Slide 1 Attacks on TCP/IP. slide 2 Security Issues in TCP/IP uNetwork packets pass by untrusted hosts Eavesdropping (packet sniffing) uIP addresses are.

Slides:



Advertisements
Similar presentations
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Advertisements

TCP Flooding. TCP handshake C S SYN C SYN S, ACK C ACK S Listening Store data Wait Connected.
CISCO NETWORKING ACADEMY PROGRAM (CNAP)
Availability Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Aspects of Computer.
Are you secured in the network ?: a quick look at the TCP/IP protocols Based on: A look back at “Security Problems in the TCP/IP Protocol Suite” by Steven.
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
The Internet! Layers, TCP, UDP, IP DDoS Reflection Attacks IPSEC, ARP Sharon Goldberg CS558 Boston University Spring 2015 Most slides and images borrowed.
1 Reading Log Files. 2 Segment Format
Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
Security (Continued) V.T. Raja, Ph.D., Oregon State University.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Firewalls and Intrusion Detection Systems
Network Security IS250 Spring 2010 John Chuang. 2 Outline  What is Network Security? -Security properties -Cryptographic techniques  Availability (or.
Slide 1 Vitaly Shmatikov CS 378 Attacks on TCP/IP.
Outline Definition Point-to-point network denial of service
8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.
TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.
SYN Flooding: A Denial of Service Attack Shivani Hashia CS265.
Slide 1 Isaac Ghansah Attacks on TCP/IP. slide 2 Internet Infrastructure local network Internet service provider (ISP) backbone ISP local network uTCP/IP.
Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.
1 CCNA 2 v3.1 Module Intermediate TCP/IP CCNA 2 Module 10.
Communication Protocols III Tenth Meeting. Connections in TCP A wants to send to B. What is the packet next move? A travels through hub and bridge to.
WXES2106 Network Technology Semester /2005 Chapter 8 Intermediate TCP CCNA2: Module 10.
Lecture 15 Denial of Service Attacks
Lecture 22 Page 1 Advanced Network Security Other Types of DDoS Attacks Advanced Network Security Peter Reiher August, 2014.
1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.
CS426Fall 2010/Lecture 331 Computer Security CS 426 Lecture 33 Network Security (1)
1 CSCD 434 Lecture 3 NetworkProtocol Vulnerabilities Spring 2012.
8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.
FIREWALL Mạng máy tính nâng cao-V1.
Network Security Denial of Service Attacks Dina Katabi nms.csail.mit.edu/~dina.
Firewalls. Evil Hackers FirewallYour network Firewalls mitigate risk Block many threats They have vulnerabilities.
1 Tao Wan Digital Security Group School of Computer Science Carleton University Oct 30, 2003 IP Spoofing Attacks & Defenses.
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Security News Source Courtesy:
Transmission Control Protocol TCP. Transport layer function.
TCP/IP Vulnerabilities
CS426Network Security1 Computer Security CS 426 Network Security (1)
CSE 461 Section. Let’s learn things first! Joke Later!
Lecture 22 Network Security CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Hesham El-Rewini.
1 Firewalls Types of Firewalls Inspection Methods  Static Packet Inspection  Stateful Packet Inspection  NAT  Application Firewalls Firewall Architecture.
CS526Topic 18: Network Security1 Information Security CS 526 Network Security (1)
NETWORK ATTACKS Dr. Andy Wu BCIS 4630 Fundamentals of IT Security.
Denial of Service Attacks
________________ CS3235, Nov 2002 (Distributed) Denial of Service Relatively new development. –Feb 2000 saw attacks on Yahoo, buy.com, ebay, Amazon, CNN.
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 25 November 16, 2004.
TCP Security Vulnerabilities Phil Cayton CSE
8: Network Security 8-1 IPsec: Network Layer Security r network-layer secrecy: m sending host encrypts the data in IP datagram m TCP and UDP segments;
Lecture 6: Network Attacks II
© 2002, Cisco Systems, Inc. All rights reserved..
Transport Layer1 TCP Connection Management Recall: TCP sender, receiver establish “connection” before exchanging data segments r initialize TCP variables:
Denail of Service(Dos) Attacks & Distributed Denial of Service(DDos) Attacks Chun-Chung Chen.
Network Security 1. Overview What is security? Why do we need security? Who is vulnerable? Common security attacks and countermeasures Firewalls & Intrusion.
@Yuan Xue CS 285 Network Security Internet Security and DoS Yuan Xue Fall 2011.
Comparison of Network Attacks COSC 356 Kyler Rhoades.
An Introduction To ARP Spoofing & Other Attacks
Introduction to Information Security
Introduction to Information Security , Spring 2017 Lecture 9: Network Defenses: Firewalls, NAT, VPN, DoS Avishai Wool Slides credit: John Mitchell,
General Classes of TCP/IP Problems
The Internet! Layers, TCP, UDP, IP DDoS Reflection Attacks IPSEC, ARP
Outline Basics of network security Definitions Sample attacks
CIT 480: Securing Computer Systems
The IP, TCP, UDP protocols
0x1A Great Papers in Computer Security
Outline Basics of network security Definitions Sample attacks
Threats in Networks Jagdish S. Gangolly School of Business
Network Protocol Vulnerabilities
Intrusion Detection and Hackers Exploits IP Spoofing Attack
Session 20 INST 346 Technologies, Infrastructure and Architecture
Outline Basics of network security Definitions Sample attacks
Presentation transcript:

slide 1 Attacks on TCP/IP

slide 2 Security Issues in TCP/IP uNetwork packets pass by untrusted hosts Eavesdropping (packet sniffing) uIP addresses are public Smurf attacks uTCP connection requires state SYN flooding uTCP state is easy to guess TCP spoofing and connection hijacking

slide 3 network Packet Sniffing uMany applications send data unencrypted ftp, telnet send passwords in the clear uNetwork interface card (NIC) in “promiscuous mode” reads all passing data Solution: encryption (e.g., IPsec), improved routing

slide 4 “Smurf” Attack gateway victim 1 ICMP Echo Req Src: victim’s address Dest: broadcast address Looks like a legitimate “Are you alive?” ping request from the victim Every host on the network generates a ping (ICMP Echo Reply) to victim Stream of ping replies overwhelms victim Solution: reject external packets to broadcast addresses

slide 5 TCP Handshake CS SYN C SYN S, ACK C ACK S Listening… Spawn thread, store data (connection state, etc.) Wait Connected

slide 6 SYN Flooding Attack S SYN C1 Listening… Spawn a new thread, store connection data SYN C2 SYN C3 SYN C4 SYN C5 … and more

slide 7 SYN Flooding Explained uAttacker sends many connection requests with spoofed source addresses uVictim allocates resources for each request New thread, connection state maintained until timeout Fixed bound on half-open connections uOnce resources exhausted, requests from legitimate clients are denied uThis is a classic denial of service attack Common pattern: it costs nothing to TCP initiator to send a connection request, but TCP responder must spawn a thread for each request (asymmetry!)

slide 8 Preventing Denial of Service uDoS is caused by asymmetric state allocation If responder opens new state for each connection attempt, attacker can initiate thousands of connections from bogus or forged IP addresses uCookies ensure that the responder is stateless until initiator produced at least 2 messages Responder’s state (IP addresses and ports of the con- nection) is stored in a cookie and sent to initiator After initiator responds, cookie is regenerated and compared with the cookie returned by the initiator

slide 9 SYN Cookies [Bernstein and Schenk] CS SYN C Listening… Does not store state F(source addr, source port, dest addr, dest port, coarse time, server secret) SYN S, ACK C sequence # = cookie F=Rijndael or crypto hash Recompute cookie, compare with with the one received, only establish connection if they match ACK S (cookie) Compatible with standard TCP; simply a “weird” sequence number scheme More info:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.