网络协议攻击之一:基于IP分片的off path 攻击

本文详细介绍了基于IP分片的off path攻击,包括DoS攻击(Fragment cache overflow、Fragment miss association)和报文拦截/修改策略。通过伪造分片报文,攻击者能在不直接截获或修改报文的情况下,实现数据包的拦截与篡改。对策包括避免分片、使用不可预测的IP-ID以及部署IP报文伪造的预防措施。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >



注:本文是阅读相关文献的笔记

这里描述的攻击模式都是offpath模式,攻击者只能伪造报文,没有直接截获或则修改报文的权限,可以发现,即使只能伪造,也能够达到截获的目的。


IP分片的特征


  1. 每个IP分片的目的IP、源IP、传输层协议类型、IP-ID组成一个四元组:接收端根据这个四元组识别出同一个报文的分片,并组装为一个完整的报文。按照协议要求,一个完整报文对应的四元组必须是唯一的

  2. 各个不同实现对IP-ID的生成有不同的方式:

    1. 采用全局的counter,每发送一个报文,IP-ID+1 (windows的模式)

    2. 采用per-destination  counter,对该destination,每发送一个报文,该destinationIP-ID+1(linux的模式)

  3. IP分片的执行

    1. IPV4,除非发送者指定了DF标志为1IP传输路径上的各个路由器,都可能执行分片;

    2. IPV6,只有发送方可以执行分片

  4. IP分片和上层协议

What’s in This Book? This book contains a mix of theoretical and practical chapters. For the practical chapters, I’ve developed and made available a networking library called Canape Core, which you can use to build your own tools for protocol analysis and exploitation. I’ve also provided an example networked application called SuperFunkyChat, which implements a userto-user chat protocol. By following the discussions in the chapters, you can use the example application to learn the skills of protocol analysis and attack the sample network protocols. Here is a brief breakdown of each chapter: Chapter 1: The Basics of Networking This chapter describes the basics of computer networking with a particular focus on TCP/IP, which forms the basis of application-level network protocols. Subsequent chapters assume that you have a good grasp of the network basics. This chapter also introduces the approach I use to model application protocols. The model breaks down the application protocol into flexible layers and abstracts complex technical detail, allowing you to focus on the bespoke parts of the protocol you’re analyzing. Chapter 2: Capturing Application Traffic This chapter introduces the concepts of passive and active capture of network traffic, and it’s the first chapter to use the Canape Core network libraries for practical tasks. Chapter 3: Network Protocol Structures Download from finelybook www.finelybook.com 24This chapter contains details of the internal structures that are common across network protocols, such as the representation of numbers or human-readable text. When you’re analyzing captured network traffic, you can use this knowledge to quickly identify common structures, speeding up your analysis. Chapter 4: Advanced Application Traffic Capture This chapter explores a number of more advanced capture techniques that complement the examples in Chapter 2. The advanced capture techniques include configuring Network Address Translation to redirect traffic of interest and spoofing the address resolution protocol. Chapter 5: Analysis from the Wire This chapter introduces methods for analyzing captured network traffic using the passive and active techniques described in Chapter 2. In this chapter, we begin using the SuperFunkyChat application to generate example traffic. Chapter 6: Application Reverse Engineering This chapter describes techniques for reverse engineering networkconnected programs. Reverse engineering allows you to analyze a protocol without needing to capture example traffic. These methods also help to identify how custom encryption or obfuscation is implemented so you can better analyze traffic you’ve captured. Chapter 7: Network Protocol Security This chapter provides background information on techniques and cryptographic algorithms used to secure network protocols. Protecting the contents of network traffic from disclosure or tampering as it travels over public networks is of the utmost importance for network protocol security. Chapter 8: Implementing the Network Protocol This chapter explains techniques for implementing the application Download from finelybook www.finelybook.com 25network protocol in your own code so you can test the protocol’s behavior to find security weaknesses. Chapter 9: The Root Causes of Vulnerabilities This chapter describes common security vulnerabilities you’ll encounter in a network protocol. When you understand the root causes of vulnerabilities, you can more easily identify them during analysis. Chapter 10: Finding and Exploiting Security Vulnerabilities This chapter describes processes for finding security vulnerabilities based on the root causes in Chapter 9 and demonstrates a number of ways of exploiting them, including developing your own shell code and bypassing exploit mitigations through return-oriented programming. Appendix: Network Protocol Analysis Toolkit In the appendix, you’ll find descriptions of some of the tools I commonly use when performing network protocol analysis. Many of the tools are described briefly in the main body of the text as well. How to Use This Book If you want to start with a refresher on the basics of networking, read Chapter 1 first. When you’re familiar with the basics, proceed to Chapters 2, 3, and 5 for practical experience in capturing network traffic and learning the network protocol analysis process. With the knowledge of the principles of network traffic capture and analysis, you can then move on to Chapters 7 through 10 for practical information on how to find and exploit security vulnerabilities in these protocols. Chapters 4 and 6 contain more advanced information about additional capture techniques and application reverse engineering, so you can read them after you’ve read the other chapters if you prefer. For the practical examples, you’ll need to install .NET Core Download from finelybook www.finelybook.com 26(https://www.microsoft.com/net/core/), which is a cross-platform version of the .NET runtime from Microsoft that works on Windows, Linux, and macOS. You can then download releases for Canape Core from https://github.com/tyranid/CANAPE.Core/releases/ and SuperFunkyChat from https://github.com/tyranid/ExampleChatApplication/releases/; both use .NET Core as the runtime. Links to each site are available with the book’s resources at https://www.nostarch.com/networkprotocols/. To execute the example Canape Core scripts, you’ll need to use the CANAPE.Cli application, which will be in the release package downloaded from the Canape Core Github repository. Execute the script with the following command line, replacing script.csx with the name of the script you want to execute.
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值