Distributed Networks Distributed Networks

Securing Protocol Layers   «Prev  Next»
Lesson 4Internet layer (IP)
Objective Identify the Internet layer and its weaknesses.
The next layer of the TCP/IP stack is the Internet layer.
The Internet layer is used primarily for addressing hosts and for routing. It does not provide any means for error correction or flow control. The IP layer uses best-effort services to deliver IP datagrams .

TCP/IP Internet layer

TCP/IP Protocol Layers

IP Layer Attacks

The open architecture of the IP layer makes it an easy target for hackers. Every IP datagram is an individual piece of information traveling from one host to another. The hosts compile the received IP datagrams into a usable form. Because so many protocols are in operation at once, it is easy to defeat the proper function of any one protocol.

IP spoofing

Hackers will often use a technique called IP spoofing, which is the process of replacing the source IP address with a false IP address. Because TCP/IP's open architecture has no built-in authentication, one host or machine can spoof another's identity. Source-routed IP datagrams, created to travel only a specific path, are used to circumvent security measures such as firewalls.
Another type of IP spoofing is known as a Smurf attack. A Smurf attack sends out a series of pings to a large number of remote hosts. All the remote computers respond to the ping and reply to a targeted IP address instead of to the attacker's true IP address. The target IP address is then inundated with Internet Control Message Protocol (ICMP) packets and can no longer function properly. Smurf attacks are an example of a denial-of-service attack.
The ICMP is used to communicate errors or other conditions at the IP layer. For example, when a host is pinged to determine if it is operational, a ICMP message is generated.

  1. Denial-of-service:An attempt by attackers to prevent legitimate users of a service from using that service by flooding a network, or by disrupting connections or services.
  2. Winnuke attacks: A program that exploits the Windows TCP/IP stack, called a Winnuke or nuke, will cause Windows machines running an older version of the TCP/IP protocol stack to either crash or lock up. Many companies now filter ICMP traffic at their firewalls.
  3. Winnuke: A program that exploits the Windows TCP/IP stack causing Windows machines running an older version of the TCP/IP protocol stack to either crash or lock up.
Click the link below to read more about attacks on the Internet control message protocol.
Internet Control Message Protocol
TCP/IP Definitions