Low-Rate TCP-Targeted DoS Attack Disrupts Internet Routing Ying Zhang Z. Morley Mao Jia Wang Presented in NDSS07 Prepared by : Hale Ismet.

Slides:



Advertisements
Similar presentations
CCNP Network Route BGP Part -I BGP : Border Gateway Protocol. It is a distance vector protocol It is an External Gateway Protocol and basically used for.
Advertisements

CSIT560 Internet Infrastructure: Switches and Routers Active Queue Management Presented By: Gary Po, Henry Hui and Kenny Chong.
CISCO NETWORKING ACADEMY PROGRAM (CNAP)
1 Copyright  1999, Cisco Systems, Inc. Module10.ppt10/7/1999 8:27 AM BGP — Border Gateway Protocol Routing Protocol used between AS’s Currently Version.
CS Summer 2003 CS672: MPLS Architecture, Applications and Fault-Tolerance.
Border Gateway Protocol Ankit Agarwal Dashang Trivedi Kirti Tiwari.
CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.
Border Gateway Protocol Autonomous Systems and Interdomain Routing (Exterior Gateway Protocol EGP)
Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.
1 BGP Anomaly Detection in an ISP Jian Wu (U. Michigan) Z. Morley Mao (U. Michigan) Jennifer Rexford (Princeton) Jia Wang (AT&T Labs)
© 2007 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. The Taming of The Shrew: Mitigating.
1 Finding a Needle in a Haystack: Pinpointing Significant BGP Routing Changes in an IP Network Jian Wu (University of Michigan) Z. Morley Mao (University.
S ufficient C onditions to G uarantee P ath V isibility Akeel ur Rehman Faridee
Presented by Prasanth Kalakota & Ravi Katpelly
1 ELEN 602 Lecture 20 More on Routing RIP, OSPF, BGP.
Computer Networking Inter-Domain Routing BGP (Border Gateway Protocol)
Computer Networking Lecture 10: Inter-Domain Routing
Unicast Routing Protocols: RIP, OSPF, and BGP
A Routing Control Platform for Managing IP Networks Jennifer Rexford Princeton University
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #8 Explicit Congestion Notification (RFC 3168) Limited Transmit.
1 Sonia Fahmy Ness Shroff Students: Roman Chertov Rupak Sanjel Center for Education and Research in Information Assurance and Security (CERIAS) Purdue.
Reliable Transport Layers in Wireless Networks Mark Perillo Electrical and Computer Engineering.
© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—6-1 Connecting an Enterprise Network to an ISP Network Considering the Advantages of Using BGP.
Low-Rate TCP-Targeted Denial of Service Attacks Presenter: Juncao Li Authors: Aleksandar Kuzmanovic Edward W. Knightly.
Low-Rate TCP Denial of Service Defense Johnny Tsao Petros Efstathopoulos Tutor: Guang Yang UCLA 2003.
1 Autonomous Systems An autonomous system is a region of the Internet that is administered by a single entity. Examples of autonomous regions are: UVA’s.
ROUTING PROTOCOLS Rizwan Rehman. Static routing  each router manually configured with a list of destinations and the next hop to reach those destinations.
Low-Rate TCP-Targeted DoS Attack Disrupts Internet Routing
Unicast Routing Protocols  A routing protocol is a combination of rules and procedures that lets routers in the internet inform each other of changes.
Border Gateway Protocol
BGP Border Gateway Protocol By Amir and David. What Is BGP ? Exterior gateway protocols are designed to route between autonomous systems. AS’s : A set.
Border Gateway Protocol Presented BY Jay Purohit & Rupal Jaiswal GROUP 9.
Border Gateway Protocol
© 2001, Cisco Systems, Inc. A_BGP_Confed BGP Confederations.
Border Gateway Protocol (BGP) W.lilakiatsakun. BGP Basics (1) BGP is the protocol which is used to make core routing decisions on the Internet It involves.
Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible.
A Firewall for Routers: Protecting Against Routing Misbehavior1 June 26, A Firewall for Routers: Protecting Against Routing Misbehavior Jia Wang.
TCP Trunking: Design, Implementation and Performance H.T. Kung and S. Y. Wang.
A Measurement Study on the Impact of Routing Events on End-to-End Internet Path Performance Feng Wang 1, Zhuoqing Morley Mao 2 Jia Wang 3, Lixin Gao 1,
T. S. Eugene Ngeugeneng at cs.rice.edu Rice University1 COMP/ELEC 429/556 Introduction to Computer Networks Inter-domain routing Some slides used with.
On Understanding of Transient Interdomain Routing Failures Feng Wang, Lixin Gao, Jia Wang, and Jian Qiu Department of Electrical and Computer Engineering.
1 A Framework for Measuring and Predicting the Impact of Routing Changes Ying Zhang Z. Morley Mao Jia Wang.
Evolving Toward a Self-Managing Network Jennifer Rexford Princeton University
1 SIGCOMM ’ 03 Low-Rate TCP-Targeted Denial of Service Attacks A. Kuzmanovic and E. W. Knightly Rice University Reviewed by Haoyu Song 9/25/2003.
An internet is a combination of networks connected by routers. When a datagram goes from a source to a destination, it will probably pass through many.
Evolving Toward a Self-Managing Network Jennifer Rexford Princeton University
An End-to-End Service Architecture r Provide assured service, premium service, and best effort service (RFC 2638) Assured service: provide reliable service.
Breaking BGP sessions February 14, 2016 Udi Ben-Porat
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—7-1 Optimizing BGP Scalability Improving BGP Convergence.
1 Border Gateway Protocol (BGP) and BGP Security Jeff Gribschaw Sai Thwin ECE 4112 Final Project April 28, 2005.
A Measurement Study on the Impact of Routing Events on End-to-End Internet Path Performance Feng Wang 1, Zhuoqing Morley Mao 2 Jia Wang 3, Lixin Gao 1,
Routing Protocols COSC 541 Data Commun. System & Networks Yue Dou.
Text BGP Basics. Document Name CONFIDENTIAL Border Gateway Protocol (BGP) Introduction to BGP BGP Neighbor Establishment Process BGP Message Types BGP.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 BGP Overview Establishing BGP Sessions.
© 2002, Cisco Systems, Inc. All rights reserved..
An End-to-End Service Architecture r Provide assured service, premium service, and best effort service (RFC 2638) Assured service: provide reliable service.
Border Gateway Protocol. Intra-AS v.s. Inter-AS Intra-AS Inter-AS.
Computer Networking Inter-Domain Routing BGP (Border Gateway Protocol)
Autonomous Systems An autonomous system is a region of the Internet that is administered by a single entity. Examples of autonomous regions are: UVA’s.
Internet Networking recitation #9
Jian Wu (University of Michigan)
Chapter 6 Congestion Avoidance
The Taming of The Shrew: Mitigating Low-Rate TCP-targeted Attack
Cisco Real Exam Dumps IT-Dumps
Autonomous Systems An autonomous system is a region of the Internet that is administered by a single entity. Examples of autonomous regions are: UVA’s.
BGP Overview BGP concepts and operation.
Connecting an Enterprise Network to an ISP Network
Computer Networking TCP/IP Part 2
Internet Networking recitation #10
Computer Networks Protocols
Presentation transcript:

Low-Rate TCP-Targeted DoS Attack Disrupts Internet Routing Ying Zhang Z. Morley Mao Jia Wang Presented in NDSS07 Prepared by : Hale Ismet

The attacks Attacks targeting end hosts Attacks targeting end hosts Denial of Service attacks, worms, spam Denial of Service attacks, worms, spam Attacks targeting the routing infrastructure Attacks targeting the routing infrastructure

Border Gateway Protocol standard inter-domain routing protocol There are two types of BGP sessions: eBGP iBGP sessions. It is former are between routers withindifferent autonomous systems (ASes) or networks AS 2

To ensure liveness of the neighbor in a BGP session, routers periodically exchange keepalive messages C BR AS 1 AS 2 BGP session Transport: TCP connection C BR Keepalive confirm peer liveliness; determine peer reachability BGP HoldTimer expired BGP session reset

Low-rate TCP-targeted DoS attacks minRTO2 x minRTO 4 x minRTO Time TCP congestion window size (segments) Initial window size Attack flow period approximates minRTO of TCP flows

the attacker can indeed bring down the BGP session 1-Burst Length L needs to be long enough to cause congestion 2-Peak magnitude R also needs to be large to cause congestion. 3- Inter-burst period T needs to be minRTO to cause session reset

To effect of this attack on BGP 1. that attack traffic lowers the sending rate of the TCP connection carrying BGP traffic ; this increased convergence 2. the more severe effect on the BGP session is the possibility of BGP session reset caused by all packets dropped within a time interval exceeding the hold timer value.

Testbed experiments the high-end Cisco router GSR (It is widely used in Internet and is very powerful ) the high-end Cisco router GSR (It is widely used in Internet and is very powerful ) Demonstrating the attack feasibility by two computers Demonstrating the attack feasibility by two computers

UDP-based attack flow Attacker A Receiver B Router R1 C BR Router R2 C BR minRTO 2*minRTO 7 th retransmitted BGP Keepalive message BGP Session Reset Take 3 min

Kind of routers

the probability of session reset. the burst length of 225 msec, the attacker has around 30% probability to reset the session with 42% available bandwidth the burst length of 225 msec, the attacker has around 30% probability to reset the session with 42% available bandwidth

Attack peak magnitude’s impact on session reset and table transfer duration

Necessary conditions for single attack Inter-burst period approximates minRTO Inter-burst period approximates minRTO The attack flow’s path traverses at least one link of the BGP session The attack flow’s path traverses at least one link of the BGP session Attack flow’s bottleneck link is the target link Attack flow’s bottleneck link is the target link

bring down the BGP session To avoid sending too much traffic from each node, we perform time synchronization designed

Conditions for Coordinated attacks 1’. Sufficiently strong combined attack flows to cause congestion 1’. Sufficiently strong combined attack flows to cause congestion 2. The attack flow’s path traverses the BGP session 2. The attack flow’s path traverses the BGP session 3’. Identify the target link location 3’. Identify the target link location

Attack prevention hiding information hiding information -Kuzmanovic03 :Randomize minRTO -Hide network topology from end-hosts.  prioritize routing traffic Weighted Random Early Detection (WRED) [It is a mechanism ] Weighted Random Early Detection (WRED) [It is a mechanism ] Prevent TCP synchronization Prevent TCP synchronization Selectively drop packets : Drop low-priority packets first when the queue size exceeds defined thresholds Selectively drop packets : Drop low-priority packets first when the queue size exceeds defined thresholds ** WRED relies on the IP precedence field in the packet header

BGP table transfer with WRED enabled under attack

Conclusion Feasibility of attacks against Internet routing infrastructure Feasibility of attacks against Internet routing infrastructure Prevention solution using existing router configurations Prevention solution using existing router configurations Difficulties in detecting and defending against coordinated attacks Difficulties in detecting and defending against coordinated attacks

Thanks Any Questions? Any Questions? Attacker A Receiver B BGP Session Reset

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.