Seph Lietz

IPv4

The first topic we covered is, IPv4. But first we briefly reviewed the OSI Reference Model, which consists of 7 abstraction layers: Application, Presentation, Session, Transport, Network (including IPv4), Data link, and Physical.

IPv4 uses 4-byte addresses, most commonly seen in the dot-delimited, numerical form: [0-255].[0-255].[0-255].[0-255]. Also, address masks are often used to signify a range of addresses, such that 192.168.1.0/24 is the same as writing 192.168.1.[0-255] and 192.0.0.0/8 is the same as writing 192.[0-255].[0-255].[0-255].

We then looked at some of the weaknesses in IPv4.

Address spoofing can be used to send return traffic to the spoofed address, or to bypass filters to send traffic to the destination. Reverse Path Verification and Egress Filtering can be used to stop some spoofing techniques.

Another concern is packet fragmentation, where the size of a packet may cause the payload to be split up. A packet can be intentionally fragmented to get around simple firewalls. Furthermore, it could be fragmented in such a way that the fragments overlap, so that some fragments contain repeating information. Poor stack implementations can be abused by sending a fragmented packet with a negative or very large offset. Also, a fragment could be missing, causing the packet to never be re-assembled, which multiplied on a grand scale could keep a resource busy waiting for the final fragment of many packets at once.

ARP cache poisoning can be used to perpetrate man-in-the-middle kinds of attacks. Encrypting all traffic could be at least a partial solution to this, depending on whether the session key is kept secret.