1 Tao Wan Digital Security Group School of Computer Science Carleton University Oct 30, 2003 IP Spoofing Attacks & Defenses.

Slides:

Advertisements

Similar presentations

Advertisements

TCP/IP Protocol Suite 1 Chapter 27 Upon completion you will be able to: Next Generation: IPv6 and ICMPv6 Understand the shortcomings of IPv4 Know the IPv6.

Computer Security and Penetration Testing

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

Network Security. Reasons to attack Steal information Modify information Deny service (DoS)

Henric Johnson1 Chapter 6 IP Security Henric Johnson Blekinge Institute of Technology, Sweden

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.

Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.

Intrusion Detection and Hackers Exploits IP Spoofing Attack Yousef Yahya & Ahmed Alkhamaisa Prepared for Arab Academy for Banking and Financial Sciences.

Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

Slide 1 Attacks on TCP/IP. slide 2 Security Issues in TCP/IP uNetwork packets pass by untrusted hosts Eavesdropping (packet sniffing) uIP addresses are.

By Rod Lykins.  Background  Benefits  Security Advantages ◦ Address Space ◦ IPSec  Remaining Security Issues  Conclusion.

Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.

1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection.

G53SEC 1 Network Security Hijacking, flooding, spoofing and some honey.

CS426Fall 2010/Lecture 331 Computer Security CS 426 Lecture 33 Network Security (1)

8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.

每时每刻可信安全 1The two most common implementations of Intrusion Detection are which of the following? A Netware-based and Host-based. B Network-based and Guest-based.

Network security Further protocols and issues. Protocols: recap There are a few main protocols that govern the internet: – Internet Protocol: IP – Transmission.

1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.

An Introduction to Encrypting Messages on the Internet Mike Kaderly INFS 750 Summer 2010.

1 Mohamed M Khalil Mobile IPv4 & Mobile IPv6. 2 Mohamed M Khalil Mobile IP- Why ? IP based Network Sub-network A Sub-network B Mobile workforce carry.

Advanced Unix 25 Oct 2005 An Introduction to IPsec.

Network Security Fundamentals Chapter 6: Securing Network Transmission.

/IPsecurity.ppt 1 - Chapter 6 of William Stallings. Network Security Essentials (2nd edition). Prentice Hall.

CS426Network Security1 Computer Security CS 426 Network Security (1)

Karlstad University IP security Ge Zhang

Network Security David Lazăr.

Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.

IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.

CS526Topic 18: Network Security1 Information Security CS 526 Network Security (1)

Network Security7-1 Today r Reminder Ch7 HW due Wed r Finish Chapter 7 (Security) r Start Chapter 8 (Network Management)

DoS Suite and Raw Socket Programming Group 16 Thomas Losier Paul Obame Group 16 Thomas Losier Paul Obame.

IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.

1 Chapter 6 IP Security. 2 Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.

1 CMPT 471 Networking II Authentication and Encryption © Janice Regan,

IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.

IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.

Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.

UNIT-VIII Syllabus Application Layer – Network Security, Domain name system, SNMP, Electronic Mail; the World WEB, Multi Media.

G53SEC 1 Network Security Hijacking, flooding, spoofing and some honey.

By Mau, Morgan Arora, Pankaj Desai, Kiran.  Large address space  Briefing on IPsec  IPsec implementation  IPsec operational modes  Authentication.

IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.

Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.

K. Salah1 Security Protocols in the Internet IPSec.

Presentation on ip spoofing BY

IPSec Detailed Description and VPN

IT443 – Network Security Administration Instructor: Bo Sheng

CSE 4905 IPsec.

Internet and Intranet Fundamentals

IT443 – Network Security Administration Instructor: Bo Sheng

Network Security.

IPSec IPSec is communication security provided at the network layer.

CIT 480: Securing Computer Systems

Security Protocols in the Internet

Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls

IIT Indore © Neminath Hubballi

Intrusion Detection and Hackers Exploits IP Spoofing Attack

Chapter 6 IP Security.

Presentation transcript:

1 Tao Wan Digital Security Group School of Computer Science Carleton University Oct 30, 2003 IP Spoofing Attacks & Defenses

2 Outline Introduction IP Spoofing Attacks IP Spoofing Defenses Concluding Remarks

3 Introduction

4 Protocol Stacks Physical Layer Data Link Layer Network Layer Transport Layer Session Layer Presentation Layer Application Layer OSI Model others IP TCP UDP HTTPSNMP

5 Protocol Stacks others IP TCP UDP HTTPSNMP

6 Data Transmissions Data link/physical IP TCP UDP Application IP TCP UDP data TCP header IP header data TCP header data TCP header IP header data TCP header data AB routing Data link/physical Application

7 IP Header

8 TCP Header

9 Security Services Entity Authentication What do you know What do you have What do you inherit Integrity Message authentication Confidentiality Encryption …

10 IP Spoofing Attacks

11 IP Spoofing Attacks IP Spoofing DoS by Ping TCP Sync Flooding Session Hijacking

12 IP Spoofing A Src_IP dst_IP Any (>1024) Src_port 80 dst_port Src_IP dst_IP Any (>1024) Src_port 80 dst_port spoofing

13 IP Spoofing Attacks Smurf IP DoS A T1T1 T2T2 T3T3 TnTn ICMP Echo Request Dest: Source: V V ICMP Echo Reply Source: T1; Dest V

14 Mail Address Spoofing Attacks Mail-bombs A Sears Canadian Tire Bell Canada Catalog Request Return Addr: V V Boston Pizza Phonebook Request Return Addr: V Pizza orders Return Addr: V

15 IP Spoofing Attacks TCP 3 Way Handshake AB TCP SYN TCP SYN+ACK TCP ACK Half-open buffer Open buffer A A Half-open buffer has limited size Half-open connection has a timer associated with

16 IP Spoofing Attacks TCP Sync Flooding (DDos) A V BC D E FGH J I TCP SYN TCP SYN/ACK A B C D E Half-open buffer is full

17 IP Spoofing Defenses

18 IP Spoofing Defenses It is a VERY hard problem Ingress/Egress Filtering IP Authentication (IPsec AH) Cryptographic Generated Address (CGA)

19 IP Spoofing Defenses Ingress/Egress Filtering if src_addr is from then forward else drop if src_addr is from then forward else drop if src_addr is from then drop else forward

20 IP Spoofing Defenses IPSec (???) Two Protocols Authentication Header (AH) Encapsulating Security Payload Two Modes Transport Mode Tunnel Mode

21 IP Spoofing Defenses IP Authentication Header (AH) IP Header Payload IP Header Payload AH Header Original IP Packet New IP Packet AH in Transport Mode

22 IP Spoofing Defenses IP Authentication Header (AH) IP Header Payload New IP Header AH Header IP Header Payload New Payload Original IP Packet New IP Packet AH in Tunnel Mode

23 IP Spoofing Defenses IPSec (???) Data Origin Authentication IP address is not modified en route Is it a real or spoofed IP ?? Message Integrity Replay Prevention

24 IP Spoofing Defenses Cryptographic Generated Address (CGA) IPv6 MD5 64-bit Routing prefix Public KeyNonceDigital Signature 128-bit IPv6 addr Sent within IPv6 hdr

25 IP Spoofing Defenses Cryptographic Generated Address (CGA) IPv6 How about IPv4 Does everyone have a pair of private/public keys (authenticated)? DoS by engaging a recipient into a endless process of verifying CGAs

26 Concluding Remarks IP spoofing is a common technique for attacks There is not too much we can do about it

27 Thanks !