Computer Networks Zhenhai Duan Department of Computer Science 09/03/2015.

Slides:

Advertisements

Similar presentations

Detecting Spam Zombies by Monitoring Outgoing Messages Zhenhai Duan Department of Computer Science Florida State University.

Advertisements

1 Intrusion Monitoring of Malicious Routing Behavior Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of Computer Science UCDavis.

1 Copyright  1999, Cisco Systems, Inc. Module10.ppt10/7/1999 8:27 AM BGP — Border Gateway Protocol Routing Protocol used between AS’s Currently Version.

Martin Suchara in collaboration with I. Avramopoulos and J. Rexford How Small Groups Can Secure Interdomain Routing.

Part IV: BGP Routing Instability. March 8, BGP routing updates  Route updates at prefix level  No activity in “steady state”  Routing messages.

Border Gateway Protocol Ankit Agarwal Dashang Trivedi Kirti Tiwari.

Network Layer: Internet-Wide Routing & BGP Dina Katabi & Sam Madden.

CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.

Lecture 9 Overview. Hierarchical Routing scale – with 200 million destinations – can’t store all dests in routing tables! – routing table exchange would.

© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.

Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.

Consensus Routing: The Internet as a Distributed System John P. John, Ethan Katz-Bassett, Arvind Krishnamurthy, and Thomas Anderson Presented.

Computer Networks Zhenhai Duan Department of Computer Science 9/15/2011.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

Chapter 4: Network Layer 4. 1 Introduction 4.2 Virtual circuit and datagram networks 4.3 What’s inside a router 4.4 IP: Internet Protocol –Datagram format.

Traffic Engineering With Traditional IP Routing Protocols

1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.

S ufficient C onditions to G uarantee P ath V isibility Akeel ur Rehman Faridee

© 2003 By Default! A Free sample background from Slide 1 SAVE: Source Address Validity Enforcement Protocol Authors: Li,

MIRED: Managing IP Routing is Extremely Difficult Jennifer Rexford Internet and Networking Systems AT&T Labs - Research; Florham Park, NJ

SAVE: Source Address Validity Enforcement Protocol Jun Li, Jelena Mirković, Mengqiu Wang, Peter Reiher and Lixia Zhang UCLA Computer Science Dept 10/04/2001.

Dynamics of Hot-Potato Routing in IP Networks Renata Teixeira (UC San Diego) with Aman Shaikh (AT&T), Tim Griffin(Intel),

More on BGP Check out the links on politics: ICANN and net neutrality To read for next time Path selection big example Scaling of BGP.

Interdomain Routing Establish routes between autonomous systems (ASes). Currently done with the Border Gateway Protocol (BGP). AT&T Qwest Comcast Verizon.

Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 1 Exterior Gateway Protocols: EGP, BGP-4, CIDR Shivkumar Kalyanaraman Rensselaer Polytechnic Institute.

14 – Inter/Intra-AS Routing

04/05/20011 ecs298k: Routing in General... lecture #2 Dr. S. Felix Wu Computer Science Department University of California, Davis

 Structured peer to peer overlay networks are resilient – but not secure.  Even a small fraction of malicious nodes may result in failure of correct.

Chapter 22 Network Layer: Delivery, Forwarding, and Routing

Network Sensitivity to Hot-Potato Disruptions Renata Teixeira (UC San Diego) with Aman Shaikh (AT&T), Tim Griffin(Intel),

Authors Renata Teixeira, Aman Shaikh and Jennifer Rexford(AT&T), Tim Griffin(Intel) Presenter : Farrukh Shahzad.

Constructing Inter-Domain Packet Filters to Control IP Spoofing Based on BGP Updates Zhenhai Duan, Xin Yuan Department of Computer Science Florida State.

1 Computer Communication & Networks Lecture 22 Network Layer: Delivery, Forwarding, Routing (contd.)

1 Controlling IP Spoofing via Inter-Domain Packet Filters Zhenhai Duan Department of Computer Science Florida State University.

CS 3700 Networks and Distributed Systems Inter Domain Routing (It’s all about the Money) Revised 8/20/15.

Topics to be covered 1. What are bots,botnet ? 2.How does it work? 4.Prevention of botnet. 3.Types of botnets.

IDRM: Inter-Domain Routing Protocol for Mobile Ad Hoc Networks C.-K. Chau, J. Crowcroft, K.-W. Lee, S. H.Y. Wong.

RSC Part II: Network Layer 6. Routing in the Internet (2 nd Part) Redes y Servicios de Comunicaciones Universidad Carlos III de Madrid These slides are,

Reducing Transient Disconnectivity using Anomaly-Cognizant Forwarding Andrey Ermolinskiy, Scott Shenker University of California – Berkeley and ICSI.

Lecture 4: BGP Presentations Lab information H/W update.

Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks BGP.

Border Gateway Protocol (BGP) W.lilakiatsakun. BGP Basics (1) BGP is the protocol which is used to make core routing decisions on the Internet It involves.

More on Internet Routing A large portion of this lecture material comes from BGP tutorial given by Philip Smith from Cisco (ftp://ftp- eng.cisco.com/pfs/seminars/APRICOT2004.

T. S. Eugene Ngeugeneng at cs.rice.edu Rice University1 COMP/ELEC 429/556 Introduction to Computer Networks Inter-domain routing Some slides used with.

Network Layer4-1 Intra-AS Routing r Also known as Interior Gateway Protocols (IGP) r Most common Intra-AS routing protocols: m RIP: Routing Information.

TCOM 509 – Internet Protocols (TCP/IP) Lecture 06_a Routing Protocols: RIP, OSPF, BGP Instructor: Dr. Li-Chuan Chen Date: 10/06/2003 Based in part upon.

Detecting Selective Dropping Attacks in BGP Mooi Chuah Kun Huang November 2006.

R-BGP: Staying Connected in a Connected World Nate Kushman Srikanth Kandula, Dina Katabi, and Bruce Maggs.

Internet Protocols. ICMP ICMP – Internet Control Message Protocol Each ICMP message is encapsulated in an IP packet – Treated like any other datagram,

CSCI-1680 Network Layer: Inter-domain Routing Based partly on lecture notes by Rob Sherwood, David Mazières, Phil Levis, Rodrigo Fonseca John Jannotti.

4: Network Layer4b-1 OSPF (Open Shortest Path First) r “open”: publicly available r Uses Link State algorithm m LS packet dissemination m Topology map.

Routing in the Inernet Outcomes: –What are routing protocols used for Intra-ASs Routing in the Internet? –The Working Principle of RIP and OSPF –What is.

1 Agenda for Today’s Lecture The rationale for BGP’s design –What is interdomain routing and why do we need it? –Why does BGP look the way it does? How.

Routing Protocols COSC 541 Data Commun. System & Networks Yue Dou.

1 Chapter 4: Internetworking (IP Routing) Dr. Rocky K. C. Chang 16 March 2004.

Inter-domain Routing Outline Border Gateway Protocol.

Traffic-aware Inter-Domain Routing for Improved Internet Routing Stability Zhenhai Duan Florida State University 1.

Constructing Inter-Domain Packet Filters to Control IP Spoofing Based on BGP Updates Zhenhai Duan, Xin Yuan Department of Computer Science Florida State.

ROUTING ON THE INTERNET COSC Jun-16. Routing Protocols  routers receive and forward packets  make decisions based on knowledge of topology.

Preliminaries: EE807 Software-defined Networked Computing KyoungSoo Park Department of Electrical Engineering KAIST.

1 Internet Routing 11/11/2009. Admin. r Assignment 3 2.

NAT – Network Address Translation

ICMP ICMP – Internet Control Message Protocol

COMP 3270 Computer Networks

Computer Networks and Network Security

COS 461: Computer Networks

Computer Networks Protocols

Presentation transcript:

Computer Networks Zhenhai Duan Department of Computer Science 09/03/2015

Research Area Computer networks, in particular, Internet protocols, architectures, and systems –Internet inter-domain routing –Internet systems security –Overlay and peer-to-peer systems –Network measurement –Quality of Service (QoS) provisioning Details and publications – 2

A Few Projects that I will Discuss Improving Internet inter-domain routing performance Controlling IP spoofing Detecting compromised machines (botnets) Traceback attack on Freenet 3

Internet Inter-Domain Routing Consists of large number of network domains (ASes) –Each owns one or multiple network prefixes –FSU campus network: /16 Intra-domain and inter-domain routing protocols –Intra-domain: OSPF and IS-IS –Inter-domain: BGP, a path-vector routing protocol BGP –Used to exchange network prefix reachability information Network prefix, AS-level path to reach network prefix –Path selection algorithm 4

BGP: an Example NLRI= /16 ASPATH=[0] /16 NLRI= /16 ASPATH=[10] NLRI= /16 ASPATH=[10] NLRI= /16 ASPATH=[210] NLRI= /16 ASPATH=[610] NLRI= /16 ASPATH=[610] NLRI= /16 ASPATH=[210] NLRI= /16 ASPATH=[7610] NLRI= /16 ASPATH=[4210] NLRI= /16 ASPATH=[3210] [3210]* [4210] [7610] NLRI= /16 ASPATH=[53210] 5

Network Dynamics Internet has about 51K ASes and 564K network prefixes (as of 08/31/2015) In a system this big, things happen all the time –Fiber cuts, equipment outages, operator errors. Direct consequence on routing system –Events may propagated through entire Internet –Recomputing/propagating best routes –Large number of BGP updates exchanged between ASes Effects on user-perceived network performance –Long network delay –Packet loss and forwarding loops –Even loss of network connectivity 6

Causes of BGP Poor Performance Protocol artifacts of BGP Constraints of physical propagation –Internet is a GLOBAL network Complex interplay between components and policies of Internet routing [3210]* [4210] [7610] NLRI= /16 ASPATH=[57610] NLRI= /16 ASPATH=[54210] NLRI= /16 Withdrawal /16 7

Improving BGP Convergence and Stability BGP protocol artifacts –EPIC: Carrying event origin in BGP updates –Propagation delays on different paths –Inter-domain failure vs. intra- domain failure –Multi-connectivity between ASes –Scalability and confidentiality IEEE INFOCOM 2005 Physical propagation constraints –Transient failures –TIDR: Localize failure events IEEE GLOBECOM

Controlling IP Spoofing What is IP spoofing? –Used by many DDoS attacks –Act to fake source IP address Why it remains popular? –Hard to isolate attack traffic from legitimate one –Hard to pinpoint the true attacker –Many attacks rely on IP spoofing cd ba s d c d s d s 9

Filtering based on Route A key observation –Attackers can spoof source address, –But they cannot control route packets take Requirement –Filters need to compute best path from src to dst –Filters need to know global topology info –Not available in path-vector based Internet routing system cd ba s d s d s 10

Internet AS Relationship Consists of large number of network domains, Two common AS relationships –Provider-customer –Peering AS relationships determine routing policies A net effect of routing policies limit the number of routes between a pair of source and destination AS 2553 FSU AS FloridaNet AS 174 Cogent AS 3356 Level 3 AS2828 XO Comm AS Internet2 11

Topological Routes vs. Feasible Routes Topological routes –Loop-free paths between a pair of nodes Feasible routes –Loop-free paths between a pair of nodes that not violate routing policies cd ba s Topological routes s a d s b d s a b d s a c d s b a d s b c d s a b c d s a c b d s b a c d s b c a d Feasible routes s a d s b d cd ba s 12

Inter-Domain Packet Filter Identifying feasible upstream neighbors –Instead of filtering based on best path, based on feasible routes Findings based on real AS graphs –IDPFs can effectively limit the spoofing capability of attackers From 80% networks attackers cannot spoof source addresses –IDPFs are effective in helping IP traceback All ASes can localize attackers to at most 28 Ases IEEE INFOCOM 2006, IEEE TDSC

Detecting Compromised Computers in Networks Botnet –Network of compromised machines, with a bot program installed to execute cmds from controller, without owners knowledge. 14

Motivation and Problem Botnet becoming a major security issue –Spamming, DDoS, identity theft –sheer volume and wide spread –Lack of effective tools to detect bots in local networks 15

Motivation Utility-based online detection method SPOT –Detecting subset of compromised machines involved in spamming Bots increasingly used in sending spam –70% - 80% of all spam from bots in recent years –In response to blacklisting –Spamming provides key economic incentive for controller 16

Network Model Machines in a network –Either compromised H 1 or normal H 0 – How to detect if a machine compromised as msgs pass SPOT sequentially? –Sequential Probability Ratio Test (SPRT) 17

Sequential Probability Ratio Test Statistical method for testing –Null hypothesis against alternative hypothesis One-dimensional random walk –With two boundaries corresponding to hypotheses A B 18

Performance of SPOT Two month trace received on FSU campus net SpamAssassin and anti-virus software IEEE INFOCOM 2009, IEEE TDSC

A Traceback Attack on Freenet Freenet is an anonymous peer to peer content-sharing system –Each node contributes a part of storage space. –Nodes can join and depart from Freenet at any moment. Aims to support anonymity of content publishers and retrievers. 20

High-Level Security Mechanisms Used Per-hop source address rewriting Per-hop traffic encryption End-to-end file encryption is also used HTL is only decreased with a probability 21

Traceback Attack on Freenet Goal: find which node issued a file request message Two critical components of the attack –Connect an attacking node to a suspect node –Check if a suspect node has seen a particular message before. Identifying all nodes seeing a message Uniquely determining originating machine IEEE INFOCOM 2013, IEEE TDSC (accepted) 22

Identifying All Nodes Seeing Msg Monitor Node NkNk N k-2 N k-1 Attack Nodes 23

Uniquely determining originator We can uniquely determine originating machine if forwarding path of message satisfies certain conditions –A few lemmas developed to specify conditions –In essence, relying on routing algorithm of Freenet and relationship among neighbors 24

Performance Evaluation SetTotalSuccessful NumberPercentage S % S % S % S % S % S % S % S % S % Experiment results Simulation results 25

Summary Discussed a number of research projects –Improving BGP convergence –Controlling IP spoofing –Detecting spam zombies –Traceback attack on Freenet Details and other projects at my homepage – 26