Presentation is loading. Please wait.

Presentation is loading. Please wait.

Leveraging Good Intentions to Reduce Unwanted Network Traffic Marianne Shaw (U. Washington) USENIX 2nd Workshop on Steps to Reducing Unwanted Traffic on.

Published byKelsie Storm Modified over 9 years ago

Similar presentations

Presentation on theme: "Leveraging Good Intentions to Reduce Unwanted Network Traffic Marianne Shaw (U. Washington) USENIX 2nd Workshop on Steps to Reducing Unwanted Traffic on."— Presentation transcript:

1 Leveraging Good Intentions to Reduce Unwanted Network Traffic Marianne Shaw (U. Washington) USENIX 2nd Workshop on Steps to Reducing Unwanted Traffic on the Internet (SRUTI), 2006.

2 2009/4/7 Speaker: Li-Ming Chen 2 Related Work: Reduce Unwanted Network Traffic Network-based approach  Monitor and characterize network traffic (normal or abnormal)  Eliminate unwanted traffic by identify them Source-limiting approach  E.g., Ingress filtering, reverse firewall…  Define good behaviors of managed users Approach is not independent  Protect one side, assume one side is trustworthy

3 2009/4/7 Speaker: Li-Ming Chen 3 Motivation User-administrated machines are well- intentioned but easily compromised  Once compromised, they will be used to amplify attacker’s ability to inflict damage Can we leverage users’ non-malicious intentions to prevent their machines from being used to generate unwanted traffic?  Say, even when compromised, these machines only generate well-behaved traffic

4 2009/4/7 Speaker: Li-Ming Chen 4 The Concept AB Normal communication Hmm, I don’t want this one :( Stop sending, please… (good intention!!) Malicious attempt ! Okay, I accept. (not being blocked!) Malicious attempt blocked !

5 2009/4/7 Speaker: Li-Ming Chen 5 Goal Propose a solution to reduce unwanted network traffic by enabling either side of a conversation to summarily terminate the conversation without the other endpoints cooperation.  A control plane is used to monitor conversations between endhosts  A enforcement mechanism is used to prevent unwanted traffic injecting into the network  Host-based, no extra mechanism is needed within the network

6 2009/4/7 Speaker: Li-Ming Chen 6 3 Key Observations (Design Rationales) Accept that machines will be compromised  But can avoid them generate unwanted traffic?! Users would be willing to thwart their machines to be used to inflict damage Defining and identifying unwanted behavior is difficult and often subjective  Two hosts may not classify the same traffic in the same way Can we leverage users’ non-malicious intentions to prevent their machines from being used to generate unwanted traffic?

7 2009/4/7 Speaker: Li-Ming Chen 7 A Simple Example: TCP-based Prototype Leverage the characteristics of TCP (connection oriented) to develop a prototype that is virtually invisible to endhosts AB Enf. Mech. In this case, The enforcement mechanism executes on a separate physical machine (act as a gateway for A) Connect with a dedicated Ethernet connection Guarantee host A will not generate unwanted traffic

8 2009/4/7 Speaker: Li-Ming Chen 8 A Simple Example: TCP-based Prototype Normal case: When A starts flooding B, B may send a RST packet to stop the packet flood. AB Enf. Mech. RST (good intention!!) Flooding packets Stop flooding!  However, attacker may ignore the RST, and continue to send high rates of unwanted packets.

9 2009/4/7 Speaker: Li-Ming Chen 9  However, attacker may ignore the RST, and continue to send high rates of unwanted packets. A Simple Example: TCP-based Prototype AB Enf. Mech. RST (good intention!!) Leverage good intention: Once the enf. mech. observes a valid incoming RST packet, the enf. mech. drops all outgoing network packets associated with this connection. Continue flooding packets Oh, I know that B want to close this connection & the intention is good! Packets blocked

10 2009/4/7 Speaker: Li-Ming Chen 10 Requirements (problems) When receiving unwanted traffic, B must be able to identify the source. Only honor requests to temporarily terminate an existing packet stream. Enf. mech. must be voluntarily adopted by endhosts. Upon receiving a termination request, the packet stream must be terminated without A’s cooperation. AB Enf. Mech. Enf. Mech. Only a recipient of unwanted traffic can make the request. (This mechanism can not be used for malicious intention)

11 2009/4/7 Speaker: Li-Ming Chen 11 Design The control plane The enforcement mechanism

12 2009/4/7 Speaker: Li-Ming Chen 12 Design: Control Plan Signaling 1. Unique Identifier AB Enf. Mech. Enf. Mech. Problem: DHCP, IP spoofing.  IP is the unique identifier of an active conversation  IP Accountability is necessary! A must not spoof its IP address. B can identify and contact A. B should not be penalized for spoofed packet. Enf. Mech. can sense reasonable IP change. Enf. Mech. will discard requests coming from spoofed IP

13 2009/4/7 Speaker: Li-Ming Chen 13 Design: Control Plan Signaling 2. Defining a Network Conversation AB Enf. Mech. Enf. Mech. A network conversation is used to track sequence of network packets  Dictates which packets will be dropped when a termination request is received. Conversation principals: 5-tuples Conversation start/stop: 1. observe network packets and maintain internal state (e.g., TCP) 2. or observe patterns of network activity

14 2009/4/7 Speaker: Li-Ming Chen 14 Design: Control Plan Signaling 3. Termination Requests AB Enf. Mech. Enf. Mech. Require a new signaling mechanism Indicate which network conversation is being terminated Indicate the amount of time of the termination B must decide unwanted traffic, Send termination requests back to A, Must not spoof its own identify (IP address).

15 2009/4/7 Speaker: Li-Ming Chen 15 Design: Enforcement Mechanism (avoid being attacked/misused) 1) the enforcement mechanism cannot be bypassed or subverted by attackers 2) the enforcement mechanism cannot be undermined by replaying a previous conversation through the mechanism 3) the enforcement mechanism can be deployed incrementally by end users and removed as needed, which should be extremely rare.

16 2009/4/7 Speaker: Li-Ming Chen 16 Endpoint Authentication (TCP example) The enforcement mechanism must provide its own endpoint authentication.  Adding a random 32-bit nonce to the initial sequence number (ISN) during connection establishment  Ensure that two untrusted, colluding hosts cannot subvert the enforcement mechanism.  Man in the middle attack?

17 2009/4/7 Speaker: Li-Ming Chen 17 Conclusion Argue that one can leverage good intentions of uses to reduce unwanted traffic on the Internet.  Well-intentioned hosts can summarily terminate unwanted traffic  By using independent control plane and enforcement mechanism

18 2009/4/7 Speaker: Li-Ming Chen 18 My Comment (1/3) A new idea to build up security mechanism But it’s somewhat passive :(  Accept host is vulnerable and will be compromised  Once being bothered by a malicious host, request for termination   In real world, compromised might be unacceptable   besides, a vulnerable host gains nothing from this mechanism Except not generating too much unwanted traffic to the Internet, after it got infected !!

19 2009/4/7 Speaker: Li-Ming Chen 19 My Comment (2/3) The action is triggered by well-intentioned hosts  What does unwanted traffic mean to me?  How to show my good intention?  not discussed in this paper…  or not implemented in on-line protocols & applications and enforced by its peer (who sends unwanted traffic)  Accountable, integrity (for both)

20 2009/4/7 Speaker: Li-Ming Chen 20 My Comment (3/3) Receive unwanted traffic, but request for termination for others!  E.g., stop sending packets to this subnet  Or stop scanning on these ports Reflection !?  Why everybody don’t like me? It must be something wrong…

Download ppt "Leveraging Good Intentions to Reduce Unwanted Network Traffic Marianne Shaw (U. Washington) USENIX 2nd Workshop on Steps to Reducing Unwanted Traffic on."

Similar presentations

Module X Session Hijacking

Module X Session Hijacking
Shutup An E2E Approach to DoS Defense Paul Francis Saikat Guha Cornell.

Shutup An E2E Approach to DoS Defense Paul Francis Saikat Guha Cornell.
SPATor: Improving Tor Bridges with Single Packet Authorization Paper Presentation by Carlos Salazar.

SPATor: Improving Tor Bridges with Single Packet Authorization Paper Presentation by Carlos Salazar.
Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.

Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
CCNA – Network Fundamentals

CCNA – Network Fundamentals
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.

Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung(1203584897) Sriram Gopinath(1203800749)

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.

Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.
1 Pertemuan 05 Firewall Matakuliah: H0451/Praktikum Jaringan Komputer Tahun: 2006 Versi: 1/0.

1 Pertemuan 05 Firewall Matakuliah: H0451/Praktikum Jaringan Komputer Tahun: 2006 Versi: 1/0.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey

Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.

Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.
Data Security in Local Networks using Distributed Firewalls

Data Security in Local Networks using Distributed Firewalls

Similar presentations

Ads by Google