TCP SPLIT HANDSHAKE ATTACK Mehmet Burak AKGÜN 04/27/2011.

Slides:



Advertisements
Similar presentations
Introduction 1 Lecture 13 Transport Layer (Transmission Control Protocol) slides are modified from J. Kurose & K. Ross University of Nevada – Reno Computer.
Advertisements

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Ensuring the Reliability of Data Delivery © 2004 Cisco Systems, Inc. All rights reserved. Establishing a TCP Connection INTRO v2.0—6-1.
UDP & TCP Where would we be without them!. UDP User Datagram Protocol.
1 Reading Log Files. 2 Segment Format
EEC-484/584 Computer Networks Lecture 15 Wenbing Zhao (Part of the slides are based on Drs. Kurose & Ross ’ s slides for their Computer.
Page: 1 Director 1.0 TECHNION Department of Computer Science The Computer Communication Lab (236340) Summer 2002 Submitted by: David Schwartz Idan Zak.
TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.
Computer Networks Transport Layer. Topics F Introduction  F Connection Issues F TCP.
EEC-484/584 Computer Networks Lecture 13 Wenbing Zhao (Part of the slides are based on Drs. Kurose & Ross ’ s slides for their Computer.
1 CCNA 2 v3.1 Module Intermediate TCP/IP CCNA 2 Module 10.
NAVY Research Group Department of Computer Science Faculty of Electrical Engineering and Computer Science VŠB-TUO 17. listopadu Ostrava-Poruba.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
Chapter 16 Stream Control Transmission Protocol (SCTP)
TRANSPORT LAYER T.Najah Al-Subaie Kingdom of Saudi Arabia Prince Norah bint Abdul Rahman University College of Computer Since and Information System NET331.
Sales Kickoff - ARCserve
January 2009Prof. Reuven Aviv: Firewalls1 Firewalls.
11 September 2015 RE Meyers, Ms.Ed. CCENT ICND1 Exam Topics Review Describe the Operation of Data Networks: Network Diagrams and Data Paths.
1 Semester 2 Module 10 Intermediate TCP/IP Yuda college of business James Chen
Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.
CHAPTER 10 Session Hijacking. INTRODUCTION The act of taking over a connection of some sort, for examples, network connection, a modem connection or other.
Analysis of Internet Backbone Traffic and Header Anomalies Observed Wolfgang John and Sven Tafvelin Dept. of Computer Science and Engineering Chalmers.
Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.
Proxy Servers.
ECE 8990 Advanced Computer Network SystemsMississippi State University Comparison of TCP SACK and TCP Peach Sriram Rajan Vijaykumar Rajaram.
Individual Project 1 Sarah Pritchard. Fran, a customer of your company, would like to visit your company’s website from her home computer… How does your.
UDP & TCP Where would we be without them!. UDP User Datagram Protocol.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 16 Stream Control Transmission.
© 2002, Cisco Systems, Inc. All rights reserved..
Transport Layer1 TCP Connection Management Recall: TCP sender, receiver establish “connection” before exchanging data segments r initialize TCP variables:
TCP/IP1 Address Resolution Protocol Internet uses IP address to recognize a computer. But IP address needs to be translated to physical address (NIC).
Cisco I Introduction to Networks Semester 1 Chapter 7 JEOPADY.
© 2001, Cisco Systems, Inc. CSPFA 2.0—5-1 Chapter 5 Cisco PIX Firewall Translations.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 OSI transport layer CCNA Exploration Semester 1 – Chapter 4.
Ch23 Ameera Almasoud 1 Based on Data Communications and Networking, 4th Edition. by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007.
Chapter 9: Transport Layer
Port Scanning James Tate II
09-Transport Layer: TCP Transport Layer.
Fast Retransmit For sliding windows flow control we waited for a timer to expire before beginning retransmission of a packet TCP uses an additional mechanism.
Chapter 3 outline 3.1 Transport-layer services
Instructor Materials Chapter 9: Transport Layer
COMP2322 Lab 6 TCP Steven Lee Mar 29, 2017.
The Transport Layer (TCP)
Transport Layer.
Process-to-Process Delivery, TCP and UDP protocols
Kiyoshi Kodama, SE Japan 07-Oct-2008
PART 5 Transport Layer Computer Networks.
Introduction to Networking
TCP Transport layer Er. Vikram Dhiman LPU.
Magda El Zarki Professor, ICS UC, Irvine
SCTP v/s TCP – A Comparison of Transport Protocols for Web Traffic
Transport Layer Our goals:
TCP Sequence Number Plots
Process-to-Process Delivery:
CS 5565 Network Architecture and Protocols
CS4470 Computer Networking Protocols
Chapter 5 TCP Control Flow
Dr. John P. Abraham Professor UTPA
NT1210 Introduction to Networking
Dr. John P. Abraham Professor UTPA
CSCD 330 Network Programming
Transport Protocols: TCP Segments, Flow control and Connection Setup
Chapter 5 TCP Control Flow
Introduction to Computer Networks
Transport Protocols: TCP Segments, Flow control and Connection Setup
Process-to-Process Delivery: UDP, TCP
Statistical based IDS background introduction
Transport Layer 9/22/2019.
Transport Layer Our goals:
TCP Connection Management
Presentation transcript:

TCP SPLIT HANDSHAKE ATTACK Mehmet Burak AKGÜN 04/27/2011

Outline Introduction Attack Mechanism NSS LABS Test Results 2

Introduction TCP Transport Layer Protocol Connection Oriented State-full sequence # 3

Introduction TCP Reliability ACK/NACK Flow Control Congestion Control Slow start /Automatic Repeat Request 4

3-way Handshake SYN – client initiates – Sets sequence number to random number SYN/ACK – Server generates own random number ACK – Connection Established 5

Outline Introduction Method Test of commercial products 6

RFC TCP State Diagram 7 Section 3.3 of RFC 793 defines TCP handshake as a 4 step process. Thus designed state diagram allows receiving only SYN while in SYN_SENT state. RFC 793 definition of TCP Handshake

Simultaneous Open Mode 4 step handshaking allows Simultaneous Open Mode 8

SPLIT SYN/ACK 9 Malicious Server splits the SYN/ ACK and sends ACK only. 5 step TCP SPLIT

SPLIT SYN/ACK 10 Step two (the server's initial ACK), appears to have no effect on establishing a new TCP session, and may optionally dropped.

So What Can an Attacker Accomplish with this Attack? 11 The attacker has reversed the logical direction of the client’s initial connection

Scenario Say an unpatched client in your network connects to a malicious drive-by download web server that is not leveraging the split-handshake attack. The malicious web site tries to get your client to execute some javascript that forces your client to download malware. If you have gateway IPS and AV, your IPS may detect the malicious javascript, or your AV may catch the malware. In either case, your security scanning would block the attack. However, if the malicious web server adds the TCP split-handshake connection to the same attack, your IPS and AV systems may be confused by the direction of the traffic, and not scan the web server’s content. Now the malicious drive-by download would succeed, despite your gateway security protection. CNL

Outline Introduction Method Test of commercial products 13

Network Firewall Group Test Q by NSS LABS Full Report $3500 Products Tested: Check Point Power Cisco ASA 5585 Fortinet Fortigate 3950 Juniper SRX 5800 Palo Alto Networks PA-4020 SonicWALL NSA E8500 Companies are releasing firmware updates ! 14

References  The TCP Split Handshake: Practical Effects on Modern Network Equipment, Macrothink Institute, Network Protocols and Algorithms, ISSN , 2010, Vol. 2, No. 1 John, Wolfgang & Tafvelin, Sven, “Analysis of Internet Backbone Traffic and Header Anomalies Observed”. IMC '07: Proceedings of the 7th ACM SIGCOMM conference on Internet measurement, Pp October  affect-me/ affect-me/     newsletters/security-newsletter-17/a-new-way-for-tcp-connection newsletters/security-newsletter-17/a-new-way-for-tcp-connection CNL

QUESTIONS ? CNL

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.