Design and Implementation of Alternative Route Against DDOS Jing Yang and Su Li.

Slides:

Advertisements

Similar presentations

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.

Advertisements

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

IUT– Network Security Course 1 Network Security Firewalls.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.

Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.

Lan Nguyen Mounika Namburu 1.  DDoS Defense Research  A2D2 Design ◦ Subnet Flooding Detection using Snort ◦ Class -Based Queuing ◦ Multi-level Rate.

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #13 Web Caching Protocols ICP, CARP.

The problems associated with operating an effective anti-spam blocklist system in an increasingly hostile environment. Robert Gallagher September 2004.

ChowSCOLD1 Secure Collective Defense Network (SCOLD) C. Edward Chow Yu Cai Dave Wilkinson Sarah Jelinek Part of this project is sponsored by a grant from.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

Secure Collective Internet Defense (SCID) Yu Cai 05/30/2003

Beth Johnson April 27, What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.

Using Multiple Gateways to Foil DDOS Attack by David Wilkinson.

Enhanced Secure Dynamic DNS Update with Indirect Route David Wilkinson, C. Edward Chow, Yu Cai 06/11/2004 University of Colorado at Colorado Springs IEEE.

ChowSCOLD1 Secure Collective Internet Defense (SCOLD) C. Edward Chow Yu Cai Dave Wilkinson Sarah Jelinek Part of this project is sponsored by a grant from.

DNS: Revising the Current Protocol Matt Gustafson Matt Weaver CS522 Computer Communications University of Colorado, Colorado Springs.

Investigations into BIND Dynamic Update with OpenSSL by David Wilkinson.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

Autonomous Anti-DDoS Network V2.0 (A2D2-2) Sarah Jelinek University Of Colorado, Colo. Spgs. Spring Semester 2003, CS691 Project.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols Network Fundamentals – Chapter.

Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

1 Enabling Secure Internet Access with ISA Server.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

Introducing Kerio Control Unified Threat Management Solution Release date: June 1, 2010 Kerio Technologies, Inc.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

Windows Internet Connection Sharing Dave Eitelbach Program Manager Networking And Communications Microsoft Corporation.

Network Address Translation (NAT) CS-480b Dick Steflik.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Intranet, Extranet, Firewall. Intranet and Extranet.

Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

1 3 Web Proxies Web Protocols and Practice. 2 Topics Web Protocols and Practice WEB PROXIES  Web Proxy Definition  Three of the Most Common Intermediaries.

Internal NetworkExternal Network. Hub Internal NetworkExternal Network WS.

Chapter 10 Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Explain how the functions of the application layer,

Chapter 6: Packet Filtering

By : Himanshu Mishra Nimish Agarwal CPSC 624.  A system designed to prevent unauthorized access to or from a private network.  It must have at least.

Lecture#2 on Internet and World Wide Web. Internet Applications Electronic Mail ( ) Electronic Mail ( ) Domain mail server collects incoming mail.

Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 19 PCs on the Internet.

Enabling Embedded Systems to access Internet Resources.

1 Routing. 2 Routing is the act of deciding how each individual datagram finds its way through the multiple different paths to its destination. Routing.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 23 How Web Host Servers Work.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

OS Services And Networking Support Juan Wang Qi Pan Department of Computer Science Southeastern University August 1999.

Module 10: How Middleboxes Impact Performance

Web Caching and Replication Presented by Bhushan Sonawane.

CCNA4 v3 Module 6 v3 CCNA 4 Module 6 JEOPARDY K. Martin.

Unit - III. Providing a Caching Proxy Server (1) A caching proxy server is software that stores (caches) frequently requested internet objects such as.

ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.

SOCKS By BITSnBYTES (Bhargavi, Maya, Priya, Rajini and Shruti)

Overview of Firewalls. Outline Objective Background Firewalls Software Firewall Hardware Firewall Demilitarized Zone (DMZ) Firewall Types Firewall Configuration.

INTRODUCTION Firewall is a concept which blocks unwanted traffic and passes desirable traffic to and from both sides of the network.

Computer Network Architecture Lecture 6: OSI Model Layers Examples 1 20/12/2012.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Top 5 Open Source Firewall Software for Linux User

Web Development Web Servers.

Network Address Translation

Prepared By : Pina Chhatrala

Network Load Balancing

FTP - File Transfer Protocol

Internet Networking recitation #12

Computer Networks Protocols

Presentation transcript:

Design and Implementation of Alternative Route Against DDOS Jing Yang and Su Li

Introduction In general, three categories of DDoS research: Intrusion Prevention Intrusion Detection Intrusion Response/Tolerance

A Typical DDoS Architecture Mastermind Intruder Client (Commander) Handler (Middleman) Agent (Attacker)

Objective Focus on Intrusion Tolerance Explore Alternative Routes Against DDoS

Approaches 1. Updated DNS along with IP-Over-IP between the alternative firewall and real server. Alternative routes established from clients to the real server through an alternative firewall (IP-Over-IP). Relatively easy to implement, and work reasonably well, but does not resolve the DDoS problems completely. 2. Updated DNS along with Proxy Server Alternative routes established from clients to real server through an alternative firewall (Proxy Server). Adding new fields to DNS and new features to web browsers/network applications. Attacker can hardly detect the new route – better for trusted clients.

Design and Implementation of Approach 1 Architecture Real Server DNS Server FireWall Alternative Firewall IP-over-IP Client

Software Developed SendMessage: a client program that sends out “Attacked” msg to the alternative firewall. PM (ProcessManager): a server program that listens for “Attacked” msg, and manages Updated_DNS and IP-Over_IP server programs. Updated_DNS: a UNIX shell script that updates DNS server for the alternative firewall information (IP). IP_Over_IP_Svr: a program that transfers data back and forward between clients and the real server (Only for HTTP request/data in the current version).

Software/Tools used Bind Version 9: only Bind 8/9 allows updating DNS record. VMWare: A freeware used to create two additional operating environments (ex. Argo.uccs.edu and Ardent.uccs.edu are created on Athena.uccs.edu machine)

Hardware Configuration Real Server (Argo) DNS Server (Argo) FireWall (Athena) Alternative Firewall (Ardent) IP-over-IP Client

Process Flow (Approach 1) Step 1: Upon detection of an attacker (ex. by Snort), MessageSend (client) running on the real server sends a “Attacked” message to the alternative firewall. Step 2: Upon receiving an “Attacked” message, Process Manager (server) running at the alternative fire wall server will do the following: Start updateDNS process to update DNS servers with the alternative firewall IP address. Start IP-Over-IP process that will relay request/data between the real server and client ….an alternative route is established.

Design of Approach 2 Add three new fields to the current DNS specifications: 1. Proxy Server IP address. 2. Proxy Server Port Number. 3. A field for a list of trusted client IP addresses or identifiers or digital signatures. Add client network interface, which add SOCK protocol when the DNS query returns the new type of DNS query results (more transparent solution) Modify web browsers to read the three DNS fields and configure web browsers automatically, if and only if the client info such as IP or identifier matches the client information from DNS server.

Conclusion 1. Updated DNS along with data transfers using IP- over-IP between real server and alternative firewall (approach 1) reasonably establish the alternative route. 2. Approach 1 dynamically provides the alternative route and thus increases intrusion tolerance. 3. Limited testing results (browsed a couple of personal web pages through the alternative route –Approach 1) show no performance issue. (More testing with simulating attacking situation is needed)

Conclusion (continues) 3. However, approach 1 can not eliminate completely the DDoS problems since attackers may go through the new route after detecting the alternative route (The IP_Over_IP_Svr only handle HTTP request/data in this version). 4. Approach 2 does guarantee continuous service for trusted clients since only the trusted clients are allowed to go through the alternative route when the original route is attacked.

Future Work Approach 1 can be expanded into a failover/failback systems or load balancer. IP_Over_IP_Svr can be expanded to handle other protocols such as FTP, SNMP. DNS server can be improved with additional rules or policies to increase internet security – this is the main lesson learnt.

References Design of An Autonomous Anti-DDOS Network (A2D2). Angela Cearns. Thesis. Department of Computer Science Detection, Defense and tracking of Internet-Wide Illegal Access in a Distributed Manner. Kohel Ohta, et al. s/if/if_2.htm s/if/if_2.htm