Nicholas Weaver International Computer Science Institute

Slides:

Advertisements

Similar presentations

Brief-out: Isolation Working Group Topic discussion leader: Ken Birman.

Advertisements

VON Europe /19/00 SIP and the Future of VON Protocols SIP and the Future of VON Protocols: Presence and IM Jonathan Rosenberg.

Fall VoN 2000 SIP for IP Communications Jonathan Rosenberg Chief Scientist.

Nick Feamster Research: Network security and operations Teaching CS 7260 in Spring 2007 CS 7001 Mini-projects: –

Nick Feamster Research: Network security and operations –Helping network operators run the network better –Helping users help themselves Lab meetings:

Network Operations Research Nick Feamster

Saif Bin Ghelaita Director of Technologies & Standards TRA UAE

Internet Hardware Connected ‘Servers’ Servers provide: – Web pages – – File downloads.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Information-Centric Networks02b-1 Week 2 / Paper 2 Tussle in Cyberspace: Defining Tommorow’s Internet –David D. Clark, John Wroclawski, Karen R. Sollins.

Copyright © 1999 Telcordia Technologies All Rights Reserved Christian Huitema An SAIC Company IPv6: Connecting 6 billion.

Review: Routing algorithms Distance Vector algorithm. –What information is maintained in each router? –How to distribute the global network information?

 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.

CSE534 – Fundamentals of Computer Networks Lecture 16: Traffic Shaping + Net Neutrality Created by P. Gill Spring 2014, updated Spring 2015.

IT security Are you protected against hackers?. Why are we in danger?  The Internet is worldwide, publicly accessible  More and more companies and institutes.

Resource Pooling A system exhibits complete resource pooling if it behaves as if there was a single pooled resource. The Internet has many mechanisms for.

2005 Stanford Computer Systems Lab Flow Cookies Bandwidth Amplification as Flooding Defense Martin Casado, Pei Cao Niels Provos.

Internetworking Fundamentals (Lecture #1) Andres Rengifo Copyright 2008.

Self-Citation More than 7 papers at places of least relevance Nothing new except for the problem We stress however that our proposal is somewhat motivated.

Detecting Fraudulent Clicks From BotNets 2.0 Adam Barth Joint work with Dan Boneh, Andrew Bortz, Collin Jackson, John Mitchell, Weidong Shao, and Elizabeth.

ISOC-Chicago 2001John Kristoff - DePaul University1 Journey to the Center of the Internet John Kristoff DePaul University.

Future Research Directions Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays 1:30pm-2:50pm.

Towards an Active Network Architecture – Critique Rejaie Johnson Gergely Biczok.

Network Neutrality 4/21/20111Harvard Bits. 4/21/2011Harvard Bits2.

What computers talk about and how. (Networking & the Internet.) COS 116: 4/3/2008 Sanjeev Arora.

Lecture 1 Internet Overview: roadmap 1.1 What is the Internet? 1.2 Network edge  end systems, access networks, links 1.3 Network core  network structure,

Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.

Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.

BITS Pilani Pilani Campus Losses incurred by the TSPs due to shifting from Voice to VoIP AAYUSH GUPTA 2013B3A3652P PRADEEP BANERJEE 2013A3PS274G.

VOIP ENGR 475 – Telecommunications Harding University November 16, 2006 Jonathan White.

Networking Components Chad Benedict – LTEC

George Njoroge CSCIE 139 Hosted vs. Managed VoIP Hosted VOIP is utilizing a company for phone connectivity (soft and hard), extensions,

Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.

McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module E Network Basics.

Lecture 1 Internet CPE 401 / 601 Computer Network Systems slides are modified from Dave Hollinger and Daniel Zappala Lecture 1 Introduction.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 15 How VoIP and Skype Work.

Network Components 101 Travis Hill.

Computer Networking Part 1 CS 1 Rick Graziani Cabrillo College Fall 2005.

Impact of Prefix Hijacking on Payments of Providers Pradeep Bangera and Sergey Gorinsky Institute IMDEA Networks, Madrid, Spain Developing the Science.

Speaker:Chiang Hong-Ren Botnet Detection by Monitoring Group Activities in DNS Traffic.

What computers talk about and how. (Networking & the Internet.) COS 116, Spring 2011 Sanjeev Arora.

Topics to be covered 1. What are bots,botnet ? 2.How does it work? 4.Prevention of botnet. 3.Types of botnets.

15-1 Networking Computer network A collection of computing devices that are connected in various ways in order to communicate and share resources.

Voice over IP Are we there yet ? Presented by: Mark Caswell, Empire Technologies, LLC. Voice over IP.

1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.

Jordan Howell Frank Geiger. Table of Contents  Question  Overview of example  Packets  OSI Model  Network Layer  Data Link Layer  Physical Layer.

TASHKENT UNIVERSITY OF INFORMATION TECHNOLOGIES Lesson №18 Telecommunication software design for analyzing and control packets on the networks by using.

Networking Components Michelle Vega Network System Administrations LTEC /026 Mr. West.

Lecture 12 Page 1 CS 236, Spring 2008 Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite.

Lecture 20 Page 1 Advanced Network Security Basic Approaches to DDoS Defense Advanced Network Security Peter Reiher August, 2014.

1 Defense Strategies for DDoS Attacks Steven M. Bellovin

Lowering the Barriers to Innovation Jennifer Rexford Computer Science Department Princeton University

End-to-End Principle Brad Karp UCL Computer Science CS 6007/GC15/GA07 25 th February, 2009.

Net Neutrality: The fight to control the Internet.

Lecture 16 Page 1 CS 239, Spring 2007 Designing Performance Experiments: An Example CS 239 Experimental Methodologies for System Software Peter Reiher.

Voice over Internet Protocol Presenter: Devesh Patidar Arunjay Singh August 2, 2009.

Networking Components Assignment 3 Corbin Watkins.

Deep Packet Inspection. Definition Uses Privacy Concerns Neutrality Concerns.

IPv6 Security Issues Georgios Koutepas, NTUA IPv6 Technology and Advanced Services Oct.19, 2004.

Lecture 12 Page 1 CS 136, Spring 2009 Network Security: Firewalls CS 136 Computer Security Peter Reiher May 12, 2009.

Installation and Setting up a Wireless LAN. Why would you want a Wireless LAN? Because it would take a lot of cable to set up your Internet, and a wireless.

Lecture 9 Page 1 CS 236 Online Firewalls What is a firewall? A machine to protect a network from malicious external attacks Typically a machine that sits.

CS590B/690B – Measuring Network Interference (Fall 2016)

Authors – Johannes Krupp, Michael Backes, and Christian Rossow(2016)

ECE 671 – Lecture 16 Content Distribution Networks

Packet Sniffing.

Firewalls Purpose of a Firewall Characteristic of a firewall

Wireless Home Networking Chapter 3 Outline

ENGR 475 – Telecommunications

Firewalls Jiang Long Spring 2002.

Presentation transcript:

Nicholas Weaver International Computer Science Institute Printed: March 27, 2017 Malice is a Feature or The Inner-Tubes Are Sewer Pipes, and I Like It That Way Nicholas Weaver International Computer Science Institute Internet Worms Paxson, Savage, Voelker, Weaver

Malice is A Feature Malice is a testament to network flexibility Printed: March 27, 2017 Malice is A Feature Malice is a testament to network flexibility The same properties which enable botnets and worms allows Skype, Bittorrent, and BOINC (Seti@home) All are end-host applications which can run over the network How is BOINC not a botnet, apart from intent? Locking down malicious activity may have significant collateral damage Detecting global malicious activity can be decidedly dual-use: A system to detect copyright violations or bots in the network traffic would have capabilities which would make even the Stasi hesitant Why should the network have to fix the end host? The only exception is traffic DDoS, which is an attack on the network not the host As for porn, terrorist information sharing, political dissent Do we even want the network to handle theses security issues? Internet Worms Paxson, Savage, Voelker, Weaver

I Don’t Want “Security” to Create A “Phone Network” Internet Printed: March 27, 2017 I Don’t Want “Security” to Create A “Phone Network” Internet The Internet billing model: “All you can Eat” or “Bits is Bits” A billing model I cound probably live with: “Bits at a given QOS (pick your metric) are Bits at a given QOS” (Weak Network Neutrality) Some implications I don’t understand But too much network control will create a Phone Network Internet: “Bits are Priced on Intent” like cellphones are today Data: $20 for 5 GB  2000 Mb/$ Voice: $.04/min at 8 kbps  12 Mb/$ SMS: $.04 for 1 kB  0.2 Mb/$ Not only is SMS the most valuable traffic for the phone company, it also needs the least quality of service Creates huge incentives for ISPs to muck with traffic (This is why ISPs don’t want Network Neutrality) IM over IP is a huge potential loss of revenue combared with SMS Skype and Vonage hurt your telecom business Why do you think the iPhone is so incredibly locked down? Many security features enable discriminatory treatment of traffic Internet Worms Paxson, Savage, Voelker, Weaver

And There is Too Much “Security” Already Available Printed: March 27, 2017 And There is Too Much “Security” Already Available The Great Firewall of China et al “The Net treats censorship as damage and routes around it.” (John Gilmore) has proven to be severely strained… ISPs are beginning to manipulate traffic Most major ISPs are also telecom & video providers: Why carry the bits of your cheaper competition? Bittorrent uploads? Verso: Eliminate Skype and P2P in your [carrier] network Time/Warner Cable: Not using standard ports is a violation of the AUP because it interferes with traffic shaping Small ISP: Inserting advertisements into all viewed web pages!? NebuAd/Fair Eagle: Profiling users and inserting adds on the wire! AT&T: We will enforce copyright violations in the network! Yes, Virginia, your ISP/Backbone wants to perform deep packet manipulation As well as build some NSA server rooms… So how are the current security tools, in the hands of the ISPs, not already a threat to the open Internet of today? Would future security built into the fabric be any better? Why can’t we simply tolerate malice as a feature? Internet Worms Paxson, Savage, Voelker, Weaver

(Backup) What Little Security I actually want: Printed: March 27, 2017 (Backup) What Little Security I actually want: Authenticated and reliable naming and routing: Obvious. If I ask for foo.com, I need to get to foo.com Lightweight authenticated pushback: Traffic DDoS is a Network problem: pushback doesn’t solve this, but it puts an upper bound on the number of packets each zombie can send Unsolicited conversation is a feature, but the recipient should be able to cheaply say “Go Away and Don’t Bug Me Again” Mechanism needs to be scalable Probably also requires “no spoofing”, but ISPs should want this anyway End to end global fairness/congestion control (and a Pony)… Fix the biggest bug in the Internet: we need to enforce fairness along the network path, not at the endpoints But keep the current economics for constructing the network… I have no clue how to even start to think of how to do this: If I did, I would have submitted the FIND proposal already Internet Worms Paxson, Savage, Voelker, Weaver