IP OVERVIEW: TCP/IP

DR. N. ARUL KUMAR

TCP/IP : Benefits
▪ TCP/IP enables cross-platform, or heterogeneous, networking.

▪ TCP/IP - CHARACTERISTICS
▪ Good failure recovery
▪ The ability to add networks without interrupting existing services
▪ High error-rate handling
▪ Platform independence
▪ Low data overhead
▪ (TCP) is a protocol that provides a reliable stream delivery and connection service to
applications.
▪ TCP is responsible for the following:
▪ Opening and closing a session
▪ Packet management
▪ Flow control
▪ Error detection and handling
TCP HEADER
TCP HEADER
▪ Source port is the numerical value indicating the source port.
▪ Destination port is the numerical value indicating the destination port.
▪ Sequence number is the number of the first data octet in any given segment.
▪ When the ACK bit is set, this field contains the next sequence number that the sender of the
segment is expecting to receive. This value is always sent.
▪ Data offset is the numerical value that indicates where the data begins, implying the end of
the header by offset.
▪ Reserved is not used, but it must be off (0).
▪ Control bits are: Eg. A(ACK), P(PSH)-Push function, etc
▪ Window indicates the number of octets the sender is willing to take.
▪ Checksum field is the 16-bit complement of the sum of all 16-bit words, restricted to the 1s
column, in the header and text.
▪ URG pointer field shows the value of the URG pointer in the form of a positive offset of the
sequence number
IP
▪ IP manages how packets are delivered to and from servers and clients.
IP HEADER
▪ Version number indicates the version of IP Eg. IPV4
▪ header length indicates the overall length of the header.
▪ Type of Service field indicates the importance of the packet in a numerical value. Higher
numbers result in prioritized handling.
▪ Total length shows the total length of the packet in bytes.
▪ Identification: If there is more than one packet, the identification field has an id that
identifies its place in line
▪ Flags: first flag, if set, is ignored. DF-Do not Fragment, MF – More Fragments
▪ Offset field contains the location of the missing piece(s) indicated by a numerical offset
based on the total length of the packet.
▪ Time To Live (TTL): Typically 15 to 30 seconds
▪ Protocol field holds a numerical value indicating the handling protocol in use for this packet.
▪ checksum value acts as a validation checksum for the header.
▪ Source address field indicates the address of the sending machine.
▪ Destination address field indicates the address of the destination machine.
Error Detection Techniques in OSI model (Data link or Transport Layer)
▪ Simple Parity Check
▪ Checksum
▪ Two Dimensional Parity Check
Even Parity Check
▪ Aim: To make total number of 1’s as Even

▪ Rules
▪ 1 is added to the block -> odd number of 1’s
▪ 0 is added to the block -> even number of 1’s

▪ Example : Sender: 100011

▪ Calculate Parity Bit
▪ 100011[1]

▪ Example : Receiver 100011[1]

▪ Calculate Parity Bit
▪ If Even Means : Accept
2D Parity Check
▪ Based on Rows and Columns
▪ 1 is added to the block -> odd number of 1’s
▪ 0 is added to the block -> even number of 1’s

▪ Sender: [10011001] [11100010] [00100100] [10000100]

▪ Calculation:
▪ [10011001] 0
▪ [11100010] 0
▪ [00100100] 0
▪ [10000100] 0
--------------------
▪ [11011011] 0

▪ Receiver: [100110010] [111000100] [001001000] [100001000] [110110110]

Research Areas on Security Issues in TCP/IP
▪ Application Protocol
▪ HTTP: Session Hijacking, Caching, Cookie Poisoning, Replay Attack, Cross Site Scripting
▪ DNS: DNS Cache Poisoning, DNS Spoofing, DNS ID Hijacking

▪ Transport Protocol
▪ TCP SYN Attack, TCP Land Attack, TCP & UDP Port Scanning, TCP Sequence Number
Prediction, IP Half Scan Attack, TCP Sequence number generation

▪ Internet Protocol
▪ IP: IP Spoofing Attack, HTTP Flooding, Password Brute Force Attacks, Click Jacking
▪ APR: Connection Reseating, Packet Sniffing, DoS
▪ IGMP: DDoS Attack, Multicast Routing
▪ ICMP: ICMP Tunneling, Smurf Attack, Fragile Attack
UNICAST, BROADCAST,
MULTICAST
DR. N. ARUL KUMAR
 DEFINITION

▪ Unicast: communication between a single host and a single host;

▪ Broadcast: the communication between a single host and all hosts in the network;

▪ Multicast: The communication between a single host and a selected set of hosts;

UNICAST BRODCAST MULTICAST

 UNICAST
Advantages
• Server and response to the client’s request

• Server can send a different response to each client’s different requests

Disadvantages
• Server for each client to send data flow, server traffic = client number × client traffic

• Large number of customers, each client flow of large streaming media applications
server overwhelmed;

• Majority of the network data is transmitted in the form of unicast.

• For example: Email Communication

• (send and receive e-mail, visit the page, you must contact the mail server, Server to
establish a connection, this time is the use of unicast communication; )
 BROADCAST

• 1. Directed broadcast:
• Sends packets to all hosts on a specific network outside the network

• 2. Local broadcast:
• Datagram packet is sent to all hosts on the local network.

• IPv4 is “255.255.255.255” and the router will not forward this broadcast.

Advantages
• Information can be delivered to all hosts on a network at once.

• Server does not have to send data to each client separately

Disadvantages
• Bandwidth of the network very much

• Lack of targeted
 MULTICAST

• IP network multicast generally through the multicast IP

• Multicast IP address is the IP address of class D (224.0.0.0 and 239.255.255.255)

Advantages
• Provides the efficiency of sending the data packet
• Less traffic

Disadvantages
• No error correction mechanism
MULTICAST ADDRESS
routing protocols used for multicast
▪ Internet Group Management Protocol (IGMP)
▪ Protocol Independent Multicast (PIM)
▪ Distance Vector Multicast Routing Protocol (DVMRP)
▪ Multicast Open Shortest Path First (MOSPF)
▪ Multicast BGP (MBGP)
▪ Multicast Source Discovery Protocol (MSDP)
▪ Multicast Listener Discovery (MLD)
▪ GARP Multicast Registration Protocol (GMRP)
▪ Shortest Path Bridging (SPB)
RESEARCH AREAS IN MULTICASTING
▪ Multicasting in Mobile Ad-Hoc Wireless Networks: issues and challenges
▪ Multicasting using Device to Device Communication and network coding for 5G network
▪ Multicasting in Software Defined Networks
▪ Multicasting in Cognitive Radio Networks
▪ Secure wireless Multicasting with Linear Equalization
▪ QoS aware Service Selection and Multicast Framework for Wireless Mesh Networks
▪ Energy Efficient Multicasting in IEEE 802.11 WLANs for Scalable Video Streaming
▪ Client Assisted Multicasting for Audio and Video Streams
▪ Performance Analysis of Scalable Secure Multicasting in Social Networking
▪ Congestion Aware MAC protocol for Multicasting in Wireless Body Sensor Networks
▪ QoS aware Multicasting in heterogeneous Vehicular Networks
▪ Massive Video Multicasting in Cellular Networks using network coded Cooperative
Communication
FIREWALL
AND
PROXY

Dr. N. ARUL KUMAR

 FIREWALL

▪ Provides secure connectivity between networks (internal / external)

▪ Firewall may be a hardware, software, or a combination

▪ Prevent unauthorized programs or internet users

▪ Accept : Allow the traffic

Reject : Block the traffic but reply with an “unreachable error”
Drop : Block the traffic with no reply

▪ Firewall establishes a barrier between internal & outside networks (Internet)

▪ Firewalls filter communication based on IP address and port.

▪ Inspects each packet of data that arrives at either side of the firewall
▪ Determines whether it should be allowed to pass through or if it should be blocked
[CLIENT] ---packets---→[FIREWALL] ---packets---→[SERVER]

▪ NOTE: Access Control Lists (ACLs) residing on routers (alternate for Firewall)
 FIREWALL
▪ SOFTWARE FIREWAL
▪ Protect a single computer
▪ Less cost, easy to configure
▪ Mcafee Internet security

▪ HARDWARE FIREWALL
▪ Protect entire network
▪ More cost, hard to configure
▪ CISCO PIX
 First Generation- Packet Filtering Firewall

▪ Based on Source and Destination IP, Protocols & Ports.

▪ Maintains a filtering table which decides whether the packet will be forwarded or discarded.

▪ Analyses traffic at the transport protocol layer

▪ No ability to tell whether a packet is part of an existing stream of traffic.

▪ Allow or deny the packets based on unique packet headers.

 Second Generation- Stateful Inspection Firewall
▪ Determine the connection state of packet

▪ Keeps track of the state of networks connection travelling

▪ Filtering decisions would not only be based on defined rules, but also on packet’s history in
the state table
 Third Generation- Application Layer Firewall

▪ Application layer firewall can inspect and filter the packets on any OSI layer, up to application
layer.

▪ It has ability to block specific content, also recognize when certain application and protocols

▪ Application layer firewalls are hosts that run proxy servers.

▪ A proxy firewall prevents direct connection between either side of firewall, each packet has to
pass through the proxy.

▪ It can allow or block the traffic based on predefined rules.

▪ Application layer firewalls can also be used as Network Address Translator(NAT).

 PACKET FILTERING : FIREWALL TYPE
▪ It looks at each packet entering or leaving the network.
▪ It accepts or rejects it based on user defined rules
▪ Effective and transparent to users, but it is difficult to configure
▪ Vulnerable to IP Spoofing
 APPLICATION GATEWAY/PROXY
▪ User uses TCP/IP applications, such as FTP, TELNET services
▪ Very effective, but can impose a performance degradation
 CIRCUIT LEVEL GATEWAY : FIREWALL
▪ It is a stand alone application
▪ Does not permit end to end TCP connection
▪ Sets up 2 TCP connections
▪ Between itself and a TCP user on an inner host and Outer Host
 PROXY - WORK
▪ Central machine on the network that allows other machines in that network
▪ Proxy servers are intermediate servers
▪ Also called 'server' or 'gateway’.
▪ Allows users on a network to browse, FTP, and E-mail and other Internet services.

▪ ROLE
▪ Receives a request from a client inside the firewall
▪ Sends this request to the remote server
▪ Reads the response
▪ Sends it back to the client
 FORWARD PROXY
▪ In this the client requests its internal network server to forward to the internet.
 OPEN PROXIES
▪ Open Proxies helps the clients to conceal their IP address while browsing the web.
 REVERSE PROXIES
▪ In this the requests are forwarded to one or more proxy servers and the response from the
proxy server is retrieved as if it came directly from the original Server.
 PROXY SERVER - ARCHITECTURE

▪ Proxy server listener

▪ It is the port for listening
▪ Performs blocking of clients from the list given by the user.
▪ Connection Manager
▪ Contains the main functionality of the proxy server.
▪ Cache Manager
▪ Responsible for storing, deleting, clearing and searching of web
pages in the cache.
▪ Log Manager
▪ Responsible for viewing, clearing and updating the logs.
▪ Configuration
▪ Helps to create configuration settings which in turn let other
modules to perform desired configurations such as caching.
 RESEARCH AREAS IN FIREWALL
▪ Network Firewall issues in Remote Laboratory Development
▪ Detecting Malware infected hosts by analyzing Firewall and Proxy Logs
▪ Enhancing Windows Firewall Security using Fuzzy Reasoning
▪ Investigating Network Security through Firewall Utilities
▪ Study Analysis of Integrating a Firewall in a Wide Area Network
▪ Increasing Performance of Firewall by Providing Customized Policies
▪ Simulation of Firewall and VoIP Performance Monitoring
▪ Adaptive Packet Filtering Techniques for Linux Firewall
▪ Testing the Functionality of Firewall in SDN
▪ Detachable Proxy for Personal Information Leakage Detection
▪ Detecting Suspicious Activity Using HTTP Proxy Honeypots
▪ Proxy Based Solution for Securing Remote Desktop Connections
▪ Single Sign-on Mechanism by Enhancing the Functionality of Reverse Proxy
▪ Reverse Proxy Based XSS Filtering
▪ Using IDS with a Firewall