Presentation is loading. Please wait.

Presentation is loading. Please wait.

Threats Relating to Transport Layer Protocols Handling Multiple Addresses Masataka Ohta Tokyo Institute of technology

Published byShavonne Neal Modified over 8 years ago

Similar presentations

Presentation on theme: "Threats Relating to Transport Layer Protocols Handling Multiple Addresses Masataka Ohta Tokyo Institute of technology"— Presentation transcript:

1 Threats Relating to Transport Layer Protocols Handling Multiple Addresses Masataka Ohta Tokyo Institute of technology mohta@necom830.hpcl.titech.ac.jp

2 Multihoming and Multiple Addresses To not to bloat the global routing table –Sites and small ISPs should have multiple prefixes assigned from their upstream –Multiple IP Addresses are mapped to a single transport entity session by session The Internetworking layer is connectionless –Can not support “session” or its state –Transport layer takes care of the addresses

3 Threats Identified Connection Hijacking with False Peer Address New DDoS Opportunity with False Source Information New DoS Opportunity on Identification Privacy on Identification

4 Connection Hijacking with False Peer Address Hosts in multihomed sites may be supplied a false peer address from an attacker, which redirect existing connection to a wrong location. Not a new threat –MITM can rewrite DNS answers –MITM can rewirte URLs of HTTP sessions Protected by cookies of transport protocols

5 New DDoS Opportunity with False Source Information Hosts may be used for distributed DoS to damage the rest of the Internet DoS amplification is the problem Not a new threat –DNS reply is often longer than query DoS bandwidth amplified M6 protocols should not reply so long or so much replies for a short query packet

6 New DoS Opportunity on Identification Depending on a way to identify a host, the host may be subject to DoS PK cryptography is computationary expensive Never perform PK computation (if any) without a cookie exchange –not a protection against MITM

7 Privacy on Identification Depending on a way to identify a host, hosts may not be able to hide its privacy IDs should be able to be temporary Locators can not be hidden

Download ppt "Threats Relating to Transport Layer Protocols Handling Multiple Addresses Masataka Ohta Tokyo Institute of technology"

Similar presentations

06-Sep-2006Copyright (C) 2006 Internet Initiative Japan Inc.1 Prevent DoS using IP source address spoofing MATSUZAKI ‘maz’ Yoshinobu.

06-Sep-2006Copyright (C) 2006 Internet Initiative Japan Inc.1 Prevent DoS using IP source address spoofing MATSUZAKI ‘maz’ Yoshinobu.
Multihoming in IPV6 Habib Naderi Department of Computer Science University of Auckland.

Multihoming in IPV6 Habib Naderi Department of Computer Science University of Auckland.
Helper Protocols Protocols that either make it easier for IP to do its job, or extend the capabilities of the network layer.

Helper Protocols Protocols that either make it easier for IP to do its job, or extend the capabilities of the network layer.
IPNL: A NAT-Extended Internet Architecture Francis & Gummadi Riku Honkanen.

IPNL: A NAT-Extended Internet Architecture Francis & Gummadi Riku Honkanen.
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.

IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
COS 420 Day 18. Agenda Assignment 4 Posted Chap 16-20 Due April 6 Group project program requirements Submitted but Needs lots of work Individual Project.

COS 420 Day 18. Agenda Assignment 4 Posted Chap Due April 6 Group project program requirements Submitted but Needs lots of work Individual Project.
1 Controlling High Bandwidth Aggregates in the Network.

1 Controlling High Bandwidth Aggregates in the Network.
COS 420 Day 20. Agenda Group Project Discussion Protocol Definition Due April 12 Paperwork Due April 29 Assignment 3 Due Assignment 4 is posted Last Assignment.

COS 420 Day 20. Agenda Group Project Discussion Protocol Definition Due April 12 Paperwork Due April 29 Assignment 3 Due Assignment 4 is posted Last Assignment.
Slides of the course was made by TAs of this and previous semesters 1 Internet Networking Spring 2002 Tutorial 1 Subnets, Proxy ARP.

Slides of the course was made by TAs of this and previous semesters 1 Internet Networking Spring 2002 Tutorial 1 Subnets, Proxy ARP.
1 Representing Identity CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 19, 2004.

1 Representing Identity CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 19, 2004.
Reliable Distributed Systems Naming (Communication Basics Part II) Slide set based on one by Prof. Paul Francis, Cornell University. Updated by Bina Ramamurthy.

Reliable Distributed Systems Naming (Communication Basics Part II) Slide set based on one by Prof. Paul Francis, Cornell University. Updated by Bina Ramamurthy.
Networking and Internetworking Devices Networks and Protocols Prepared by: TGK First Prepared on: Last Modified on: Quality checked by: Copyright 2009.

Networking and Internetworking Devices Networks and Protocols Prepared by: TGK First Prepared on: Last Modified on: Quality checked by: Copyright 2009.
Lecture 1 Overview: roadmap 1.1 What is computer network? the Internet? 1.2 Network edge  end systems, access networks, links 1.3 Network core  network.

Lecture 1 Overview: roadmap 1.1 What is computer network? the Internet? 1.2 Network edge  end systems, access networks, links 1.3 Network core  network.
Vocabulary URL = uniform resource locator: web address protocol –set of rules that networked computers follow in order to share data and coordinate communications.

Vocabulary URL = uniform resource locator: web address protocol –set of rules that networked computers follow in order to share data and coordinate communications.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Spring 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Spring 2006.
Network Attacks. Network Trust Issues – TCP Congestion control – IP Src Spoofing – Wireless transmission Denial of Service Attacks – TCP-SYN – Name Servers.

Network Attacks. Network Trust Issues – TCP Congestion control – IP Src Spoofing – Wireless transmission Denial of Service Attacks – TCP-SYN – Name Servers.
Lecture 15 Denial of Service Attacks

Lecture 15 Denial of Service Attacks
1 Review of Important Networking Concepts Introductory material. This slide uses the example from the previous module to review important networking concepts:

1 Review of Important Networking Concepts Introductory material. This slide uses the example from the previous module to review important networking concepts:
1 Chapter Overview Subnet. What is a subnet When you break a network into a few smaller networks, you have created several subnets Like IP address where.

1 Chapter Overview Subnet. What is a subnet When you break a network into a few smaller networks, you have created several subnets Like IP address where.
1 Introduction on the Architecture of End to End Multihoming Masataka Ohta Tokyo Institute of Technology

1 Introduction on the Architecture of End to End Multihoming Masataka Ohta Tokyo Institute of Technology

Similar presentations

Ads by Google