Security Vulnerabilities in tcp ip protocol

Among the networks, we are most worried about security vulnerabilities. Most Internet users are still using IPv4 networks. In this version, the network protocol is based on the tcp ip protocol. What are the vulnerabilities in this protocol family?

Currently, the tcp ip protocol is used on the Internet. The TCP/IP protocol is called the transmission control/Internet Protocol. It is the basis of the Internet. TCP/IP is the basic communication protocol used in the network. The full name of IP (Internet Protocol) is "Internet connection Protocol", which is a Protocol designed for computer networks to communicate with each other. TCP (Transfer Control Protocol) is a transmission Control Protocol. The tcp ip protocol is a set of rules that allow all computer networks connected to the Internet to communicate with each other, the Internet can rapidly develop into the world's largest and open computer communication network.

From the surface name, TCP/IP includes two Protocols: Transmission Control Protocol (TCP) and internetprotocol (IP). In fact, TCP/IP is actually a set of protocols, it includes hundreds of protocols for various features. For example, remote logon, file transmission, and email. TCP and IP protocols are two basic important protocols to ensure complete data transmission. The reason why the IP protocol can interconnect various networks is that it converts different "frames" into "IP datagram" formats. This conversion is one of the most important features of the Internet. Therefore, the IP protocol enables various computer networks to communicate over the Internet, which is "open.

The basic transmission unit of the tcp ip protocol is data packets ). The TCP protocol is responsible for dividing data into several data packets and adding a packet header with corresponding numbers to ensure that the data can be restored to the original format at the data receiving end, the IP protocol also adds the host address of the receiver to each packet header, so that the data flows through the MAC address in the router. If data loss or data distortion occurs during transmission, TCP automatically requires data to be re-transmitted and regrouped. In short, the IP protocol ensures data transmission, while the TCP protocol ensures the quality of data transmission. The transmission of tcp ip protocol data is based on the layer-4 Structure of the tcp ip protocol: application layer, transmission layer, network layer, interface layer.

Security Vulnerabilities in tcp ip protocol layers

Link Layer Security Vulnerabilities

We know that in Ethernet, the channel is shared. Every Ethernet frame sent by any host will reach the Ethernet interface of all hosts in the same network segment as the host. Generally, the CSMA/CD protocol allows the Ethernet interface to ignore the data frame when it detects that it does not belong to itself, and does not send it to the upper-layer protocols such as ARP, RARP, or IP layer ). If we make some settings or modifications to it, we can enable an Ethernet interface to receive data frames that do not belong to it. For example, some implementations can use the hybrid and error contacts to receive the machine nodes of all data frames. The countermeasures to solve this vulnerability are: network segmentation, the use of switches, dynamic hubs and bridges, and other devices to restrict data streams, encryption using a one-time password technology) and disable the error contacts.

Network Layer Security Vulnerabilities

Almost all TCP/IP-based machines respond to ICMP echo requests. Therefore, if a hostile host simultaneously runs many ping commands to send ICMP echo requests that exceed the processing capacity of a server, the server can be overwhelmed to reject other services. In addition, the ping command can establish a secret channel in the allowed network to enable a backdoor in the attacked system for convenient attacks, such as collecting information on the target and conducting confidential communication. The solution to this vulnerability is to reject all ICMP echo responses on the network.

IP Security Vulnerabilities

Once an IP packet in the tcp ip protocol is sent from the network, the source IP address is almost unnecessary. It is used only after the intermediate router discards it for some reason or reaches the target end. This allows a host to use the IP address of another host to send IP packets, as long as it can put such IP packets on the network. Therefore, if attackers disguise their hosts as friendly hosts trusted by the target host, they will change the source IP address in the sent IP packet to the IP address of the trusted friendly host, using the term invented by the developer of Unix Network Software Based on the trust relationship between hosts) and the vulnerability in the actual authentication of this trust relationship is only confirmed by IP addresses), you can attack a trusted host. Note: The trust relationship indicates that an authorized host can easily access a trusted host. All the r * commands use the trusted host solution. Therefore, an attacker changes its IP address to the IP address of the trusted host, you can connect to a trusted host and use the r * command to open a backdoor to attack the host. One way to solve this problem is to allow the router to reject incoming IP packets with the same IP address as the IP address of a local host from outside the network.