Feedback Based Routing Offense by: Ted Merchant and Kevin Tan.

Slides:



Advertisements
Similar presentations
Test Taking Strategies
Advertisements

Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,
Detecting Bugs Using Assertions Ben Scribner. Defining the Problem  Bugs exist  Unexpected errors happen Hardware failures Loss of data Data may exist.
Media Access Control (MAC) addresses in the network access layer ▫ Associated w/ network interface card (NIC) ▫ 48 bits or 64 bits IP addresses for the.
BY MICHAEL SUDKOVITCH AND DAVID ROITMAN UNDER THE GUIDANCE OF DR. GABI NAKIBLY OSPF Security project: Summary.
IUT– Network Security Course 1 Network Security Firewalls.
Firewalls Anand Sharma Austin Wellman Kingdon Barrett.
DDOS Defense by Offense OFFENSE Presented by: Anup Goyal Aojan Su.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
AVAYA, Inc.1 Pattern Shepherding Neil B. Harrison Avaya Inc. With a few updates by Joe Bergin
Security Firewall Firewall design principle. Firewall Characteristics.
Chapter 11 Firewalls.
Article: The Cyberweapon that could take down the Internet By Jacob Aron February 11, 2011 Presentation by Jacob Russell CSCE390 April 18 th, 2011.
1 Controlling High Bandwidth Aggregates in the Network.
Security Forum 2001John Kristoff - DePaul University1 Network Firewalls John Kristoff DePaul University Chicago, IL
Introduction. Overview of Pushback. Architecture of router. Pushback mechanism. Conclusion. Pushback: Remedy for DDoS attack.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
Feedback Based Routing By Dapeng Zhu, Mark Gritter, and David R. Cheriton.
John Kristoff DePaul Security Forum Network Defenses to Denial of Service Attacks John Kristoff
Access Lists Lists of conditions that control access.
Defense Against DDoS Presented by Zhanxiang for [Crab] Apr. 15, 2004.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—4-1 LAN Connections Constructing a Network Addressing Scheme.
Department Of Computer Engineering
An Overview Zhang Fu Outline What is DDoS ? How it can be done? Different types of DDoS attacks. Reactive VS Proactive Defence.
1 Firewalls Types of Firewalls  Screening router firewalls  Computer-based firewalls  Firewall appliances  Host firewalls (firewalls on clients and.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
Route Selection in Cisco Routers. Route Selection One of the intriguing aspects of Cisco routers, especially for those new to routing, is how the router.
Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.
1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
1 Internet Protocol: Forwarding IP Datagrams Chapter 7.
Lecture 29 Page 1 Advanced Network Security Privacy in Networking Advanced Network Security Peter Reiher August, 2014.
Using Windows Firewall and Windows Defender
Distributed Denial of Service CRyptography Applications Bistro Presented by Lingxuan Hu April 15, 2004.
SECURITY ZONES. Security Zones  A security zone is a logical grouping of resources, such as systems, networks, or processes, that are similar in the.
Chapter 20 – Firewalls The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz.
Review of Lesson One Material From Start To Finish Review.
CSIS  We need to create some logic to the environment  We want to keep like devices together  We want to make money leasing the use of the space.
Network Presence, LLC SM Innovative Security Solutions SM Understanding, Planning For, and Responding To Denial of Service Attacks SANS 2001.
Test Taking Strategies Types of Tests. 2 Before Taking Any Test read the question carefully try to answer the question before looking at the given answers.
Access Control List ACL’s 5/26/ What Is an ACL? An ACL is a sequential collection of permit or deny statements that apply to addresses or upper-layer.
GORAN OSIM AND TIM MYERS CPSC 424 DDOS AND THE SYSADMIN.
SNORT Biopsy: A Forensic Analysis on Intrusion Detection System By Asif Syed Chowdhury.
Social Factors Collecting Information on the impact of Social Factors on Your Teams Performance.
Module 10: How Middleboxes Impact Performance
INTERNET SAFETY FOR KIDS
Denial of Service DoS attacks try to deny legimate users access to services, networks, systems or to other resources. There are DoS tools available, thus.
1 Defense Strategies for DDoS Attacks Steven M. Bellovin
Solving Kriegspiel endings with brute force: the case of KR vs. K Paolo Ciancarini Gian Piero Favini University of Bologna.
DoS/DDoS attack and defense
1 The Network Menu. 2 Static Routing The Static Routing functionality within GD eSeries allows users to easily configure static routes to networks not.
SOS: An Architecture For Mitigating DDoS Attacks Authors: Angelos D. Keromytis, Vishal Misra, Dan Rubenstein. Published: ACM SIGCOMM 2002 Presenter: Jerome.
Routing. Classless Inter-Domain Routing Classful addressing scheme wasteful – IP address space exhaustion – A class B net allocated enough for 65K hosts.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Naming in Content-Oriented Architectures 1. select produce Data publishing RWINameKey Data own certify 2.
DOS Attacks Lyle YapDiangco COEN 150 5/21/04. Background DOS attacks have been around for decades Usually intentional and malicious Can cost a target.
SITXCOM003A Dealing With Conflict Situations
Open DNS resolvers have to be closed ● Open resolvers respond to recursive queries from any host on the Internet ● Amplification DNS attack 2.
ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.
By: Keith Reiter COSC 356. Today’s Agenda Introduction Types of firewalls Firewall Access Rules Firewall Logging Who needs a firewall Summary.
Improving Security Over Ipv6 Authentication Header Protocol using IP Traceback and TTL Devon Thomas, Alex Isaac, Majdi Alharthi, Ali Albatainah & Abdelshakour.
By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.
Some Great Open Source Intrusion Detection Systems (IDSs)
ROUTING.
Port Knocking Benjamin DiYanni.
Single-Area OSPF 1 Cisco Networking Academy program Routing Protocols
Forwarding and Routing IP Packets
Who should be responsible for risks to basic Internet infrastructure?
Network Security: IP Spoofing and Firewall
ITIS 6167/8167: Network and Information Security
Presentation transcript:

Feedback Based Routing Offense by: Ted Merchant and Kevin Tan

Paper is vauge - No mention of how this routing system will be implemented in the “wild” Internet. - How is the tree to be used by this routing system going to be built? - What will be the standard format used for the rule sets? No standard format mentioned at all in the paper. Rule sets are important to the routing system in the paper.

Paper is vauge (cont.)‏ - How often should routes get recomputed? The paper never mentions an appropriate time interval at all. (How long should the backup route have to be used before the best route can be used again?)‏

Lack of testing - The paper never mentions any testing on this routing system on... anything. - The paper makes lots of high-level assumptions without any testing results or measurements to back it up.

DoS defense - The end host can tell its access router to make a negative rule to accommodate the attack pattern of a malicious host. - Requires the access router to look at all of the packets and figure out if the packets match the attack pattern. This is not an easy thing to check, and the situation worsens when the access router has a lot of such situations to check.

DoS defense - Malicious or ignorant end hosts who make false reports of DoS attacks can make the situation even more problematic. - If malicious host gains control of the access router, he could tell the router to block access to a certain host, causing other routers to block access as well. Remedying this situation is difficult, and, even if the situation is eventually resolved, a significant amount of time (and money) has already been lost.

Other security risks - A malicious host who has gain controlled of the access router can instruct the access router to always use the longest route possible. This attack is also more difficult to detect than a DoS attack, which can be problematic.

Disjoint routes - This routing system always try to choose the most independent (disjoint) routes as the main route and the backup route. - Sometimes, the route chosen as the backup route is of poor quality. - In addition, if the recomputation interval is very long, users will be forced to use the poor quality backup route for a long time.

Questions? Comments? The usual.