Denial of Service, Traceback and Anonymity

Similar documents
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8

Denial of Service and Distributed Denial of Service Attacks

ELEC5616 COMPUTER & NETWORK SECURITY

A Software Tool for Network Intrusion Detection

Computer Security: Principles and Practice

DDoS and Traceback 1

DENIAL OF SERVICE ATTACKS

20-CS Cyber Defense Overview Fall, Network Basics

Computer Security and Privacy

Denial of Service (DoS)

Chapter 7. Denial of Service Attacks

Understanding the Internet

A Framework for Optimizing IP over Ethernet Naming System

NETWORK SECURITY. Ch. 3: Network Attacks

Configuring attack detection and prevention 1

Denial of Service. Serguei A. Mokhov SOEN321 - Fall 2004

CSC 574 Computer and Network Security. TCP/IP Security

Denial of Service. EJ Jung 11/08/10

R (2) Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing.

Distributed Denial of Service (DDoS)

Distributed Denial-of-Service Attack Prevention using Route-Based Distributed Packet Filtering. Heejo Lee

EE 122: Network Security

Table of Contents. 1 Intrusion Detection Statistics 1-1 Overview 1-1 Displaying Intrusion Detection Statistics 1-1

Configuring attack detection and prevention 1

Best Practice - Protect Against TCP SYN Flooding Attacks with TCP Accept Policies

Network Security. Evil ICMP, Careless TCP & Boring Security Analyses. Mohamed Sabt Univ Rennes, CNRS, IRISA Thursday, October 4th, 2018

DoS Cyber Attack on a Government Agency in South America- February 2012 Anonymous Mobile LOIC in Action

A Study on Intrusion Detection Techniques in a TCP/IP Environment

Our Narrow Focus Computer Networking Security Vulnerabilities. Outline Part II

Analysis. Group 5 Mohammad Ahmad Ryadh Almuaili

Attack Prevention Technology White Paper

NETWORK INTRUSION. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

A SIMPLE INTRODUCTION TO TOR

Lecture 6. Internet Security: How the Internet works and some basic vulnerabilities. Thursday 19/11/2015

9. Security. Safeguard Engine. Safeguard Engine Settings

AN INTRODUCTION TO ARP SPOOFING

Security+ Guide to Network Security Fundamentals, Fourth Edition. Network Attacks Denial of service Attacks

Networking interview questions

Layer 4: UDP, TCP, and others. based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers

DDOS Attack Prevention Technique in Cloud

Configuring Firewall TCP SYN Cookie

ECE 650 Systems Programming & Engineering. Spring 2018

Topic 3 part 2 Traffic analysis; Routing Attacks &Traffic Redirection Fourth Stage

DDoS PREVENTION TECHNIQUE

Design of Network-based Connection Traceback System for Current Internet Environment

MITIGATING DENIAL OF SERVICE ATTACKS IN OLSR PROTOCOL USING FICTITIOUS NODES

CSE Computer Security (Fall 2006)

The Protocols that run the Internet

DDoS Testing with XM-2G. Step by Step Guide

CSC 4900 Computer Networks: Security Protocols (2)

SE 4C03 Winter 2005 Network Firewalls

COMPUTER NETWORK SECURITY

Chapter 8 roadmap. Network Security

CSE Computer Security

DNS Security. Ch 1: The Importance of DNS Security. Updated

Network Security. Chapter 0. Attacks and Attack Detection

Defending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial

AN TOÀN LỚP 4: TCP/IP ATTACKS NGUYEN HONG SON PTITHCM

1/11/11. o Syllabus o Assignments o News o Lecture notes (also on Blackboard)

Internet Protocol and Transmission Control Protocol

IBM i Version 7.3. Security Intrusion detection IBM

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

this security is provided by the administrative authority (AA) of a network, on behalf of itself, its customers, and its legal authorities

Network Model: Each layer has a specific function.

A hybrid IP Trace Back Scheme Using Integrate Packet logging with hash Table under Fixed Storage

Security Baseline Data Model for Network Infrastructure Device draft-xia-sacm-nid-dp-security-baseline-00 draft-dong-sacm-nid-cp-security-baseline-00

CIS 551 / TCOM 401 Computer and Network Security

NISCC Technical Note 06/02: Response to Distributed Denial of Service (DDoS) Attacks

Correlation Based Approach with a Sliding Window Model to Detect and Mitigate Ddos Attacks

CSCI 680: Computer & Network Security

Denial of Service (DoS) attacks and countermeasures

The Internet is not always a friendly place In fact, hosts on the Internet are under constant attack How to deal with this is a large topic

Security in Mobile Ad-hoc Networks. Wormhole Attacks

EXPERIMENTAL STUDY OF FLOOD TYPE DISTRIBUTED DENIAL-OF- SERVICE ATTACK IN SOFTWARE DEFINED NETWORKING (SDN) BASED ON FLOW BEHAVIORS

Means for Intrusion Detection. Intrusion Detection. INFO404 - Lecture 13. Content

Ping of death Land attack Teardrop Syn flood Smurf attack. DOS Attack Methods

Single Network: applications, client and server hosts, switches, access links, trunk links, frames, path. Review of TCP/IP Internetworking

Distributed Systems. 29. Firewalls. Paul Krzyzanowski. Rutgers University. Fall 2015

Real-time Communications Security and SDN

peer) Poorly-connected hosts subscribe to a forwarding server packet compression and aggregation altering visual and temporal perceptions

INTRODUCTION ON D-DOS. Presentation by RAJKUMAR PATOLIYA

CISNTWK-440. Chapter 4 Network Vulnerabilities and Attacks

Network Security. Thierry Sans

ECE 697J Advanced Topics in Computer Networks

Troubleshooting High CPU Utilization Due to the IP Input Process

Chapter 2. Switch Concepts and Configuration. Part II

N exam.420q. Number: N Passing Score: 800 Time Limit: 120 min N CompTIA Network+ Certification

Configuring Flood Protection

Basic Concepts in Intrusion Detection

Layered Architecture

OSI Layer OSI Name Units Implementation Description 7 Application Data PCs Network services such as file, print,

Overview. Handling Security Incidents. Attack Terms and Concepts. Types of Attacks

CS155 Firewalls. Simon Cooper CS155 - Firewalls 23 May of 30

Resources and Credits. Definition. Symptoms. Denial of Service 3/3/2010 COMP Information on Denial of Service attacks can

Observation by Internet Fix-Point Monitoring System (TALOT2) for May 2011

APPENDIX F THE TCP/IP PROTOCOL ARCHITECTURE

Networks. Other Matters: draft Assignment 2 up (Labs 7 & 8 v. important!!) Ref: [Coulouris&al Ch 3, 4] network performance and principles

Denial of Service Attacks

EECS 3214 Final Exam Winter 2017 April 19, 2017 Instructor: S. Datta. 3. You have 180 minutes to complete the exam. Use your time judiciously.

Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer

Transcription:

Purdue University Center for Education and Research in Information Assurance and Security Denial of Service, Traceback and Anonymity Clay Shields Assistant Professor of Computer Sciences CERIAS

Network Security I am with CERIAS to look at network security issues Involved in a number of projects in the area Overview of research in context of denial-of-service attacks

Network Overview Two types of network entities Hosts PCs, workstations, user oriented On edge of network Routers Make up infrastructure Enable communication

Network Diagram

Communication IP networks are packet switched Connections between machines are streams of packets Hosts create packets and send them into network Routers forward to destination

Packets Packets have two main parts Data Created by and sent between hosts Headers Routing information, used for forwarding Source Address Other information Destination Address

Packet Source Location Source addresses in packet headers can be lies Routing typically only uses destination address Allows construction of packets that appear to be from elsewhere

IP Spoofing

IP Spoofing Why is this a problem? Pretend to be another host Exploit address-based trust relationships Denial of service attacks Hide source More effective attacks

Spoofing Prevention Practical measures: Turn on source address routing checks at edge domains Desirable behavior for Internet community Not done frequently enough How frequently done at all is the question

Spoofstat Conduct measure of how many domains conduct filtering Downloadable client tells what filtering a domain does Server keeps statistics on how much filtering occurs Encourage good network citizenship

Denial-of-Service Attacks Attackers desire to prevent normal network operation Various motivations for doing this General method is to send packets that cause other communications to fail

Types of DoS Attacks Bug exploitation Send packets that cause buggy TCP/IP stack to crash or hang Control Messages Forge network control messages to disrupt network operation Flooding Consume resources with massive number of packets

Flooding Attacks

Flooded Packets Can consume host resources SYN packets Can consume bandwidth Large ICMP or UDP Attacks work if attacker can consume enough resources to effect ability of victim to provide service

Distributed Denial of Service Attackers with lower bandwidth can t easily flood a victim with higher bandwidth Solution for attackers is to find a means of generating more traffic Distributed denial-of-service tools These attacks were used against Yahoo and others

Distributed DoS Attacks work in two rounds Attacker exploits vulnerabilities to break into many systems Attacker installs software clients Master software controls clients to initiate denial of services

Compromising Hosts

Initiating Flooding

Detecting Denial of Service It is not always obvious when a DoS attack is occuring Took Yahoo over an hour to determine it was under attack Requires system administrators to investigate network outage Type of attack is not always immediately evident

DoS Detection Develop tools to determine when DoS occurs and to categorize the type of attack Early warning allows rapid response Currently gathering data about normal traffic and DoS traffic to train machine learning algorithms

How do you find an attacker? Trace flooded packets to the source Trace control messages back to master Trace attacker back from master to origin of attack Easy, right?

Packet Source Location Flooded packets are sent with forged IP addresses Currently no way to determine source of packet from packet itself

Tracing an Attacker If you are able to identify DoS traffic sources and master, need to find origin Attackers generally hide by connecting through multiple compromised hosts Need to follow TCP stream through network

Tracing an Attacker

Goals: Packet Tracker Stimulate research to solve these problems Produce a workable solution for some environment Where we are now: Completed literature review Identified environments and concerns Investigating existing solutions

Future Work in Traceback Marking of single packets for source determination Encrypted stream matching Match encrypted streams based on timing and/or size of packets Method for maintaining audit data about connections Host support for stream traceback

Privacy Concerns If traceback solutions are successful, privacy will likely be a concern Desirable to have method of maintaining privacy Protocols exist to provide network anonymity Use same techniques as attackers to hide IP addresses

Anonymous Protocols Develop anonymous protocols and understand their properties Arrive at a logic that describes such protocols Useful for privacy Also useful for traceback

Hordes Work done with Brian Levine, UMass New protocol for anonymous communication Uses IP multicast for lower communication latency Being implemented here One of family of protocols being developed

Goals Eventual goal of my research The network should provide privacy and anonymity for network users unless they have violated some law, in which case appropriate authorities should be able to rapidly and easily identify suspects

Denial of service Traceback Overview Encrypted streams in network Anonymity

But wait! Secure routing Secure Local Area Multicast (SLAM) Enabling technology for IP multicast Source and receiver access control Ant Routing Secure, robust, multi-path routing Based on biological behavior of ants

Contact clay@cs.purdue.edu

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback