Tag: OSI Layer 2

CISSP Blog Post 17, Domain 4: Network: OSI Layers 2 (Data Link) & 3 (Network)

by Yosef B., posted in CISSP, encryption, Security, Technology

Credit: Post based on CISSP course presented by Dennis Lee, November 2018

Not going to spend a lot of time on OSI Layer 2, aka the Data Link Layer. At this layer, protocols are responsible for node-to-node or link-to-link communications between systems on the same network

Common protocols include:

  • Address Resolution Protocol (ARP) which resolves IP addresses to MAC addresses. It is susceptible to ARP cache poisoning attacks.
  • Multiprotocol Label Switching (MPLS) operates at both L2 and L3 of the OSI model. In summary, data enters the MPLS network through a Label Edge Router which passes traffic to Label Switch Routers until data gets to the final Edge Router and exits the MPLS network to the destination. MPLS routers add special encapsulating data labels to send data along pre-defined network paths. The Switch routers forward data along the directed path, where the last edge router strips off the labels before the data exists the network.

The OSI Layer 3, Network Layer protocols are responsible for network-to-network, router-to-router, or gateway-to-gateway communications and include:

The IP Protocol (IPv4) handles IP addressing. Without going into the difference between the two, the main reason IPv6 was developed is because IPv4 has literally run out of addressable addresses to assign to Internet devices.

  • IPv4 = 32-bit addresses which provide 2^32 addresses
  • IPv6 = 128-bit addresses which provides 2^128 addresses

The IP protocol handles data fragmentation and reassembly of packets if you’re sending over networks with different maximum transmission unit (MTU) sizes. The IP header element includes items such as:

  • Total fragment length
  • Fragment ID
  • Different flags
  • Fragment offset
  • Time-to-live
  • IP source address
  • IP destination address
  • Etc.

The Internet Control Message Protocol (ICMP) can be abused to conduct Man-in-the-Middle (MITM) and Denial of Service (DoS) attacks. It provides network diagnostics (such as ping, traceroute, etc.) and network error reporting. It also provides ICMP redirect functionality where a router can inform a sender of a better route to the final destination.

A couple of common Layer 3 attacks include the:

  • Tear Drop Attack which crashes a system by exploiting the fragment offset field to overload the receiving system with malformed packets.
  • SMURF Attack where an ICMP echo request is sent to the network broadcast address of a spoofed victim, causing all nodes to reply to the victim with echo reply. A similar attack called a FRAGGLE attack uses the UDP protocol to create a similar effect.
SMURF Attack Process
SMURF Attack Process