updates

content/CSE4303/CSE4303_L3.md

@@ -0,0 +1,131 @@
+# CSE4303 Introduction to Computer Security (Lecture 3)
+
+## Network attacks
+
+### Internet Infrastructures
+
+Local and interdomain routing
+
+- TCP/IP for routing and messaging
+- BGP for routing announcements
+
+Domain Name System
+
+- Find IP address from symbolic name (cse.wustl.edu)
+
+Media Access Control (MAC) addresses in the network access layer
+
+- Associated w/ network interface card (NIC)
+- 00-50-56-C0-00-01
+
+IP addresses for the network layer
+
+- IPv4(32 bit) vs IPv6(128 bit)
+- 128.1.1.3 vs fe80::fc38:6673:f04d:b37b%4
+
+IP addresses + ports for the transport layer
+
+- E.g., 10.0.0.2:8080
+
+Domain names for the application/human layer
+
+- E.g., www.wustl.edu
+
+![TCP Protocol Stack](https://notenextra.trance-0.com/CSE4303/TCP-protocol-stack.png)
+
+![Data Formats](https://notenextra.trance-0.com/CSE4303/Network-data-formats.png)
+
+### Wireshark
+
+Wireshark is a packet sniffer and protocol analyzer
+
+- Captures and analyzes frames
+- Supports plugins
+
+Usually required to run with administrator privileges
+
+Setting the network interface in promiscuous mode captures traffic across the entire LAN segment and not just frames addressed to the machine
+
+### Examining the link layer
+
+When a packet arrives at the destination subnet, MAC address is used to deliver the packet
+
+#### ARP: Address Resolution Protocol
+
+- Each IP node (Host, Router) on LAN has ARP table
+- ARP Table: IP/MAC address mappings for some LAN nodes
+    `< IP address; MAC address; TTL>`
+  - TTL (Time To Live): time after which address mapping will be forgotten (typically 20 min)
+
+#### Lack of Source Authentication - ARP Spoofing (ARP Poisoning)
+
+Send fake or 'spoofed', ARP messages to an Ethernet LAN.
+
+- To have other machines associate IP addresses with the attacker’s MAC
+
+Legitimate use
+
+- Implementing redundancy and fault tolerance
+
+#### ARP Poisoning (Spoofing) Defense
+
+Prevention
+
+- Static ARP table
+- DHCP Certification (use access control to ensure that hosts only use the IP addresses assigned to them, and that only authorized DHCP servers are accessible).
+
+Detection
+
+- Arpwatch (sending email when updates occur)
+
+### Examining the network layer
+
+Internet Protocol (IP)
+
+Connectionless
+
+- Unreliable
+- Best effort
+
+Notes:
+
+- src and dest ports not parts of IP hdr
+
+#### IP Protocol Functions (Summary)
+
+Routing
+
+- IP host knows location of router (gateway)
+- IP gateway must know route to other networks
+
+Fragmentation and reassembly
+
+- If max-packet-size less than the user-data-size
+
+Error reporting
+
+- ICMP packet to source if packet is dropped
+
+TTL field: decremented after every hop
+
+- Packet dropped if TTL=0. Prevents infinite loops
+
+#### Problem: no src IP authentication
+
+Client is trusted to embed correct source IP
+
+- Easy to override using raw sockets
+
+- Libnet: a library for formatting raw packets with arbitrary IP headers
+
+- Scapy: a python library for packet crafting
+
+Anyone who owns their machine can send packets with arbitrary source IP
+
+- ... response will be sent back to forged source IP
+
+Implications:
+
+- Anonymous DoS attacks;
+- Anonymous infection attacks (e.g. slammer worm)
+

content/CSE4303/_meta.js

@@ -5,4 +5,5 @@ export default {
     },
     CSE4303_L1: "Introduction to Computer Security (Lecture 1)",
     CSE4303_L2: "Introduction to Computer Security (Lecture 2)",
+    CSE4303_L3: "Introduction to Computer Security (Lecture 3)",
 }