Copyright©2013 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice. 1.TCP/IP 协议基础 2.TCP/IP 协议安全 3. 常见网络攻击方式 目录

Copyright©2013 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice. TCP/IP 协议栈 - IPV4 安全隐患 1 缺乏数据源验证 机制 缺乏机密性 保障机制 缺乏完整性验 证机制 23

Copyright©2013 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice. TCP/IP 协议栈常见安全风险 漏洞、缓冲区溢出攻击 WEB 应用的攻击、病毒及木马、 …… TCP 欺骗、 TCP 拒绝服务、 UDP 拒绝服务 端口扫描、 …… IP 欺骗、 Smurf 攻击、 ICMP 攻击 地址扫描、 …… MAC 欺骗、 MAC 泛洪、 ARP 欺骗 …… 设备破坏、线路侦听 应用层 传输层 网络层 链路层 物理层

Copyright©2013 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.  物理设备破坏  指攻击者直接破坏网络的各种物理设施，比如服务器 设施，或者网络的传输通信设施等  设备破坏攻击的目的主要是为了中断网络服务  设备破坏攻击防范  主要靠非技术方面的因素，比如建造坚固的机房，指 定严格的安全管理制度，对于需要铺设在外部环境中 的通信电缆等，采用各种加强保护措施及安全管理措 施 设备破坏

Copyright©2013 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.  物理层网络设备  集线器  中继器  无线网络  对线路侦听的防范  对于网络中使用集线器，中继器之类的，有条件的话置换设备为交 换机等  对于无线网络，使用强的认证及加密机制，这样窃听者即使能获取 到传输信号，也很难把原始信息还原出来 线路侦听 侦听者

Copyright©2013 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.  MAC 欺骗是一种非常直观的攻击，攻击者将自己的 MAC 地址更 改为受信任系统的地址。  对于 MAC 攻击的防范措施  在交换机上配置静态条目，将特定的 MAC 地址始终与特定的端口绑 定 MAC 欺骗 F0-DE-F1-33-7F-DA 我也是 :F0-DE-F1-33-7F-DA E0 E1 仿冒者

Copyright©2013 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.  MAC 泛洪攻击利用了：  交换机的 MAC 学习机制  MAC 表项的数目限制  交换机的转发机制  MAC 泛洪攻击的预防  配置静态 MAC 转发表  配置端口的 MAC 学习数目限制 MAC 泛洪 攻击者

Copyright©2013 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.  当 A 与 B 需要通讯时：  A 发送 ARP Request 询问 B 的 MAC 地址  B 发送 ARP Reply 告诉 A 自己的 MAC 地址 ARP 欺骗 A B Hacker

Copyright©2013 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.  节点间的信任关系有时会根据 IP 地址来建立  攻击者使用相同的 IP 地址可以模仿网络上合法主机，访问关键 信息 IP 欺骗攻击（ IP Spoofing ） B: A: Sniffer request sniffered 攻瘫

Copyright©2013 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice. Smurf 攻击 Victim: Attacker controls this host ICMP Echo request, src= dest = ICMP Echo replies

Copyright©2013 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice. ICMP 重定向和不可达攻击 Many ICMP Redirect 受害主机 Attacker controls this host Many ICMP dest unreachable flood to x, src= 网关收到不 到数据包 Attacker controls this host 为什么收不 到数据包？

Copyright©2013 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.  攻击者运用 ICMP 报文探测目标地址，或者使用 TCP/UDP 报文对 一定地址发起连接，通过判断是否有应答报文，以确定哪些目 标系统确实存活着并且连接在目标网络上。 IP 地址扫描攻击 攻击者

Copyright©2013 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice. TCP 欺骗 主机 A 主机 B SYNseqack spoofed packet from C to A SYNseqack ACK 1 seqack spoofed packet from B to A 拒绝服务攻击 from C to B A 信任 B 攻击主机 C 非授权连接

Copyright©2013 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.  SYN 报文是 TCP 连接的第一个报文，攻击者通过大量发送 SYN 报文， 造成大量未完全建立的 TCP 连接，占用被攻击者的资源。 TCP 拒绝服务 —— SYN Flood 攻 击 攻击者 Server Syn

Copyright©2013 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.  攻击者通过向服务器发送大量的 UDP 报文，占用服务器的链路带宽， 导致服务器负担过重而不能正常向外提供服务。 UDP 拒绝服务 ——UDP Flood 攻击 UDP 攻击者 Server

Copyright©2013 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.  Port Scan 攻击通常使用一些软件，向大范围的主机的一系列 TCP/UDP 端口发起连接，根据应答报文判断主机是否使用这些 端口提供服务。 端口扫描攻击防范 攻击者 Port Scan

Copyright©2013 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.  攻击软件系统的行为中，最常见的一种方法  可以从本地实施，也可以从远端实施  利用软件系统（操作系统，网络服务，程序 库）实现中对内存操作的缺陷，以高操作权 限运行攻击代码  漏洞与操作系统和体系结构相关，需要攻击 者有较高的知识 / 技巧 缓冲区溢出攻击 Stack Data Code

Copyright©2013 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.  常见的攻击  对客户端的  含有恶意代码的网页，利用浏览器的漏洞，威胁本地系统  对 Web 服务器的  利用 Apache/IIS… 的漏洞  利用 CGI 实现语言 (PHP/ASP/Perl...) 和实现流程的漏洞  通过 Web 服务器，入侵数据库 针对 WEB 应用的攻击