This section briefly introduces the internal structure of TCP/IP and lays the foundation for discussing Internet-related security issues. TCP/IP protocol groups are popular in part because they can be used on a variety of channels and underlying protocols (such as T1 and X.25, Ethernet, and RS-232 serial interfaces. Specifically, TCP/IP is a set of protocols, including TCP and IP, UDP (User datainprotocol), and ICMP (Internet Control Message Protocol) protocol and other protocol groups.
Overview of TCP/IP architecture
The TCP/IP protocol does not fully comply with the OSI Layer-7 Reference Model. The traditional Open System Interconnection Reference Model is a layer-7 abstract reference model of communication protocols, where each layer executes a specific task. This model aims to make various hardware communicate with each other at the same level. These seven layers are: physical layer, data link layer, network layer, transmission layer, voice layer, presentation layer and application layer. The TCP/IP communication protocol uses a layer-4 hierarchy. Each layer calls the network provided by its next layer to meet its own needs. The four layers are:
Application Layer: ApplicationProgramInter-communication layer, such as simple Email transmission (SMTP), file transfer protocol (FTP), and network remote access protocol (Telnet.
Transport Layer: In this layer, it provides data transmission services between nodes, such as transmission control protocol (TCP) and User Datagram Protocol (UDP, TCP and UDP add transmitted data to the data packet and transmit it to the next layer. This layer is responsible for transmitting data and confirming that the data has been delivered and received.
Interconnect Network Layer: provides basic data packet transmission functions so that each data packet can reach the target host (but does not check whether it is correctly received), such as Internet Protocol (IP ).
Network Interface Layer: manages the actual network media and defines how to transmit data using the actual network (such as Ethernet and serial line.
Protocols in TCP/IP
The following is a brief introduction of what functions are available in TCP/IP protocols and how they work:
1. IP
Internet Protocol IP is the heart of TCP/IP and the most important protocol in the network layer.
The IP layer receives a packet from a lower layer (network interface layer, such as an Ethernet device driver) and sends the packet to a higher layer-TCP or UDP layer, the IP layer also sends packets received from the TCP or UDP layer to the lower layer. IP packets are unreliable because the IP does not do anything to confirm that the packets are sent in order or are not damaged. An IP packet contains the address (source address) of the host that sent the packet and the address (Destination Address) of the host that received the packet ).
When receiving data packets, high-level TCP and UDP services generally assume that the source address in the packet is valid. It can also be said that IP addresses form the authentication basis for many services. These services believe that data packets are sent from a valid host. IP validation contains an option called IP source routing, which can be used to specify a direct path between the source address and the destination address. For some TCP and UDP services, the IP packet with this option is transmitted from the last System in the path, rather than from its actual location. This option exists for testing, indicating that it can be used to fool the system for a normally prohibited connection. Therefore, many services that rely on the IP Source Address for confirmation will have problems and will be illegally infiltrated.
2. TCP
If an IP packet contains a TCP packet that has been blocked, the IP will send them to the upper layer. TCP sorts packets and checks errors to connect virtual circuits. TCP packets include serial numbers and validation, so packets not received in order can be sorted, and damaged packets can be re-transmitted.
TCP sends its information to higher-level applications, such as telnet service programs and customer programs. Applications send information back to the TCP layer in turn, and the TCP layer forwards them down to the IP layer, device drivers and physical media, and finally to the receiver.
Connection-oriented services (such as telnet, FTP, rlogin, X Windows, and SMTP) require high reliability, so they use TCP. In some cases, DNS uses TCP (sending and receiving domain name databases), But UDP is used to transmit information about a single host.
3. UDP
UDP and TCP are on the same layer, but the packet sequence is incorrect or resend. Therefore, UDP is not applied to connection-oriented services that use virtual circuits. UDP is mainly used for query-oriented services, such as NFS. Compared with FTP or telnet, these services require less information to be exchanged. Services that use UDP include NTP (Network-Based Time Protocol) and DNS (DNS also uses TCP ).
Spoofing UDP packets is easier than spoofing TCP packets because UDP does not establish an initial connection (also known as a handshake) (because there is no virtual circuit between the two systems). That is to say, UDP-related services face greater risks.
4. ICMP
ICMP and IP are on the same layer. It is used to transmit control information of IP addresses. It is mainly used to provide information about the path to the destination address. ICMP's 'redirection' information notifies the host of a more accurate path to other systems, while the 'unreachable' information indicates that the path is faulty. In addition, if the path is unavailable, ICMP can terminate the TCP connection in a decent manner. Ping is the most common ICMP-based service.
5. TCP and UDP port structure
TCP and UDP services usually have a relationship between customers and servers. For example, a Telnet service process starts to be idle on the system and waits for a connection. The user uses the Telnet client program to establish a connection with the service process. The customer program writes information to the service process. The service process reads the information and sends a response. The customer program reads the response and reports it to the user. Therefore, this connection is duplex and can be used for reading and writing.
How are the multiple Telnet connections between the two systems confirmed and coordinated? The TCP or UDP connection uniquely uses the following four items in each information for confirmation:
The IP address of the source IP address sending package.
The IP address of the destination IP address receiving package.
The port connecting to the source system.
The port connecting to the target system.
A port is a software structure used by a customer program or service process to send and receive information. A port corresponds to a 16-bit number. A service process usually uses a fixed port, for example, SMTP uses 25 and xwindows uses 6000. These port numbers are 'widely known 'because they need to communicate with the destination address when establishing a connection with a specific host or service.