Presentation is loading. Please wait.

Presentation is loading. Please wait.

Feedback Based Routing Offense by: Ted Merchant and Kevin Tan.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Feedback Based Routing Offense by: Ted Merchant and Kevin Tan."— Presentation transcript:

1 Feedback Based Routing Offense by: Ted Merchant and Kevin Tan

2 Paper is vauge - No mention of how this routing system will be implemented in the “wild” Internet. - How is the tree to be used by this routing system going to be built? - What will be the standard format used for the rule sets? No standard format mentioned at all in the paper. Rule sets are important to the routing system in the paper.

3 Paper is vauge (cont.)‏ - How often should routes get recomputed? The paper never mentions an appropriate time interval at all. (How long should the backup route have to be used before the best route can be used again?)‏

4 Lack of testing - The paper never mentions any testing on this routing system on... anything. - The paper makes lots of high-level assumptions without any testing results or measurements to back it up.

5 DoS defense - The end host can tell its access router to make a negative rule to accommodate the attack pattern of a malicious host. - Requires the access router to look at all of the packets and figure out if the packets match the attack pattern. This is not an easy thing to check, and the situation worsens when the access router has a lot of such situations to check.

6 DoS defense - Malicious or ignorant end hosts who make false reports of DoS attacks can make the situation even more problematic. - If malicious host gains control of the access router, he could tell the router to block access to a certain host, causing other routers to block access as well. Remedying this situation is difficult, and, even if the situation is eventually resolved, a significant amount of time (and money) has already been lost.

7 Other security risks - A malicious host who has gain controlled of the access router can instruct the access router to always use the longest route possible. This attack is also more difficult to detect than a DoS attack, which can be problematic.

8 Disjoint routes - This routing system always try to choose the most independent (disjoint) routes as the main route and the backup route. - Sometimes, the route chosen as the backup route is of poor quality. - In addition, if the recomputation interval is very long, users will be forced to use the poor quality backup route for a long time.

9 Questions? Comments? The usual.

Download ppt "Feedback Based Routing Offense by: Ted Merchant and Kevin Tan."

Similar presentations

Test Taking Strategies

Test Taking Strategies
Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,

Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,
Detecting Bugs Using Assertions Ben Scribner. Defining the Problem  Bugs exist  Unexpected errors happen Hardware failures Loss of data Data may exist.

Detecting Bugs Using Assertions Ben Scribner. Defining the Problem  Bugs exist  Unexpected errors happen Hardware failures Loss of data Data may exist.
Media Access Control (MAC) addresses in the network access layer ▫ Associated w/ network interface card (NIC) ▫ 48 bits or 64 bits IP addresses for the.

Media Access Control (MAC) addresses in the network access layer ▫ Associated w/ network interface card (NIC) ▫ 48 bits or 64 bits IP addresses for the.
BY MICHAEL SUDKOVITCH AND DAVID ROITMAN UNDER THE GUIDANCE OF DR. GABI NAKIBLY OSPF Security project: Summary.

BY MICHAEL SUDKOVITCH AND DAVID ROITMAN UNDER THE GUIDANCE OF DR. GABI NAKIBLY OSPF Security project: Summary.
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
Firewalls Anand Sharma Austin Wellman Kingdon Barrett.

Firewalls Anand Sharma Austin Wellman Kingdon Barrett.
DDOS Defense by Offense OFFENSE Presented by: Anup Goyal Aojan Su.

DDOS Defense by Offense OFFENSE Presented by: Anup Goyal Aojan Su.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
AVAYA, Inc.1 Pattern Shepherding Neil B. Harrison Avaya Inc. With a few updates by Joe Bergin

AVAYA, Inc.1 Pattern Shepherding Neil B. Harrison Avaya Inc. With a few updates by Joe Bergin
Security Firewall Firewall design principle. Firewall Characteristics.

Security Firewall Firewall design principle. Firewall Characteristics.
Chapter 11 Firewalls.

Chapter 11 Firewalls.
Article: The Cyberweapon that could take down the Internet By Jacob Aron February 11, 2011 Presentation by Jacob Russell CSCE390 April 18 th, 2011.

Article: The Cyberweapon that could take down the Internet By Jacob Aron February 11, 2011 Presentation by Jacob Russell CSCE390 April 18 th, 2011.
1 Controlling High Bandwidth Aggregates in the Network.

1 Controlling High Bandwidth Aggregates in the Network.
Security Forum 2001John Kristoff - DePaul University1 Network Firewalls John Kristoff +1 312 362-5878 DePaul University Chicago, IL 60604.

Security Forum 2001John Kristoff - DePaul University1 Network Firewalls John Kristoff DePaul University Chicago, IL
Introduction. Overview of Pushback. Architecture of router. Pushback mechanism. Conclusion. Pushback: Remedy for DDoS attack.

Introduction. Overview of Pushback. Architecture of router. Pushback mechanism. Conclusion. Pushback: Remedy for DDoS attack.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
Feedback Based Routing By Dapeng Zhu, Mark Gritter, and David R. Cheriton.

Feedback Based Routing By Dapeng Zhu, Mark Gritter, and David R. Cheriton.
John Kristoff DePaul Security Forum 2003 1 Network Defenses to Denial of Service Attacks John Kristoff +01 312 362-5878.

John Kristoff DePaul Security Forum Network Defenses to Denial of Service Attacks John Kristoff
Access Lists Lists of conditions that control access.

Access Lists Lists of conditions that control access.

Similar presentations

Ads by Google