Jump to content
Nytro

Security Assessment of the Internet Protocol

By Nytro, in Tutoriale in engleza

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

Security Assessment

of the Internet Protocol

Table of Contents
1. Preface ...................................................................................................................................... 3
1 .1 Introduction ...................................................................................................................... 3
1 .2 Scope of this document ................................................................................................... 4
1 .3 Organization of this document .......................................................................................... 4
1 .4 Typographical conventions ............................................................................................... 5
1 .5 Getting the latest version of this document........................................................................ 5
1 .6 Advice and guidance to vendors....................................................................................... 5
1 .5 Acknowledgements .......................................................................................................... 5
2. The Internet Protocol ............................................................................................................... 6
3. Internet Protocol header fields ............................................................................................... 7
3.1 Version.............................................................................................................................. 7
3.2 IHL (Internet Header Length)............................................................................................. 8
3.3 TOS.................................................................................................................................. 8
3.4 Total Length...................................................................................................................... 9
3.5 Identification (ID).............................................................................................................. 10
3.5.1 Some workarounds implemented by the industry......................................................... 10
3.5.2 Possible security improvements................................................................................... 11
3.6 Flags............................................................................................................................... 13
3.7 Fragment Offset.............................................................................................................. 14
3.8 Time to Live (TTL)............................................................................................................ 15
3.9 Protocol.......................................................................................................................... 19
3.10 Header Checksum........................................................................................................ 19
3.11 Source Address............................................................................................................ 19
3.12 Destination Address...................................................................................................... 20
3.13 Options......................................................................................................................... 20
3.13.1 General issues with IP options.................................................................................... 21
3.13.1.1 Processing requirements......................................................................................... 21
3.13.1.2 Processing of the options by the upper layer protocol............................................. 22
3.13.1.3 General sanity checks on IP options........................................................................ 22
3.13.2 Issues with specific options........................................................................................ 23
3.13.2.1 End of Option List (Type = 0)................................................................................... 23
3.13.2.2 No Operation (Type = 1).......................................................................................... 24
3.13.2.3 Loose Source Record Route (LSRR) (Type = 131)................................................... 24
Security Assessment of the Internet Protocol
3.13.2.4 Strict Source and Record Route (SSRR) (Type = 137).............................................. 26
3.13.2.5 Record Route (Type = 7).......................................................................................... 29
3.13.2.6 Stream Identifier (Type = 136).................................................................................. 31
3.13.2.7 Internet Timestamp (Type = 68)............................................................................... 31
3.13.2.8 Router Alert (Type = 148)......................................................................................... 34
3.13.2.9 Probe MTU (Type =11)............................................................................................ 34
3.13.2.10 Reply MTU (Type = 12).......................................................................................... 34
3.13.2.11 Traceroute (Type = 82)........................................................................................... 35
3.13.2.12 DoD Basic Security Option (Type = 130)................................................................ 35
3.13.2.13 DoD Extended Security Option (Type = 133).......................................................... 36
3.13.2.14 Commercial IP Security Option (CIPSO)................................................................. 36
3.13.2.15 Sender Directed Multi-Destination Delivery (Type = 149)........................................ 37
3.14 Differentiated Services field ........................................................................................... 37
3.15 Explicit Congestion Notification (ECN) .......................................................................... 38
4. Internet Protocol Mechanisms .............................................................................................. 40
4.1 Fragment reassembly ..................................................................................................... 40
4.1.1 Problems related with memory allocation ..................................................................... 41
4.1.2 Problems that arise from the length of the IP Identification field .................................... 42
4.1.3 Problems that arise from the complexity of the reassembly algorithm .......................... 43
4.1.4 Problems that arise from the ambiguity of the reassembly process .............................. 43
4.1.5 Problems that arise from the size of the IP fragments .................................................. 44
4.1.6 Possible security improvements .................................................................................. 45
4.2 Forwarding ..................................................................................................................... 49
4.2.1 Precedence-ordered queue service ............................................................................. 49
4.2.2 Weak Type of Service .................................................................................................. 50
4.2.3 Address Resolution ..................................................................................................... 51
4.2.4 Dropping packets ........................................................................................................ 51
4.3 Addressing ..................................................................................................................... 52
4.3.1 Unreachable addresses ............................................................................................... 52
4.3.2 Private address space ................................................................................................. 52
4.3.3 Class D addresses (224/4 address block) .................................................................... 52
4.3.4 Class E addresses (240/4 address block) .................................................................... 52
4.3.5 Broadcast and multicast addresses, and connection-oriented protocols ..................... 53
4.3.6 Broadcast and network addresses .............................................................................. 53
4.3.7 Special Internet addresses .......................................................................................... 53
5. References .............................................................................................................................. 56

Download:

http://www.si6networks.com/publications/InternetProtocol.pdf

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...