Identify the Transport Layer (TCP/UDP) and its weaknesses
Identify Transport Layerand its weaknesses
The transport layer controls the flow of information between hosts. Two protocols exist at the transport layer, the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP).
These two protocols use ports for directing information, which are key to implementing Internet security measures.
TCP/IP Transport Layer
Application Layer
(TCP/UDP) Transport Layer
(IP) Internet Layer
(ARP) Network Layer
Transmission control protocol (TCP)
TCP is a connection-oriented protocol using a "handshaking" process and an information exchange to complete a connection upon which traffic passes. TCP is the protocol used by most Internet services, including HTTP (the World Wide Web), FTP, and SMTP (email).
TCP handshake
The TCP handshake is a common area of attack. What happens in the TCP handshake process when a connection is established and when it is attacked is shown in the following series of images.
1) In a SYN flood attack a series of SYN requests are made using a spoofed IP Address. The requesting host or client sends a message with a SYN flag and a unique sequence ID to establsih a connection with the remote host.
2) The remote or server will respond with a SYN flag and the sequence ID of the client
3) To complete the connection, a reply is sent in the form of an ACK flag from the requesting host and confirmed by the remote host.
4) The remote host responds to the requests and waits for the reply
5) In a SYN flood attack, repeated SYN requests congest the remot host until the flooding stops. The allocation of memory will help prevent SYN flood attacks.
UDP is a connectionless protocol often used for broadcast-type protocols, such as audio or video traffic.
Because a host issues a UDP message and does not expect a reply, embedding malicious activities within these types of datagrams is difficult. In addition, it is possible to flood a port with UDP attacks.
TCP or UDP Port
A machine running TCP/IP almost always has many different applications running at the same time, and all must be able to communicate simultaneously. Security is largely contingent upon the proper directing of network packets. Each application is assigned a specific TCP or UDP port number and incoming network packets are directed to the correct application by the operating system.
There are 65,536 possible ports that can be used with either TCP or UDP. The Internet Assigned Numbers Authority (IANA) assigns and maintains port numbers including well-known ports, registered ports, and private ports. IANA has defined the first 1023 ports as reserved for specific server-side applications. Some examples are shown in the table below.
Internet Assigned Numbers Authority (IANA):
Oversees and coordinates the assignment of every unique protocol identifier used on the Internet.
Program / Application
Standard Port
(FTP) File transfer protocol
TCP 20 and TCP 21
(DNS) Domain name server
TCP 53 and UDP 53
(HTTP) Web Server
TCP 80
(SNMP) Simple Network Management Protocol
UDP 161 and UDP 162
(SMTP) Mail servers Using Simple Mail Transfer Protocol
TCP 25
(NNTP) Network News Transfer Protocol
TCP 119
Telnet
TCP port 23
UDP
To configure firewalls for use with DNS, you need to understand how UDP works.