If a packet is received the workstation set the bit of the ACK flag to
‘1’ and sends it to the sender.
There are some cases where the sender wants only one
acknowledgement of the packets send.
Copyright © by EC-Council
EC-Council All Rights reserved. Reproduction is strictly prohibited
TCP: PSH Flag
The PUSH flag is sent at the last segment of the file so that
to prevent the deadlocks.
Copyright © by EC-Council
EC-Council All Rights reserved. Reproduction is strictly prohibited
TCP: RST Flag
RST is the reset flag, used when a packet arrives at the host for
establishing a connection and there is no service ready for the
answer.
The host rejects or discards that packet and sends the reply
with the RST flag set, which indicates that the remote host
had reset the connection.
With this reset flag, the feature are used by the hackers to scan
the open ports.
Copyright © by EC-Council
EC-Council All Rights reserved. Reproduction is strictly prohibited
TCP: SYN Flag
SYN is the synchronization flag used to synchronize the two hosts before
the data transfer.
Before the connection, the synchronous flag is sent to the remote host
and then the host sends it back with the ACK flag and then the
connection is established.
Copyright © by EC-Council
EC-Council All Rights reserved. Reproduction is strictly prohibited
User Datagram Protocol (UDP)
Copyright © by EC-Council
EC-Council All Rights reserved. Reproduction is strictly prohibited
Proxy Server
The proxy server works as a shield, and protects and hides the
computer from the outside network.
The proxy sends and receives the encapsulated packets from the
specific applications.
The proxy server can also be used for the filtering of the request.
Copyright © by EC-Council
EC-Council All Rights reserved. Reproduction is strictly prohibited
Proxy Server (cont’d)
The request enters the proxy server. It examines the header and packet content based
on the rule base
Proxy server transmits the packet to target address that conceals the actual end user
who made the request
If the data packet is returned, it is again sent to the proxy server to check with the rule
base
The returned packet is reconstructed by the proxy server and is sent to the source
computer
Copyright © by EC-Council
EC-Council All Rights reserved. Reproduction is strictly prohibited
Transparent Proxies
The transparent proxy is the proxy through which the client system
connects to without its knowledge.
With the transparent proxy, all the web clients have to be configuring
manually.
Most of the networks have the routers which connect the internal
LAN to the Internet.
Copyright © by EC-Council
EC-Council All Rights reserved. Reproduction is strictly prohibited
Non-transparent Proxy
The entire requested URL is sent to the proxy that has the host
name.
Copyright © by EC-Council
EC-Council All Rights reserved. Reproduction is strictly prohibited
Socks Proxy
The socks proxy server doesn’t allow the external network components to
collect the information of the client which had generated the request.
Copyright © by EC-Council
EC-Council All Rights reserved. Reproduction is strictly prohibited
Authentication Process
Types of authentication:
Copyright © by EC-Council
EC-Council All Rights reserved. Reproduction is strictly prohibited
Application Proxy Firewall
Copyright © by EC-Council
EC-Council All Rights reserved. Reproduction is strictly prohibited
Application Proxy Firewall (cont’d)
Internet
190.32.24.1
180.34.23.1
Router
LAN Gateway
Copyright © by EC-Council
EC-Council Figure: Application Proxy on a Dual-Homed Host All Rights reserved. Reproduction is strictly prohibited
Security and Access Control
• Double-click Network.
Step 2:
• On the Protocols tab, click TCP/IP Protocol, and then click Properties.
Step 3:
• On the Routing tab, click to clear the Enable IP Forwarding check box, and then click OK.
Step 4:
Copyright © by EC-Council
EC-Council All Rights reserved. Reproduction is strictly prohibited
Reverse Proxies
The cache is checked by the reverse proxy to process the request and
sends the content to the unknown client.
Copyright © by EC-Council
EC-Council All Rights reserved. Reproduction is strictly prohibited
How Proxy Server Differ From Packet
Filtering
Proxy server scans complete data part of the IP packets and creates
elaborate log file listings
Copyright © by EC-Council
EC-Council All Rights reserved. Reproduction is strictly prohibited
Summary
The fragmented packets have the same header portion, but the
fragmented packet bit is modified.