This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
This assignment shows how the Spanning Tree Protocol works to prevent the layer 2 loop with proper implementation guide and explanation. Besides that, it will also explain about subnetting and step by step guide. Nonetheless the process of Three-way handshake and the sequence prediction attack will also be discussed. The whole result of the study will be discussed in this assignment.
In the network switching environment, there are no routing protocols and active redundant paths used. Therefore, the bridging loops have become one of the critical issues in switching environment.
In order to solve the bridging loops problem, Spanning Tree Protocol (STP) has implemented the algorithm of IEEE 802.1d in order to solve the problem. More than that, with STP, a redundant switching environment also will be created in order to provide an efficient switching method if one of the bridge is down or unavailable.
IP addressing and subnetting is another important element on networking. With the 5 classes of IP address, a network can be created with the availability of IP addresses. More than that, the private IP addressing and NAT is one of the best combination in order to solve the shortage problem of IPv4. With subnetting, the wastage of the IP addresses can be reduce and allows the creation of subnet under the same range of IP address.
Nevertheless on the security side, the "Three Way Handshake" protocol is one of the core protocols in TCP connection. However, just like other security issues, there is a method which uses the "TCP Sequence Number Attack" during the 3-way handshake process in order to break into the network. In order to solve this attack, encryption is one of the best methods to solve this problem.
2.1) Overview of Spanning Tree Protocol
IEEE 802.1d; the first public standard for Spanning Tree Protocol (STP) is defined in order to prevent the looping problem occurs on switching environment. In order to prevent the loops, the bridge port will be assigned into either Forwarding State or Blocking State.
In terms of redundancy, STP plays an important role in switching environment. STP provides redundant path between the end stations to allow bridged LAN to continue forward the frame in the event of network failure.
Basically, STP enables the bridge to be aware of each other so they can negotiate a loop free path through the entire network. The reason for STP to be implemented, was due to the parallel bridge are unaware of each other when looping occurs.
More than that, STP will compute a tree structure that includes the bridges on network. Meanwhile, the redundant paths are placed in a Blocking state to prevent the frame to be forwarded. However, if the forwarding ports failed, the STP will recompute the tree structure and activates the blocking ports to become forwarding ports.
2.2) Bridge Protocol Data Unit (BDPU)
For STP to function, the bridges need to share the information about themselves and their connection with other bridges. This information is stored in BDPU and it will be forwarded by multicast frame to neighbor bridges. Bridges will use the BDPU to learn the topology if the network where it shows which bridges is connected with each other and whether layer 2 loop are based on this topology.
Table 1-1 on previous page shows the field and size of BDPU frame in clear explanation. Notice the several key fields in the BDPU are related to the bridge identification, path cost and timer. These key are all work together so that the bridge can converge on a common topology within the network. (Hucaby, 2010)
By default, BDPU are sent out to all bridges port every 2 second in order to speed up the convergence time so that current topology information can be exchanged and loops are identified quickly. This timer however can be change to different value by modifying the "Hello Time" key in the BDPU.
Furthermore, based on the STP algorithm, some of the important key elements are:-
2.2.1) Bridge ID
The ID of the bridges is unique on every bridge where it is made up of two components;
Bridge Priority - the priority field can have value from 0 to 65,535.
MAC Address - the MAC address for every device is unique where the addresses are hard-coded into the devices and cannot be change.
2.2.2) Path Costs
The path costs is use to determine the speed of the link of each port measured in bandwidth. The lowest value for the costs, it mean the faster the networking link was. For example, Gigabit Bridge can have different costs for different ports on the bridge. Table 2-1 shows the default value for port costs. (Hucaby, 2010)
At the top of the spanning tree is the root or what is referred in the STP, Root Bridge. An election will occur among all the connected bridge in the same subnet or network. For the election of Root Bridge, the bridge ID is playing an important role. The explanation about bridge ID can be found on section 2.2.1.
Figure 2-1: Electing Root Bridge
In order to elect the Root Bridge, the bridge will exchange the BPDUs frame with each other in order to get the bridge ID among each other. Once the exchange has completed, the bridge will compared the BDPU and whichever bridge with lowest bridge ID will become the Root Bridge.
However, if there are bridges which have the same bridge ID, the bridges with lowest MAC Address will become the Root Bridge. Nevertheless, in some occasion, when a new bridges with lower bridge ID than the current Root Bridge, the new bridge will become Root Bridge of the network and the STP will be recalculated again
Based on the Figure 2-1 on previous page, B1 is having the lowest bridge ID among other bridges in the network. This means B1 will become the Root Bridge of the network. Figure 2-2 shows the update of the topology after electing the Root Bridge.
Figure 2-2: B1 as Root Bridge
2.3.2) Choosing Root Port for Each Bridge
Once the Root Bridge has been elected for the entire network, each non-root bridge must choose one of its ports to become Root Port (RP) where it will be use to reach the Root Bridge. Each of the bridge must have at least one RP except the bridge which is already become a Root Bridge.
In order to find the RP, the concept of costs will be use and it has already been explained in section 2.2.2. In details, RP can be found by choosing the lowest accumulated path costs which reach the Root Bridge.
On the network diagram, Root Port will be label as RP just like in Figure 2-3 below.
Figure 2-3: Chosen Root Port
From the Figure 2-3, we can see that each port which is RP in bridge is having the lowest accumulated path costs to reach Root Bridge among each path. For B2 the lowest path costs will be 4, B3 will be 19 and B4 will be 4.
For more information, once the Root Bridge has been elected, the RP of that bridge will be 0. Therefore, the accumulated path cost of B2 is 4 instead of 8 because it was (4+0).
2.3.3) Choosing Designated Port on Each Segment
After the RP has been chosen, each bridge will need to figure out which port is the Designated Port (DP). The DP was responsible for moving traffic between LAN segments. For example, if there are two or more bridges are connected to the same LAN segment, both of the bridge will try to forward the frame to the destination. Hence by, the looping will occurs and it should be avoided by choosing DP.
Because of that, only one bridge should forward the traffic to and from the segment and it will be the one selected as DP. The DP itself is chosen based on the accumulated path cost for the bridge in order to reach the Root Bridge. The bridge with lowest accumulated path cost will be DP.
However, if there are two or more bridges with same accumulated path cost, it chooses the bridge with lowest bridge ID to become DP. Figure 2-4 below is shows the updated topology after the DP has been choose.
Figure 2-4: Chosen Designated Port
From the Figure 2-4, there may be some confusion between B2 and B4 because the bridges itself have the same accumulated path costs and it the lowest between other bridge. In this situation, the port in B2 will become DP because the bridge itself has the lowest bridge ID among all.
2.3.4) Choosing the Blocking Ports
Choosing Blocking Port (BP) is the easiest step in the whole STP computation. For every bridge port in the network, the port neither is RP nor will DP become BP. The connection link of the bridge with BP will be temporarily disabled in order to prevent looping. Figure 2-5 is shows the updated topology after chosen the BP. Besides that, Figure 2-6 shows the topology once the STP has been applies correctly.
Table 2-4 above shows the summary of port states where each of the state have their own characteristic. (Hucaby, 2010) Two of the most important states that we need to focus will be Forwarding and Blocking. These states are also known as Forwarding Port and Blocking Port. Both of the ports / states will be explain in next section.
2.5) Forwarding and Blocking Ports
Forwarding Port (FP) actually is Root Port (RP) and Designated Port (DP) because the port can send and receive BDPUs frame, data and learn MAC address. Beside that FP will be fully functioning bridge port within the spanning tree topology network because it has the capability reach to other network.
On the opposite statement, Blocking Port (BP) is also known as blocking state where it cannot send or receive any data. More than that, the MAC address also cannot be learning by BP but it can receive BDPU. The reason BP allowed to receive BDPU is to listen to neighboring bridge.
Figure 2-7 is shows the FP and BP in the topology where the RP and DP is changed to FP.
Figure 2-7: Network Topology with FP & BP
As summary, RP and DP are always in forwarding state or Forwarding Port where BP will remain the same as Blocking Port. If there is any connection failure in the bridge, the BP will be reactivated in order to provide redundancy in the network.
"This page is intentionally left blank"
3.1) IP Verification
The IP address give 188.8.131.52 is actually a Class C IP address where it is in between the range of 192.0.0.0 until 184.108.40.206. For IP address, there are 5 classes from A to E where it represent the availability of IP for different range of network and hosts. Table 3-1 shows the size of networks, hosts and range of IP addresses from different classes. (Deal, 2008)
For class A to C, it is commonly used due to the availability of the IP addresses. However for class D, it is used for Multicast where it use to send from single hosts to multiple hosts. For example, class D IP address of 220.127.116.11 is use by router to send routing information of RIPv2 (Routing Information Protocol Version 2) update to other router.
Besides that, Class E is reserved for Research and Development and some of the IP in class E is owned by NASA for research. For public, only IP from Class A to C is available.
3.2) IP Subnetting
In order to subnet a 32 fixed-length subnets, two formulas will be used in order to find the number of networks and hosts per subnets. The IP address 18.104.22.168/8 given is using subnet mask of 255.0.0.0. In order to create 32 subnets, a new subnet mask will be used once the subnetting process has finish.
However, before the subnet process, the terms of bits also need to be understood. For an IP address, the total bits are 32 bits per address. However, for 22.214.171.124 / 8, the available bits to be use are 24 because the first 8 bits has been use and it is representing by subnet mask 255.0.0.0. For each 8 bits, it will be known as octet and the total value will be 255. For the bits, it is representing in 1 and 0.
Although there are 24bits available to be use, only 8 bits will be use because it is sufficient enough to create 32 subnets. On next page, the process of subnetting will be explained in details.
To find the new subnet mask for subnetted network, we need to refer to the number of bits that use to find the no of networks. 5 Bits has been use to create 32 subnets. Therefore, the subnet mask can be found in the 5 bits because each bit represents different value.
Although 5 bits is used to calculate the no of networks, a different formula will be use to find out the subnet mask.
Bits Used (5) = 1 1 1 1 1 0 0 0
In this situation, we need to add the value of bits from left to right where it will be [128+64+32+16+8] = 248. As I've mention before, 8 bits equal to 255. So the new subnet mask for 126.96.36.199 will be 255.255.255.248.
As summary, once the new subnetted network has been create and the IP addresses has been applied, the subnet cannot communicated with each other. This is the main reason of subnetting which is isolating the network itself in subnet and save IP addresses. Table 3-4 below shows the overview of 32 subnets under 188.8.131.52 / 29 where the 29 represent the subnet mask 255.255.255.248.
Transmission Control Protocol (TCP), one of the protocols in OSI Transport layer is playing an important role for the data transmission in networking. With the reliable connection establishment and termination, end-to-end delivery of data can be performing without any issue. This reliable connection establishment methods is known as "Three-way Handshake"
In details, before a host can send a data to the receiver, an establishment process must be performing in order to establish the connection. The whole process is known as three-way handshake. This process guarantees the both side of sender and receiver are ready to transmit the data. Figure 4-1 shows the process of three-way handshake.
In Figure 4-1, PC-A want to send data reliably to PC-B via TCP. Before the transmission, PC-A need to establish a session with PC-B. Both of the host will go through a process of three-way handshake. (Deal, 2008)
Figure 4-1 on previous page shows the three-way handshake process between PC-A and PC-B. The following three steps occur during the process.
PC-A send a synchronization (SYN) segment to PC-B which indicates that PC-A want to establish a reliable connection with PC-B.
PC-B responds with both acknowledgements (ACK) and SYN in the same segment. ACK means that PC-B has received the previous SYN from PC-A in step 1. Meanwhile, SYN from PC-B in this step means it was ready to establish a connection.
Upon receiving ACK/SYN from PC-B, PC-A will respond back to PC-B with ACK. This shows that the previous segment has been received and the connection has been fully establish.
Once the three-way handshake has occurred, data can be transferred between the devices in reliable way.
A sequence prediction attack is an attempt of predict the sequence number in order to gain access to the system with permission. In order to successfully hijack into a TCP connection, the attacker must first listen to the communication between two systems where one of it was the target system. (Anonymous, 2010)
Once they captured the packet which is issued to the target system, they will open the packets and modify the original content. After the modification, the packet will be sent to target system before the original trusted system packet reach.
For information, in order to make sure the modified packet reaches before the trusted system, a form of denials-of-services attack is usually perform by the hacker. This was use to flood the target system.
When the packet has been accept by the target system, the hacker will sends the data that allows him to access the system using a recognized IP address. Usually this kind of attack is use to attack a system without any protection such as encryption and filtering.
4.3) Prevention of Sequence Prediction Attack
To defend again the security flaw of Sequence Prediction Attack, a network should have at least one effective protection. However, in order to have the best countermeasure against any potential threat, multiple safety protection should be applied.
The following list shows the protection method which can prevent the security flaws:-
The most effective way to protect against the prediction attack was encrypt the entire data. An attacker may be able to capture the data during the transmission, but they won't be able to interpret the encrypted data. (Graves, 2007) One of the most power encryption was Internet Protocol Security (IPSec). Table 4-1 shows the example for before and after of encryption of text file. Nonetheless, Figure 4-2 shows another example of encryption which is PGP.
With encryption enabled, a lot of time was needed in order to decrypt by the hacker. However, this was the best method to prevent from sequence prediction attack.
Secure protocol in terms of security also means encryption. However, it is more specific for application such as internet browser or file transfer application. For HTTPS, it is used by internet browser to provide a secure encrypted login where all the information was encrypted. (Anonymous, 2010)
Meanwhile, SSH is an encrypted telnet services. The reason to use SSH instead of telnet was because of encrypted information. In telnet, a plain text of username and password is shows in the packet during the transmission.
Implementing filtering is another method to prevent from attack because emost of the attacker will use the internal network IP address to gain unauthorized access. In order to defend from attack by filtering, an access control list should be applied on the router or firewall to block a specific IP addresses. Additionally, internal IP addresses should not be accepted by an interface as source because it was common technique of using internal IP to attack.
Nevertheless, ports also should be filter by router or firewall especially common widely used port such as 21 for FTP and 5900 for remote control. Both of the port was the favorite port for hacker to use for hacking purpose.
In my research, I have find out the importance of implementing STP to prevent looping problem in switching environment. More than that, the proper implementation guide also should be follow in order to have a perfect implementation.
Nevertheless, subnetting also playing an important role to save IP addresses and isolate a network within the same range of IP addresses. By using subnetting for specific IP address, a minimum hosts per network can be 2 hosts to a million. However, a network with only 2 usable hosts usually use for connection between router.
In terms of Transmission Control Protocol, a reliable connection can be made by using three-way handshake protocol. This method is only available on TCP but not UDP. The handshake will go through three processes where it was SYN, ACK/SYN and ACK.
However, security flaws are happening for this method. A sequence prediction attack is often use by attack to gain access to the network. In spite of that, a denial of services attack often happen during the attack where it will cause the system to suffer from slow performance.
In order to prevent the attack, several methods such as protection, secure protocols and filtering can be used. Each of the prevention method has their own advantages and a network itself should use multiple prevention method to strengthen up the network security.
P.S.: The softcopy of this assignment shows an exceeded word count. However, after exclude the citation, caption, bibliography and other unrelated document, the final word counts was 3357 words.