1 SIGCOMM ’ 03 Low-Rate TCP-Targeted Denial of Service Attacks A. Kuzmanovic and E. W. Knightly Rice University Reviewed by Haoyu Song 9/25/2003.

Slides:

Advertisements

Similar presentations

Internet Measurement Conference 2003 Source-Level IP Packet Bursts: Causes and Effects Hao Jiang Constantinos Dovrolis (hjiang,

Advertisements

Michele Pagano – A Survey on TCP Performance Evaluation and Modeling 1 Department of Information Engineering University of Pisa Network Telecomunication.

Ph.D. Thesis Presentation Aleksandar Kuzmanovic Edge-based Inference, Control, and DoS Resilience for the Internet.

3/2/2001Hanoch Levy, CS, TAU1 TCP Behavior and Performance Workshop on QoS Hanoch Levy April 2004.

Rice Networks Group Aleksandar Kuzmanovic Edward W. Knightly Low-Rate TCP-Targeted Denial of Service Attacks (The Shrew.

1 Transport Protocols & TCP CSE 3213 Fall April 2015.

Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,

1 End to End Bandwidth Estimation in TCP to improve Wireless Link Utilization S. Mascolo, A.Grieco, G.Pau, M.Gerla, C.Casetti Presented by Abhijit Pandey.

Simulating Large Networks using Fluid Flow Model Yong Liu Joint work with Francesco LoPresti, Vishal Misra Don Towsley, Yu Gu.

© 2007 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. The Taming of The Shrew: Mitigating.

Defending Against Low-rate TCP Attack: Dynamic Detection and Protection Prof. John C.S. Lui CSE Dept. CUHK.

School of Information Technologies TCP Congestion Control NETS3303/3603 Week 9.

Vijay Vasudevan, Amar Phanishayee, Hiral Shah, Elie Krevat David Andersen, Greg Ganger, Garth Gibson, Brian Mueller* Carnegie Mellon University, *Panasas.

The War Between Mice and Elephants Presented By Eric Wang Liang Guo and Ibrahim Matta Boston University ICNP

Rice Networks Group Ph.D. Thesis Proposal Aleksandar Kuzmanovic Edge-based Inference and Control in the Internet.

Congestion Control Tanenbaum 5.3, /12/2015Congestion Control (A Loss Based Technique: TCP)2 What? Why? Congestion occurs when –there is no reservation.

Analyzing the jitter-attacks against TCP flows Mentors: Dr. Imad Aad, Prof. Jean-Pierre Hubaux Moumbe Arno Patrice 09 february 2005.

Presented by Prasanth Kalakota & Ravi Katpelly

Denial of Service Resilience in Ad Hoc Networks Imad Aad, Jean-Pierre Hubaux, and Edward W. Knightly Designed by Yao Zhao.

Aleksandar Kuzmanovic & Edward W. Knightly A Performance vs. Trust Perspective in the Design of End-Point Congestion Control Protocols.

Congestion Avoidance and Control Van Jacobson Jonghyun Kim April 1, 2004.

Defending Against Low-rate TCP Attack: Dynamic Detection and Protection Haibin Sun John C.S.Lui CSE Dept. CUHK David K.Y.Yau CS Dept. Purdue U.

Low-Rate TCP- Targeted Denial of Service Attacks (The Shrew vs. the Mice and Elephants) Written by: Aleksandar Kuzmanovic Edward W. Knightly SIGCOMM’03,

1 TCP-LP: A Distributed Algorithm for Low Priority Data Transfer Aleksandar Kuzmanovic, Edward W. Knightly Department of Electrical and Computer Engineering.

Fluid-based Analysis of a Network of AQM Routers Supporting TCP Flows with an Application to RED Vishal Misra Wei-Bo Gong Don Towsley University of Massachusetts,

1 Emulating AQM from End Hosts Presenters: Syed Zaidi Ivor Rodrigues.

Towards Robust Protocol Design: 4 Ways to Kill TCP without Much Trouble Aleksandar Kuzmanovic Northwestern University

17/10/2003TCP performance over ad-hoc mobile networks. 1 LCCN – summer 2003 Uri Silbershtein Roi Dayagi Nir Hasson.

Low-Rate TCP-Targeted Denial of Service Attacks Presenter: Juncao Li Authors: Aleksandar Kuzmanovic Edward W. Knightly.

Low-Rate TCP Denial of Service Defense Johnny Tsao Petros Efstathopoulos Tutor: Guang Yang UCLA 2003.

Inline Path Characteristic Estimation to Improve TCP Performance in High Bandwidth-Delay Networks HIDEyuki Shimonishi Takayuki Hama Tutomu Murase Cesar.

Junxian Huang 1 Feng Qian 2 Yihua Guo 1 Yuanyuan Zhou 1 Qiang Xu 1 Z. Morley Mao 1 Subhabrata Sen 2 Oliver Spatscheck 2 1 University of Michigan 2 AT&T.

Low-Rate TCP-Targeted DoS Attack Disrupts Internet Routing

Transport Layer3-1 Chapter 3 outline r 3.1 Transport-layer services r 3.2 Multiplexing and demultiplexing r 3.3 Connectionless transport: UDP r 3.4 Principles.

Experiences in Design and Implementation of a High Performance Transport Protocol Yunhong Gu, Xinwei Hong, and Robert L. Grossman National Center for Data.

COMT 4291 Communications Protocols and TCP/IP COMT 429.

CS 4396 Computer Networks Lab

TFRC: TCP Friendly Rate Control using TCP Equation Based Congestion Model CS 218 W 2003 Oct 29, 2003.

Understanding the Performance of TCP Pacing Amit Aggarwal, Stefan Savage, Thomas Anderson Department of Computer Science and Engineering University of.

Fluid-based Analysis of a Network of AQM Routers Supporting TCP Flows with an Application to RED Vishal Misra Wei-Bo Gong Don Towsley University of Massachusetts,

1 Lecture 14 High-speed TCP connections Wraparound Keeping the pipeline full Estimating RTT Fairness of TCP congestion control Internet resource allocation.

Transport over Wireless Networks Myungchul Kim

27th, Nov 2001 GLOBECOM /16 Analysis of Dynamic Behaviors of Many TCP Connections Sharing Tail-Drop / RED Routers Go Hasegawa Osaka University, Japan.

Rate Adaptation Protocol for Real-time Streams Goal: develop an end-to-end TCP-friendly RAP for semi-reliable rate-based applications (e.g. playback of.

1 TCP III - Error Control TCP Error Control. 2 ARQ Error Control Two types of errors: –Lost packets –Damaged packets Most Error Control techniques are.

CS640: Introduction to Computer Networks Aditya Akella Lecture 15 TCP – III Reliability and Implementation Issues.

Computer Networking Lecture 18 – More TCP & Congestion Control.

TCP: Transmission Control Protocol Part II : Protocol Mechanisms Computer Network System Sirak Kaewjamnong Semester 1st, 2004.

1 CS 4396 Computer Networks Lab TCP – Part II. 2 Flow Control Congestion Control Retransmission Timeout TCP:

1 Sonia FahmyPurdue University TCP Congestion Control Sonia Fahmy Department of Computer Sciences Purdue University

CS640: Introduction to Computer Networks Aditya Akella Lecture 15 TCP – III Reliability and Implementation Issues.

Transport Layer3-1 Chapter 3 outline r 3.1 Transport-layer services r 3.2 Multiplexing and demultiplexing r 3.3 Connectionless transport: UDP r 3.4 Principles.

T. S. Eugene Ngeugeneng at cs.rice.edu Rice University1 COMP/ELEC 429/556 Introduction to Computer Networks Principles of Congestion Control Some slides.

Low-Rate TCP-Targeted DoS Attack Disrupts Internet Routing Ying Zhang Z. Morley Mao Jia Wang Presented in NDSS07 Prepared by : Hale Ismet.

1 Computer Networks Congestion Avoidance. 2 Recall TCP Sliding Window Operation.

© Janice Regan, CMPT 128, CMPT 371 Data Communications and Networking Congestion Control 0.

TCP/IP1 Address Resolution Protocol Internet uses IP address to recognize a computer. But IP address needs to be translated to physical address (NIC).

Performance Evaluation of L3 Transport Protocols for IEEE (2 nd round) Richard Rouil, Nada Golmie, and David Griffith National Institute of Standards.

1 ICCCN 2003 Modelling TCP Reno with Spurious Timeouts in Wireless Mobile Environments Shaojian Fu School of Computer Science University of Oklahoma.

Sandeep Kakumanu Smita Vemulapalli Gnan

Denial of Service Attacks

Transmission Control Protocol (TCP) Retransmission and Time-Out

Fast Pattern-Based Throughput Prediction for TCP Bulk Transfers

The Taming of The Shrew: Mitigating Low-Rate TCP-targeted Attack

Aleksandar Kuzmanovic

Removing Exponential Backoff from TCP

CS4470 Computer Networking Protocols

RAP: Rate Adaptation Protocol

TCP III - Error Control TCP Error Control.

TCP: Transmission Control Protocol Part II : Protocol Mechanisms

Presentation transcript:

1 SIGCOMM ’ 03 Low-Rate TCP-Targeted Denial of Service Attacks A. Kuzmanovic and E. W. Knightly Rice University Reviewed by Haoyu Song 9/25/2003

2 Denial of Service Attack Preventing or degrading service to legitimate users.  TCP SYN Attack  ICMP directed broadcasts Target  Network bandwidth  Server/router CPU cycles  Interrupt processing capacity  Operating system/protocol data structure

3 DoS Attack Common Characteristics Exploits the bugs or features of the operating system or inherent limitations of the networking Involves large number of compromised computers High-rate traffic toward victim node Can be detected, traced back, mitigated or cleared. Firewall, Intrusion Detect Device, Operating System Patches.

4 Low-Rate DoS Attack Exploits the vulnerability of the TCP’s congestion control algorithm; The rate is so low that it is hard to be detected; Degrade the victim’s throughput significantly; Not easy to fix.

5 Layout of the Paper Background: TCP’s Timeout Mechanism DoS Modeling Extensive Simulation and Experiments Counter-DoS Techniques Conclusion

6 TCP Retransmission Timeout Mechanism If less than 3 duplicate ACKs are received before RTO expires  Shrink its congestion window to 1 packets (slow start).  Set new RTO to 2*RTO (exponential backoff)  Retransmit the lost packet. RTO Selection is a tradeoff  Spurious timeout and extraneous retransmission if too small.  Too slow to recover from congestion if too large.

7 RTO Estimation SRTT – smoothed round trip time RTTVAR – round trip time variation R’ – RTT sample minRTO – lower bound for RTO, 1 second G – clock granularity

8 The Idea of Low-rate DoS Attack What to do  Provoke a TCP flow to repeatedly enter a retransmission timeout state Throttle the TCP throughput to near-zero How to do  Sending high-rate, RTT scale short duration bursts and repeating periodically at RTO scale period. Low average rate is hard to be detected

9 DoS Modeling

10 DoS TCP Throughput Two “null” point: T=minRTO/2 and T=minRTO

11 In Practice Periodic DoS attack are not utilizing TCP exponential backoff mechanism but rather exploit repeated timeout. If only subset of TCP flows satisfy the conditions, only the subset obtain the degraded throughput (flow filtering)

12 Creating DoS Outages Minimize the rate of DoS stream

13 Impact on Long-lived Homogeneous-RTT TCP Traffic 1.5Mb/s link One way propagation delay = 6ms RTT varies from 12ms to 132 ms DoS Traffic: 1.5Mb/s peak rate, 100ms burst and 50-byte packet 5 TCP flows simulation

14 Impact on Long-lived Heterogeneous- RTT TCP Traffic 20 TCP flows 10 Mb/s link RTT varies from 29 to 460 ms DoS burst traffic: 10Mb/s, 100ms burst and 1.1sec period

15 DoS Burst Length High-RTT-pass filter As burst length increase, more TCP flows are filtered thus the aggregate TCP throughput decreases.

16 DoS Peak Rate Background traffic potentially lower the DoS peak rate while maintaining an effective attack Senario: 1 DoS flow and 4 TCP flows. 3 TCP flows with long RTT serve as the background traffic Relatively low peak rates are sufficient to filter the short-RTT flow

17 Impact on HTTP Traffic HTTP traffic is more dynamic Have more impact on heavy load Have more impact on large file size Some flows benefit from the attack: avoid the outages.

18 DoS on TCP Variants Effect attacks depend on the ability to create correlated packet loss and force TCP flows to enter retransmission timeout.

19 Internet Experiments Intra-LAN Inter-LAN WAN

20 Intra-LAN Scenario 10Mb/s Ethernet Attacker: 10Mb/s peak rate, 200ms burst length. Null frequency: 1.2 sec. DoS average rate: 1.67 Mb/s if period is 1.2 sec. TCP flow throughput drops from 6.6 Mb/s to 780 kb/s

21 Inter-LAN Scenario Attacker and TCP sender are on different 100Mb/s Ethernet Attacked host is on a 10 Mb/s Ethernet DoS peak rate 10Mb/s, burst duration 100ms Null frequency : 1.1 sec At this time scale, DoS average rate is 909Kb/s TCP flow throughput drops from 9.8Mb/s to 800 kb/s

22 WAN Scenario DoS source is 8 hops away, 10Mb/s peak rate and 100ms burst duration. T = 1.1 sec, TCP througput drops to 909Kb/s from 9.8Mb/s

23 Router-Assisted Counter-DoS Consider only dropping algorithms rather than scheduling RED and RED-PD

24 Router-Assisted Counter-DoS cont ’ Vary the DoS peak rate or burst length 9 TCP SACK flows Bottleneck Rate 1.5 Mb/s

25 End-point minRTO Randomization Counter-DoS Fact: low rate attacks exploit minRTO homogeneity Remedy: Radomize end systems minRTO to randomize their null fequecnies Experiment: minRTO = uniform(a,b) Result: the longest most vulnerable timescale becomes T = b

26 Conclusion This attack can against both short and long- lived TCP flows. In heterogeneous RTT environment, it shows to be a high-RTT pass filter. No effective way to defend the system in the presence of this low-rate DoS attack.