Credit: Post based on CISSP course presented by Dennis Lee, November 2018
First off, Happy New Years! Hopefully your New Year’s resolution was to continue to study for the CISSP exam! 😉
Today we’re going to look at Layer 4 protocols which are responsible for end-to-end, host-to-host, or source-to-destination communications. Common protocols here include the:
Transmission Control Protocol (TCP) which is a connection-oriented protocol, i.e. it expects acknowledgments from the destination.
The sequence number increments by the size of bytes in the packet. To close transmission, device A send a final ACK transmission and then sends FIN with the last sequence it is up to:
TCP Headers are sandwiched between the IP Header and the Data Payload. They typically include:
- Source & Destination Ports
- Sequence #’s
- Acknowledgement #’s
- Flags
- Checksums
- Etc.
Well known port numbers range from 0 to 1023. Examples are:
- HTTP = 80
- SMTP = 25
- FTP = 20 & 21
- Telnet = 23
- SSH = 22
- DNS = 53
- HTTPS = 443
Ports indicate the protocol being used. The sequence # and checksum are used to figure out if a packet needs to be resent.
User Datagram Protocol (UDP) is a connection-less protocol, i.e. it does not expect acknowledgements and does not have any error checking. It assumes best effort and there is no connection “state” for a firewall to observe / monitor. The UDP header only includes source and destination ports, checksum, etc.
Two common TCP exploits at the OSI Layer 4 level include the
TCP Sequence Number Attack
SYN Flood Attack