1 A Study on SYN Flooding Student: Tao-Wei Huang Advisor: Prof. Wen-Nung Tasi 2001/06/13.

Slides:



Advertisements
Similar presentations
Computer Networks TCP/IP Protocol Suite.
Advertisements

1 UNIT I (Contd..) High-Speed LANs. 2 Introduction Fast Ethernet and Gigabit Ethernet Fast Ethernet and Gigabit Ethernet Fibre Channel Fibre Channel High-speed.
1
Feichter_DPG-SYKL03_Bild-01. Feichter_DPG-SYKL03_Bild-02.
1 Vorlesung Informatik 2 Algorithmen und Datenstrukturen (Parallel Algorithms) Robin Pomplun.
Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2003 Chapter 11 Ethernet Evolution: Fast and Gigabit Ethernet.
Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 6 Author: Julia Richards and R. Scott Hawley.
Author: Julia Richards and R. Scott Hawley
1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.
1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 3 CPUs.
Properties Use, share, or modify this drill on mathematic properties. There is too much material for a single class, so you’ll have to select for your.
1 Optical network CERNET's experience and prospective Xing Li, Congxiao Bao
UNITED NATIONS Shipment Details Report – January 2006.
RXQ Customer Enrollment Using a Registration Agent (RA) Process Flow Diagram (Move-In) Customer Supplier Customer authorizes Enrollment ( )
1 Hyades Command Routing Message flow and data translation.
Business Transaction Management Software for Application Coordination 1 Business Processes and Coordination. Introduction to the Business.
1 RA I Sub-Regional Training Seminar on CLIMAT&CLIMAT TEMP Reporting Casablanca, Morocco, 20 – 22 December 2005 Status of observing programmes in RA I.
Properties of Real Numbers CommutativeAssociativeDistributive Identity + × Inverse + ×
FACTORING ax2 + bx + c Think “unfoil” Work down, Show all steps.
Year 6 mental test 10 second questions
1 Click here to End Presentation Software: Installation and Updates Internet Download CD release NACIS Updates.
1. 2 Objectives Become familiar with the purpose and features of Epsilen Learn to navigate the Epsilen environment Develop a professional ePortfolio on.
REVIEW: Arthropod ID. 1. Name the subphylum. 2. Name the subphylum. 3. Name the order.
1 Chapter One Introduction to Computer Networks and Data Communications.
1 EE 122: Networks Performance & Modeling Ion Stoica TAs: Junda Liu, DK Moon, David Zats (Materials with thanks.
Break Time Remaining 10:00.
Local Area Networks - Internetworking
PP Test Review Sections 6-1 to 6-6
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 2 The OSI Model and the TCP/IP.
EU market situation for eggs and poultry Management Committee 20 October 2011.
EIS Bridge Tool and Staging Tables September 1, 2009 Instructor: Way Poteat Slide: 1.
Countering DoS Attacks with Stateless Multipath Overlays Presented by Yan Zhang.
IP Multicast Information management 2 Groep T Leuven – Information department 2/14 Agenda •Why IP Multicast ? •Multicast fundamentals •Intradomain.
BEEF & VEAL MARKET SITUATION "Single CMO" Management Committee 18 April 2013.
VOORBLAD.
Chapter 20 Network Layer: Internet Protocol
1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.
Copyright © 2012, Elsevier Inc. All rights Reserved. 1 Chapter 7 Modeling Structure with Blocks.
1 RA III - Regional Training Seminar on CLIMAT&CLIMAT TEMP Reporting Buenos Aires, Argentina, 25 – 27 October 2006 Status of observing programmes in RA.
Factor P 16 8(8-5ab) 4(d² + 4) 3rs(2r – s) 15cd(1 + 2cd) 8(4a² + 3b²)
Basel-ICU-Journal Challenge18/20/ Basel-ICU-Journal Challenge8/20/2014.
Nov-03 ©Cisco Systems CCNA Semester 1 Version 3 Comp11 Mod11 – St. Lawrence College – Cornwall Campus, ON, Canada – Clark slide 1 Cisco Systems CCNA Version.
1..
CONTROL VISION Set-up. Step 1 Step 2 Step 3 Step 5 Step 4.
© 2012 National Heart Foundation of Australia. Slide 2.
1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.1 Module 10 Routing Fundamentals and Subnets.
Adding Up In Chunks.
1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.1 Module 2 Networking Fundamentals.
Network Fundamentals – Chapter 4 Sandra Coleman, CCNA, CCAI
Understanding Generalist Practice, 5e, Kirst-Ashman/Hull
Model and Relationships 6 M 1 M M M M M M M M M M M M M M M M
25 seconds left…...
Subtraction: Adding UP
Equal or Not. Equal or Not
Analyzing Genes and Genomes
©Brooks/Cole, 2001 Chapter 12 Derived Types-- Enumerated, Structure and Union.
Essential Cell Biology
Intracellular Compartments and Transport
PSSA Preparation.
VPN AND REMOTE ACCESS Mohammad S. Hasan 1 VPN and Remote Access.
Essential Cell Biology
Immunobiology: The Immune System in Health & Disease Sixth Edition
1 Chapter 13 Nuclear Magnetic Resonance Spectroscopy.
Energy Generation in Mitochondria and Chlorplasts
Murach’s OS/390 and z/OS JCLChapter 16, Slide 1 © 2002, Mike Murach & Associates, Inc.
TCP/IP Protocol Suite 1 Chapter 18 Upon completion you will be able to: Remote Login: Telnet Understand how TELNET works Understand the role of NVT in.
Presentation transcript:

1 A Study on SYN Flooding Student: Tao-Wei Huang Advisor: Prof. Wen-Nung Tasi 2001/06/13

2 Outline Motivation Introduction Denial of Service Attacks Related Works Design and Implementation Experimental Results Conclusions and Future Works

3 Motivation SYN Flooding attack affects network seriously Attackers need only few resources to launch the attack, it is difficult to trace the source of attacker TCP provides many important protocols, such as HTTP, FTP, POP3, etc, frequently for information exchanging No mechanism seems to provide an optimal solution [1999, L. Ricciulli]

4 TCP/IP Model

5 UDP -- connectionless Provide an unreliable connectionless delivery service No flow control and retransmission ClientServer Data

6 ClientServer SYN x, ACK 0 SYN y, ACK x+1 SYN x+1, ACK y+1 LISTEN SYN_RCVD ESTABLISHED backlog TCP -- connection-oriented

7 Denial of Service Attacks Ping of Death Smurf Teardrop Land SYN Flooding

8 Smurf

9 Teardrop (1/2) R2R3R1 DS R4 ETHIP1500ETHIP1500ETHIP512 ETHIP512 ETHIP476 ETHIP512 ETHIP512 ETHIP476 ETHIP1500 ETHIP512 ETHIP512 ETHIP476

10 Teardrop (2/2) Ident = xOffset = 0 Start of header 0 Rest of header 1500 data bytes Ident = xOffset = 0 Start of header 1 Rest of header 512 data bytes Ident = xOffset = 512 Start of header 1 Rest of header 512 data bytes Ident = xOffset = 1024 Start of header 0 Rest of header 476 data bytes Ident = xOffset = 0 Start of header 1 Rest of header 512 data bytes Ident = xOffset = 500 Start of header 1 Rest of header 512 data bytes Ident = xOffset = 1000 Start of header 0 Rest of header 476 data bytes Normal IP Packet Teardrop IP Packet

11 Land Attack TCP SYN packet with the same source and destination IP address, port Ex: ( , , 80, 80) Land attacks affect some OSs over the Internet

12 Attacker Server Attacker ? backlog SYN + ACK SYN Flooding

13 Why SYN Flooding Some DoS attacks are OS dependent and CERT ® proposes some suggestions SYN Flooding attack is the weakness in protocol No optimal solution to defense SYN Flooding attack

14 Related Works Firewall/Router Approach Firewall Relay[1997, E. H. Spafford] Cisco TCP Intercept [7xxx Router & PIX 5.2 Firewall] Cookie Approach RST Cookie[1996, E. Shenk] SYN Cookie[1996, Rex Di Bona] Random Drop [1999, L. Ricciulli]

15 Firewall Relay

16 Cisco TCP Intercept

17 RST Cookie

18 SYN Cookie

19 Random Drop

20 System Architecture Overview the same IP

21 Design (1/2) Filter and Server have the same IP address and Server does not respond ARP Request Filter respond Server ’ s ARP with its MAC address Hide the Server to protect the Server

22 Design (2/2) SYN Cache Solve the packet lost problem in SYN Cookie (client_ip, client_port, sequence_num, ack_num, retransmit_info) 16 bytes 16 * = 160 Kbytes Hash Function Eliminate the overhead of sequence number conversion Hash(client_ip, client_port, server_ip, server_port, key)  xor operation key will be changed periodically

23 Connection Establishment

24 Modification on Filter

25 Modification on Server

26 Experimental Environment Scenario (1) and Scenario (2) the same IP

27 Experimental Equipment Hardware P-III 500 with 100Mbps Ethernet Card 100Mbps Hub, Router Software Server (apache )  FreeBSD Client (httpref 0.6)  FreeBSD Attacker (synk4.c)  FreeBSD Attacker Speed FreeBSD default warning threshold : 200pps Attack rate from 1000pps to 10000pps Test file size from 1k to 200k Bytes

28 Experimental Results Throughput (1/3)

29 Experimental Results Throughput (2/3)

30 Experimental Results Throughput (3/3)

31 Experimental Results Request per Second (1/3)

32 Experimental Results Request per Second (2/3)

33 Experimental Results Request per Second (3/3)

34 Experimental Results Execution Time (1/3)

35 Experimental Results Execution Time (2/3)

36 Experimental Results Execution Time (3/3)

37 Conclusions (1/2) Strength of Proposed Approach filter packet, authenticate client, and forward packet no other services provided Comparisons with Existing Approaches Our ApproachCisco TCP InterceptFirewall/Proxy Connection Establishment NOYES Sequence Number Conversion NOYES

38 Conclusions (2/2) Our ApproachSYN CookieRST CookieRandom Drop Guarantee Service YES NO Memory Immunity YES Computing Immunity NO YES Packet Retransmission YESNO YES Good Performance YES NOYES

39 Future Works Fault Tolerance Mechanism Multiple Services Protecting Intelligent Configuration

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.