A DoS-limiting Network Architecture ~Offense~ Alberto Gonzalez Keven Tan.

Slides:

Advertisements

Similar presentations

Chabot College Chapter 2 Review Questions Semester IIIELEC Semester III ELEC

Advertisements

Using Capability to prevent Internet Denial-of-Service attacks  Tom Anderson  Timothy Roscoe  David Wetherall  Offense Team –Khoa To –Amit Saha.

SCTP v/s TCP – A Comparison of Transport Protocols for Web Traffic CS740 Project Presentation by N. Gupta, S. Kumar, R. Rajamani.

LAN DESIGN. Functionality - the network must work with reasonable speed and reliability.

A DoS-limiting Network Architecture CSCE 715: Fall’06 Presentation by: Amit Jain Shantnu Chaturvedi.

Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.

A DoS-Limiting Network Architecture Presented by Karl Deng Sagar Vemuri.

PSMC Proxy Server-based Multipath Connection CS 526 Advanced Networking - Richard White.

IP Traceback With Deterministic Packet Marking Andrey Belenky and Nirwan Ansari IEEE communication letters, VOL. 7, NO. 4 April 2003 林怡彣.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

1 TVA: A DoS-limiting Network Architecture Xiaowei Yang (UC Irvine) David Wetherall (Univ. of Washington) Thomas Anderson (Univ. of Washington)

“On Scalable Attack Detection in the Network” Ramana Rao Kompella, Sumeet Singh, and George Varghese Presented by Nadine Sundquist.

Using Prices to Allocate Resources at Access Points Jimmy Shih, Randy Katz, Anthony Joseph One Administrative Domain Access Point A Access Point B Network.

The War Between Mice and Elephants By Liang Guo (Graduate Student) Ibrahim Matta (Professor) Boston University ICNP’2001 Presented By Preeti Phadnis.

Stanford University August 22, 2001 TCP Switching: Exposing Circuits to IP Pablo Molinero-Fernández Nick McKeown Stanford University.

This is not an impossible architecture – Incremental Deployment Compatible Unlike any previous papers, this paper addresses a lot of issues connected.

A DoS Limiting Network Architecture An Overview by - Amit Mondal.

Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.

QTIP Version 0.2 4th August 2015.

Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.

And how they are used. Hubs send data to all of the devices that are plugged into them. They have no ability to send packets to the correct ports. Cost~$35.

Presentation Title Subtitle Author Copyright © 2002 OPNET Technologies, Inc. TM Introduction to IP and Routing.

By Shobana Padmanabhan Sep 12, 2007 CSE 473 Class #4: P2P Section 2.6 of textbook (some pictures here are from the book)

Advanced Network Architecture Research Group 2001/11/149 th International Conference on Network Protocols Scalable Socket Buffer Tuning for High-Performance.

Professor OKAMURA Laboratory. Othman Othman M.M. 1.

Current Network Schema Router Internet Switch PC.

Distributed Denial of Service CRyptography Applications Bistro Presented by Lingxuan Hu April 15, 2004.

Chapter 37 Network Security. Aspects of Security data integrity – data received should be same as data sent data availability – data should be accessible.

Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.

1 Flow Identification Assume you want to guarantee some type of quality of service (minimum bandwidth, maximum end-to-end delay) to a user Before you do.

1 LAN design- Chapter 1 CCNA Exploration Semester 3 Modified by Profs. Ward and Cappellino.

ONLINE GAME NETWORK TRAFFIC OPTIMIZATION Jaewoo kim Youngho yi Minsik cho.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

Internetworking Concept and Architectural Model Chapter 3.

DoS attacks on transit network - David Harmelin ( ) Denial of Service attacks on transit networks David Harmelin DANTE.

The Design and Implementation of Firewall, NAT, Traffic Shaper on FreeBSD.

Chapter 13 The Internet.

Chapter 9 Cisco IOS Firewall. IOS Firewall  Stateful packet-filter firewall that runs on a router  Provides firewall capabilities and normal routing.

1 Wide Area Network Emulation on the Millennium Bhaskaran Raman Yan Chen Weidong Cui Randy Katz {bhaskar, yanchen, wdc, Millennium.

Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.

Network Components Basics!. Network HUB  Used to connect multiple Ethernet devices together  Layer 1 of the OSI model  Not used much today.

Early Detection of DDoS Attacks against SDN Controllers

science/internet-intro

Chapter 7 – Confidentiality Using Symmetric Encryption.

1 Review – The Internet’s Protocol Architecture. Protocols, Internetworking & the Internet 2 Introduction Internet standards Internet standards Layered.

C-Through: Part-time Optics in Data centers Aditi Bose, Sarah Alsulaiman.

Lect1..ppt - 01/06/05 CDA 6505 Network Architecture and Client/Server Computing Lecture 3 TCP and IP by Zornitza Genova Prodanoff.

Computer Network Architecture Lecture 7: OSI Model Layers Examples II 1 26/12/2012.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

FIREWALLS An Important Component in Computer Systems Security By: Bao Ming Soh.

Network Processing Systems Design

أمن المعلومات لـ أ. عبدالرحمن محجوب حمد mtc.edu.sd أمن المعلومات Information Security أمن المعلومات Information Security  أ. عبدالرحمن محجوب  Lec (5)

Chapter 3 TCP and IP Chapter 3 TCP and IP.

Visit for more Learning Resources

MOBILE NETWORKS DISASTER RECOVERY USING SDN-NFV

Different Traffic Management Techniques for Mobile Broadband Networks

WSU Linux Users Group By Haven Hash

Networking devices.

Network Attacks Dylan Small.

SCTP v/s TCP – A Comparison of Transport Protocols for Web Traffic

A DoS-limiting Network Architecture

Lecture # 7 Firewalls الجدر النارية. Lecture # 7 Firewalls الجدر النارية.

Defending Against DDoS

PPPoE Internet Point to Point Protocol over Ethernet

Alex Guy packets (stars) tor routers users web servers (squares)

Brooklyn, New York, United States, 2 October 2018

DDoS Attack and Its Defense

Protocol Application TCP/IP Layer Model

Project proposal Multi-stream and multi-path audio transmission

Presentation transcript:

A DoS-limiting Network Architecture ~Offense~ Alberto Gonzalez Keven Tan

Big Change ➲ They propose the start of a new architecture ● Every router will need to be modified to implement the capabilities ● Destinations will need to implement the capabilities ➲ What happens if some companies don't implement this new architecture? Will some users be completely cut off from parts of the Internet?

Design ➲ Slows down attack traffic, but good traffic could possibly be flagged if mistaken for an attack ● If no capability is available (even if by router or destination fault) the packets are treated as latency packets ➲ Speed of connection limited by fine-grained capabilities

Design (cont) ➲ Encryption Overhead (more on this later) ➲ Everyone gets a share of the bandwidth ● Even if it's a small share, small shares add up

Simulation ➲ Attackers ● What about a Botnet attack? ● ~100,000 vs 100 ➲ Realistic? ● Every attacker was similar (packet size, etc)

Simulations: Floods ➲ Authorized Packet Floods ● “[users] get a lesser share of the bandwidth, but no user will be starved” ● What about more user's, problems with low bandwidth with 10 users

Simulation (Cont) 0.46s 0.033sPer 1.486sMillion 0.439s Packets 1.821s ➲ Servers can get 1+ million packets per second ➲ Hash Functions Decrease Performance