Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presented by Prasanth Kalakota & Ravi Katpelly

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Presented by Prasanth Kalakota & Ravi Katpelly"— Presentation transcript:

1 Presented by Prasanth Kalakota & Ravi Katpelly
Low-rate TCP-Targeted Denial of Service Attacks Aleksandar Kuzmanovic and Edward W. Knightly Presented by Prasanth Kalakota & Ravi Katpelly

2 Outline Introduction TCP timeout mechanism DOS outages
Counter DOS techniques Conclusion

3 Introduction DoS Attacks Prevent access to legitimate users
Consume resources Various Types: TCP SYN, ICMP broadcasts, DNS flood attacks Shrew attacks or Low Rate DoS attacks

4 TCP Congestion Control
Uses Additive Increase Multiplicative Decrease (AIMD) Uses Retransmission Timeout (RTO) to avoid congestion Selection of RTO value Case (i): If too low spurious retransmissions occurs Case (ii): If too high, flows will wait unnecessarily long

5 TCP Congestion Control (cntd’)
To solve the first case, time out value should be at least 1 sec. (suggested and verified by Allman and Paxson) For the second case, TCP sender maintains two states. Smooth Round Trip Time (SRTT) Round Trip Time Variation (RTTVAR)

6 Terms used RTT RTO SRTT RTTVAR minRTO

7 TCP’s Timeout Mechanism
Suggested in RFC 2988 When First time RTT is measured SRTT = R’, RTTVAR = R’/2, RTO = SRTT + max(G, 4RTTVAR) When subsequent RTT measurement is made RTTVAR = (1-β)RTTVAR + β|SRTT-R’| SRTT = (1-α)SRTT + αR’ RTO = max(minRTO, SRTT + max(G, 4RTTVAR)). α = 1/4 and β = 1/8

8 Low-Rate DoS Attacks Attackers exploit TCP Timeout mechanism
Send short duration bursts with length equal to RTT scale burst length Repeat these things periodically at slower RTO time scales

9 Model of DoS Attack (Simple DoS Model)
Assume single TCP flow and single DoS stream Attacker sends short duration burst at time t=0 The TCP sender waits 1sec and doubles RTO. Attacker sends the second outage between 1 and 1+2RTT

10 Model of DoS Attack (cntd’)

11 Model of DoS Attack (cntd’)
N TCP flows with heterogeneous RTTs and single DoS flow.

12 Model of DoS Attack (cntd’)
DoS TCP Throughput Result Assume periodic DoS attack with period T L’ >= RTTi minRTO > SRTTi + 4*RTTVARi for all i=1,..,n Normalized throughput of the aggregate TCP flow is given by

13 Model of DoS Attack (cntd’)
DoS TCP Flow-Filtering Result For i = 1,….,k L’ ≥RTTi and minRTO > SRTTi + 4*RTTVARi For j = k+1,….,n L’ < RTTj and minRTO ≤ SRTTj + 4*RTTVARj

14 Model of DoS Attack (cntd’)

15 Creating DoS outages Instantaneous Queue Behavior B = Queue Size
B0 = Queue Size at the onset of an attack RTCP Instantaneous rate of the TCP flow. RDoS Rate of DoS flow T = DoS burst length L = Duration of attack C = Bottleneck Rate Time at which Queue becomes full is given by L1 = (B-B0)/(RDoS+RTCP-C)

16 Creating DoS outages (cntd’)
Queue remains full for L2 = L – L1 seconds if RDoS+RTCP ≥ C If No TCP Traffic and if B0=0, Time at which Queue becomes full is given by L1 = B/(RMAX-C) If the buffer is full attacker reduces its rate to bottleneck rate C.

17 Minimum Rate DoS Streams
Double rate DoS stream

18 Impact of shrew DoS Attack on TCP flow aggregation
With homogeneous RTT With heterogeneous RTT On web traffic On TCP variants

19 Low-rate DoS stream with Homogeneous RTT

20 Low-rate DoS stream with Heterogeneous RTT
Depends on its RTT Shorter RTT flows use more bandwidth

21 Low-rate DoS stream with Heterogeneous RTT (cntd’)
With increased TCP flows unused bandwidth utilized by higher RTT flows Total TCP throughput increase

22 Impact of DoS Burst Length
Flows with longer RTT’s filtered Less no of non-filtered flows

23 Impact of DoS Peak Rate on Short-RTT Flow
Throughput of short-RTT flow effected Low peak rate sufficient to filter short-RTT flow

24 Impact on HTTP Traffic

25 Dos Attacks on TCP Variants

26 Dos Attacks on TCP Variants (cntd’)

27 DoS Experiments on Internet

28 Results

29 Counter-DOS Techniques
Router-Assisted Mechanisms End-point minRTO Randomization

30 Router-Assisted Mechanisms
Router-Based algorithms Random early detection with preferential dropping (RED-PD)

31 Router-Assisted Mechanisms (cntd’)

32 Router-Assisted Mechanisms (cntd’)

33 End-Point minRTO Randomization

34 Conclusions Presented DoS attacks that are able to throttle TCP flows.
Discussed impact of various DoS Attacks on TCP flow aggregation Experiments conducted using combination of analytical modeling, extensive set of simulations and internet experiments Discussed Counter DoS Techniques

Download ppt "Presented by Prasanth Kalakota & Ravi Katpelly"

Similar presentations

Congestion Control and Fairness Models Nick Feamster CS 4251 Computer Networking II Spring 2008.

Congestion Control and Fairness Models Nick Feamster CS 4251 Computer Networking II Spring 2008.
Internet Measurement Conference 2003 Source-Level IP Packet Bursts: Causes and Effects Hao Jiang Constantinos Dovrolis (hjiang,

Internet Measurement Conference 2003 Source-Level IP Packet Bursts: Causes and Effects Hao Jiang Constantinos Dovrolis (hjiang,
Ph.D. Thesis Presentation Aleksandar Kuzmanovic Edge-based Inference, Control, and DoS Resilience for the Internet.

Ph.D. Thesis Presentation Aleksandar Kuzmanovic Edge-based Inference, Control, and DoS Resilience for the Internet.
24-1 Chapter 24. Congestion Control and Quality of Service (part 1) 23.1 Data Traffic 23.2 Congestion 23.3 Congestion Control 23.4 Two Examples.

24-1 Chapter 24. Congestion Control and Quality of Service (part 1) 23.1 Data Traffic 23.2 Congestion 23.3 Congestion Control 23.4 Two Examples.
Rice Networks Group Aleksandar Kuzmanovic Edward W. Knightly Low-Rate TCP-Targeted Denial of Service Attacks (The Shrew.

Rice Networks Group Aleksandar Kuzmanovic Edward W. Knightly Low-Rate TCP-Targeted Denial of Service Attacks (The Shrew.
Router-assisted congestion control Lecture 8 CS 653, Fall 2010.

Router-assisted congestion control Lecture 8 CS 653, Fall 2010.
Selfish Behavior and Stability of the Internet: A Game-Theoretic Analysis of TCP Presented by Shariq Rizvi CS 294-4: Peer-to-Peer Systems.

Selfish Behavior and Stability of the Internet: A Game-Theoretic Analysis of TCP Presented by Shariq Rizvi CS 294-4: Peer-to-Peer Systems.
Simulating Large Networks using Fluid Flow Model Yong Liu Joint work with Francesco LoPresti, Vishal Misra Don Towsley, Yu Gu.

Simulating Large Networks using Fluid Flow Model Yong Liu Joint work with Francesco LoPresti, Vishal Misra Don Towsley, Yu Gu.
The War Between Mice and Elephants LIANG GUO, IBRAHIM MATTA Computer Science Department Boston University ICNP (International Conference on Network Protocols)

The War Between Mice and Elephants LIANG GUO, IBRAHIM MATTA Computer Science Department Boston University ICNP (International Conference on Network Protocols)
© 2007 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. The Taming of The Shrew: Mitigating.

© 2007 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. The Taming of The Shrew: Mitigating.
Defending Against Low-rate TCP Attack: Dynamic Detection and Protection Prof. John C.S. Lui CSE Dept. CUHK.

Defending Against Low-rate TCP Attack: Dynamic Detection and Protection Prof. John C.S. Lui CSE Dept. CUHK.
Vijay Vasudevan, Amar Phanishayee, Hiral Shah, Elie Krevat David Andersen, Greg Ganger, Garth Gibson, Brian Mueller* Carnegie Mellon University, *Panasas.

Vijay Vasudevan, Amar Phanishayee, Hiral Shah, Elie Krevat David Andersen, Greg Ganger, Garth Gibson, Brian Mueller* Carnegie Mellon University, *Panasas.
Rice Networks Group Ph.D. Thesis Proposal Aleksandar Kuzmanovic Edge-based Inference and Control in the Internet.

Rice Networks Group Ph.D. Thesis Proposal Aleksandar Kuzmanovic Edge-based Inference and Control in the Internet.
Transport Layer 3-1 Fast Retransmit r time-out period often relatively long: m long delay before resending lost packet r detect lost segments via duplicate.

Transport Layer 3-1 Fast Retransmit r time-out period often relatively long: m long delay before resending lost packet r detect lost segments via duplicate.
Congestion Control Tanenbaum 5.3, 6.5. 6/12/2015Congestion Control (A Loss Based Technique: TCP)2 What? Why? Congestion occurs when –there is no reservation.

Congestion Control Tanenbaum 5.3, /12/2015Congestion Control (A Loss Based Technique: TCP)2 What? Why? Congestion occurs when –there is no reservation.
Analyzing the jitter-attacks against TCP flows Mentors: Dr. Imad Aad, Prof. Jean-Pierre Hubaux Moumbe Arno Patrice 09 february 2005.

Analyzing the jitter-attacks against TCP flows Mentors: Dr. Imad Aad, Prof. Jean-Pierre Hubaux Moumbe Arno Patrice 09 february 2005.
Denial of Service Resilience in Ad Hoc Networks Imad Aad, Jean-Pierre Hubaux, and Edward W. Knightly Designed by Yao Zhao.

Denial of Service Resilience in Ad Hoc Networks Imad Aad, Jean-Pierre Hubaux, and Edward W. Knightly Designed by Yao Zhao.
Aleksandar Kuzmanovic & Edward W. Knightly A Performance vs. Trust Perspective in the Design of End-Point Congestion Control Protocols.

Aleksandar Kuzmanovic & Edward W. Knightly A Performance vs. Trust Perspective in the Design of End-Point Congestion Control Protocols.
Defending Against Low-rate TCP Attack: Dynamic Detection and Protection Haibin Sun John C.S.Lui CSE Dept. CUHK David K.Y.Yau CS Dept. Purdue U.

Defending Against Low-rate TCP Attack: Dynamic Detection and Protection Haibin Sun John C.S.Lui CSE Dept. CUHK David K.Y.Yau CS Dept. Purdue U.
Low-Rate TCP- Targeted Denial of Service Attacks (The Shrew vs. the Mice and Elephants) Written by: Aleksandar Kuzmanovic Edward W. Knightly SIGCOMM’03,

Low-Rate TCP- Targeted Denial of Service Attacks (The Shrew vs. the Mice and Elephants) Written by: Aleksandar Kuzmanovic Edward W. Knightly SIGCOMM’03,

Similar presentations

Ads by Google