Presentation is loading. Please wait.

Presentation is loading. Please wait.

Panel: Current Research on Stopping Unwanted Traffic Vern Paxson, Stefan Savage, Helen J. Wang IAB Workshop on Unwanted Traffic March 10, 2006.

Similar presentations


Presentation on theme: "Panel: Current Research on Stopping Unwanted Traffic Vern Paxson, Stefan Savage, Helen J. Wang IAB Workshop on Unwanted Traffic March 10, 2006."— Presentation transcript:

1 Panel: Current Research on Stopping Unwanted Traffic Vern Paxson, Stefan Savage, Helen J. Wang IAB Workshop on Unwanted Traffic March 10, 2006

2 Unwanted Traffic From the end host perspective –(D)DoS on a service –Exploit traffic attacking on end host vulnerabilities –Botnet traffic –Undesirable application data, e.g., spam From the network perspective –Unwanted traffic to end systems + –Attacks on the network service Flooding a link –Attacks to the network operations E.g., BGP prefix spoofing/hijacking, router compromise

3 The Economy behind Unwanted Traffic Stefan to fill in Botnet/software-flaw economy

4 General Approaches Stop the known bad Uncover the new bad Filtering as close to the attack source as possible Increase the cost of unwanted The cost of solution should be less than the cost of DoS [Simon et al 06]

5 End-Host: DDoS on a Service Challenge: DDoS and flash crowd hard to distinguish Detect and eliminate zombie requests –CAPCHA –Pi –Bolts-4-sale (NSDI 2005) –BINDER (Usenix 2005) Same solution as flash crowd –Akamai

6 End-Host: Exploit Traffic Network intrusion detection systems –Bro, Snort Fast attack signature generation –EarlyBird (OSDI 04), AutoGraph (sUsenix Security 04) Vulnerability-driven filtering –Shield (SIGCOMM 04), BrowserShield (06 under submission) Detecting new vulnerabilities –TaintCheck (NDSS 04), Minos, Vigilante (SOSP 05), HoneyMonkey (NDSS 06) Automatic response to fast-spreading worms –TaintCheck, Vigilante Reduce the attack surface –Off by default! (HotNets 05), separate client/server address space (Handley, et al FDNA 04) Undermining the attacks on end hosts –StackGuard, ASLR, ISR, program shepherding (Usenix Security 02), control flow integrity Attack traffic analysis –Backscatter, Internet background radiation, Witty worm analysis Honeyfarm –Roleplayer, Potemkin, vGround

7 End-Host: Spam New e-mail client Spam filtering –…

8 EndHost: Outgoing Attack Traffic BINDER Vern to fill out

9 Network: Unwanted Traffic from End Systems Infer application-unwanted traffic: –Packet Symmetry (HotNets 05) Applications need to be DoS-aware

10 Network: Bandwidth Attacks First goal: defeat low cost DDoS attacks where a single compromised machine sends many DoS messages Deadlock (Greenhalgh, et al SRUTI 05) –No source address spoofing because of no filtering mechanism –Little deployment of ingress filtering because of no source address spoofing –No automated filtering because attacks could source-address spoof to bypass it Greenhalgh et al SRUTI 05 –Server-net filtering mechanism using routing/tunneling assuming no source spoofing Internet Accountability (Simon et al 06 under submission) –Ingress filtering among “good” ISPs, others’ traffic marked with “evil” bit with worse treatment during peak traffic –Filtering infrastructure

11 Network: Bandwidth Attacks IP traceback IP pushback New capability infrastructure to the Internet: –SIFF (Oakland 04), Yang et al SIGCOMM 05

12 Network: Attacks on Operations Securing BGP –SPV (Sigcomm 04)

13 Acknowledgement This slide deck benefited from discussions with Adam M. Costello, Sharad Agarwal, and Dan Simon.


Download ppt "Panel: Current Research on Stopping Unwanted Traffic Vern Paxson, Stefan Savage, Helen J. Wang IAB Workshop on Unwanted Traffic March 10, 2006."

Similar presentations


Ads by Google