Brett Stone-Gross*, Christo Wilson*, Kevin Almeroth*, Elizabeth Belding*, Heather Zheng*, and Konstantina Papagiannaki** *Department of Computer Science,

Slides:



Advertisements
Similar presentations
TWO STEP EQUATIONS 1. SOLVE FOR X 2. DO THE ADDITION STEP FIRST
Advertisements

1 UNIT I (Contd..) High-Speed LANs. 2 Introduction Fast Ethernet and Gigabit Ethernet Fast Ethernet and Gigabit Ethernet Fibre Channel Fibre Channel High-speed.
Network Layer: Address Mapping, Error Reporting, and Multicasting
By D. Fisher Geometric Transformations. Reflection, Rotation, or Translation 1.
Network Monitoring System In CSTNET Long Chun China Science & Technology Network.
Reconsidering Reliable Transport Protocol in Heterogeneous Wireless Networks Wang Yang Tsinghua University 1.
Security Issues In Mobile IP
Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.
Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.
Usage-Based DHCP Lease- Time Optmization Manas Khadilkar, Nick Feamster, Russ Clark, Matt Sanders Georgia Tech.
1 Building a Fast, Virtualized Data Plane with Programmable Hardware Bilal Anwer Nick Feamster.
Congestion Control and Fairness Models Nick Feamster CS 4251 Computer Networking II Spring 2008.
Interconnection: Switching and Bridging CS 4251: Computer Networking II Nick Feamster Fall 2008.
Advanced Technology Laboratories page 1 Network Performance Monitoring at Small Time Scales Dina Papagiannaki, Rene Cruz, Christophe Diot.
International Telecommunication Union Workshop on End-to-End Quality of Service.What is it? How do we get it? Geneva, 1-3 October 2003 Are Existing Performance.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
CALENDAR.
DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
Addition Facts
Protocol layers and Wireshark Rahul Hiran TDTS11:Computer Networks and Internet Protocols 1 Note: T he slides are adapted and modified based on slides.
Streaming Video over the Internet
Everything.
Break Time Remaining 10:00.
Zhiyun Qian, Z. Morley Mao (University of Michigan)
Chapter 1: Introduction to Scaling Networks
Networks: Introduction 1 CS4514 Computer Networks Term B06 Professor Bob Kinicki.
Local Area Networks - Internetworking
ATM Firewall Routers with Black Lists Hwajung LEE The George Washington University School of Engineering and Applied Science Electrical Engineering and.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 2 The OSI Model and the TCP/IP.
1 Sizing the Streaming Media Cluster Solution for a Given Workload Lucy Cherkasova and Wenting Tang HPLabs.
TCP Probe: A TCP with Built-in Path Capacity Estimation Anders Persson, Cesar Marcondes, Ling-Jyh Chen, Li Lao, M. Y. Sanadidi, Mario Gerla Computer Science.
Chapter 20 Network Layer: Internet Protocol
1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.
ICmyNet.Flow Network Traffic Analysis System If You Want to See Your Net
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 EN0129 PC AND NETWORK TECHNOLOGY I IP ADDRESSING AND SUBNETS Derived From CCNA Network Fundamentals.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 ETHERNET Derived From CCNA Network Fundamentals – Chapter 9 EN0129 PC AND NETWORK TECHNOLOGY.
MaK_Full ahead loaded 1 Alarm Page Directory (F11)
Doc.: IEEE /0018r0 Submission May 2004 Steve Shellhammer, Intel CorporationSlide 1 IEEE Wireless Coexistence TAG Steve Shellhammer
Chapter 7: Intranet LAN Design
Addition 1’s to 20.
25 seconds left…...
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA TCP/IP Protocol Suite and IP Addressing Halmstad University Olga Torstensson
Week 1.
We will resume in: 25 Minutes.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
Clock will move after 1 minute
Connecting LANs, Backbone Networks, and Virtual LANs
1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.1 Module 9 TCP/IP Protocol Suite and IP Addressing.
1 Unit 1 Kinematics Chapter 1 Day
Select a time to count down from the clock above
1 Understanding and Mitigating the Impact of RF Interference on Networks Ramki Gummadi (MIT), David Wetherall (UW) Ben Greenstein (IRS), Srinivasan.
Network Measurements: Unused IP address space traffic analysis at SSSUP Campus Network Francesco Paolucci, Piero Castoldi Research Unit at Scuola Superiore.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Firewalls and Intrusion Detection Systems
Presented by Serge Kpan LTEC Network Systems Administration 1.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.
Is Apple’s iMac Operating System Secure under flooding Attacks? by aditya chintala.
NetworkProtocols. Objectives Identify characteristics of TCP/IP, IPX/SPX, NetBIOS, and AppleTalk Understand position of network protocols in OSI Model.
MAANAS GODUGUNUR SHASHANK PARAB SAMPADA KARANDIKAR.
Lecture 22 Network Security CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Hesham El-Rewini.
Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.
Network Sniffer Anuj Shah Advisor: Dr. Chung-E Wang Department of Computer Science.
Microsoft ISA Server 2000 Presented by Ricardo Diaz Ryan Fansa.
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 25 November 16, 2004.
1 Apricot2001 Effectiveness of VLAN Chan Wai Kok Faculty of Information Technology Salim Beg Faculty of Engineering.
ITP 457 Network Security Networking Technologies III IP, Subnets & NAT.
FIREWALLS An Important Component in Computer Systems Security By: Bao Ming Soh.
CS 3700 Networks and Distributed Systems
Presentation transcript:

Brett Stone-Gross*, Christo Wilson*, Kevin Almeroth*, Elizabeth Belding*, Heather Zheng*, and Konstantina Papagiannaki** *Department of Computer Science, University of California, Santa Barbara **Intel Research Pittsburgh, PA

Connecting to a wireless LAN Users have become accustomed to protection from NATs Firewalls Worms and bots actively scan the Internet for vulnerable hosts Identify machines via port scans Attack/Exploit 2

Objectives Motivation & Applicability Experimental Setup Identifying Malicious Flows MAC Layer Impacts Overall Impacts Conclusions & Future Work 3

To quantify, characterize, and correlate the effects of malicious traffic flows on a wireless LAN. This is the first study to analyze these effects in a large-scale wireless network More resource limitations Bandwidth Channel access 4

Improve quality of service offered by wireless networks Assist in developing more realistic traffic models that account for malicious traffic Applicable to almost any wireless network, especially those with lax security constraints including wireless hotspots Substantiate the need for better wireless network protections 5

Data collection from the 67 th IETF meeting in San Diego, California for a 5-day duration 44.7Mbps T3 backhaul link Publicly routable subnet /16 No network address translation (NAT) No firewall/MAC layer encryption 30 access points a/b/g 11 wireless packet sniffers IBM/Toshiba laptops with Atheros chipsets Wired and wireless traffic captured from a trunk port on the core router 6

7

Wired Data Set Packet traces from all hosts over all 5 days 511GB uncompressed Wireless Data Set Packet traces from 11 concurrent access points 131 GB uncompressed The wired data set was initially utilized to identify malicious flows and then matched with the smaller wireless data set 8

Port scanning & flooding Large numbers of short-lived connections TCP SYNs, ICMP ping Well-known exploit signatures Port-based Malicious payloads Since nearly all connected machines were laptops, unsolicited incoming connections to various services were easily identifiable 9

HTTP TCP SYN floods NetBIOS/Microsoft Discovery Services exploits SSH brute force dictionary attacks MS SQL exploits 10

TCP Statistics Egress 4,076,412 out of 272,480,816 (1.5%) were classified as malicious Ingress 2,765,683 out of 284,565,595 (1.0%) were classified as malicious 3,906 out of 109,740 unique external IP addresses (3.6%) engaged in malicious traffic flows 14 out of 1,786 internal IP addresses (0.8%) showed indications of malicious activity. Network experts are more security conscious? At least one person was likely infected at the conference 11

Not ideal for studying the MAC layer effects Attacks that involved only a few total packets Few services were running on connected hosts (mostly laptops) Natural load-balancing Port scans that were distributed over hosts on all 30 access points Backscatter from DoS attacks throughout the Internet that produced unsolicited TCP SYN ACKs, resets, and ICMP replies also distributed over all 30 access points 12

Ideal for studying effects of malware attacks All packets are broadcasted and processed by a single access point Broadcasts impact nearby hosts Channel Busy-time/Utilization Packet collisions Management frames Data frames Transmission rates Auto-Rate Fallback (ARF) mechanism Reduces transmission rates in favor of more robust modulation and coding schemes 13

Increased Number of data retransmissions Channel utilization Probe requests Reduced Transmission rates 11-18Mbps rates increased while 48-54Mbps rates decreased significantly Probe responses 14

ICMP ping in combination with a NetBIOS worm exploit that originated from a single machine on the wireless LAN 78,295 overall packets in about 18 minutes Start:17:02:38 End:17:20:45 Attack halted for about 2 minutes at 17:09:00 Bursts of 235 packets per second Average rate of 117 packets per second 15

16

17

18

19

Increased round-trip-times (RTTs) 20 Non-Attack Interval During Attack Percent Increase Average Egress 64.7 ms99.2 ms53.2% Avg Ingress 23.4 ms36.1 ms54.4% Median Egress 41.6 ms85.0 ms104.3% Median Ingress 3.2 ms6.8 ms112.5%

Malicious traffic flows have a detrimental impact on wireless networks MAC Layer Latency/Round-trip-time Auto-rate fallback is not optimal during congested intervals The mechanism of probing for better connectivity may only increase overall network contention Probe responses and other management frames may be blocked during periods of high channel utilization 21

Aggregate statistics for similar data sets IETF data sets 58 th, 60 th, 62 nd, 64 th Trend Analysis Malicious flows Evolution of malware Backscatter analysis Network Protection Solutions How to filter this traffic? How much of an impact will this make? Traffic Modeling with Malicious Flows 22

Contact Information 23

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.