Leveraging Good Intentions to Reduce Unwanted Network Traffic Marianne Shaw (U. Washington) USENIX 2nd Workshop on Steps to Reducing Unwanted Traffic on.

Slides:



Advertisements
Similar presentations
Module X Session Hijacking
Advertisements

Shutup An E2E Approach to DoS Defense Paul Francis Saikat Guha Cornell.
SPATor: Improving Tor Bridges with Single Packet Authorization Paper Presentation by Carlos Salazar.
Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.
Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
FIREWALLS Chapter 11.
CCNA – Network Fundamentals
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.
1 Pertemuan 05 Firewall Matakuliah: H0451/Praktikum Jaringan Komputer Tahun: 2006 Versi: 1/0.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.
Data Security in Local Networks using Distributed Firewalls
Towards a More Functional and Secure Network Infrastructure Dan Adkins, Karthik Lakshminarayanan, Adrian Perrig (CMU), and Ion Stoica.
Firewalls CS591 Topics in Internet Security November Steve Miskovitz, Steve Peckham, Kan Hayashi.
Bro: A System for Detecting Network Intruders in Real-Time Presented by Zachary Schneirov CS Professor Yan Chen.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.
IIT Indore © Neminath Hubballi
Using Routing and Tunnelling to Combat DoS Attacks Adam Greenhalgh, Mark Handley, Felipe Huici Dept. of Computer Science University College London
Chapter 6: Packet Filtering
Firewall and Internet Access Mechanism that control (1)Internet access, (2)Handle the problem of screening a particular network or an organization from.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Telecommunications Networking II Lecture 41e Firewalls.
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
1 Chapter 20: Firewalls Fourth Edition by William Stallings Lecture slides by Lawrie Brown(modified by Prof. M. Singhal, U of Kentucky)
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
University of the Western Cape Chapter 12: The Transport Layer.
Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine
The Transmission Control Protocol (TCP) Application Services (Telnet, FTP, , WWW) Reliable Stream Transport (TCP) Connectionless Packet Delivery.
Thoughts on Firewalls: Topologies, Application Impact, Network Management, Tech Support and more Deke Kassabian, April 2007.
Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.
Firewalls  Firewall sits between the corporate network and the Internet Prevents unauthorized access from the InternetPrevents unauthorized access from.
A Dynamic Packet Stamping Methodology for DDoS Defense Project Presentation by Maitreya Natu, Kireeti Valicherla, Namratha Hundigopal CISC 859 University.
Security Requirements of NVO3 draft-hartman-nvo3-security-requirements-01 S. Hartman M. Wasserman D. Zhang 1.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
1 Client-Server Interaction. 2 Functionality Transport layer and layers below –Basic communication –Reliability Application layer –Abstractions Files.
SEMINAR ON IP SPOOFING. IP spoofing is the creation of IP packets using forged (spoofed) source IP address. In the April 1989, AT & T Bell a lab was among.
An Analysis of Using Reflectors for Distributed Denial-of- Service Attacks Paper by Vern Paxson.
Role Of Network IDS in Network Perimeter Defense.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
What's a Firewall? A security system that acts as a protective boundary between a network and the outside world Isolates computer from the internet using.
K. Salah1 Security Protocols in the Internet IPSec.
IP packet filtering Breno de Medeiros. Florida State University Fall 2005 Packet filtering Packet filtering is a network security mechanism that works.
IPv6 Security Issues Georgios Koutepas, NTUA IPv6 Technology and Advanced Services Oct.19, 2004.
Chapter 8.  Upon completion of this chapter, you should be able to:  Understand the purpose of a firewall  Name two types of firewalls  Identify common.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Access Control Lists Accessing the WAN – Chapter 5.
Lecture 9 Page 1 CS 236 Online Firewalls What is a firewall? A machine to protect a network from malicious external attacks Typically a machine that sits.
Network security Vlasov Illia
An Introduction To ARP Spoofing & Other Attacks
Chapter 9: Transport Layer
Network Security Presented by: JAISURYA BANERJEA MBA, 2ND Semester.
Instructor Materials Chapter 9: Transport Layer
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Introduction to Networking
Firewalls.
Network Security: IP Spoofing and Firewall
Preventing Internet Denial-of-Service with Capabilities
Presentation transcript:

Leveraging Good Intentions to Reduce Unwanted Network Traffic Marianne Shaw (U. Washington) USENIX 2nd Workshop on Steps to Reducing Unwanted Traffic on the Internet (SRUTI), 2006.

2009/4/7 Speaker: Li-Ming Chen 2 Related Work: Reduce Unwanted Network Traffic Network-based approach  Monitor and characterize network traffic (normal or abnormal)  Eliminate unwanted traffic by identify them Source-limiting approach  E.g., Ingress filtering, reverse firewall…  Define good behaviors of managed users Approach is not independent  Protect one side, assume one side is trustworthy

2009/4/7 Speaker: Li-Ming Chen 3 Motivation User-administrated machines are well- intentioned but easily compromised  Once compromised, they will be used to amplify attacker’s ability to inflict damage Can we leverage users’ non-malicious intentions to prevent their machines from being used to generate unwanted traffic?  Say, even when compromised, these machines only generate well-behaved traffic

2009/4/7 Speaker: Li-Ming Chen 4 The Concept AB Normal communication Hmm, I don’t want this one :( Stop sending, please… (good intention!!) Malicious attempt ! Okay, I accept. (not being blocked!) Malicious attempt blocked !

2009/4/7 Speaker: Li-Ming Chen 5 Goal Propose a solution to reduce unwanted network traffic by enabling either side of a conversation to summarily terminate the conversation without the other endpoints cooperation.  A control plane is used to monitor conversations between endhosts  A enforcement mechanism is used to prevent unwanted traffic injecting into the network  Host-based, no extra mechanism is needed within the network

2009/4/7 Speaker: Li-Ming Chen 6 3 Key Observations (Design Rationales) Accept that machines will be compromised  But can avoid them generate unwanted traffic?! Users would be willing to thwart their machines to be used to inflict damage Defining and identifying unwanted behavior is difficult and often subjective  Two hosts may not classify the same traffic in the same way Can we leverage users’ non-malicious intentions to prevent their machines from being used to generate unwanted traffic?

2009/4/7 Speaker: Li-Ming Chen 7 A Simple Example: TCP-based Prototype Leverage the characteristics of TCP (connection oriented) to develop a prototype that is virtually invisible to endhosts AB Enf. Mech. In this case, The enforcement mechanism executes on a separate physical machine (act as a gateway for A) Connect with a dedicated Ethernet connection Guarantee host A will not generate unwanted traffic

2009/4/7 Speaker: Li-Ming Chen 8 A Simple Example: TCP-based Prototype Normal case: When A starts flooding B, B may send a RST packet to stop the packet flood. AB Enf. Mech. RST (good intention!!) Flooding packets Stop flooding!  However, attacker may ignore the RST, and continue to send high rates of unwanted packets.

2009/4/7 Speaker: Li-Ming Chen 9  However, attacker may ignore the RST, and continue to send high rates of unwanted packets. A Simple Example: TCP-based Prototype AB Enf. Mech. RST (good intention!!) Leverage good intention: Once the enf. mech. observes a valid incoming RST packet, the enf. mech. drops all outgoing network packets associated with this connection. Continue flooding packets Oh, I know that B want to close this connection & the intention is good! Packets blocked

2009/4/7 Speaker: Li-Ming Chen 10 Requirements (problems) When receiving unwanted traffic, B must be able to identify the source. Only honor requests to temporarily terminate an existing packet stream. Enf. mech. must be voluntarily adopted by endhosts. Upon receiving a termination request, the packet stream must be terminated without A’s cooperation. AB Enf. Mech. Enf. Mech. Only a recipient of unwanted traffic can make the request. (This mechanism can not be used for malicious intention)

2009/4/7 Speaker: Li-Ming Chen 11 Design The control plane The enforcement mechanism

2009/4/7 Speaker: Li-Ming Chen 12 Design: Control Plan Signaling 1. Unique Identifier AB Enf. Mech. Enf. Mech. Problem: DHCP, IP spoofing.  IP is the unique identifier of an active conversation  IP Accountability is necessary! A must not spoof its IP address. B can identify and contact A. B should not be penalized for spoofed packet. Enf. Mech. can sense reasonable IP change. Enf. Mech. will discard requests coming from spoofed IP

2009/4/7 Speaker: Li-Ming Chen 13 Design: Control Plan Signaling 2. Defining a Network Conversation AB Enf. Mech. Enf. Mech. A network conversation is used to track sequence of network packets  Dictates which packets will be dropped when a termination request is received. Conversation principals: 5-tuples Conversation start/stop: 1. observe network packets and maintain internal state (e.g., TCP) 2. or observe patterns of network activity

2009/4/7 Speaker: Li-Ming Chen 14 Design: Control Plan Signaling 3. Termination Requests AB Enf. Mech. Enf. Mech. Require a new signaling mechanism Indicate which network conversation is being terminated Indicate the amount of time of the termination B must decide unwanted traffic, Send termination requests back to A, Must not spoof its own identify (IP address).

2009/4/7 Speaker: Li-Ming Chen 15 Design: Enforcement Mechanism (avoid being attacked/misused) 1) the enforcement mechanism cannot be bypassed or subverted by attackers 2) the enforcement mechanism cannot be undermined by replaying a previous conversation through the mechanism 3) the enforcement mechanism can be deployed incrementally by end users and removed as needed, which should be extremely rare.

2009/4/7 Speaker: Li-Ming Chen 16 Endpoint Authentication (TCP example) The enforcement mechanism must provide its own endpoint authentication.  Adding a random 32-bit nonce to the initial sequence number (ISN) during connection establishment  Ensure that two untrusted, colluding hosts cannot subvert the enforcement mechanism.  Man in the middle attack?

2009/4/7 Speaker: Li-Ming Chen 17 Conclusion Argue that one can leverage good intentions of uses to reduce unwanted traffic on the Internet.  Well-intentioned hosts can summarily terminate unwanted traffic  By using independent control plane and enforcement mechanism

2009/4/7 Speaker: Li-Ming Chen 18 My Comment (1/3) A new idea to build up security mechanism But it’s somewhat passive :(  Accept host is vulnerable and will be compromised  Once being bothered by a malicious host, request for termination   In real world, compromised might be unacceptable   besides, a vulnerable host gains nothing from this mechanism Except not generating too much unwanted traffic to the Internet, after it got infected !!

2009/4/7 Speaker: Li-Ming Chen 19 My Comment (2/3) The action is triggered by well-intentioned hosts  What does unwanted traffic mean to me?  How to show my good intention?  not discussed in this paper…  or not implemented in on-line protocols & applications and enforced by its peer (who sends unwanted traffic)  Accountable, integrity (for both)

2009/4/7 Speaker: Li-Ming Chen 20 My Comment (3/3) Receive unwanted traffic, but request for termination for others!  E.g., stop sending packets to this subnet  Or stop scanning on these ports Reflection !?  Why everybody don’t like me? It must be something wrong…

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.