Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Attacks. Network Trust Issues – TCP Congestion control – IP Src Spoofing – Wireless transmission Denial of Service Attacks – TCP-SYN – Name Servers.

Published byPhyllis Phelps Modified over 9 years ago

Similar presentations

Presentation on theme: "Network Attacks. Network Trust Issues – TCP Congestion control – IP Src Spoofing – Wireless transmission Denial of Service Attacks – TCP-SYN – Name Servers."— Presentation transcript:

1 Network Attacks

2 Network Trust Issues – TCP Congestion control – IP Src Spoofing – Wireless transmission Denial of Service Attacks – TCP-SYN – Name Servers DDoS (DNS) – DNS Amplification attack

3 Network Trust Issues

4 The Gullible Network A lot of network protocols assume people are well intentioned – TCP: Congestion Control – Wireless: Transmit power – BGP Route-advertisements

5 Cheating TCP 5 22, 2210, 35 35, 1015, 15 (x, y) A Increases by 1 Increases by 5 D  Increases by 1 Increases by 5 Individual incentives: cheating pays Social incentives: better off without cheating Classic Prisoner Dilemma: resolution depends on accountability Too aggressive  Losses  Throughput falls AB x DE y

6 Cheating Wireless 6 5Mbps, 5Mbps0MBps, 20MBps 20Mbps, 0Mbps 10Mbps, 10Mbps 10X Power Normal power Individual incentives: cheating pays Social incentives: better off without cheating Classic Prisoner Dilemma: resolution depends on accountability 10X Power Normal power A A C C B B

7 7 Origin: IP Address Ownership and Hijacking Who can advertise a prefix with BGP? – By the AS who owns the prefix – … or, by its upstream provider(s) in its behalf Implicit trust between upstream & downstream providers However, what’s to stop someone else? – Prefix hijacking: another AS originates the prefix – BGP does not verify that the AS is authorized

8 8 Prefix Hijacking: full or partial control 1 2 3 4 5 6 7 12.34.0.0/16 Consequences for the affected ASes – Blackhole: data traffic is discarded – Snooping: data traffic is inspected, and then redirected – Impersonation: data traffic is sent to bogus destinations

9 DoS

10 Denial of Service Attack Prevent other people from using a service: – A server – A link in a network High level idea – Sent a lot of packets and ensure 100% utilization No one else can use it.

11 DNS: Denial Of Service 11 Flood DNS servers with requests until they fail What was the effect? – … users may not even notice – Caching is almost everywhere More targeted attacks can be effective – Local DNS server  cannot access DNS – Authoritative server  cannot access domain

12 TCP: Denial Of Service (SYN Flood) 12 Send a bunch of SYN Packets to a server – Server allocates buffer and TCP sockets – You allocate nothing – Eventually the server runs out of space. How to solve this problem?

13 Recall: TCP Handshake SYN SYN/ACK A Server Server allocates: Allocates data structures E.g buffer space No allocations No resource committed

14 TCP: Denial Of Service (SYN Flood) 14 Send a bunch of SYN Packets to a server – Server allocates buffer and TCP sockets – Server responds with ‘SYN/ACK’ – You allocate nothing – Eventually Server runs out of space. How to solve this problem? – SYN Cookies: server stores nothing and instead responds with a special cookie – If cookie is returned in subsequent packet, then server allocates space – Assumption: If you come back then you aren’t a bad person

15 Problems with DoS One person attacks one server/link – Easy to figure out who …. – Easy to block …. – Takes a while for the attack to work…..

16 DDoS

17 Distributed Denial of Service Attack Take over a number of machines – Use a BotNet Use all machines to conduct a DoS on a server – Much more effective than regular DoS – Harder to stop and shutdown

18 DNS Amplification Attack 580,000 open resolvers on Internet (Kaminsky-Shiffman’06) DNS Server DoS Source DoS Target DNS Query SrcIP: DoS Target (60 bytes) EDNS Reponse (3000 bytes) DNS Amplification attack: (  40 amplification )

19 attacker Solutions ip spoofed packets replies victim open amplifier prevent ip spoofing disable open amplifiers

20 DDOS BotNet Name Server Name Server DNS Requests DNS Responses victim

21 Similar to streaming a Video … Browser Network HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi Loading Youtube YOU!!!!! Google!!!

22 What Happens When you Connect to a Website? Browser Network Loading SoundCloud HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: sound.mp3 HTTP Requests Get: sound.mp3

23 Similar to streaming a Video … Browser Network HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi Loading Youtube

24 Similar to streaming a Video … Browser Network HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi Loading Youtube

25 Similar to streaming a Video … Browser Network HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi Loading Youtube

26 Similar to streaming a Video … Browser Network HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi Loading Youtube

27 Similar to streaming a Video … Browser Network HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi Loading Youtube

28 Similar to streaming a Video … Browser Network HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi Loading Youtube

29 Similar to streaming a Video … Browser Network HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi Loading Youtube

30 Similar to streaming a Video … Browser Network HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi Loading Youtube

31 At What level should you apply security? You see just one packet What the network and lower layer see HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi You see the whole object what application sees Are you protecting against an attack on the application? E.g. worms, virus… Are you protecting against an attack on your network? E.g. DDoS

32 At What level should you apply security? You see just one packet What the network and lower layer see HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi You see the whole object what application sees Are you protecting against an attack on the application? E.g. worms, virus… Are you protecting against an attack on your network? E.g. DDoS

33 At What level should you apply security? You see just one packet What the network and lower layer see HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi You see the whole object what application sees Are you protecting against an attack on the application? E.g. worms, virus… Are you protecting against an attack on your network? E.g. DDoS

34 At What level should you apply security? You see just one packet What the network and lower layer see HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi You see the whole object what application sees Are you protecting against an attack on the application? E.g. worms, virus… Are you protecting against an attack on your network? E.g. DDoS

35 At What level should you apply security? You see just one packet What the network and lower layer see HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi You see the whole object what application sees Are you protecting against an attack on the application? E.g. worms, virus… Are you protecting against an attack on your network? E.g. DDoS

36 At What level should you apply security? You see just one packet What the network and lower layer see HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi You see the whole object what application sees Are you protecting against an attack on the application? E.g. worms, virus… Are you protecting against an attack on your network? E.g. DDoS

37 At What level should you apply security? You see just one packet What the network and lower layer see HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi You see the whole object what application sees Are you protecting against an attack on the application? E.g. worms, virus… Are you protecting against an attack on your network? E.g. DDoS

38 At What level should you apply security? You see just one packet What the network and lower layer see HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi You see the whole object what application sees Are you protecting against an attack on the application? E.g. worms, virus… Are you protecting against an attack on your network? E.g. DDoS

39 How are they deployed? “circle of trust” The Internet AKA “Everything evil” The firewall is the gatekeeper Only one way in or out into the circle

40 Types of Packet-Filters Stateless Very simple Applies rules to packets – Stateful A bit more complicated In addition to applying rules – It ensure that: all connections must be initiated from within the network

41 Stateful Firewalls “circle of trust” The Internet AKA “Everything evil” SYN Why would someone from the outside want to start a connection?

42 Stateful Firewalls “circle of trust” The Internet AKA “Everything evil” SYN Why would someone from the outside want to start a connection? – They would if you were running a web-server, an email-server, a gaming server …. Pretty much any ‘server’ service.

43 At What level should you apply security? You see just one packet What the network and lower layer see HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi You see the whole object what application sees Are you protecting against an attack on the application? E.g. worms, virus… Are you protecting against an attack on your network? E.g. DDoS

44 At What level should you apply security? You see just one packet What the network and lower layer see HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi You see the whole object what application sees Are you protecting against an attack on the application? E.g. worms, virus… Are you protecting against an attack on your network? E.g. DDoS

45 Application Level Firewall Why are they needed? Attackers are tricky – When exploiting security vulnerabilities – They can use multiple packets. Need a system to scan across multiple packets for Virus/Worm/Vulnerability exploits

46 What Happens When you Connect to a Website? Browser Network Loading SoundCloud HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: sound.mp3 HTTP Requests Get: sound.mp3 What happens if the virus/worm is hidden in an email? Picture? Or if the security exploit is in an HTML page?

47 Application Level Firewall Why are they needed? Attackers are tricky – When exploiting security vulnerabilities – They can use multiple packets. Need a system to scan across multiple packets for Virus/Worm/Vulnerability exploits

48 Application Level Firewalls Similar to Packet-filters except: – Supports regular expression – Searches across different packets for a match – Reconstructs objects (images,pictures) from packets and scans objects.

49 Application Level Firewalls Similar to Packet-filters except: – Supports regular expression – Searches across different packets for a match – Reconstructs objects (images,pictures) from packets and scans objects. HTTP Requests Get: image.png HTTP Requests Get: image.png Appy reg-ex to the object:

50 Application Level Firewalls Similar to Packet-filters except: – Supports regular expression – Searches across different packets for a match – Reconstructs objects (images,pictures) from packets and scans objects. HTTP Requests Get: image.png HTTP Requests Get: image.png

51 Why doesn’t everyone use App level firewalls? Object re-assembly requires a lot of memory Reg-expressions require a lot of CPU App level firewalls are a lot more expensive – And also much slower  – So you need more -- a lot more.

52 How do you Attack the Firewall? Most Common: Denial-of-Service attacks – Figure out a bug in the Firewall code – Code causes it to handle a packet incorrectly – Send a lot of ‘bug’ packets and no one can use the firewall

Download ppt "Network Attacks. Network Trust Issues – TCP Congestion control – IP Src Spoofing – Wireless transmission Denial of Service Attacks – TCP-SYN – Name Servers."

Similar presentations

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Availability Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Aspects of Computer.

Availability Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Aspects of Computer.
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.

Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
Measurement in Networks & SDN Applications. Interesting Questions Who is sending a lot to a subnet? – Heavy Hitters Is someone doing a port Scan? Is someone.

Measurement in Networks & SDN Applications. Interesting Questions Who is sending a lot to a subnet? – Heavy Hitters Is someone doing a port Scan? Is someone.
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.

IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.
Security (Continued) V.T. Raja, Ph.D., Oregon State University.

Security (Continued) V.T. Raja, Ph.D., Oregon State University.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Network Attacks Mark Shtern.

Network Attacks Mark Shtern.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Introduction to Security Computer Networks Computer Networks Term B10.

Introduction to Security Computer Networks Computer Networks Term B10.
Distributed Denial of Service Attacks CMPT 471 1 Distributed Denial of Service Attacks Darius Law.

Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
CSE 190: Internet E-Commerce Lecture 16: Performance.

CSE 190: Internet E-Commerce Lecture 16: Performance.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA © Abdou Illia.
Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.

Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 7: Denial-of-Service Attacks.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 7: Denial-of-Service Attacks.
Lecture 15 Denial of Service Attacks

Lecture 15 Denial of Service Attacks
Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.

Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.

Similar presentations

Ads by Google