14 Most Common Network Protocols

And Their Vulnerabilities

 Difficulty Level : Medium
 Last Updated : 24 Nov, 2020
Network Protocols are a set of established rules which control and govern the interchange
of information by following a secure, reliable, and easy method. These sets of rules are
present for various applications. Some well-known examples of protocols include wired
networking (like Ethernet), wireless networking (like WLANs), and Internet
communication. The Internet protocol suite, which is used for broadcasting and
transmitting data over the Internet, comprises dozens of protocols.

There are numerous vulnerabilities in these protocols which lead to their active
exploitation and pose serious challenges to network security. Let us understand 14 of the
most common networking protocols and the corresponding vulnerabilities present in
them.

1. Address Resolution Protocol (ARP)

A communication layer protocol (mapping process between the data link layer and
network layer) which is used to identify a media access control (MAC) address given the
IP address. There is no way that the host can validate where the network packet came
from in the peer to peer network. This is a vulnerability and gives rise to ARP spoofing.
The attacker can exploit this if the attacker is on the same LAN as the target or uses a
compromised machine that is on the same network. The idea is that the attacker
associates his MAC address with the IP address of the target so that any traffic meant for
the target is received by the attacker.

2. Domain Name System (DNS)

IP addresses are of numerical format and hence they are not easily readable or remember-
able to humans. DNS is a hierarchical system that converts these IP addresses into a
human-readable hostname. The most common vulnerability in DNS is cache poisoning.
Here the attacker replaces the legitimate IP address to send the target audience to
malicious websites. DNS amplification can also be exploited on a DNS server which
permits recursive lookups and uses recursion to amplify the magnitude of the attack.

3. File Transfer Protocol/Secure (FTP/S)

It is a network protocol based on the client and server model architecture which is used to
transfer files between the client and the server on a computer network. Most common
FTP attacks use Cross-Site scripting when the attacker uses a web application to send
malicious code, in the form of a browser-side script (or cookies) to the user. The remote
File Transfer Protocol(FTP) does not control connections and encrypt its data. The
usernames along with passwords are transmitted in clear text which can be intercepted by
any network sniffer or can even result in a man-in-the-middle attack(MITM). 

4. HyperText Transfer Protocol/Secure (HTTP/S)

It is used for secure communication on a computer network. Its main features include
authentication of the website accessed and then protecting the privacy and integrity of the
data that is exchanged. A major vulnerability in HTTPS is the Drown attack which helps
attackers to break the encryption, steal credit card info and passwords. Another serious
bug is the Heartbleed bug which allows stealing of the information which is protected by
the TLS/SSL encryption which is used to secure the Internet. Some other vulnerabilities
include Factoring RSA export keys and Compressing Ratio Info-leak Made Easy.

5. Internet Message Access Protocol (IMAP)

It is an Internet email protocol that stores emails on the mail server but allows the end-
user to retrieve, see, and manipulate the messages as they were stored locally on the
user’s devices. Firstly, when an email is sent via the internet, it goes through unprotected
communication channels. Usernames, passwords, and messages can be intercepted
themselves. A Denial of Service(DoS) attack can also be carried out on the mail server
which results in unreceived and unsent emails. Also, the email server can be injected with
malware, which in turn can be sent to clients using infected attachments.
6. Post Office Protocol (POP3)

An application-layer Internet protocol is used to retrieve emails from the remote server to
the client’s personal local machine. It can be used to view messages even when you’re
offline. Vulnerabilities that target mailbox storage comprise of a Firewire direct memory
access or DMS attack that relies on using direct hardware access to read or write directly
to the main memory without any operating system interaction or supervision. Login
processes allow the user to connect via unencrypted pathways resulting in login
credentials being sent across the network as clear text.

7. Remote Desktop Protocol (RDP)

Developed by Microsoft, it is a protocol that provides users with a Graphical Interface to

connect to another computer over a network connection, where one user runs RDP client
software while another runs RDP server software. A vulnerability called BlueKeep could
allow malware like ransomware to propagate through vulnerable systems. BlueKeep
allows attackers to connect to RDP services. After this, they can issue commands to steal
or modify data, install dangerous malware, and may conduct other malicious activities.
The exploitation of vulnerability doesn’t require authentication by the user. It doesn’t
even require the user to click anything to activate.

8. Session Initiation Protocol (SIP)

It is a signaling protocol that is used for initiating, maintaining, altering, and terminating
real-time sessions. These sessions can include voice, video, messaging, and other
communications applications and services that are between two or more endpoints on the
IP networks. It can suffer security threats such as buffer overflow, injection attack,
hijacking, etc. These adversaries are quite easy to mount with the least charges or close to
no cost to the attacker. Flooding attacks occur when an attacker sends a high volume of
traffic that causes the target system to consume all of its resources and renders it unable
to serve legitimate customers. Flooding in the SIP network infrastructure can easily occur
since there is no separation of the channels for signaling and data transfer.

9. Server Message Block (SMB)

It is a network communication protocol for providing shared access to files, printers, and
serial ports between nodes on a network. It also gives an authenticated and authorized
inter-process communication mechanism. Vulnerability in SMB is the SMB Relay attack
and is used to carry Man-in-the-middle attacks. Another attack is the EternalBlue attack.
The SMBv1server in various versions of Microsoft Windows mishandles specially
crafted packets from remote attackers, allowing them to execute arbitrary code on the
target computer.

10. Simple Mail Transfer Protocol (SMTP)

It is a communication application layer protocol and is used to send emails. Spammers

and hackers can use an e-mail server to send spam or malware through email under the
guise of the unsuspecting open-relay owner. Hackers also perform a directory harvest
attack, which is a way of gleaning valid email addresses from a server or domain for
hackers to use. Vulnerabilities also include buffer overflow attacks, trojan horse attacks,
shell script attacks, etc.

11. Simple Network Management Protocol (SNMP)

It is an Internet Standard protocol for gathering and organizing information regarding

managed devices on the IP networks and is also used for altering and modifying that
information to change device behavior. The SNMP reflection is a kind of Distributed
Denial of Service or DDoS attack. These attacks can generate attack volumes of hundreds
of gigabits per second that can be directed at attack targets from various broadband
networks. The adversary sends out a huge number of SNMP queries with a forged IP
address (that is the victim’s IP) to multiple connected devices which, in turn, reply to that
forged IP address. The attack volume grows severe as more and more devices continue
replying until the target network is brought down under the collective volume of these
responses.

12. Secure SHell (SSH)

It is a cryptography-based network protocol for operating network services securely and

reliably over an unsecured network. Some particular applications include remote
command-line, remote command execution, login, but any network service can be made
secure with the help of SSH. A man-in-the-middle(MITM) attack may allow the
adversary to completely destabilize and bring down encryption and may gain access to
the encrypted contents that can include passwords. A successful adversary is a cable to
inject commands into the terminal to modify or alter data in transit or to steal data. The
attack can also allow the injection of harmful malware into any binary files and other
software updates downloaded through the system. This technique has been used by
various attack groups and malware packages in the past.

13. Telnet
It is an application protocol that is used on the Internet or local area network (LAN) that
provides bidirectional interactive text-oriented communication that uses a virtual terminal
connection. The biggest security issue in the telnet protocol is the lack of encryption.
Every communication sent to a networking device from a remote device that is being
configured is sent in the form of plain text. The attacker can easily see what we are
configuring on that device and he can see the password that we have used to connect to
the device and enter configuration mode. Another type of Telnet attack is the DoS, the
attacker sends many not useful and irrelevant data frames and in this manner suffocates
the connection.

14. Virtual Network Computing (VNC)

Virtual network computing is used to establish remote desktop sharing which is a form of
remote access on computer networks. VNC displays the visual desktop display of another
computer and controls that computer over a network connection. All attacks are caused
by incorrect memory usage, with attacks exploiting them leading to denial of service
states, malfunctions, as well as unauthorized access to the users’ info, and the option to
run malicious code on a target’s device. Vulnerabilities and attacks include DoS attacks,
buffer overflow, buffer underflow, and remote code execution.

TCP/IP Model
 Difficulty Level : Easy
 Last Updated : 30 Sep, 2020
Prerequisite – Layers of OSI Model
The OSI Model we just looked at is just a reference/logical model. It was designed to
describe the functions of the communication system by dividing the communication
procedure into smaller and simpler components. But when we talk about the TCP/IP
model, it was designed and developed by Department of Defense (DoD) in 1960s and is
based on standard protocols. It stands for Transmission Control Protocol/Internet
Protocol. The TCP/IP model is a concise version of the OSI model. It contains four
layers, unlike seven layers in the OSI model. The layers are:
1. Process/Application Layer
2. Host-to-Host/Transport Layer
3. Internet Layer
4. Network Access/Link Layer
The diagrammatic comparison of the TCP/IP and OSI model is as follows :
Difference between TCP/IP and OSI Model:
TCP/IP OSI
TCP refers to Transmission Control
Protocol. OSI refers to Open Systems Interconnection.

TCP/IP has 4 layers. OSI has 7 layers.

TCP/IP is more reliable OSI is less reliable

TCP/IP does not have very strict

boundaries. OSI has strict boundaries

TCP/IP follow a horizontal approach. OSI follows a vertical approach.

TCP/IP uses both session and

presentation layer in the application
layer itself. OSI uses different session and presentation layers.

TCP/IP developed protocols then

model. OSI developed model then protocol.

Transport layer in TCP/IP does not In OSI model, transport layer provides assurance
provide assurance delivery of packets. delivery of packets.
 Connection less and connection oriented both
TCP/IP model network layer only services are provided by network layer in OSI
provides connection less services. model.

While in OSI model, Protocols are better covered

Protocols cannot be replaced easily in and is easy to replace with the change in
TCP/IP model. technology.

The first layer is the Process layer on the behalf of the sender and Network Access layer
on the behalf of the receiver. During this article, we will be talking on the behalf of the
receiver.

1. Network Access Layer –

This layer corresponds to the combination of Data Link Layer and Physical Layer of the
OSI model. It looks out for hardware addressing and the protocols present in this layer
allows for the physical transmission of data.
We just talked about ARP being a protocol of Internet layer, but there is a conflict about
declaring it as a protocol of Internet Layer or Network access layer. It is described as
residing in layer 3, being encapsulated by layer 2 protocols.

2. Internet Layer –

This layer parallels the functions of OSI’s Network layer. It defines the protocols which
are responsible for logical transmission of data over the entire network. The main
protocols residing at this layer are :
1. IP – stands for Internet Protocol and it is responsible for delivering packets
from the source host to the destination host by looking at the IP addresses in
the packet headers. IP has 2 versions:
IPv4 and IPv6. IPv4 is the one that most of the websites are using currently.
But IPv6 is growing as the number of IPv4 addresses are limited in number
when compared to the number of users.
2. ICMP – stands for Internet Control Message Protocol. It is encapsulated
within IP datagrams and is responsible for providing hosts with information
about network problems.
3. ARP – stands for Address Resolution Protocol. Its job is to find the hardware
address of a host from a known IP address. ARP has several types: Reverse
ARP, Proxy ARP, Gratuitous ARP and Inverse ARP.

3. Host-to-Host Layer –
This layer is analogous to the transport layer of the OSI model. It is responsible for end-
to-end communication and error-free delivery of data. It shields the upper-layer
applications from the complexities of data. The two main protocols present in this layer
are :
1. Transmission Control Protocol (TCP) – It is known to provide reliable and
error-free communication between end systems. It performs sequencing and
segmentation of data. It also has acknowledgment feature and controls the flow
of the data through flow control mechanism. It is a very effective protocol but
has a lot of overhead due to such features. Increased overhead leads to
increased cost.
2. User Datagram Protocol (UDP) – On the other hand does not provide any
such features. It is the go-to protocol if your application does not require
reliable transport as it is very cost-effective. Unlike TCP, which is connection-
oriented protocol, UDP is connectionless.

4. Application Layer –

This layer performs the functions of top three layers of the OSI model:
Application, Presentation and Session Layer. It is responsible for node-to-
node communication and controls user-interface specifications. Some of the
protocols present in this layer are: HTTP, HTTPS, FTP, TFTP, Telnet,
SSH, SMTP, SNMP, NTP, DNS, DHCP, NFS, X Window, LPD. Have a
look at Protocols in Application Layer for some information about these
protocols. Protocols other than those present in the linked article are :
1. HTTP and HTTPS – HTTP stands for Hypertext transfer
protocol. It is used by the World Wide Web to manage
communications between web browsers and servers. HTTPS
stands for HTTP-Secure. It is a combination of HTTP with
SSL(Secure Socket Layer). It is efficient in cases where the
browser need to fill out forms, sign in, authenticate and carry out
bank transactions.
2. SSH – SSH stands for Secure Shell. It is a terminal emulations
software similar to Telnet. The reason SSH is more preferred is
because of its ability to maintain the encrypted connection. It sets
up a secure session over a TCP/IP connection.
3. NTP – NTP stands for Network Time Protocol. It is used to
synchronize the clocks on our computer to one standard time
source. It is very useful in situations like bank transactions.
Assume the following situation without the presence of NTP.
Suppose you carry out a transaction, where your computer reads
the time at 2:30 PM while the server records it at 2:28 PM. The
server can crash very badly if it’s out of sync.
 This article is contributed by Achiv Chauhan and Palak Jain. If you like
GeeksforGeeks and would like to contribute, you can also write an article
using contribute.geeksforgeeks.org or mail your article to
contribute@geeksforgeeks.org. See your article appearing on the
GeeksforGeeks main page and help other Geeks.
Please write comments if you find anything incorrect, or you want to share
more information about the topic discussed above.

2.2 Network Devices (Hub, Repeater,

Bridge, Switch, Router, Gateways and
Brouter)
 Difficulty Level : Easy
 Last Updated : 18 Jun, 2021
 
1. Repeater – A repeater operates at the physical layer. Its job is to regenerate the signal
over the same network before the signal becomes too weak or corrupted so as to extend
the length to which the signal can be transmitted over the same network. An important
point to be noted about repeaters is that they do not amplify the signal. When the signal
becomes weak, they copy the signal bit by bit and regenerate it at the original strength. It
is a 2 port device. 
2. Hub –  A hub is basically a multiport repeater. A hub connects multiple wires coming
from different branches, for example, the connector in star topology which connects
different stations. Hubs cannot filter data, so data packets are sent to all connected
devices.  In other words, the collision domain of all hosts connected through Hub remains
one.  Also, they do not have the intelligence to find out the best path for data packets
which leads to inefficiencies and wastage. 
 
Types of Hub 
 Active Hub:- These are the hubs that have their own power supply and can
clean, boost, and relay the signal along with the network. It serves both as a
repeater as well as a wiring center. These are used to extend the maximum
distance between nodes.
 Passive Hub :- These are the hubs that collect wiring from nodes and power
supply from the active hub. These hubs relay signals onto the network without
cleaning and boosting them and can’t be used to extend the distance between
nodes.
 Intelligent Hub :- It works like active hubs and includes remote management
capabilities. They also provide flexible data rates to network devices. It also
 enables an administrator to monitor the traffic passing through the hub and to
configure each port in the hub.
3. Bridge – A bridge operates at the data link layer. A bridge is a repeater, with add on
the functionality of filtering content by reading the MAC addresses of source and
destination. It is also used for interconnecting two LANs working on the same protocol. It
has a single input and single output port, thus making it a 2 port device.
Types of Bridges 
 Transparent Bridges:- These are the bridge in which the stations are
completely unaware of the bridge’s existence i.e. whether or not a bridge is
added or deleted from the network, reconfiguration of the stations is
unnecessary. These bridges make use of two processes i.e. bridge forwarding
and bridge learning.
 Source Routing Bridges:- In these bridges, routing operation is performed by
the source station and the frame specifies which route to follow. The host can
discover the frame by sending a special frame called the discovery frame,
which spreads through the entire network using all possible paths to the
destination.
4. Switch – A switch is a multiport bridge with a buffer and a design that can boost its
efficiency(a large number of ports imply less traffic) and performance. A switch is a data
link layer device. The switch can perform error checking before forwarding data, which
makes it very efficient as it does not forward packets that have errors and forward good
packets selectively to the correct port only.  In other words, the switch divides the
collision domain of hosts, but broadcast domain remains the same. 
  
5. Routers – A router is a device like a switch that routes data packets based on their IP
addresses. The router is mainly a Network Layer device. Routers normally connect LANs
and WANs together and have a dynamically updating routing table based on which they
make decisions on routing the data packets. Router divide broadcast domains of hosts
connected through it.
 
  
 
6. Gateway – A gateway, as the name suggests, is a passage to connect two networks
together that may work upon different networking models. They basically work as the
messenger agents that take data from one system, interpret it, and transfer it to another
system. Gateways are also called protocol converters and can operate at any network
layer. Gateways are generally more complex than switches or routers. Gateway is also
called a protocol converter. 
7. Brouter – It is also known as the bridging router is a device that combines features of
both bridge and router. It can work either at the data link layer or a network layer.
Working as a router, it is capable of routing packets across networks, and working as the
bridge, it is capable of filtering local area network traffic. 
8. NIC – NIC or network interface card is a network adapter that is used to connect the
computer to the network. It is installed in the computer to establish a LAN.  It has a
unique id that is written on the chip, and it has a connector to connect the cable to it. The
cable acts as an interface between the computer and router or modem. NIC card is a layer
2 device which means that it works on both physical and data link layer of the network
model. 
  
References :
Data Communications and Networking 
Please write comments if you find anything incorrect, or you want to share more
information about the topic discussed above.