Network Attacks. Network Trust Issues – TCP Congestion control – IP Src Spoofing – Wireless transmission Denial of Service Attacks – TCP-SYN – Name Servers.

Slides:



Advertisements
Similar presentations
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Advertisements

Availability Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Aspects of Computer.
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
Measurement in Networks & SDN Applications. Interesting Questions Who is sending a lot to a subnet? – Heavy Hitters Is someone doing a port Scan? Is someone.
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.
Security (Continued) V.T. Raja, Ph.D., Oregon State University.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Network Attacks Mark Shtern.
Firewalls and Intrusion Detection Systems
Introduction to Security Computer Networks Computer Networks Term B10.
Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
CSE 190: Internet E-Commerce Lecture 16: Performance.
Security Awareness: Applying Practical Security in Your World
Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA © Abdou Illia.
Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 7: Denial-of-Service Attacks.
Lecture 15 Denial of Service Attacks
Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.
Firewalls. Similar to streaming a Video … Browser Network HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP.
Lecture 22 Page 1 Advanced Network Security Other Types of DDoS Attacks Advanced Network Security Peter Reiher August, 2014.
1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
Distributed Denial of Service Attacks Dennis Galinsky, Brandon Mikelaitis, Michael Stanley Brandon Williams, Ryan Williams.
Being an Intermediary for Another Attack Prepared By : Muhammad Majali Supervised By : Dr. Lo’ai Tawalbeh New York Institute of Technology (winter 2007)
1 Semester 2 Module 10 Intermediate TCP/IP Yuda college of business James Chen
Network security Further protocols and issues. Protocols: recap There are a few main protocols that govern the internet: – Internet Protocol: IP – Transmission.
Denial of Service Bryan Oemler Web Enhanced Information Management March 22 nd, 2011.
Final Introduction ---- Web Security, DDoS, others
DNS Security Pacific IT Pros Nov. 5, Topics DoS Attacks on DNS Servers DoS Attacks by DNS Servers Poisoning DNS Records Monitoring DNS Traffic Leakage.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
TCP/IP Vulnerabilities
CS426Network Security1 Computer Security CS 426 Network Security (1)
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
Lecture 1 Page 1 CS 239, Fall 2010 Distributed Denial of Service Attacks and Defenses CS 239 Advanced Topics in Computer Security Peter Reiher September.
Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.
ECEN “Internet Protocols and Modeling”, Spring 2012 Course Materials: Papers, Reference Texts: Bertsekas/Gallager, Stuber, Stallings, etc Class.
Lecture 12 Page 1 CS 236, Spring 2008 Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite.
Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.
DoS Suite and Raw Socket Programming Group 16 Thomas Losier Paul Obame Group 16 Thomas Losier Paul Obame.
Denial of Service Datakom Ht08 Jesper Christensen, Patrick Johansson, Robert Kajic A short introduction to DoS.
1 Introduction to Malcode, DoS Attack, Traceback, RFID Security Cliff C. Zou 03/02/06.
Chapter 7 Denial-of-Service Attacks Denial-of-Service (DoS) Attack The NIST Computer Security Incident Handling Guide defines a DoS attack as: “An action.
TCP/IP (Transmission Control Protocol / Internet Protocol)
Denial of Service DoS attacks try to deny legimate users access to services, networks, systems or to other resources. There are DoS tools available, thus.
________________ CS3235, Nov 2002 (Distributed) Denial of Service Relatively new development. –Feb 2000 saw attacks on Yahoo, buy.com, ebay, Amazon, CNN.
Firewalls Original slides prepared by Theo Benson.
DoS/DDoS attack and defense
Firewalls. Intro to Firewalls Basically a firewall is a barrier to keep destructive forces away from your computer network.
Network Security Threats KAMI VANIEA 18 JANUARY KAMI VANIEA 1.
MIPv6Security: Dimension Of Danger Unauthorized creation (or deletion) of the Binding Cache Entry (BCE).
Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.
Telecommunications Networking II Lecture 41d Denial-of-Service Attacks.
Lecture 17 Page 1 Advanced Network Security Network Denial of Service Attacks Advanced Network Security Peter Reiher August, 2014.
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
Denial of Service A comparison of DoS schemes Kevin LaMantia COSC 316.
Denial-of-Service Attacks
By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.
Comparison of Network Attacks COSC 356 Kyler Rhoades.
Introduction to Information Security
Original slides prepared by Theo Benson
DDoS Attacks on Financial Institutions Presentation
Outline Basics of network security Definitions Sample attacks
Introduction to Networking
Outline Basics of network security Definitions Sample attacks
Lecture 3: Secure Network Architecture
Protocol Application TCP/IP Layer Model
Outline Basics of network security Definitions Sample attacks
Presentation transcript:

Network Attacks

Network Trust Issues – TCP Congestion control – IP Src Spoofing – Wireless transmission Denial of Service Attacks – TCP-SYN – Name Servers DDoS (DNS) – DNS Amplification attack

Network Trust Issues

The Gullible Network A lot of network protocols assume people are well intentioned – TCP: Congestion Control – Wireless: Transmit power – BGP Route-advertisements

Cheating TCP 5 22, 2210, 35 35, 1015, 15 (x, y) A Increases by 1 Increases by 5 D  Increases by 1 Increases by 5 Individual incentives: cheating pays Social incentives: better off without cheating Classic Prisoner Dilemma: resolution depends on accountability Too aggressive  Losses  Throughput falls AB x DE y

Cheating Wireless 6 5Mbps, 5Mbps0MBps, 20MBps 20Mbps, 0Mbps 10Mbps, 10Mbps 10X Power Normal power Individual incentives: cheating pays Social incentives: better off without cheating Classic Prisoner Dilemma: resolution depends on accountability 10X Power Normal power A A C C B B

7 Origin: IP Address Ownership and Hijacking Who can advertise a prefix with BGP? – By the AS who owns the prefix – … or, by its upstream provider(s) in its behalf Implicit trust between upstream & downstream providers However, what’s to stop someone else? – Prefix hijacking: another AS originates the prefix – BGP does not verify that the AS is authorized

8 Prefix Hijacking: full or partial control /16 Consequences for the affected ASes – Blackhole: data traffic is discarded – Snooping: data traffic is inspected, and then redirected – Impersonation: data traffic is sent to bogus destinations

DoS

Denial of Service Attack Prevent other people from using a service: – A server – A link in a network High level idea – Sent a lot of packets and ensure 100% utilization No one else can use it.

DNS: Denial Of Service 11 Flood DNS servers with requests until they fail What was the effect? – … users may not even notice – Caching is almost everywhere More targeted attacks can be effective – Local DNS server  cannot access DNS – Authoritative server  cannot access domain

TCP: Denial Of Service (SYN Flood) 12 Send a bunch of SYN Packets to a server – Server allocates buffer and TCP sockets – You allocate nothing – Eventually the server runs out of space. How to solve this problem?

Recall: TCP Handshake SYN SYN/ACK A Server Server allocates: Allocates data structures E.g buffer space No allocations No resource committed

TCP: Denial Of Service (SYN Flood) 14 Send a bunch of SYN Packets to a server – Server allocates buffer and TCP sockets – Server responds with ‘SYN/ACK’ – You allocate nothing – Eventually Server runs out of space. How to solve this problem? – SYN Cookies: server stores nothing and instead responds with a special cookie – If cookie is returned in subsequent packet, then server allocates space – Assumption: If you come back then you aren’t a bad person

Problems with DoS One person attacks one server/link – Easy to figure out who …. – Easy to block …. – Takes a while for the attack to work…..

DDoS

Distributed Denial of Service Attack Take over a number of machines – Use a BotNet Use all machines to conduct a DoS on a server – Much more effective than regular DoS – Harder to stop and shutdown

DNS Amplification Attack 580,000 open resolvers on Internet (Kaminsky-Shiffman’06) DNS Server DoS Source DoS Target DNS Query SrcIP: DoS Target (60 bytes) EDNS Reponse (3000 bytes) DNS Amplification attack: (  40 amplification )

attacker Solutions ip spoofed packets replies victim open amplifier prevent ip spoofing disable open amplifiers

DDOS BotNet Name Server Name Server DNS Requests DNS Responses victim

Similar to streaming a Video … Browser Network HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi Loading Youtube YOU!!!!! Google!!!

What Happens When you Connect to a Website? Browser Network Loading SoundCloud HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: sound.mp3 HTTP Requests Get: sound.mp3

Similar to streaming a Video … Browser Network HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi Loading Youtube

Similar to streaming a Video … Browser Network HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi Loading Youtube

Similar to streaming a Video … Browser Network HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi Loading Youtube

Similar to streaming a Video … Browser Network HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi Loading Youtube

Similar to streaming a Video … Browser Network HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi Loading Youtube

Similar to streaming a Video … Browser Network HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi Loading Youtube

Similar to streaming a Video … Browser Network HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi Loading Youtube

Similar to streaming a Video … Browser Network HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi Loading Youtube

At What level should you apply security? You see just one packet What the network and lower layer see HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi You see the whole object what application sees Are you protecting against an attack on the application? E.g. worms, virus… Are you protecting against an attack on your network? E.g. DDoS

At What level should you apply security? You see just one packet What the network and lower layer see HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi You see the whole object what application sees Are you protecting against an attack on the application? E.g. worms, virus… Are you protecting against an attack on your network? E.g. DDoS

At What level should you apply security? You see just one packet What the network and lower layer see HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi You see the whole object what application sees Are you protecting against an attack on the application? E.g. worms, virus… Are you protecting against an attack on your network? E.g. DDoS

At What level should you apply security? You see just one packet What the network and lower layer see HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi You see the whole object what application sees Are you protecting against an attack on the application? E.g. worms, virus… Are you protecting against an attack on your network? E.g. DDoS

At What level should you apply security? You see just one packet What the network and lower layer see HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi You see the whole object what application sees Are you protecting against an attack on the application? E.g. worms, virus… Are you protecting against an attack on your network? E.g. DDoS

At What level should you apply security? You see just one packet What the network and lower layer see HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi You see the whole object what application sees Are you protecting against an attack on the application? E.g. worms, virus… Are you protecting against an attack on your network? E.g. DDoS

At What level should you apply security? You see just one packet What the network and lower layer see HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi You see the whole object what application sees Are you protecting against an attack on the application? E.g. worms, virus… Are you protecting against an attack on your network? E.g. DDoS

At What level should you apply security? You see just one packet What the network and lower layer see HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi You see the whole object what application sees Are you protecting against an attack on the application? E.g. worms, virus… Are you protecting against an attack on your network? E.g. DDoS

How are they deployed? “circle of trust” The Internet AKA “Everything evil” The firewall is the gatekeeper Only one way in or out into the circle

Types of Packet-Filters Stateless Very simple Applies rules to packets – Stateful A bit more complicated In addition to applying rules – It ensure that: all connections must be initiated from within the network

Stateful Firewalls “circle of trust” The Internet AKA “Everything evil” SYN Why would someone from the outside want to start a connection?

Stateful Firewalls “circle of trust” The Internet AKA “Everything evil” SYN Why would someone from the outside want to start a connection? – They would if you were running a web-server, an -server, a gaming server …. Pretty much any ‘server’ service.

At What level should you apply security? You see just one packet What the network and lower layer see HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi You see the whole object what application sees Are you protecting against an attack on the application? E.g. worms, virus… Are you protecting against an attack on your network? E.g. DDoS

At What level should you apply security? You see just one packet What the network and lower layer see HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi You see the whole object what application sees Are you protecting against an attack on the application? E.g. worms, virus… Are you protecting against an attack on your network? E.g. DDoS

Application Level Firewall Why are they needed? Attackers are tricky – When exploiting security vulnerabilities – They can use multiple packets. Need a system to scan across multiple packets for Virus/Worm/Vulnerability exploits

What Happens When you Connect to a Website? Browser Network Loading SoundCloud HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: sound.mp3 HTTP Requests Get: sound.mp3 What happens if the virus/worm is hidden in an ? Picture? Or if the security exploit is in an HTML page?

Application Level Firewall Why are they needed? Attackers are tricky – When exploiting security vulnerabilities – They can use multiple packets. Need a system to scan across multiple packets for Virus/Worm/Vulnerability exploits

Application Level Firewalls Similar to Packet-filters except: – Supports regular expression – Searches across different packets for a match – Reconstructs objects (images,pictures) from packets and scans objects.

Application Level Firewalls Similar to Packet-filters except: – Supports regular expression – Searches across different packets for a match – Reconstructs objects (images,pictures) from packets and scans objects. HTTP Requests Get: image.png HTTP Requests Get: image.png Appy reg-ex to the object:

Application Level Firewalls Similar to Packet-filters except: – Supports regular expression – Searches across different packets for a match – Reconstructs objects (images,pictures) from packets and scans objects. HTTP Requests Get: image.png HTTP Requests Get: image.png

Why doesn’t everyone use App level firewalls? Object re-assembly requires a lot of memory Reg-expressions require a lot of CPU App level firewalls are a lot more expensive – And also much slower  – So you need more -- a lot more.

How do you Attack the Firewall? Most Common: Denial-of-Service attacks – Figure out a bug in the Firewall code – Code causes it to handle a packet incorrectly – Send a lot of ‘bug’ packets and no one can use the firewall

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.