Phalanx : Withstanding Multimillion-Node Botnets

Slides:



Advertisements
Similar presentations
Tor: The Second-Generation Onion Router
Advertisements

COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.
Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks Multipath.
A Survey of Secure Wireless Ad Hoc Routing
Phalanx: Withstanding Multimillion-Node Botnets Colin Dixon Arvind Krishnamurthy Tom Anderson University of Washington NSDI 2008.
FastPass: Availability Tokens to Defeat DoS Presented at CMU Systems Seminar by: Dan Wendlandt Work with: David Andersen & Adrian Perrig.
(4.4) Internet Protocols Layered approach to Internet Software 1.
A DoS-Limiting Network Architecture Presented by Karl Deng Sagar Vemuri.
1 Internet Networking Spring 2003 Tutorial 11 Explicit Congestion Notification (RFC 3168) Limited Transmit (RFC 3042)
DFence: Transparent Network-based Denial of Service Mitigation CSC7221 Advanced Topics in Internet Technology Presented by To Siu Sang Eric ( )
Mitigating Bandwidth- Exhaustion Attacks using Congestion Puzzles XiaoFeng Wang Michael K. Reiter.
Denial of Service Resilience in Ad Hoc Networks Imad Aad, Jean-Pierre Hubaux, and Edward W. Knightly Designed by Yao Zhao.
1 Internet Networking Spring 2003 Tutorial 11 Explicit Congestion Notification (RFC 3168)
1 TVA: A DoS-limiting Network Architecture Xiaowei Yang (UC Irvine) David Wetherall (Univ. of Washington) Thomas Anderson (Univ. of Washington)
Phalanx: Withstanding (?) Multimillion-Node (?) Botnets Paper by Colin Dixon, Thomas Anderson and Arvind Krishnamurthy NSDI ‘08 ?? by Mark Ison and Gergely.
Optical Ring Networks Research over MAC protocols for optical ring networks with packet switching. MAC protocols divide the ring bandwidth according to.
Department of Electronic Engineering City University of Hong Kong EE3900 Computer Networks Transport Protocols Slide 1 Transport Protocols.
1 Computer Networks Switching Technologies. 2 Switched Network Long distance transmission typically done over a network of switched nodes End devices.
A DoS Limiting Network Architecture An Overview by - Amit Mondal.
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
Guide to TCP/IP, Third Edition
Common Devices Used In Computer Networks
An efficient secure distributed anonymous routing protocol for mobile and wireless ad hoc networks Authors: A. Boukerche, K. El-Khatib, L. Xu, L. Korba.
A Virtual Honeypot Framework Author: Niels Provos Published in: CITI Report 03-1 Presenter: Tao Li.
15-1 Networking Computer network A collection of computing devices that are connected in various ways in order to communicate and share resources.
1 The Internet and Networked Multimedia. 2 Layering  Internet protocols are designed to work in layers, with each layer building on the facilities provided.
The Transmission Control Protocol (TCP) Application Services (Telnet, FTP, , WWW) Reliable Stream Transport (TCP) Connectionless Packet Delivery.
TOMA: A Viable Solution for Large- Scale Multicast Service Support Li Lao, Jun-Hong Cui, and Mario Gerla UCLA and University of Connecticut Networking.
A VIRTUAL HONEYPOT FRAMEWORK Author : Niels Provos Publication: Usenix Security Symposium Presenter: Hiral Chhaya for CAP6103.
Service time evaluation (transfer) for a message sent over a LAN through TCP protocol Network Routers service time.
Withstanding Multimillion-Node Botnets Colin Dixon Arvind Krishnamurthy, Tom Anderson Affiliates Day, 2007.
Presented by Rebecca Meinhold But How Does the Internet Work?
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 9 Virtual Trunking Protocol.
New Client Puzzle Outsourcing Techniques for DoS Resistance Brent Waters, Stanford University Ari Juels, RSA Laboratories Alex Halderman, Princeton University.
SEMINAR ON IP SPOOFING. IP spoofing is the creation of IP packets using forged (spoofed) source IP address. In the April 1989, AT & T Bell a lab was among.
An End-to-End Service Architecture r Provide assured service, premium service, and best effort service (RFC 2638) Assured service: provide reliable service.
CS/EE 145A Reliable Transmission over Unreliable Channel II Netlab.caltech.edu/course.
An End-to-End Service Architecture r Provide assured service, premium service, and best effort service (RFC 2638) Assured service: provide reliable service.
TCP/IP1 Address Resolution Protocol Internet uses IP address to recognize a computer. But IP address needs to be translated to physical address (NIC).
Using Rhythmic Nonces for Puzzle-Based DoS Resistance Ellick M. Chan, Carl A. Gunter, Sonia Jahid, Evgeni Peryshkin, and Daniel Rebolledo University of.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
UDP: User Datagram Protocol. What Can IP Do? Deliver datagrams to hosts – The IP address in a datagram header identify a host – treats a computer as an.
SESSION HIJACKING It is a method of taking over a secure/unsecure Web user session by secretly obtaining the session ID and masquerading as an authorized.
HIP-Based NAT Traversal in P2P-Environments
Network Security Confidentiality Using Symmetric Encryption Chapter 7.
Chapter 9: Transport Layer
Instructor Materials Chapter 6: Quality of Service
Instructor Materials Chapter 9: Transport Layer
DDoS Attacks on Financial Institutions Presentation
Internet Networking recitation #9
Anonymous Communication
How And The Internet Work
Net 221D : Computer Networks Fundamentals
Preventing Internet Denial-of-Service with Capabilities
Chapter 6 Networks Communicating and Sharing Resources
DDoS Attack Detection under SDN Context
COS 561: Advanced Computer Networks
Anonymous Communication
ITIS 6010/8010 Wireless Network Security
Switching Techniques.
دیواره ی آتش.
Internet Networking recitation #10
Network Architecture for Cyberspace
Computer Networks Topic :User datagram protocol Transmission Control Protocol -Hemashree S( )
Networking Theory and Protocol.
Anonymous Communication
Transport Layer 9/22/2019.
Presentation transcript:

Phalanx : Withstanding Multimillion-Node Botnets Presented by : Eric Chan, J. Scott Miller

Botnets? A large collection of compromised computers controlled by hackers Widely used to Spam emails Steal identities Launch large scale DDoS attacks

Botnets?

Botnets?

Goals Eventual Communication Protect Established Connections Possible connection regardless of the number of attackers Protect Established Connections Protecting connections once established Unilateral Deployment Deployment on a single ISP without global agreement Endpoint Policy Destination controls which connections to be established Resistance to Compromise Tolerate compromised nodes/routers Autoconfiguration Path changes should be transparent to protection Efficiency Maintain performance even under attack

Our Approach Swarm of machines forward traffic Explicitly request each packet Attacks must down all mailboxes and thus all paths

Mailboxes A large number of machines offer to carry traffic for certain destinations Traffic is stored in mailboxes to be picked up. If ignored it will be dropped from buffer.

Iterated Hash Sequences Each packet in a flow is sent to a cryptographically random mailbox Mailbox is secretly selected by destination; an attacker cannot “follow” a flow by attacking each mailbox just before it is used

Mailbox Sets Tradeoff between performance and resilience Initially select 10 nearby mailboxes Different set for forward and reverse path Nearby according to iPlane Expand/change set based on loss conditions Changes piggybacked on packets

Filtering Ring Filters out unrequested traffic at Tier 1 Each edge router maintains set of requested nonces (white list) and received nonces (blacklist) Implemented with 4 Bloom filters False negatives result in single loss Request added to white list -> sent packet checked again white/black list -> added to bliack list

Nonces, Tokens and Puzzles How does the first packet get through? General purpose request nonce issued by destination Rate is in control of destination Can be issued for range of IPs

Nonces, Tokens and Puzzles Isn’t this an opportunity for attack? Authentication tokens required for connections Take the form of cryptographic puzzles or provider-granted cookies based on previous authentication

Micro-benchmarks on Planetlab Tested Phalanx path between pairs of nodes Ten mailboxes used 25 KBps (25 packets/sec) ~1000 packets/connection Compared with vanilla UDP

Congestion Control TCP ill-suited to the reordering and loss we expect in our system Developed congestion control protocol based on destination-advertised sending rates Losses experienced at mailbox indicated to the destination

Impact on Latency Minor impact on latency

Impact on Loss Minor impact on loss rate

Effect of Attack on Rate Half of mailboxes drop 75% of packets starting at 12 sec Average sending rate (25KBps) maintained

Simulation Router level topology gather by having PL hosts use iPlane to probe Akamai hosts PL hosts act as servers under attack Akamai hosts act as mailboxes

Effect of Limited Deployment 100k attackers, 1000 good hosts Single deployment aides substantially

Effects of Varying Attacker Size For up to 1 million attackers many good hosts see no losses

Conparison with Single-Path Many more acceptable connections with Phalanx

Conclusion Strong DDoS solution for centralized servers Incremental deployment possible Resilient to compromise

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.