Presentation is loading. Please wait.

Presentation is loading. Please wait.

Panel: Current Research on Stopping Unwanted Traffic Vern Paxson, Stefan Savage, Helen J. Wang IAB Workshop on Unwanted Traffic March 10, 2006.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Panel: Current Research on Stopping Unwanted Traffic Vern Paxson, Stefan Savage, Helen J. Wang IAB Workshop on Unwanted Traffic March 10, 2006."— Presentation transcript:

1 Panel: Current Research on Stopping Unwanted Traffic Vern Paxson, Stefan Savage, Helen J. Wang IAB Workshop on Unwanted Traffic March 10, 2006

2 Unwanted Traffic From the end host perspective –(D)DoS on a service –Exploit traffic attacking on end host vulnerabilities –Botnet traffic –Undesirable application data, e.g., spam From the network perspective –Unwanted traffic to end systems + –Attacks on the network service Flooding a link –Attacks to the network operations E.g., BGP prefix spoofing/hijacking, router compromise

3 The Economy behind Unwanted Traffic Stefan to fill in Botnet/software-flaw economy

4 General Approaches Stop the known bad Uncover the new bad Filtering as close to the attack source as possible Increase the cost of unwanted The cost of solution should be less than the cost of DoS [Simon et al 06]

5 End-Host: DDoS on a Service Challenge: DDoS and flash crowd hard to distinguish Detect and eliminate zombie requests –CAPCHA –Pi –Bolts-4-sale (NSDI 2005) –BINDER (Usenix 2005) Same solution as flash crowd –Akamai

6 End-Host: Exploit Traffic Network intrusion detection systems –Bro, Snort Fast attack signature generation –EarlyBird (OSDI 04), AutoGraph (sUsenix Security 04) Vulnerability-driven filtering –Shield (SIGCOMM 04), BrowserShield (06 under submission) Detecting new vulnerabilities –TaintCheck (NDSS 04), Minos, Vigilante (SOSP 05), HoneyMonkey (NDSS 06) Automatic response to fast-spreading worms –TaintCheck, Vigilante Reduce the attack surface –Off by default! (HotNets 05), separate client/server address space (Handley, et al FDNA 04) Undermining the attacks on end hosts –StackGuard, ASLR, ISR, program shepherding (Usenix Security 02), control flow integrity Attack traffic analysis –Backscatter, Internet background radiation, Witty worm analysis Honeyfarm –Roleplayer, Potemkin, vGround

7 End-Host: Spam New e-mail client Spam filtering –…

8 EndHost: Outgoing Attack Traffic BINDER Vern to fill out

9 Network: Unwanted Traffic from End Systems Infer application-unwanted traffic: –Packet Symmetry (HotNets 05) Applications need to be DoS-aware

10 Network: Bandwidth Attacks First goal: defeat low cost DDoS attacks where a single compromised machine sends many DoS messages Deadlock (Greenhalgh, et al SRUTI 05) –No source address spoofing because of no filtering mechanism –Little deployment of ingress filtering because of no source address spoofing –No automated filtering because attacks could source-address spoof to bypass it Greenhalgh et al SRUTI 05 –Server-net filtering mechanism using routing/tunneling assuming no source spoofing Internet Accountability (Simon et al 06 under submission) –Ingress filtering among “good” ISPs, others’ traffic marked with “evil” bit with worse treatment during peak traffic –Filtering infrastructure

11 Network: Bandwidth Attacks IP traceback IP pushback New capability infrastructure to the Internet: –SIFF (Oakland 04), Yang et al SIGCOMM 05

12 Network: Attacks on Operations Securing BGP –SPV (Sigcomm 04)

13 Acknowledgement This slide deck benefited from discussions with Adam M. Costello, Sharad Agarwal, and Dan Simon.

Download ppt "Panel: Current Research on Stopping Unwanted Traffic Vern Paxson, Stefan Savage, Helen J. Wang IAB Workshop on Unwanted Traffic March 10, 2006."

Similar presentations

The role of network capabilities Xiaowei Yang UC Irvine NSF FIND PI meeting, June 28 2007.

The role of network capabilities Xiaowei Yang UC Irvine NSF FIND PI meeting, June
Secure Routing Panel FIND PI Meeting (June 27, 2007) Morley Mao, Jen Rexford, Xiaowei Yang.

Secure Routing Panel FIND PI Meeting (June 27, 2007) Morley Mao, Jen Rexford, Xiaowei Yang.
Network Support for Sharing. 2 CABO: Concurrent Architectures are Better than One No single set of protocols or functions –Different applications with.

Network Support for Sharing. 2 CABO: Concurrent Architectures are Better than One No single set of protocols or functions –Different applications with.
Network Operations Research Nick Feamster

Network Operations Research Nick Feamster
Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.

Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.
Slides mostly by Sherif Khattab 1 Denial-of-Service [Gligor, 84] ``A group of otherwise-authorized users of a specific service is said to deny service.

Slides mostly by Sherif Khattab 1 Denial-of-Service [Gligor, 84] ``A group of otherwise-authorized users of a specific service is said to deny service.
Leveraging Good Intentions to Reduce Unwanted Network Traffic Marianne Shaw (U. Washington) USENIX 2nd Workshop on Steps to Reducing Unwanted Traffic on.

Leveraging Good Intentions to Reduce Unwanted Network Traffic Marianne Shaw (U. Washington) USENIX 2nd Workshop on Steps to Reducing Unwanted Traffic on.
IP Traceback in Cloud Computing Through Deterministic Flow Marking Mouiad Abid Hani Presentation figures are from references given on slide 21. By Presented.

IP Traceback in Cloud Computing Through Deterministic Flow Marking Mouiad Abid Hani Presentation figures are from references given on slide 21. By Presented.
NPLA: Network Prefix Level Authentication Ming Li,Yong Cui,Matti Siekkinen,Antti Ylä-Jääski Aalto University, Finland Tsinghua University, China.

NPLA: Network Prefix Level Authentication Ming Li,Yong Cui,Matti Siekkinen,Antti Ylä-Jääski Aalto University, Finland Tsinghua University, China.
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.

IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
Overview of Distributed Denial of Service (DDoS) Wei Zhou.

Overview of Distributed Denial of Service (DDoS) Wei Zhou.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.

Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.
 Unlike other forms of computer attacks, goal isn’t access or theft of information or services  The goal is to stop the service from operating o.

 Unlike other forms of computer attacks, goal isn’t access or theft of information or services  The goal is to stop the service from operating o.
1 Controlling High Bandwidth Aggregates in the Network.

1 Controlling High Bandwidth Aggregates in the Network.
Lan Nguyen Mounika Namburu 1.  DDoS Defense Research  A2D2 Design ◦ Subnet Flooding Detection using Snort ◦ Class -Based Queuing ◦ Multi-level Rate.

Lan Nguyen Mounika Namburu 1.  DDoS Defense Research  A2D2 Design ◦ Subnet Flooding Detection using Snort ◦ Class -Based Queuing ◦ Multi-level Rate.
8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.

8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.
Introduction. Overview of Pushback. Architecture of router. Pushback mechanism. Conclusion. Pushback: Remedy for DDoS attack.

Introduction. Overview of Pushback. Architecture of router. Pushback mechanism. Conclusion. Pushback: Remedy for DDoS attack.
DoS-resistant Internet - progress Bob Briscoe Jun 2005.

DoS-resistant Internet - progress Bob Briscoe Jun 2005.
1 TVA: A DoS-limiting Network Architecture Xiaowei Yang (UC Irvine) David Wetherall (Univ. of Washington) Thomas Anderson (Univ. of Washington)

1 TVA: A DoS-limiting Network Architecture Xiaowei Yang (UC Irvine) David Wetherall (Univ. of Washington) Thomas Anderson (Univ. of Washington)

Similar presentations

Ads by Google