IIT Indore (c) Neminath Hubballi

Slides:



Advertisements
Similar presentations
Introduction 1 Lecture 13 Transport Layer (Transmission Control Protocol) slides are modified from J. Kurose & K. Ross University of Nevada – Reno Computer.
Advertisements

Transportation Layer. Very similar to the data link layer. – two hosts connected by a link or two hosts connected by a network differences: – When two.
Transport Layer3-1 TCP. Transport Layer3-2 TCP: Overview RFCs: 793, 1122, 1323, 2018, 2581 r full duplex data: m bi-directional data flow in same connection.
1 Chapter 3 Transport Layer Computer Networking: A Top Down Approach 4 th edition. Jim Kurose, Keith Ross Addison-Wesley, July A note on the use.
Data Communications and Computer Networks Chapter 3 CS 3830 Lecture 16 Omar Meqdadi Department of Computer Science and Software Engineering University.
1 Chapter 3 Transport Layer. 2 Chapter 3 outline 3.1 Transport-layer services 3.2 Multiplexing and demultiplexing 3.3 Connectionless transport: UDP 3.4.
1 Transport Layer Lecture 9 Imran Ahmed University of Management & Technology.
CS 471/571 Transport Layer 5 Slides from Kurose and Ross.
CSE551: Computer Network Review r Network Layers r TCP/UDP r IP.
1 Comnet 2010 Communication Networks Recitation 9 Fairness & TCP Congestion Control.
TCP: Transmission Control Protocol Overview Connection set-up and termination Interactive Bulk transfer Timers Improvements.
Transport Layer – TCP (Part1) Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS School of Computing, UNF.
TCP segment structure source port # dest port # 32 bits application data (variable length) sequence number acknowledgement number rcvr window size ptr.
Chapter 3 outline 3.1 transport-layer services
EEC-484/584 Computer Networks Lecture 15 Wenbing Zhao (Part of the slides are based on Drs. Kurose & Ross ’ s slides for their Computer.
Transport Layer 3-1 outline r TCP m segment structure m reliable data transfer m flow control m congestion control.
Transport Layer 3-1 Transport Layer r To learn about transport layer protocols in the Internet: m TCP: connection-oriented protocol m Reliability protocol.
Transport Layer 3-1 Transport Layer r To learn about transport layer protocols in the Internet: m TCP: connection-oriented protocol m Reliability protocol.
1 Ch. 7 : Internet Transport Protocols. Transport Layer Our goals: r understand principles behind transport layer services: m Multiplexing / demultiplexing.
TCP. Learning objectives Reliable Transport in TCP TCP flow and Congestion Control.
3-1 Transport services and protocols r provide logical communication between app processes running on different hosts r transport protocols run in end.
Transport Layer TCP and UDP IS250 Spring 2010
Gursharan Singh Tatla Transport Layer 16-May
Process-to-Process Delivery:
Network LayerII-1 RSC Part III: Transport Layer 3. TCP Redes y Servicios de Comunicaciones Universidad Carlos III de Madrid These slides are, mainly, part.
Transport Layer 3-1 Chapter 3 Transport Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All.
3: Transport Layer3b-1 TCP: Overview RFCs: 793, 1122, 1323, 2018, 2581 r full duplex data: m bi-directional data flow in same connection m MSS: maximum.
2: Transport Layer 21 Transport Layer 2. 2: Transport Layer 22 TCP: Overview RFCs: 793, 1122, 1323, 2018, 2581 r full duplex data: m bi-directional data.
TCOM 509 – Internet Protocols (TCP/IP) Lecture 04_b Transport Protocols - TCP Instructor: Dr. Li-Chuan Chen Date: 09/22/2003 Based in part upon slides.
TCP : Transmission Control Protocol Computer Network System Sirak Kaewjamnong.
TCP1 Transmission Control Protocol (TCP). TCP2 Outline Transmission Control Protocol.
Fall 2005 By: H. Veisi Computer networks course Olum-fonoon Babol Chapter 6 The Transport Layer.
Transport Layer3-1 Chapter 3: Transport Layer Our goals: r understand principles behind transport layer services: m multiplexing/demultipl exing m reliable.
CSE679: Computer Network Review r Review of the uncounted quiz r Computer network review.
1 End-to-End Protocols (UDP, TCP, Connection Management)
Transport Layer3-1 Chapter 3 Transport Layer Computer Networking: A Top Down Approach 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.
Transport Layer3-1 Chapter 3 outline r 3.1 Transport-layer services r 3.2 Multiplexing and demultiplexing r 3.3 Connectionless transport: UDP r 3.4 Principles.
Transport Layer3-1 Transport Layer If you are going through Hell Keep going.
CIS679: TCP and Multimedia r Review of last lecture r TCP and Multimedia.
Transport Layer1 Goals: r understand principles behind transport layer services and protocols: m UDP m TCP Overview: r transport layer services r multiplexing/demultiplexing.
Transmission Control Protocol (TCP) TCP Flow Control and Congestion Control CS 60008: Internet Architecture and Protocols Department of CSE, IIT Kharagpur.
CSEN 404 Transport Layer II Amr El Mougy Lamia AlBadrawy.
1 TCP ProtocolsLayer name DNSApplication TCP, UDPTransport IPInternet (Network ) WiFi, Ethernet Link (Physical)
2: Transport Layer 11 Transport Layer 1. 2: Transport Layer 12 Part 2: Transport Layer Chapter goals: r understand principles behind transport layer services:
DMET 602: Networks and Media Lab Amr El Mougy Yasmeen EssamAlaa Tarek.
The Transport Layer Implementation Services Functions Protocols
09-Transport Layer: TCP Transport Layer.
Chapter 3 Transport Layer
Chapter 3 outline 3.1 Transport-layer services
DMET 602: Networks and Media Lab
Chapter 3 outline 3.1 Transport-layer services
TCP: Overview RFCs: 793, 1122, 1323, 2018, 2581 full duplex data:
Introduction to Networks
PART 5 Transport Layer Computer Networks.
CS1652 TCP Jack Lange University of Pittsburgh
TCP.
Review: UDP demultiplexing TCP demultiplexing Multiplexing?
Magda El Zarki Professor, ICS UC, Irvine
Transport Layer Goals: Overview:
Process-to-Process Delivery:
Chapter 3 outline 3.1 Transport-layer services
Chapter 5 Transport Layer Introduction
Transportation Layer.
Transport Protocols: TCP Segments, Flow control and Connection Setup
Chapter 5 Transport Layer Introduction
Transport Protocols: TCP Segments, Flow control and Connection Setup
Process-to-Process Delivery: UDP, TCP
Chapter 3 Transport Layer
Transport Layer 9/22/2019.
Chapter 3 Transport Layer
Presentation transcript:

IIT Indore (c) Neminath Hubballi TCP Vulnerabilities Dr. Neminath Hubballi IIT Indore (c) Neminath Hubballi

IIT Indore (c) Neminath Hubballi Outline Transport layer services Connection oriented TCP service Ack-Storm attack Implications Detection Congestion control Misbehaving receiver Implications / Attacks Mitigation IIT Indore (c) Neminath Hubballi

IIT Indore (c) Neminath Hubballi The Layers Put together App. HTTP SMTP DNS RTP Transport TCP UDP TCP/UDP Provides a network independent platform IP provides independence from underlying networks Internet IP Network Interface 1 Network Interface 3 Network Interface 2 (e.g., Ethernet driver)‏ (e.g., PPP driver)‏ IIT Indore (c) Neminath Hubballi 3 Neminath Jain IIT Guwahati 3

Multiplexing and Demultiplexing Demultiplexing: delivering received segments to correct app layer processes Recall: segment - unit of data exchanged between transport layer entities aka TPDU: transport protocol data unit receiver P3 P4 application-layer data M M application transport network segment header P1 P2 M M application transport network application transport network segment H t M H n segment IIT Indore (c) Neminath Hubballi 4 Neminath Jain IIT Guwahati 4

acknowledgement number Options (variable length)‏ TCP segment structure source port # dest port # 32 bits application data (variable length)‏ sequence number acknowledgement number rcvr window size ptr urgent data checksum F S R P A U head len not used Options (variable length)‏ URG: urgent data (generally not used)‏ counting by bytes of data (not segments!)‏ ACK: ACK # valid PSH: push data now (generally not used)‏ # bytes rcvr willing to accept RST, SYN, FIN: connection estab (setup, teardown commands)‏ Internet checksum (as in UDP)‏ IIT Indore (c) Neminath Hubballi 5 Neminath Jain IIT Guwahati 5

IIT Indore (c) Neminath Hubballi TCP Connection Setup Three-step Connection Establishment IIT Indore (c) Neminath Hubballi 6 Neminath Jain IIT Guwahati Neminath Jain IIT Guwahati 6 6

TCP Connection Teardown Four-step Connection Release IIT Indore (c) Neminath Hubballi 7 Neminath Jain IIT Guwahati Neminath Jain IIT Guwahati 7 7

TCP Acknowledgement Storm Attack Man-in-the-Middle Attack v/s Weakling in the Middle Attack Amplification attack Source: ``TCP Ack Storm DoS Attacks” Authors: Raz Abramov and Amir Herzberg. IFIP Security Conference 2011. ``TCP Ack Storm DoS Attacks ” Authors: Raz Abramov and Amir Herzberg. Computers & Security Journal Vol 33, Year 2013 IIT Indore (c) Neminath Hubballi

Attacker Client Server SYN SEQ=529 SYN Seq=2449, ACK=530 SEQ=2450, ACK =531, LEN=10 SEQ=531, ACK =2450, LEN=10 SEQ=531, ACK =2461 SEQ=2450, ACK =541 SEQ=531, ACK =2461 SEQ=2450, ACK =541

IIT Indore (c) Neminath Hubballi Weakling in the Middle Courtesy: TCP Ack Storm DoS Attacks” Authors: Raz Abramov and Amir Herzberg. IFIP Security Conference 2011 IIT Indore (c) Neminath Hubballi

Principles of Congestion Control informally: “too many sources sending too much data too fast for network to handle” different from flow control (receiver overload)! manifestations: lost packets (buffer overflow at routers)‏ long delays (queuing in router buffers)‏ a top-10 problem! IIT Indore (c) Neminath Hubballi 11 Neminath Jain IIT Guwahati 11

Congestion Control in TCP Additive Increase Multiplicative Decrease IIT Indore (c) Neminath Hubballi 13 Neminath Jain IIT Guwahati Neminath Jain IIT Guwahati 13 13

TCP Vulnerabilities with Misbehaving Receiver Source: ``TCP Congestion Control with a Misbehaving Receiver”, Authors: Stefan Savage, Neal Cardwell, David Wetherall, Tom Anderson, ACM Computer Communications Review 1999 Few slides are adopted from a presentation of authors IIT Indore (c) Neminath Hubballi

IIT Indore (c) Neminath Hubballi Attack #1: ACK Division The Attack: When you receive a data segment with N bytes Divide corresponding ACK into M pieces, where M  N Each separate ACK covers one of M distinct pieces of received data IIT Indore (c) Neminath Hubballi

IIT Indore (c) Neminath Hubballi Attack #1: ACK Division Data 1000 Bytes ACK 1 ACK 2 ACK 3 Source: ``TCP Congestion Control with a Misbehaving Receiver”, Authors: Stefan Savage, Neal Cardwell, David Wetherall, Tom Anderson ACM Computer Communications Review 1999 IIT Indore (c) Neminath Hubballi

IIT Indore (c) Neminath Hubballi Attack #1: ACK Division This attack can convince a TCP sender to send all of its data in send buffer in a single burst. Source: ``TCP Congestion Control with a Misbehaving Receiver”, Authors: Stefan Savage, Neal Cardwell, David Wetherall, Tom Anderson ACM Computer Communications Review 1999 IIT Indore (c) Neminath Hubballi

Mitigating ACK Division Change congestion control to work on byte granularity Increment the cwnd proportional to the amount of data acknowledged Increment the cwnd only when entire segment sent is acknowledged IIT Indore (c) Neminath Hubballi

Attack #2: DupACK Spoofing TCP uses two algorithms, fast retransmit and fast recovery, to decrease the effects of packet loss Quoted from RFC 2581 Set cwnd to ssthresh plus 3*SMSS. This artificially “inflates” the congestion window by the number of segments (3) that have left the network and which the receiver has buffered. … For each additional duplicate ACK received, increment cwnd by SMSS. This artificially inflates the cwnd in order to reflect the additional segment that has left the network. IIT Indore (c) Neminath Hubballi

Attack #2: DupACK Spoofing The Attack When you receive a data segment, send lots of ACKs for the last sequence # received (at a start of a connection, this would be for the SYN segment) IIT Indore (c) Neminath Hubballi

Attack #2: DupACK Spoofing The first four ACKs for the same sequence # cause the sender to retransmit the first segment. However, cwnd is increased by SMSS for each additional duplicate, for a total of 4 segments Since duplicate ACKs are indistinguishable, this attack is also valid. Sample time line for DupACK attack. IIT Indore (c) Neminath Hubballi

Mitigating DupACK Spoofing Two additional fields in TCP header Add a nonce to the segment When receiver sends a DupACK – it must include the nonce For every DupACK with new nonce – increment the cwnd by 1 SMSS IIT Indore (c) Neminath Hubballi

Attack #3: Optimistic ACKing Since TCP’s cwnd growth is a function of RTT (exponential during slow start, linear during congestion avoidance), sender-receiver pairs with shorter RTT will transfer data more quickly Hence, it’s possible for a receiver to emulate a shorter RTT by sending ACKs optimistically for data it has not received yet IIT Indore (c) Neminath Hubballi

Attack #3: Optimistic ACKing The Attack: When you receive a data segment, send lots of ACKs anticipating data that will be sent by the sender This attack does not preserve end-to-end reliability, e.g. if a packet is lost, it’s unrecoverable IIT Indore (c) Neminath Hubballi

Attack #3: Optimistic ACKing What makes Optimistic ACKing more dangerous After reaching to bottleneck rate, a receiver sends ACKs in spite of losses By concealing losses, it eliminates the only congestion signal available to sender A malicious attacker can conceal all losses and leads the sender to increase cwnd indefinitely IIT Indore (c) Neminath Hubballi

Attack #3: Optimistic ACKing Since senders generally send full-sized segments, it’s easy for a receiver to guess the correct sequence # to use in ACKs, but this accuracy is not mandatory If an ACK arrives for the data that has not yet been sent, this is generally ignored by sender – allowing the receiver to be more aggressive Sample time line for Optimistic ACKing attack. IIT Indore (c) Neminath Hubballi

Solution to Optimistic ACKing Again a nonce based solution Include a nonce in TCP segment Cumulative acknowledgement includes cumulative sum of nonce values IIT Indore (c) Neminath Hubballi

Example to this solution The fourth data segment is lost and a third ACK attempts to conceal this loss by ACKing a later segment But the ACK will be refused since it cannot provide the correct nonce sum (149) Sample time line for a transfer using a cumulative nonce IIT Indore (c) Neminath Hubballi

IIT Indore (c) Neminath Hubballi TCP Shrew Attack Exploits TCP retransmission timeout mechanism Create Denial of Service (DoS) attack Throughput is reduced IIT Indore (c) Neminath Hubballi

IIT Indore (c) Neminath Hubballi

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.