Identify the Transport Layer (TCP/UDP) and its weaknesses
Identify Transport Layerand its weaknesses
The transport layer controls the flow of information between hosts. Two protocols exist at the transport layer, the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP).
These two protocols use ports for directing information, which are key to implementing Internet security measures.
TCP/IP Transport Layer
Transmission control protocol (TCP)
TCP is a connection-oriented protocol using a "handshaking" process and an information exchange to complete a connection upon which traffic passes.
TCP is the protocol used by most Internet services, including HTTP (the World Wide Web), FTP, and SMTP (email).
The TCP handshake is a common area of attack. What happens in the TCP handshake process when a connection is established and when it is attacked is shown in the SlideShow below.
UDP is a connectionless protocol often used for broadcast-type protocols, such as audio or video traffic.
Because a host issues a UDP message and does not expect a reply, embedding malicious activities within these types of datagrams is difficult. In addition, it is possible to flood a port with UDP attacks.
TCP or UDP Port
A machine running TCP/IP almost always has many different applications running at the same time, and all must be able to communicate simultaneously. Security is largely contingent upon the proper directing of network packets. Each application is assigned a specific TCP or UDP port number and incoming network packets are directed to the correct application by the operating system.
There are 65,536 possible ports that can be used with either TCP or UDP. The Internet Assigned Numbers Authority (IANA) assigns and maintains port numbers including well-known ports, registered ports, and private ports. IANA has defined the first 1023 ports as reserved for specific server-side applications. Some examples are shown in the table below.
Internet Assigned Numbers Authority (IANA):
Oversees and coordinates the assignment of every unique protocol identifier used on the Internet.
Program / Application
(FTP) File transfer protocol
TCP 20 and TCP 21
(DNS) Domain name server
TCP 53 and UDP 53
(HTTP) Web Server
(SNMP) Simple Network Management Protocol
UDP 161 and UDP 162
(SMTP) Mail servers Using Simple Mail Transfer Protocol
(NNTP) Network News Transfer Protocol
TCP port 23
To configure firewalls for use with DNS, you need to understand how UDP works.