|Lesson 4||Internet layer (IP)|
|Objective ||Identify the Internet layer and its weaknesses. |
The next layer of the TCP/IP stack is the Internet layer.
The Internet layer is used primarily for addressing hosts and for routing. It does not provide any means for error
correction or flow control. The IP layer uses best-effort services to deliver IP datagrams .
TCP/IP Internet layer
IP Layer Attacks
The open architecture of the IP layer makes it an easy target for hackers. Every IP datagram is an individual piece of
information traveling from one host to another. The hosts compile the received IP datagrams into a usable form. Because so
many protocols are in operation at once, it is easy to defeat the proper function of any one protocol.
Hackers will often use a technique called IP spoofing, which is the process of replacing the source IP address with a false IP address. Because TCP/IP's
open architecture has no built-in authentication, one host or machine can spoof another's identity. Source-routed IP datagrams, created to travel only a specific path,
are used to circumvent security measures such as firewalls.
Another type of IP spoofing is known as a Smurf attack. A Smurf attack sends out a series of pings to a large number of remote hosts.
All the remote computers respond to the ping and reply to a targeted IP address instead of to the attacker's true IP address.
The target IP address is then inundated with Internet Control Message Protocol (ICMP) packets and can no longer function properly.
Smurf attacks are an example of a denial-of-service attack.
The ICMP is used to communicate errors or other conditions at the IP layer. For example, when a host is pinged to determine
if it is operational, a ICMP message is generated.
- Denial-of-service:An attempt by attackers to prevent legitimate users of a service from using that
service by flooding a network, or by disrupting connections or services.
Winnuke attacks: A program that exploits the Windows TCP/IP stack, called a Winnuke or
nuke, will cause Windows machines running an older version of the TCP/IP protocol stack to either crash or lock
up. Many companies now filter ICMP traffic at their firewalls.
Winnuke: A program that exploits the Windows TCP/IP stack causing Windows machines running an
older version of the TCP/IP protocol stack to either crash or lock up.