Network security in liunx introduces some network knowledge

Here I introduced some linux network security and prevention, as well as some network knowledge, which is vividly described. Let's take a look. I have summarized the statements by myself, but they are recorded one by one without any plagiarism,

TCP/IP

Layer-7 relationship

Application

Indicates

Session

Transmission

Network

Data Connection

Physical

Tcp has a total of 4/5 Layers

Including

1 Application Layer --- application indicates session

2 Transport Layer --- transmission tcp udp

3 network layer --- network ip icmp

4. Data connection --- data connection arp rarp

5 physical ----- physical

Physical Layer

Transmit signals based on physical lines

-------------

Provide reliable protocols in the unreliable physical layer -------- data connection role

-----------------

Data Connection history

Arp Protocol ip address for MAC)

Rarp mac ip address retrieval)

[Root @ localhost/] # arp-n ------ view arp cache table

[Root @ localhost/] # arp-d 192.168.1.111 ------ Delete the address in the arp cache table

[Root @ localhost/] # tcpdump-I eth0-nn arp and host 192.168.1.111 ----- capture arp packets

Arp gateway Spoofing

Arp-s IP mac ---- solution for mac

-------------

Network Layer

Ip protocol

Icmp protocol

Bandwidth occupied by icmp flood attack ping ---- solution to disable ping

Ip is responsible for data packet slicing and restructuring

---------------------

Transport Layer

Reliable connection of tcp transmission control protocol

One or three handshakes

Two or four waves

3. Each packet is confirmed. If the packet is incomplete, it will be re-transmitted.

4 Mark syn request FIN request disconnected, goodbye ACK response RST disconnect PUSH flag URG emergency flag

5. Flow Control Sliding Window

6. Connection status

Unreliable connection to udp user data packets

Syn

A ------> B

Syn + ack + 1

A <------ B ---- three-way handshake

Ack + 1

A ------> B

Data Transmission

A ------> B

A <------ B

FIN

A ------> B

Ack

A <------ B

FIN ----- Four Waves

A <------ B

Ack

A ------> B

A Indicates that client B is the server.

The process of data transmission is as follows)

Are you there?

A ------> B

In!

A <------ B ---- three-way handshake

Yes!

A ------> B

Have you eaten?

A ------> B

Eat --- send data, send a request, and reply

A <------ B

No chat

A ------> B

Good

A <------ B

I want to go back.

A <------ B

888888

A ------> B

Rtt value ---- round-trip time of the Data Packet

Tos Sliding Window for traffic control ----- top Protocol

The principle is that a sends data packets to B, and a sends data packets to B until the packet is sent.

Dos attacks send syn requests in a crazy manner and do not reply to the server ack until the pool is fully occupied. Each time a random port is opened, the server must be better than the server to get rid of it. Otherwise, the server must be scraped off and becomes a single-choice)

DDOS attacks have become a mass building.

[Root @ localhost ~] # Cat/proc/sys/net/ipv4/tcp_synack_retries --- this means that if the server replies five times, you will be disconnected.

5

[Root @ localhost ~] # Cat/proc/sys/net/ipv4/tcp_syncookies ---- after enabling the cookies, the semi-connection infinity will be recorded, which does not consume memory but consumes CPU)

1

Echo 1024>/proc/sys/net/ipv4/tcp_max_syn_backlog ---- set the number of semi-connections

-----------------------------

Udp protocol

Send data packets, no matter whether you receive them or not.

Dup can also be set to reliability. The upper-layer protocol can be used to set the reliability.

This article is from the "history_xcy" blog, please be sure to keep this http://historys.blog.51cto.com/7903899/1296714