Threats Relating to Transport Layer Protocols Handling Multiple Addresses Masataka Ohta Tokyo Institute of technology

Slides:

Advertisements

Similar presentations

06-Sep-2006Copyright (C) 2006 Internet Initiative Japan Inc.1 Prevent DoS using IP source address spoofing MATSUZAKI ‘maz’ Yoshinobu.

Advertisements

Multihoming in IPV6 Habib Naderi Department of Computer Science University of Auckland.

Helper Protocols Protocols that either make it easier for IP to do its job, or extend the capabilities of the network layer.

IPNL: A NAT-Extended Internet Architecture Francis & Gummadi Riku Honkanen.

IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.

COS 420 Day 18. Agenda Assignment 4 Posted Chap Due April 6 Group project program requirements Submitted but Needs lots of work Individual Project.

1 Controlling High Bandwidth Aggregates in the Network.

COS 420 Day 20. Agenda Group Project Discussion Protocol Definition Due April 12 Paperwork Due April 29 Assignment 3 Due Assignment 4 is posted Last Assignment.

Slides of the course was made by TAs of this and previous semesters 1 Internet Networking Spring 2002 Tutorial 1 Subnets, Proxy ARP.

1 Representing Identity CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 19, 2004.

Reliable Distributed Systems Naming (Communication Basics Part II) Slide set based on one by Prof. Paul Francis, Cornell University. Updated by Bina Ramamurthy.

Networking and Internetworking Devices Networks and Protocols Prepared by: TGK First Prepared on: Last Modified on: Quality checked by: Copyright 2009.

Lecture 1 Overview: roadmap 1.1 What is computer network? the Internet? 1.2 Network edge  end systems, access networks, links 1.3 Network core  network.

Vocabulary URL = uniform resource locator: web address protocol –set of rules that networked computers follow in order to share data and coordinate communications.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Spring 2006.

Network Attacks. Network Trust Issues – TCP Congestion control – IP Src Spoofing – Wireless transmission Denial of Service Attacks – TCP-SYN – Name Servers.

Lecture 15 Denial of Service Attacks

1 Review of Important Networking Concepts Introductory material. This slide uses the example from the previous module to review important networking concepts:

1 Chapter Overview Subnet. What is a subnet When you break a network into a few smaller networks, you have created several subnets Like IP address where.

1 Introduction on the Architecture of End to End Multihoming Masataka Ohta Tokyo Institute of Technology

 It defines the format of the frame to be exchanged between devices.  It defines how two devices can negotiate the establishment of the link and the.

Layering and the TCP/IP protocol Suite  The TCP/IP Protocol only contains 5 Layers in its networking Model  The Layers Are 1.Physical -> 1 in OSI 2.Network.

Spring Ch 18 IP Addresses. 2 Internet Protocol  Only protocol at Layer 3  Defines Internet addressing Internet packet format Internet routing.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.

Human-Computer Interface Course 5. ISPs and Internet connection.

Overview of SHIM6 Multihoming Protocol Fuad Bin Naser Std. No A presentation for CSE6806: Wireless & Mobile Communication Networks.

Lesson 24. Protocols and the OSI Model. Objectives At the end of this Presentation, you will be able to:

CSI315 Web Development Technologies Continued. Communication Layer information needs to get from one place to another –Computer- Computer –Software- Software.

1 © 2004, Cisco Systems, Inc. All rights reserved. Chapter 4 Routing Fundamentals and Subnets/ TCP/IP Transport and Application Layers.

Chapter 1: Introduction to Web Applications. This chapter gives an overview of the Internet, and where the World Wide Web fits in. It then outlines the.

Denial of Service Bryan Oemler Web Enhanced Information Management March 22 nd, 2011.

Introduction and Overview Chapter 1. Why Study TCP/IP? Forms global Internet base technology Has accommodated explosive growth well Protocols work over.

Internet Protocol Internetworking Lab 1. Why Internet?

Fall 2005Computer Networks20-1 Chapter 20. Network Layer Protocols: ARP, IPv4, ICMPv4, IPv6, and ICMPv ARP 20.2 IP 20.3 ICMP 20.4 IPv6.

Internetworking – What is internetworking? Connect multiple networks of one or more organizations into a large, uniform communication system. The resulting.

Part 3: Internetworking Internet architecture, addressing, encapsulation, reliable transport and the TCP/IP protocol suite.

The Inter-network is a big network of networks.. The five-layer networking model for the internet.

Information Flow Across the Internet. What is the Internet? A large group of computers that link together to form the Worldwide Area Network (WAN)

Module 4 Quiz. 1. Which of the following statements about Network Address Translation (NAT) are true? Each correct answer represents a complete solution.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2004.

DNS Hijack Demonstration (Diverting User Application via DNS) Giovanni Marzot, Ólafur Guðmundsson,

IP1 The Underlying Technologies. What is inside the Internet? Or What are the key underlying technologies that make it work so successfully? –Packet Switching.

Denial of Service Datakom Ht08 Jesper Christensen, Patrick Johansson, Robert Kajic A short introduction to DoS.

Chapter 7 Denial-of-Service Attacks Denial-of-Service (DoS) Attack The NIST Computer Security Incident Handling Guide defines a DoS attack as: “An action.

IPv6 Site-Local Discussion Bob Hinden & Margaret Wasserman IETF 56 San Francisco March 2003.

Setup and Management for the CacheRaQ. Confidential, Page 2 Cache Installation Outline – Setup & Wizard – Cache Configurations –ICP.

CSCE Farkas1 CSCE 522 Network Security. Reading Pfleeger and Pfleeger: Chapter 6 CSCE Farkas2.

By: Muhammad Hanif.  Have a heart that never harden, and a temper that never tire, and a touch that never hurt.  The True happiness is to give love.

1 12-Jan-16 OSI network layer CCNA Exploration Semester 1 Chapter 5.

THE INTERNET IP  The Internet Protocol (IP) is the principal communications protocol used for relaying datagrams (packets) across an internetwork using.

Network Security Threats KAMI VANIEA 18 JANUARY KAMI VANIEA 1.

Site Multihoming for IPv6 Brian Carpenter IBM TERENA Networking Conference, Poznan, 2005.

Copyright 2009 Kenneth M. Chipps Ph.D. Addressing in Networks Last Update

Hands-On Ethical Hacking and Network Defense Chapter 2 TCP/IP Concepts Review Last modified

IP Protocol CSE TCP/IP Concepts Connectionless Operation Internetworking involves connectionless operation at the level of the Internet Protocol.

Also known as hardware/physi cal address Customer Computer (Client) Internet Service Provider (ISP) MAC Address Each Computer has: Given by NIC card.

Internet Protocol Address

Chapter 5 Network and Transport Layers

End-to-end Multihoming <draft-ohta-e2e-multihoming-00.txt>

Tokyo Institute of Technology

Pertemuan 11 Model TCP/IP

NET323 D: Network Protocols

NET323 D: Network Protocols

Lecture 6: TCP/IP Networking 1nd semester By: Adal ALashban.

Unit 8 Network Security.

INFORMATION FLOW ACROSS THE INTERNET

16EC Computer networks unit II Mr.M.Jagadesh

Delivery, Forwarding, and Routing of IP Packets

Wireless Spoofing Attacks on Mobile Devices

Computer Networks Protocols

Presentation transcript:

Threats Relating to Transport Layer Protocols Handling Multiple Addresses Masataka Ohta Tokyo Institute of technology

Multihoming and Multiple Addresses To not to bloat the global routing table –Sites and small ISPs should have multiple prefixes assigned from their upstream –Multiple IP Addresses are mapped to a single transport entity session by session The Internetworking layer is connectionless –Can not support “session” or its state –Transport layer takes care of the addresses

Threats Identified Connection Hijacking with False Peer Address New DDoS Opportunity with False Source Information New DoS Opportunity on Identification Privacy on Identification

Connection Hijacking with False Peer Address Hosts in multihomed sites may be supplied a false peer address from an attacker, which redirect existing connection to a wrong location. Not a new threat –MITM can rewrite DNS answers –MITM can rewirte URLs of HTTP sessions Protected by cookies of transport protocols

New DDoS Opportunity with False Source Information Hosts may be used for distributed DoS to damage the rest of the Internet DoS amplification is the problem Not a new threat –DNS reply is often longer than query DoS bandwidth amplified M6 protocols should not reply so long or so much replies for a short query packet

New DoS Opportunity on Identification Depending on a way to identify a host, the host may be subject to DoS PK cryptography is computationary expensive Never perform PK computation (if any) without a cookie exchange –not a protection against MITM

Privacy on Identification Depending on a way to identify a host, hosts may not be able to hide its privacy IDs should be able to be temporary Locators can not be hidden