• Choose a category
• All
• Classic-Fiction

TCP, which is a connection-oriented protocol, establishes a session using a three-way handshake. A host called a client originates this connection. The client sends a TCP segment, or message, to the server. This client segment includes an Initial Sequence Number (ISN) for the connection and a window size. The server responds with a TCP segment that contains its ISN and a value indicating its buffer, or window size. The client then sends back an acknowledgment of the server’s sequence number.

Figure 2.9 shows this three-way handshake occurring between a client and a server. When the session or connection is over, a similar process occurs to close the connection.

A web request uses the TCP connection process to establish the connection between the client and the server. After this occurs, the two systems communicate with each other; the server uses TCP port 80. The same thing occurs when an e-mail connection is made, with the difference being that the client (assuming it’s using POP3) uses port 110.

FIGURE 2.9 The TCP connection process

In this way, a server can handle many requests simultaneously. Each session has a different sequence number even though all sessions use the same port. All the communications in any given session use this sequence number to keep the sessions from becoming confused.

Application Programming Interface

Interfacing to TCP/IP is much simpler than interfacing to earlier network models. A well-defined and well-established set of Application Programming Interfaces (APIs) is available from most software companies. APIs allow programmers to create interfaces to the protocol. When a programmer needs to create a web-enabled application, they can call or use one of these APIs to make the connection, send or receive data, and end the connection. The APIs are prewritten, and they make the job considerably easier than manually coding all of the connection information.

Microsoft uses an API called a Windows socket (WinSock) to interface to the protocol. It can access either TCP or UDP protocols to accomplish the needed task. Figure 2.10 illustrates how the Windows socket connects to the TCP/IP protocol suite.

FIGURE 2.10 The Windows socket interface

Recognizing TCP/IP Attacks

Attacks on TCP/IP usually occur at the host-to-host or Internet layer, although any layer is potentially vulnerable. TCP/IP is susceptible to attacks from both outside and inside an organization.

The opportunities for external attacks are somewhat limited by the devices in the network, including the router. The router blocks many of the protocols from exposure to the Internet. Some protocols, such as ARP, aren’t routable and aren’t generally vulnerable to outside attacks. Other protocols, such as SMTP and ICMP, pass through the router and form a normal part of Internet and TCP/IP traffic. TCP, UDP, and IP are all vulnerable to attack.

Your network is easily exposed to inside attacks. Any network-enabled host has access to the full array of protocols used in the network. A computer with a network card has the ability to act as a network sniffer with the proper configuration and software.

The following sections introduce you to the specific attacks that a TCP/IP-based network is susceptible to when off-the-shelf software or shareware is used.

Sniffing the Network

A network sniffer, or scanner, is a device that captures and displays network traffic. Your existing computers have the ability to operate as sniffers. Network cards usually only pass information up to the protocol stack if the information is intended for the computer on which they’re installed; any network traffic not intended for that computer is ignored. Most NICs can be placed into what is called promiscuous mode, which allows the NIC to capture all information that it sees on the network. Devices such as routers, bridges, and switches are used to separate or segment networks within a larger network (known as virtual LANs, or VLANs). Any traffic in a particular segment is visible to all stations in that segment.

Adding a