0x1A Great Papers in Computer Security

Slides:

Advertisements

Similar presentations

TCP Flooding. TCP handshake C S SYN C SYN S, ACK C ACK S Listening Store data Wait Connected.

Advertisements

1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?

CISCO NETWORKING ACADEMY PROGRAM (CNAP)

TCP for today’s Web. Connections today Web-page > 300KB but objects are small 7.5KB -2.4KB [25] lots of small objects in a page. Implication: TCP Handshake.

Availability Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Aspects of Computer.

CIS 193A – Lesson13 Attack and Defense. CIS 193A – Lesson13 Focus Question Describe how Nmap, psad, and iptables work together for playing out attack.

Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.

1 Reading Log Files. 2 Segment Format

Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.

Security (Continued) V.T. Raja, Ph.D., Oregon State University.

Network Attacks Mark Shtern.

Slide 1 Vitaly Shmatikov CS 378 Attacks on TCP/IP.

Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.

Detecting SYN-Flooding Attacks ＡａｒｏｎＢｅａｃｈＣＳ３９５ＮｅｔｗｏｒｋＳｅｃｕｒｉｔｙＳｐｒｉｎｇ２００４.

A CHAT CLIENT-SERVER MODULE IN JAVA BY MAHTAB M HUSSAIN MAYANK MOHAN ISE 582 FALL 2003 PROJECT.

Slide 1 Attacks on TCP/IP. slide 2 Security Issues in TCP/IP uNetwork packets pass by untrusted hosts Eavesdropping (packet sniffing) uIP addresses are.

DFence: Transparent Network-based Denial of Service Mitigation CSC7221 Advanced Topics in Internet Technology Presented by To Siu Sang Eric ( )

TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

SYN Flooding: A Denial of Service Attack Shivani Hashia CS265.

Slide 1 Isaac Ghansah Attacks on TCP/IP. slide 2 Internet Infrastructure local network Internet service provider (ISP) backbone ISP local network uTCP/IP.

Detecting SYN-Flooding Attacks ＡａｒｏｎＢｅａｃｈＣＳ３９５ＮｅｔｗｏｒｋＳｅｃｕｒｉｔｙＳｐｒｉｎｇ２００４.

1 CCNA 2 v3.1 Module Intermediate TCP/IP CCNA 2 Module 10.

Communication Protocols III Tenth Meeting. Connections in TCP A wants to send to B. What is the packet next move? A travels through hub and bridge to.

WXES2106 Network Technology Semester /2005 Chapter 8 Intermediate TCP CCNA2: Module 10.

Lecture 15 Denial of Service Attacks

Lecture 22 Page 1 Advanced Network Security Other Types of DDoS Attacks Advanced Network Security Peter Reiher August, 2014.

Sales Kickoff - ARCserve

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.

1 Semester 2 Module 10 Intermediate TCP/IP Yuda college of business James Chen

Introduction to Sockstress A TCP Socket Stress Testing Framework Presented at the SEC-T Security Conference Presented by: Jack C. Louis –Senior Security.

ICOM 6115©Manuel Rodriguez-Martinez ICOM 6115 – Computer Networks and the WWW Manuel Rodriguez-Martinez, Ph.D. Lecture 26.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

Transmission Control Protocol TCP. Transport layer function.

TCP/IP Vulnerabilities

CSE 461 Section. Let’s learn things first! Joke Later!

1 Firewalls Types of Firewalls Inspection Methods  Static Packet Inspection  Stateful Packet Inspection  NAT  Application Firewalls Firewall Architecture.

DoS Suite and Raw Socket Programming Group 16 Thomas Losier Paul Obame Group 16 Thomas Losier Paul Obame.

Denial of Service Attacks

A Cost-Based Framework for Analysis of Denial of Service in Networks Author: Catherine Meadows Presenter: Ajay Mahimkar.

________________ CS3235, Nov 2002 (Distributed) Denial of Service Relatively new development. –Feb 2000 saw attacks on Yahoo, buy.com, ebay, Amazon, CNN.

Computer Science and Engineering Computer System Security CSE 5339/7339 Session 25 November 16, 2004.

TCP Security Vulnerabilities Phil Cayton CSE

Breno de MedeirosFlorida State University Fall 2005 The IP, TCP, UDP protocols A quick refresher.

Lecture 6: Network Attacks II

Lecture 17 Page 1 Advanced Network Security Network Denial of Service Attacks Advanced Network Security Peter Reiher August, 2014.

1 Dimension of Server Designs r Iterative vs Concurrent r Connection-oriented vs. connectionless r Stateful and stateless m Constrained by application.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 BGP Overview Establishing BGP Sessions.

© 2002, Cisco Systems, Inc. All rights reserved..

Transport Layer1 TCP Connection Management Recall: TCP sender, receiver establish “connection” before exchanging data segments r initialize TCP variables:

TCP/IP1 Address Resolution Protocol Internet uses IP address to recognize a computer. But IP address needs to be translated to physical address (NIC).

Denail of Service(Dos) Attacks & Distributed Denial of Service(DDos) Attacks Chun-Chung Chen.

@Yuan Xue CS 285 Network Security Internet Security and DoS Yuan Xue Fall 2011.

An Introduction To ARP Spoofing & Other Attacks

Port Scanning James Tate II

Introduction to Information Security , Spring 2017 Lecture 9: Network Defenses: Firewalls, NAT, VPN, DoS Avishai Wool Slides credit: John Mitchell,

Networks 2 Key Revision Points.

Outline Basics of network security Definitions Sample attacks

CSE 4905 Denial of Service Attacks

Introduction to Networking

CS 5565 Network Architecture and Protocols

The IP, TCP, UDP protocols

CS 5565 Network Architecture and Protocols

Outline Basics of network security Definitions Sample attacks

Figure 3-23: Transmission Control Protocol (TCP) (Study Figure)

Lecture 3: Secure Network Architecture

Network Protocol Vulnerabilities

Session 20 INST 346 Technologies, Infrastructure and Architecture

Outline Basics of network security Definitions Sample attacks

TCP Connection Management

Presentation transcript:

0x1A Great Papers in Computer Security CS 380S 0x1A Great Papers in Computer Security Vitaly Shmatikov http://www.cs.utexas.edu/~shmat/courses/cs380s/

D. Bernstein SYN cookies (1996)

TCP Handshake C S SYNC Listening… Spawn a new thread, store data (connection state, etc.) SYNS, ACKC Wait ACKS Connected

SYN Flooding Attack S SYNC1 Listening… Spawn a new thread, store connection data SYNC2 SYNC3 … and more SYNC4 … and more … and more SYNC5 … and more … and more

SYN Flooding Explained Attacker sends many connection requests with spoofed source addresses Victim allocates resources for each request New thread, connection state maintained until timeout Fixed bound on half-open connections Once resources exhausted, requests from legitimate clients are denied This is a classic denial of service attack Common pattern: it costs nothing to TCP initiator to send a connection request, but TCP responder must spawn a thread for each request - asymmetry!

Preventing Denial of Service DoS is caused by asymmetric state allocation If responder opens new state for each connection attempt, attacker can initiate thousands of connections from bogus or forged IP addresses Cookies ensure that the responder is stateless until initiator produced at least two messages Responder’s state (IP addresses and ports of the con-nection) is stored in a cookie and sent to initiator After initiator responds, cookie is regenerated and compared with the cookie returned by the initiator

SYN Cookies C S [Bernstein and Schenk] SYNC SYNS, ACKC ACKS Listening… Compatible with standard TCP; simply a “weird” sequence number Does not store state SYNS, ACKC sequence # = cookie F(source addr, source port, dest addr, dest port, coarse time, server secret) Cookie must be unforgeable and tamper-proof (why?) F=Rijndael or crypto hash ACKS sequence # = cookie+1 Recompute cookie, compare with the received cookie, only establish connection if they match More info: http://cr.yp.to/syncookies.html

Anti-Spoofing Cookies: Basic Pattern Client sends request (message #1) to server Typical protocol: Server sets up connection, responds with message #2 Client may complete session or not - potential DoS! Cookie version: Server responds with hashed connection data instead of message #2 Client confirms by returning hashed data If source IP address is spoofed, attacker can’t confirm Need an extra step to send postponed message #2, except in TCP (SYN-ACK already there)