2.3 Security threats at the network level

2.3.1 Network Layer Introduction

The next layer of the TCP/IP stack is the network layer, or the IP layer. The network layer is primarily used for addressing and routing, and it does not provide any method of error correction and flow control. The network layer uses higher services to transmit data packets, and all upper-level communications, such as TCP, UDP, ICMP, and IGMP, are encapsulated in an IP datagram. ICMP and IGMP exist only at the network layer and are therefore treated as a separate network layer protocol. The protocols applied by the network layer play a role in the communication between host and host, and most security threats do not come from this layer of the TCP/IP stack.

The IP address is a 32-bit geology that can describe the uniqueness of a host in a TCP/IP network. We need to know what an IP address is and what is contained in the IP header. The size of an IP header is 20 bytes, and the IP header contains information and control fields, as well as a 32-bit source IP address and a 32-bit destination IP address. This field includes information such as the version number, length, service type, and other configuration of the IP. Each IP data message is a separate information, from one host to another host, the host to the IP data bao process A can be used in the form. This open architecture makes it easy for the IP layer to become the target of hackers.

Security threats to the 2.3.2 network layer

IP spoofing

Hackers often use a technology called IP spoofing to replace the source IP address with an incorrect IP address. The receiving host cannot determine that the source IP address is incorrect, and the upper layer protocol must perform some checks to prevent such spoofing. The calendar that is often found in this layer a strategy is to use the source route IP packet, which is only used in a special path of transmission, which is called source routing, which is used to break security measures, such as firewalls.

An attack using IP spoofing is known to be a Smurf attack. A Smurf attack sends a series of ping requests to a large number of remote hosts and then replies to the destination address.

ICMP attack

Internet Control Information Protocol (ICMP) has checked for errors and other conditions in IP. Tribal flood Network is an ICMP-based attack that uses ICMP to consume bandwidth to effectively destroy a site. In addition, Microsoft earlier version of the TCP/IP stack is flawed, the hacker sent a special ICMP packet, can make it crash. (WinNuke)

Security of 2.3.3 Network layer

The main advantage of Network layer security is its transparency. In other words, the provision of security services does not require any changes to applications, other communication levels, and network components.

Its main disadvantage is that the network layer generally does not make a distinction between the packages that belong to different processes and the corresponding regulations. For all packets going to the same address, it will be processed according to the same encryption key and access control policy. This may lead to a failure to provide the required functionality and may also cause performance degradation.