Statistical Analysis of Malformed Packets and Their Origins in the Modern Internet NETREAD UC Berkeley George Porter Oct 4, 2002.

Slides:

Advertisements

Similar presentations

1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.

Advertisements

CSC458 Programming Assignment II: NAT Nov 7, 2014.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

Cs/ee 143 Communication Networks Chapter 6 Internetworking Text: Walrand & Parekh, 2010 Steven Low CMS, EE, Caltech.

Internet Control Protocols Savera Tanwir. Internet Control Protocols ICMP ARP RARP DHCP.

IP Masquerading Homes and Businesses: When you only have one IP but you have LOTS of machines.

Helper Protocols Protocols that either make it easier for IP to do its job, or extend the capabilities of the network layer.

S305 – Network Infrastructure Chapter 5 Network and Transport Layers Part 2.

Week 5: Internet Protocol Continue to discuss Ethernet and ARP –MTU –Ethernet and ARP packet format IP: Internet Protocol –Datagram format –IPv4 addressing.

CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.

Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing Base on RFC 2827 Lector Kirill Motul.

Chapter 5 The Network Layer.

1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &

TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.

Shivkumar KalyanaramanRensselaer Q1-1 ECSE-6600: Internet Protocols Quiz 1 Time: 60 min (strictly enforced) Points: 50 YOUR NAME: Be brief, but DO NOT.

Chapter 8 Administering TCP/IP.

Chapter 23: ARP, ICMP, DHCP IS333 Spring 2015.

Lecture 8 Modeling & Simulation of Communication Networks.

Support Protocols and Technologies. Topics Filling in the gaps we need to make for IP forwarding work in practice – Getting IP addresses (DHCP) – Mapping.

Day15 IP Space/Setup. IP Suite of protocols –TCP –UDP –ICMP –GRE… Gives us many benefits –Routing of packets over internet –Fragmentation/Reassembly of.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

CECS 474 Computer Network Interoperability Notes for Douglas E. Comer, Computer Networks and Internets (5 th Edition) Tracy Bradley Maples, Ph.D. Computer.

Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.

1 IP: putting it all together Part 2 G53ACC Chris Greenhalgh.

Firewalls. Evil Hackers FirewallYour network Firewalls mitigate risk Block many threats They have vulnerabilities.

--Harish Reddy Vemula Distributed Denial of Service.

Addressing IP v4 W.Lilakiatsakun. Anatomy of IPv4 (1) Dotted Decimal Address Network Address Host Address.

 network appliances to filter network traffic  filter on header (largely based on layers 3-5) Internet Intranet.

Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.

1 Network Layer Lecture 16 Imran Ahmed University of Management & Technology.

Scanning & Enumeration Lab 3 Once attacker knows who to attack, and knows some of what is there (e.g. DNS servers, mail servers, etc.) the next step is.

Lecture 22 Network Security CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Hesham El-Rewini.

Verify that timestamps for debugging and logging messages has been enabled. Verify the severity level of events that are being captured. Verify that the.

Homework 02 NAT 、 DHCP 、 Firewall 、 Proxy. Computer Center, CS, NCTU 2 Basic Knowledge  DHCP Dynamically assigning IPs to clients  NAT Translating addresses.

Presented by Rebecca Meinhold But How Does the Internet Work?

TCP/IP (Transmission Control Protocol / Internet Protocol)

Computer Science and Engineering Computer System Security CSE 5339/7339 Session 25 November 16, 2004.

Allocating IP Addressing by Using Dynamic Host Configuration Protocol.

1 DETAILS OF PROTOCOLS The Zoo Protocol - TCP - IP.

An Analysis of Using Reflectors for Distributed Denial-of- Service Attacks Paper by Vern Paxson.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 3. How TCP/IP Works.

ITP 457 Network Security Networking Technologies III IP, Subnets & NAT.

Lecture 21: Network Primer 7/9/2003 CSCE 590 Summer 2003.

Address Resolution Protocol Yasir Jan 20 th March 2008 Future Internet.

Denail of Service(Dos) Attacks & Distributed Denial of Service(DDos) Attacks Chun-Chung Chen.

Packet Switch Network Server client IP Ether IPTCPData.

Module 8 JEOPARDY CCNA2 v3 Module 8 RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.

Network Layer IP Address.

IP - Internet Protocol No. 1  Seattle Pacific University IP: The Internet Protocol Kevin Bolding Electrical Engineering Seattle Pacific University.

أمن المعلومات لـ أ. عبدالرحمن محجوب حمد mtc.edu.sd أمن المعلومات Information Security أمن المعلومات Information Security  أ. عبدالرحمن محجوب  Lec (5)

Scaling the Network: Subnetting and Other Protocols

© 2003, Cisco Systems, Inc. All rights reserved.

NAT、DHCP、Firewall、FTP、Proxy

Wireshark Tutorial KUAS, Hao-Xiang Gu.

The Transport Layer Implementation Services Functions Protocols

Host Configuration: BOOTP and DHCP

Error and Control Messages in the Internet Protocol

Chapter 5 Network and Transport Layers

Internet Control Message Protocol (ICMP)

Host Configuration: BOOTP and DHCP

Advanced Computer Networks

Starting TCP Connection – A High Level View

Scaling the Network: Subnetting and Other Protocols

46 to 1500 bytes TYPE CODE CHECKSUM IDENTIFIER SEQUENCE NUMBER OPTIONAL DATA ICMP Echo message.

Chapter 24 Mobile IP.

Network Addressing.

Internet Control Message Protocol

Presentation transcript:

Statistical Analysis of Malformed Packets and Their Origins in the Modern Internet NETREAD UC Berkeley George Porter Oct 4, 2002

Main Idea Find malformed packets and determine the reasons What is the proportion? What are the causes? Ohio University

Experimental Setup Main University Link 100Mbits Rate limited to 36Mbits 98% TCP Dorm traffic 10 Mbits 60% TCP 40% Kazaa???

Errors detected

IP Addres outside of range (local link) /16 (Microsoft). DHCP INFORM messages. Finding the directory service for the enterprise root. Making dynamic updates on behalf of clients by the server x.x – x.x (AOL). Used when DHCP fails. Moral: Treat as private and filter. Moral2: Don’t send INFORM on networks with dynamic address assignment.

DDOS attack, bootstrapping ICMP echo requests sent to limited broadcast address Routers should not have forwared them Source+Dest addresses out of range occurred Weekday mornings Bootstrapping issue

Interesting Observations Sent to network 0 Misconfigurations Origin of Sent in response to UDP packets, probably a misconfiguration 0/6 port sequences No real ideas there Some SYN,FIN,URG,PSH packets used to determine O/S type Bad checksum in port range , probably specific impl problem

Packet Distributions Mostly during the day They claim that bit- errors are more likely during the day (why?) They suggest the misconfigurations are likely not in system software (then what?)

Moral/Takeaway points Misconfiguration accounts for a lot of malformed packets DDOS attack was observed Internet/Local networks have different error characteristics