slide 1 Vitaly Shmatikov CS 378 Attacks on TCP/IP

slide 2 Internet Infrastructure local network Internet service provider (ISP) backbone ISP local network uTCP/IP for routing and connections uBorder Gateway Protocol (BGP) for inter-domain routing uDomain Name System (DNS) for IP address discovery

slide 3 OSI Protocol Stack application presentation session transport network data link physical IP TCP , Web, NFS RPC Ethernet

slide 4 Data Formats Application data data TCP header data TCP header data TCP header data TCP header IP header data TCP header IP header Ethernet header Ethernet trailer application layer transport layer network layer data link layer message segment packet frame

slide 5 TCP (Transmission Control Protocol) uSender: break data into packets Sequence number is attached to every packet uReceiver: reassemble packets in correct order Acknowledge receipt; lost packets are re-sent uConnection state maintained on both sides book remember received pages and reassemble mail each page

slide 6 IP (Internet Protocol) uConnectionless Unreliable, “best-effort” protocol uUses numeric addresses for routing Typically several hops in the route Alice’s computer Alice’s ISP Bob’s ISP Bob’s computer Packet Source Dest Seq

slide 7 ICMP (Control Message Protocol) uProvides feedback about network operation “Out-of-band” messages carried in IP packets Error reporting, congestion control, reachability, etc. uExample messages: Destination unreachable Time exceeded Parameter problem Redirect to better gateway Reachability test (echo / echo reply) Message transit delay (timestamp request / reply)

slide 8 Security Issues in TCP/IP uNetwork packets pass by untrusted hosts Eavesdropping (packet sniffing) uIP addresses are public Smurf attacks uTCP connection requires state SYN flooding uTCP state is easy to guess TCP spoofing and connection hijacking

slide 9 network Packet Sniffing uMany applications send data unencrypted ftp, telnet send passwords in the clear uNetwork interface card (NIC) in “promiscuous mode” reads all passing data Solution: encryption (e.g., IPSec), improved routing

slide 10 Smurf Attack gateway victim 1 ICMP Echo Req Src: victim’s address Dest: broadcast address Looks like a legitimate “Are you alive?” ping request from the victim Every host on the network generates a ping (ICMP Echo Reply) to victim Stream of ping replies overwhelms victim Solution: reject external packets to broadcast addresses

slide 11 “Ping of Death” uIf an old Windows machine received an ICMP packet with a payload longer than 64K, machine would crash or reboot Programming error in older versions of Windows Packets of this length are illegal, so programmers of Windows code did not account for them Solution: patch OS, filter out ICMP packets

slide 12 TCP Handshake CS SYN C SYN S, ACK C ACK S Listening… Store data (connection state, etc.) Wait Connected

slide 13 SYN Flooding Attack S SYN C1 Listening… Store data SYN C2 SYN C3 SYN C4 SYN C5 … and more data … and more

slide 14 SYN Flooding Explained uAttacker sends many connection requests with spoofed source addresses uVictim allocates resources for each request Connection state maintained until timeout Fixed bound on half-open connections uOnce resources exhausted, requests from legitimate clients are denied uThis is a classic denial of service (DoS) attack Common pattern: it costs nothing to TCP initiator to send a connection request, but TCP responder must allocate state for each request (asymmetry!)

slide 15 Preventing Denial of Service uDoS is caused by asymmetric state allocation If responder opens a state for each connection attempt, attacker can initiate thousands of connections from bogus or forged IP addresses uCookies ensure that the responder is stateless until initiator produced at least 2 messages Responder’s state (IP addresses and ports of the con- nection) is stored in a cookie and sent to initiator After initiator responds, cookie is regenerated and compared with the cookie returned by the initiator The cost is two extra messages in each execution

slide 16 Anti-DoS Cookies: Basic Pattern uTypical protocol: Client sends request (message #1) to server Server sets up connection, responds with message #2 Client may complete session or not (potential DoS) uCookie version: Client sends request to server Server sends hashed connection data back –Send message #2 later, after client confirms Client confirms by returning hashed data –If source IP address is bogus, attacker can’t confirm Need an extra step to send postponed message #2

slide 17 SYN Cookies [Bernstein & Schenk] CS SYN C Listening… Does not store state F(source addr, source port, dest addr, dest port, coarse time, server secret) SYN S, ACK C sequence # = cookie Cookie must be unforgeable and tamper-proof (why?) Client should not be able to invert a cookie (why?) F=Rijndael or crypto hash Recompute cookie, compare with with the one received, only establish connection if they match ACK S (cookie) Compatible with standard TCP; simply a “weird” sequence number scheme More info:

slide 18 Another Defense: Random Deletion SYN C uIf SYN queue is full, delete random entry Legitimate connections have a chance to complete Fake addresses will be eventually deleted uEasy to implement half-open connections

slide 19 TCP Connection Spoofing uEach TCP connection has an associated state Sequence number, port number uTCP state is easy to guess Port numbers are standard, sequence numbers are often predictable Can inject packets into existing connections uIf attacker knows initial sequence number and amount of traffic, can guess likely current number Send a flood of packets with likely sequence numbers

slide 20 “Blind” IP Spoofing Attack Trusted connection between Alice and Bob uses predictable sequence numbers Alice Bob  SYN-flood Bob’s queue  Send packets to Alice that resemble Bob’s packets  Open connection to Alice to get initial sequence number uCan’t receive packets sent to Bob, but maybe can penetrate Alice’s computer if Alice uses IP address-based authentication For example, rlogin and many other remote access programs uses address-based authentication (remember.rhosts?)

slide 21 DoS by Connection Reset uIf attacker can guess current sequence number for an existing connection, can send Reset packet to close it With 32-bit sequence numbers, probability of guessing correctly is 1/2 32 (not practical) Most systems accept large windows of sequence numbers  much higher probability of success –Need large windows to handle massive packet losses uEspecially effective against long-lived connections For example, BGP (Border Gateway Protocol)

slide 22 Countermeasures uAbove transport layer: SSL/TLS and SSH Protects against connection hijacking and injected data Does not protect against DoS by spoofed packets uAbove transport layer: Kerberos Provides authentication, protects against spoofing Does not protect against connection hijacking uNetwork (IP) layer: IPSec Protects against hijacking, injection, DoS using connection resets, IP address spoofing We will study IPSec in some detail

slide 23 Reading Assignment u“IP Spoofing Demystified” from Phrack magazine u“SYN cookies” by Bernstein Both are online on the course website uOptional: Joncheray’s paper about TCP connection hijacking