See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/330132778

Security issues in Protocols of TCP/IP Model at Layers Level

Article · January 2017

CITATIONS READS
11 9,887

4 authors, including:

Bedour Alrashidi Samina Naz

University of Hail University of Hail
4 PUBLICATIONS 26 CITATIONS 23 PUBLICATIONS 28 CITATIONS

SEE PROFILE SEE PROFILE

Zahida Parveen
University of Hail
8 PUBLICATIONS 31 CITATIONS

SEE PROFILE

All content following this page was uploaded by Zahida Parveen on 15 July 2020.

The user has requested enhancement of the downloaded file.

International Journal of Computer Networks and Communications Security
VOL. 5, NO. 5, MAY 2017, 96–104
Available online at: www.ijcncs.org
E-ISSN 2308-9830 (Online) / ISSN 2410-0595 (Print)

Security issues in Protocols of TCP/IP Model at Layers Level

Albandari Mishal Alotaibi1, Bedour Fahaad Alrashidi2, Samina Naz3 and Zahida Parveen4
1, 2, 3, 4
University of Hail, Department of Computer Science, Hail, Saudi Arabia
1
[email protected], 2b.alrashidi @uoh.edu.sa, [email protected], [email protected]

ABSTRACT

It is widely recognized that data security has become of critical importance for most organizations. This
paper gives an overview of the security issues in the Transmission Control Protocol (TCP)/Internet Protocol
(IP) model, specifically the protocol of each layer. The paper defines the functionality of each layer in
TCP/IP model within the popular protocol for each. Then it investigates each protocol attack by covering
their purposes and how they work. Overall, the objective of this research is to conclude which layer and
protocol have become the biggest issues in TCP/IP layers.
Keywords: Network Security, TCP/IP Models, Security Threats, Data Protection, Internet Protocol, Flood.

1 INTRODUCTION was formed in 1980 as an internetworking solution

with only slight concern for protection aspects.
Computer network technology is developing That is the reason that serious security faults are in
rapidly. A computer network, or simply a network, the TCP/IP protocol, despite its implementation.
is a collection of connected computing devices to TCP/IP model is divided into four layers and each
share information and/or recourses. Network layer works using a variety of protocols with
security is a main issue in computing because specific functions. The lower protocols have flaws
different kinds of attacks are increasing daily. With with open possibilities for attacks on the security of
the development and popularization of Internet data exchange.
application technology, network security needs to This paper provides a review of all the layers,
be paid more and more attention. particular protocols and the security issues at each
Network security covers all phases associated protocol. The review paper is organized as follows.
with the security of the sensitive information Section 2 describes the structure of TCP/IP model,
resources present on the network. It deals with all explaining different layers, functions of each layer
the measures to protect data throughout their with related protocols. Security issues in each layer
transmission. The specific goals of network security at the protocol level are discussed in Section 3. The
are confidentiality, integrity and availability. To findings of this study are concluded in Section 4.
formalize and maintain the secure and well-
organized network, abundant research has been 2 TCP/IP MODEL
devoted to offer a sophisticated methodology for
data communication. The TCP/IP model is not The TCP/IP Protocol Suite is a group of different
same as the OSI model, which is a seven-layered communication protocols working through the
standard, whereas TCP/IP is a four-layered Internet and other private communication networks,
standard. The model has been influential in the and it carries most of the essential services running
growth and development of TCP/IP standard, and over the network. It provides end-to-end
that is why much of OSI terminology is applied to connectivity by establishing, maintaining, and
TCP/IP. The TCP/IP reference model that is releasing connections between the sender and
Transmission Control Protocol and Internet receiver. It provides for flow control, error control,
Protocol was developed by Department of IP addressing and the routing of network traffic and
Defence’s Project Research Agency (ARPA, later an interface between the node and the physical
DARPA) as a part of a research project of network network [1].
interconnection to connect remote machines.
One formal system that has been present as a
conceptual model is the TCP/IP Protocol Suite that
 97

A. M. Alotaibi et. al / International Journal of Computer Networks and Communications Security, 5 (5), May 2017

● Dynamic Host Configuration Protocol

(DHCP): It is used to dynamically
(automatically)
allocate TCP/IP configuration
constraints (DNS server, Subnet Mask, IP
address, Default Gateway etc.) to network
devices.
● Domain Name System (DNS): The IP
addresses which are the actual addresses of
network recourses are very difficult for the
users to remember, DNS is an excellent
solution to this problem it contains the
Fig. 1. The OSI Model and the TCP/IP Protocol Suite by distributed database of the mapping records
Roland Shepherd [1] of user-friendly alphanumeric names with
that of embedded IP addresses to make
The layers with their protocols and functions are network resources easy to remember.
described below. ● Simple Network Management Protocol
(SNMP): This is a popular protocol that
2.1 Application Layer allows for remote and local management of
The application layer is the uppermost layer of network devices such as servers,
the four-layer TCP/IP model and it merges the three workstations, hubs, routers, switches and
most significant layers of the OSI model: other managed devices.
application, presentation and session. This layer is ● File Transfer Protocol (FTP): The passive
primarily concerned with human interaction and mode protocol used to send and receive large
how software applications are implemented. The files from remote servers without requiring a
application layer consists of interface methods and ―hot‖ connection established previously.
underlying communication protocols that can be ● Trivial File Transfer Protocol (TFTP):
applied in process-to-process communications. It This protocol is a simplified version of FTP,
standardizes communication and does not define especially designs for UDP and resource
specific rules or data formats that applications need hungry computers. It contains only a small
to consider when connecting; the original subset of the capabilities of FTP lacking
description does depend on and recommend packet-monitoring and error-handling
the general design guideline for software [2]. capabilities, hence the process overhead is
The application layer is concerned with providing lower than FTP.Then again, and these
network services to applications. It provides a limitations also reduce the process overhead.
mechanism to the next level, transport services, for Security is of evident concern when using
interfacing with host programs for efficient use of TFTP. Examples:
network. At this layer each application’s path and ● Telnet
session can be distinguished by the use of specific ● SSH
sockets and port numbers [3]. Application layer ● X Windows
includes all the higher-level protocols like: ● RDP (Remote Desktop Protocol)
● Hypertext Transfer Protocol (HTTP): The By using applications and application
HTTP protocol enables the connection protocols, data can be moved between hosts,
between a web server and a client and also and remote users can communicate easily [4].
distributes the information on the World
Wide Web (WWW). It uses port number 2.2 Transport Layer
80.On server side, the main examples are
Apache Web Server and Internet Information The transport layer is the second layer in TCP/IP
Server (IIS), while on client sideFirefox, model, it is responsible for a flow of data between
Internet Explorer, Mozilla and Google two hosts (client and server) [5]. It provides end-to-
Chrome are most common. end connections efficiently, offering delivery of
● Simple Mail Transfer Protocol (SMTP): data in sequence, avoiding duplication or dropping
SMTP is the only standard for electronic [6].Two protocols are in this layer, whereas TCP
mail (E-mail) over the TCP/IP network; it refers to Transmission Control Protocol, UDP
handles the message services by the use of refers to User Datagram Protocol. These two
well-known port 25. protocols are different depending on reliability.
 98

A. M. Alotaibi et. al / International Journal of Computer Networks and Communications Security, 5 (5), May 2017

Using TCP ensures high reliability and a special ● Internet Protocol (IP): The main functions
mechanism to make sure that the data reaches the for IP are addressing, routing and transmitting
destination completely [7].It provides reliability in the packets over the network.
the flow of data which has led to ignoring all ● Address Resolution Protocol (ARP): The
reliability issues in an application layer. The data is main function for APR is the linking and
divided into a suitable size to pass to the next layer translation from the Internet layer address to
and then acknowledging messages are sent by a the Network Interface layer address such as a
receiver to make sure that the packets are sent. MAC address.
By contrast, UDP uses a simple mechanism that ● Internet Control Message Protocol (ICMP):
depends on the lower layer to transmit the data, and The main function for ICMP is to generate the
upper-layer protocols to make sure the data is error message for an unsuccessful delivering
transmitted successfully to the required level. It is message then report it to the source IP address.
simple protocol, and the responsibility of this This is the protocol responsible for detecting
protocol is to send the packet network error conditions and reporting on
(datagram) without concern for reliability, which them. Reports include:
is handled on the application layer. Furthermore,
o Dropped packets (when packets are arriving
TCP is used by the applications whereas reliability
too fast to be processed).
is more important than performance. This can be
o Connectivity failure (when a destination host
seen in case of transferring files or important data
cannot be reached).
between two hosts, the application such HTTP,
o Redirection (which tells a sending host to use
SMTP and FTP use TCP. All messages sent in this
another router).
protocol are acknowledged, so the reliability is
achieved, and lost data will be resent automatically ● Internet Group Management
[8]. Protocol (IGMP) The main function for IGMP
On the other hand, UDP is used when losing a is the communication between hosts and
byte of data will not be a significant effect, and the multicast routers [9].
application layer will be responsible for detecting
lost data and retransmitted when the application 2.4 Network Layer
layer chooses to use UDP. It has been seen in case
The network layer is the fourth layer in the
of small amount of data, and streaming data and
TCP/IP Protocol Suite and is responsible for the
video [8].
host-to-host delivery of datagram [10]. The main
liability network layers generate a connection
2.3 Internet Layer
between the source computers to the destination
The Internet layer is the third layer in TCP/IP computer. The communication at the network layer
model, and it is equivalent to the network layer in is host to host. The network layer is responsible for
the OSI model. The main function for the Internet choosing the best route for each packet, routing
layer is to handle communication from one PC to packets from source to destination incoming or
another. This layer is responsible to request and outgoing a subnet [11]. The network layer focal
send a packet from the transport layer by knowing function is path tenacity and logical addressing.
to which PC it will be delivered. Moreover, it is This layer provides logical addresses to the packets
more responsible for packing, addressing and received which in turn helps them to find their path.
routing. The most important protocol in the internet The key functionality of a network layer is end-
layer is TCP/IP which known as internet protocol to-end routing of packets, from the source computer
.The Internet Protocol is the structure block of the to the targeted computer, from the use of first to last
Internet beside the block it’s functions are defining next-hop-routing approach. For getting point-to-
the datagram, which is the basic unit of point communication, it supports three features:
transmission in the Internet, defining the Internet
addressing scheme, moving data between the • Forwarding:
network access layer and the host-to-host transport
Forwarding is a packet switching. When a node
layer, routing datagram to remote hosts and
after communication receives input interfaces
performing fragmentation and re-assembly of
through an IP packet, the appropriate output
datagram. The Internet software will deeply
process selecting of an interface to transmit the
encapsulate the transport packet in an IP packet.
packet based on the node’s packet’s destination,
The Internet layer includes four core protocols and
routing table and the IP address, it is called
it can be listed as:
forwarding.
 99

A. M. Alotaibi et. al / International Journal of Computer Networks and Communications Security, 5 (5), May 2017

• Routing: 3 SECURITY PROBLEMS IN TCP/IP

MODELS PROTOCOL
The process of the calculating a job from various
sources is known as routing, route or the best next
3.1 Application Protocol
hop node. This is for
reaching different networks and sub networks’ One of the main purposes of an application is the
target from a given node and storing it in tables encryption and decryption as a technique for
recognized by routing tables [12]. The processes’ securing the data. The security threat of this layer is
lists of routing protocols are termed as the control at the application level. Applications need to secure
plane or path control, as they control the actual path sensitive data that is sent to the network, hence
taken by data packets. applications needs to be well formulated to protect
the data. The security vulnerabilities at the two
• Logical Addressing (IP Addresses) most common protocols of the application layer are
being discussed below.
The communication over a network with every
device must associate with it a logical address. For
defining the rules and structure related to IP
addresses, the network layer is answerable.
Network interfaces of communicating nodes are
unique end-point identifiers of IP addresses. On the
public Internet, every communicating node needs to
have at least one public IP address to communicate
successfully with other computers on the Internet.

• Other Features of Networking Layer

For receiving point-to-point communication, it
supports three specific features—forwarding,
routing and logical addressing —after that network
layer also support services like Fig. 2. Application layer protocols with their security
packet fragmentation/ multicasting, reassembly, issues
network layer error reporting (ICMP), broadcasting,
IP Security (IPSec), QOS, etc. 3.1.1 Security Threats on HTTP
Network layer protocols include: Ethernet, FDDI,
Token Ring, ATM, OC, HSSI, or even Wi-Fi. The HTTP is the default communication protocol
purpose of a network interface is to allow used by all web browsers. The transfer of files in
your computer to access the wire, wireless, or fibre the form of web pages is done in plain text and
optic network infrastructure and send data to therefore is prone to security attacks as listed:
other computers.
The network layer offers two types of protocols 3.1.2 Session hijacking
for delivering the packets over the network. Hijacking means stealing an HTTP session. A
cyber-terrorist usually uses a packet sniffer to
● Connection-oriented: Connection-oriented capture the packets for stealing the session;
services provided by the transport layer for hijacking can be possible if in the initialization
example (TCP) is connection-oriented. session strong authentications procedures are not
● Connectionless services: In different protocol used, opening the way for picking up the session ID
groups, the network layer protocol is known as or Token ID. Session hijacking provides access to
a connectionless protocol. For example, in the account as an authentic user and hence attacks
TCP/IP, the IP is connectionless: the integrity of the target user [14].
Dropped packets (when packets are arriving too fast
to be processed) 3.1.3 Caching
Connectivity failure (when a destination host Web browsers temporarily save web pages on a
cannot be reached) user’s machine as he/she visits them to speed up
Redirection (which tells a sending host to use and ease access in case the user wants to visit those
another)[13]. pages again. This is known as cashing. The hacker
has gained the access of the user’s machine and
views all the cashed contents of the user that may
 100

A. M. Alotaibi et. al / International Journal of Computer Networks and Communications Security, 5 (5), May 2017

contain user IDs, passwords and pictorial data password. The hacker then can take the user’s
without any authentication. credentials for misuse.

3.1.4 Cookie Poisoning 3.1.9 DNS spoofing

Cookies are created by the web servers when a A DNS spoofing attack uses a fake IP address of
user visits a website. Cookies are used to save a computer to match the DNS server’s IP address.
credentials and the interaction information of the The user request then will be directed to the
user with the website, which the web server can use hacker’s machine. In this attack, the clients and
later when processing the sessions of that particular other servers will consider the hacker’s machine to
user [15]. Cookie poisoning is the alteration or be a genuine DNS server and send their requests
stealing of cookie in a user’s machine by a hacker and receive the reply from the wrong server.
to reprieve personal information. If the hacker gets
a hold of a cookie containing a password and 3.1.10 DNS ID Hijacking
username, he or she can use the cookie on his or her
The most common method for DNS ID
machine and the web server will not demand any
hijacking is through installing malware on a user’s
verification.
computer that changes the DNS. This malware
changes the default DNS service provider to
3.1.5 Replay attack
something that the cybercriminals want. From
A replay attack is made possible by man in there, they control user’s URL resolutions (DNS
middle. By repeating the sent data to the server, it is lookups), and then they keep on poisoning the DNS
a more serious threat than session hijacking. The cache [18].
resent data can be altered and hence producing
wrong or totally different results. More critically, 3.2 Transport PROTOCOL (TCP)
the attacker can take off the client’s IP address and
The main purpose of this layer is that controlling
thus redirect his/her machine [16].
the flow of data between client and server, avoiding
repetitions, or omitting part of data. TCP is one of
3.1.6 Cross-Site Scripting (XSS)
its protocols that concerned with reliability and
This attack involves the hacker inserting delivering data completely to the destination. In this
malicious code in a web application or browser and part, the most security threats and attacks at this
is executed on the client side. The essence of this protocol will be discussed.
attack is to perform a session hijack by stealing Fig. 3. Transport layer protocol security issues
session tokens and cookies of a genuine user’s
session. 3.2.1 TCP "SYN" attack
This happens during a three-way handshake
3.1.7 Domain Name System
between a client and server when the client sends a
The domain name system (DNS) is used to synchronization request and then the server send
translate domain names to IP addresses for the sake back synchronization and acknowledgment and
of user convenience, as they use alphabetical reserve all resources for this request. However, an
names. The security issue started in DNS when a acknowledgment message will not be sent, which
hacker changed record to resolve to an incorrect IP makes half of the connection open, and the attacker
address; hackers can direct all traffic for a site to sends many synchronous requests to make the
the wrong server or client computer. The most server busy without responding to the server [19].
common security attacks for this protocol are:
3.2.2 TCP land attack
3.1.8 DNS cache poisoning
This attack happens when the attacker pretends to
Caching poisoning through DNS is a reliability be an authorized person by spoofing the source IP
attack that involves modifying the information address, then he or she tries to send a SYN packet
saved in the DNS cache. This fabricated to open the TCP post in the server [20].
information will map the name to a wrong IP
address and mislead the request to a false site[17]. 3.2.3 TCP & UDP port scanning technique
This attack can lead to pharming or phishing. The
This is an attacker port scanning to find an
most critical situation can occur if the user does not
available port in the machine [20].
notice anything and enters a user name and
 101

A. M. Alotaibi et. al / International Journal of Computer Networks and Communications Security, 5 (5), May 2017

categories of: denial of service (DoS), disclosure,

modification, destructive and escalation of privilege
[23].

3.2.4 TCP sequence number prediction

Each packet sent between a client and server has
a sequence number. The client and server exchange
the sequence number, which has limited
boundaries. In this case, an attacker predicts a
sequence number counterfeit packet to pretend to
be an authorized person, and tries to send these Fig. 4. Internet layer protocols with their security issues
packets after spoofing the IP victim [21].
3.3.1 IP
3.2.5 IP half scan attack 3.3.1.1 IP Spoofing Attacks
SYN-scanner, or IP half scanning, occurs in a
three-way handshake when the TCP connection is The purpose for this attack is to hide the identity
never established, when the client sendsthe SYN for the IP sender. As a result, it will generate the
packet, and waits for a SYN/ACK or rest from the wrong source IP address. There are two ways that
server to determine the open post. When the IP spoofing attacks can be used to overload targets
SYK/ACK received from the server, the client will with traffic. One method is to simply flood a
send a rest which destroys the connection [22]. selected target with packets from multiple spoofed
addresses. This method works by directly sending a
3.2.6 TCP sequence number generation attack victim more data than it can handle. The other
method is to spoof the target’s IP address and send
The most crucial part in TCP segment is packets from that address to many different
sequence number which is helpful in tracking the recipients on the network. When another machine
data, every data sent has sequence number which is receives a packet, it will automatically transmit a
exchange between server and client at the packet to the sender in response. Since the spoofed
beginning of the connection, the sequence number packets appear to be sent from the target’s IP
must be within bound which is called receiver address, all responses to the spoofed packets will be
window size, any segment out of this bound will be sent to (and flood) the target’s IP address.
discarded.
One of the security issues is predicating sequence 3.3.1.2 .HTTP flooding
number without receiving any response from the
server, which gives the attacker an opportunity to This technique involves full-page reloads of
spoof the trusted host in the lock network [22]. dynamic content, fetching large elements and by
passing the cache. It is also known as a DoS, which
3.3 Internet Protocol happens when a large number of routing messages
are flooding into the server via network, then as a
The Internet layer mostly depends on the result the server will be weighted and led toa DoS.
communications between the nodes and deals with
secure nodes from sources to destinations. Common
attacks for the Internet layer can be in the
 102

A. M. Alotaibi et. al / International Journal of Computer Networks and Communications Security, 5 (5), May 2017

3.3.1.3 Password brute-force attempts surge the associations between the Internet and the
business. This attack happens when numerous
This attack mostly happens in HTTP and
frameworks flood the bandwidth or resources of a
FTP.For each simultaneous client it is issues one
targeted system [25].
request for each IP then it will return back with
generating 100 password attempts.
3.3.3 IGMP
3.3.1.4 Web scraping/data harvesting by grey 3.3.3.1 Distributed denial of service (DDoS)
marketers
This attack is similar to a DoS attack with the
The aim of this attack is to extract the data from difference being that a DoS attack can be done by
websites by scraping interfaces or software. It using one computer and one internet connection,
targets an online site that supports buying or while in this attack; they use more than one
selling. computer and more internet connections.

3.3.1.5 Web scraping/data harvesting by 3.3.3.2 Multicast routing

competitors
The effect of an attack in a multicast environment
This is similar to the above-mentioned attack is significantly higher compared to its unicast
with the difference being that this attack is executed partner, as a single attacker can influence
to collect competitive pricing and plagiarize transmissions to numerous goals at the same time
content. [26].

3.3.1.6 Click jacking(split the sentence) 3.3.4 ICMP

Also known as user interface (UI) redressing, this 3.3.4.1 ICMP tunnelling
is an attack that traps a web client into clicking a
ICMP tunnels are one type of clandestine channel
catch, a connection or a photo, that the web client
that is made where in the data stream is not
did not plan to click, normally by overlaying the
controlled by any security component. An ICMP
site page with an iframe.[24]
tunnel burrow sets up a channel between the client
and server, constraining a firewall not to trigger
3.3.2 APR
caution if information are sent via ICMP. ICMP
3.3.2.1 Connection hijacking and interception tunnelling is a covert connection between two
endpoints using ICMP echo requests and reply
The premise for session hijacking includes a
packets. So by utilizing ICMP tunnelling, one can
hacker to assume control over a current session
infuse discretionary information into an echo
between a client and host machine. By assuming
packet and send to a remote computer.
control over the legitimate session, the aggressor
then abuses or endeavours the session.
3.3.4.2 Smurf Attack
3.3.2.2 Connection reseating In a Smurf attack, an attacker will spoof the
source address of the ICMP packet and send a
This type of attack is made to cut the connection
broadcast to all computers on that network. If
between the user and the server. This can be done
networking devices do not filter this traffic, then
by using crafted code and special software.
they will be broadcasted to all computers in the
network. This congests the victim’s network heavy
3.3.2.3 Packet sniff
traffic, which cuts down the profitability of the
A packet sniffs the demonstration of catching whole network.
packets of data flowing over a computer network.
The software or device used to do this is known as 3.3.4.3 Fraggle attack
packet sniffer.
A fraggle attack is same as a smurf attack, but
instead than ICMP, UDP is utilized. The aversion
3.3.2.4 Denial of service (DoS)
of these attacks is practically indistinguishable to a
A DoS attack is among the most widely fraggle attack [27].
recognized dangers to Internet operations. These
attacks immerse the system transfer speed to make
the system occupied to its proposed clients. They
include impacting a site with enough movement to
 103

A. M. Alotaibi et. al / International Journal of Computer Networks and Communications Security, 5 (5), May 2017

4 CONCLUSION GIAC GSEC Practical Assignment Version 1.4

b Option One (2003): 8.
The main goal of the current study has been to [8] Kozierok, Charles M. "The TCP/IP Guide
provide a review of the TCP/IP model layers’ Version 3.0." (2005).
functionalities. The second aim of this study has [9] http://www.omnisecu.com/tcpip/internet-
been to investigate the main attacks and threats in layer.php
each layer and each protocol within each layer [10] http://www.omnisecu.com/tcpip/network-
separately. access-layer.php
In the application layers, the main protocols [11] http://www.fidis.net/resources/fidis-
discussed were: HTTP, SMTP, DHCP, DNS deliverables/hightechid/int-d37003/doc/12/
,SNMP, and FTP; in the following layer they were [12] http://www.tcpipguide.com/free/t_IPDatagram
TCP and UDP; and in the Internet layer they were: SizeMaximumTransmissionUnitMTUFragmen
IP, ARP, ICMP and IGMP. tat.htm
This study has reviewed 27 papers; the results of [13] https://web.cs.wpi.edu/~cs4514/b98/week4-
this study have indicated the main threats and nl/week4-nl.html
attacks that have been discussed since 2010. In the [14] Journal of Computer and Communications,
application layers, session hijacking, caching, 2016, 4, 39-50 Published Online January 2016
cookie poisoning, replay attack, and XSS in HTTP, in SciRes. http://www.scirp.org/journal/jcc
and DNS spoofing, DNS ID Hijacking, and DNS http://dx.doi.org/10.4236/jcc.2016.41005
cache poisoning in DNS protocol, that are the main [15] Greater Noida ,―Session Hijacking: Threat
attacks and threats discussed. Furthermore, the Analysis and
SYN attack, TCP land attack, TCP/UDP port Countermeasure‖VineetaJain,DivyaRishi,Dipa
scanning techniques, IP half scan attack and TCP k Sing Conference: International Conference
generation sequence number generation attack were on Futuristic Trends in Computational analysis
discussed for the transport layer. In the network and Knowledge management, At amity
layer, the attacks (which are according to University, Volume: 1
IP,ARP,ICMP and IGMP) are the spoofing attack, [16] Vinod Mohan," Product Marketing Specialist
HTTP flooding, password brute-force attempts, Team Lead at SolarWinds with technical
click jacking, DoS, web/scraping/data harvesting, expertise in IT management and operations
connection hijacking and interception, connection spanning IT security", SIEM, network
reseating, packet sniff, DDoS, multicast routing, management, application, systems, storage &
smurf attack, and fraggle attack. Virtualization management.
These findings enhance our understanding of the [17] Emanuel Petr CZ.NIC, "An analysis of the
TCP/IP security threats and attacks. Moreover, DNS cache poisoning attack", by z.s.p.o., 20
being limited to security threats and attacks, this November 2009.
study lacks solutions and best practices to face the [18] SimarPreet Singh1, A Raman Maini2
above-mentioned attacks .Further research could be ,―Spoofing Attacks of Domain Name System
used to explore how the best solutions and practices Internet‖ National Workshop-Cum-Conference
are used to secure TCP/IP. on Recent Trends in Mathematics and
Computing (RTMC) 2011 Proceedings
5 REFERENCES published in International Journal of Computer
Applications® (IJCA).
[1] The OSI Model and the TCP/IP Protocol Suite [19] Alqahtani, Abdullah H., and MohsinIftikhar.
by Roland Shepherd "TCP/IP attacks, defenses and security tools."
[2] https://tools.ietf.org/html/rfc1123 International Journal of Science and Modern
[3] http://www.omnisecu.com/tcpip/application- Engineering (IJISME) 1.10 (2013).
layer.php [20] Rajwal, Deepti, Deepali Band, and AtulYadav.
[4] by Paul Gil Updated November 16, 201 What "Study Of Different Attacks On Network &
Is 'Telnet'? What Does Telnet Do? Transport Layer."
[5] Fall, Kevin R., and W. Richard Stevens," [21] Bellovin, Steven M. "Security problems in the
TCP/IP illustrated", volume 1: The protocols. TCP/IP protocol suite." ACM SIGCOMM
addison-Wesley, 2011. Computer Communication Review 19.2
[6] Davidson, John. "An introduction to TCP/IP", (1989): 32-48.
Springer Science & Business Media, 2012. [22] Tiwari, Aruna, et al. "TCP/IP Protocol Suite,
[7] Reed, Damon. "Applying the OSI seven layer Attacks, and Security Tools." URl=
network model to information security." SANS https://www. academia.
 104

A. M. Alotaibi et. al / International Journal of Computer Networks and Communications Security, 5 (5), May 2017

edu/7134687/TCP_IP_Protocol_Suite_Attacks
_and_Security_Tools (2014).
[23] https://nsrc.org/workshops/2008/ait-
wireless/kemp/network-attacks.pdf
[24] https://security.radware.com/ddos-threats-
attacks/ddos-attack-types/dynamic-ip-address-
cyber-attacks/
[25] http://www.insecure.in/arp_attack.asp
[26] https://security.radware.com/ddos-threats-
attacks/ddos-attack-types/ddos-attacks-on-
network-resources/
[27] http://resources.infosecinstitute.com/icmp-
attacks/#gref
 Reproduced with permission of copyright owner.
Further reproduction prohibited without permission.

View publication stats