Understanding the  flow of message packets over the Internet  by dissecting the TCP stack.
Understanding the  security issues involved in the use of  IPv4 standard
Familiarizing with the basic  attacks possible due to the  IPv4 standard.
At its simplest level, TCP hijacking relies on the  violation  of trust relationships between two interacting hosts. Before  we go into the  details of session hijacking, let us take a look at the  TCP stack and the IPv4  protocol, to understand why this attack is  possible.
Consider the everyday scenario when  you access the Internet with your browser -  say IE. IE works at the  application layer and accepts the initial datagram to be  sent across  the Internet. The transport protocol comes into action in the next   layer - aptly called the transport layer - and the appropriate protocol  header  is added to the datagram. Here it is TCP header, as it is the  TCP protocol that  is being used. This ensures the reliability of data  transported over inherently  unreliable communication platforms, and  also controls many of the aspects in the  management and initiation of  communication between the two hosts. In the network  layer, routers  offer the functionality for the datagram to hop from source to  the  destination, one hop at a time. This also sees the IP header being added  to  the datagram. The final layer that communicated with the physical  hardware is  the data link layer. This layer is responsible for the  delivery of signals from  the source to the destination over a physical  communication platform, which in  this case is the Ethernet.
Now, the headers are peeled back  on reaching the destination to  reveal the original datagram. Having  understood the TCP stack, let us look at  IPv4. The original IPv4  standard needed to address three basic security issues -   authentication, integrity and privacy. Authentication was an issue  because an  attacker could easily spoof an IP address and exploit a  session. Spoofing was  not restricted to IP address alone, but also  extended to MAC addresses in ARP  spoofing. An attacker sniffing on a  network could sniff packets and carry out  simple attacks such as  change, delete, reroute, add, forge or divert data.  Perhaps the most  popular among these attacks is the Man-In-the-Middle attack. An   attacker can grab unencrypted traffic from a victim's network-based TCP   application, further tampering with the authenticity and integrity of  the data  before forwarding it on to the unsuspecting target.
 
0 comments:
Post a Comment