TCP and IP options

Going back to the basics is always a good idea. One of the most basic parts of computer communication knowledge is four basic protocols: IP, TCP, UDP and ICMP. The content of this article will show you some of the options available in both TCP and IP, and through which we will know their security performance.

TCP and IP options

Referring to the TCP / IP protocol suite, it refers to all layers of the OSI reference model. We will have to pay attention to many different protocols. A large number of these protocols are located on the application layer. And many application layer protocols have some holes associated with them.

Picture 1 of TCP and IP options

What about "four core protocols"? What are they, what do they do and why are they called "core" protocols? In fact, IP is used for routing, TCP and UDP for transport and eventually, ICMP is used to control error messages. And they are called "core" because every operating system needs them to be able to "talk" to other machines. As if to send packets, they must first go through these four basic protocols. However, does saying Mac, BSD or some other type of operating system always have all the protocols that are completely correct? Sometimes these operating systems can use another stack to execute their operations. Novell is an example.

Is it the worst thing for a core protocol?

We know that any operating system needs these protocols to communicate in the network environment. When considering the security of the website, you will definitely have to study carefully whether there are vulnerabilities that come with the basic protocols, or whether there are any more special options. If you don't have a good TCP / IP manual, you should download the TCP / IP and tcpdump instructions. You will see the content you want to find at the bottom of the page, and the options of each protocol are located under each protocol.

Today, these network-based protocols are ubiquitous in every computer communication activity. That makes us feel excited about both the lesser-known aspects of them, the optional components. With IP and TCP we have six different options. Considering the function of each option and evaluating them in security is our next task.

IP and options

End của danh sách các tùy chọn

This IP option has a "type" value of 0 and a size of 1 byte. There is no security issue related to it and this option is only used at the end of the list of IP options used for headers.

No operation

This IP option has a "type" value of 1. It is not often confused with the NOP command of Assembler language. Because vulnerability search developers often use this command to allow themselves to use a large amount of windows on the stack that will return malicious code. The NOP command in the IP header is used to stretch another option and fill the 32-bit border.

Record Route

With a value of 7 and a custom length, this record route option is used in combination with two other IP options: "Loose Source route" (misplaced source routing) and 'Strict source route' (source routing exactly). Their type values ​​are 131 and 137 respectively. Record route, or more specifically Loose Source Record Route packages have long been a concern for computer security. Back in 2002, we can see that W2K and XP still reverse the first hop of the LSRR package. This is allowed by default on TCP / IP stacks.

This is not a good choice because both are useful for attacks. Similar studies at the time also indicated that most firewall vendors such as Symantec's Norton Firewall allow re-use of LSRR packages. But in the network now there is really no reason to continue using these packages. Because no one wants to describe a series of hops in the packet path.

Timestamp

This option has a type value of 68 and is often used for routers. The router will insert timestamp into the packet. Each IP option has a small specific value and plays an important role in computer security issues.

TCP and options

End của danh sách các tùy chọn

This option is the same as on IP with the same value and usage values.

No operation

Having a type value of 1 and also a byte length, this option is very similar to the NOP of IP headers. They are also used to add other options, the purpose of which is to ensure the title content is within 32 bits. There are a number of options for TCP that are not entirely 32 bits, for example, not all of them use four bytes.

Windown Scale

This option has a type value of 3 and a byte size of 3. It is used to increase the window size from 16 bits to 32 bits. Usually this option is not related to security. It is a very clear option and is also known as the "slide window" function. You may see this option in the three steps of the "handshake" process of TCP / IP.

Selective ACK ok

The type value for it is 4 and the length is 2 bytes. There is no security value in this option and you can see it in the three steps of TCP / IP's "handshake" process.

Timestamp

This TCP option has a type value of 8 and a custom length. There are good ways to use this option in TCP. One is to calculate RTT or return interrupt time and two is used to prevent aka PAWS from protecting packets and attack sequences. You may see this option in a data package.

Summary

We have moved on to you all options currently used in both TCP and IP. You may be wondering what about UDP and ICMP? The answer is that there are currently no options built for both UDP and ICMP. If you want to test some of the interesting things mentioned above with TCP and IP options, you should download some packet blocking program and practice it. A good data blocking program allows you to manipulate almost every field found in both TCP and IP.