Presentation is loading. Please wait.

Presentation is loading. Please wait.

Low-Rate TCP-Targeted Denial of Service Attacks Presenter: Juncao Li Authors: Aleksandar Kuzmanovic Edward W. Knightly.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Low-Rate TCP-Targeted Denial of Service Attacks Presenter: Juncao Li Authors: Aleksandar Kuzmanovic Edward W. Knightly."— Presentation transcript:

1 Low-Rate TCP-Targeted Denial of Service Attacks Presenter: Juncao Li Authors: Aleksandar Kuzmanovic Edward W. Knightly

2 juncao@cs.pdx.edu Computer Science, Portland State University2 Contributions Present a denial of service attack – Shrew –throttle TCP flows to a small fraction Show the mechanism of Shrew attacks –Exploit TCP’s retransmission timeout mechanism Develop several DoS traffic patterns for attacking

3 juncao@cs.pdx.edu Computer Science, Portland State University3 Agenda TCP Congestion Control and Shrew Attacks Creating DoS Outages Aggregation and Heterogeneity Internet Experiments Counter-DoS Techniques and Conclusions

4 juncao@cs.pdx.edu Computer Science, Portland State University4 Denial of Service From Wikipedia –an attempt to make a computer resource unavailable to its intended users Damage –Network bandwidth –CPU cycles –Server interrupt processing capacity –Specific protocol data structures

5 juncao@cs.pdx.edu Computer Science, Portland State University5 TCP Congestion Control To avoid or reduce the congestion Small Round Trip Time (RTT) 10ms – 100ms –Additive-Increase Multiplicative-Decrease (AIMD) control Severe congestion –Retransmission Time Out (RTO) –RTO is doubly increased when failure happens

6 juncao@cs.pdx.edu Computer Science, Portland State University6 TCP Congestion Control Smoothed Round-Trip Time (SRTT) Round-Trip Time Variation (RTTVAR)

7 juncao@cs.pdx.edu Computer Science, Portland State University7 TCP Retransmission Timer Multiplicative decrease Exponentioal backoff 1.Reduce congestion window to one 2.Doubles RTO Package Loss

8 juncao@cs.pdx.edu Computer Science, Portland State University8 Shrew Attacks Low-rate DoS attacks that exploit the slow- timescale dynamics of retransmission timers Provoke a TCP flow to repeatedly enter a retransmission timeout state –Sending high-rate, but short-duration bursts –The bursts must have RTT-scale –Repeating periodically at slower RTO timescales Outage: short durations of the attacker’s loss- inducing bursts

9 juncao@cs.pdx.edu Computer Science, Portland State University9 Square-Wave DoS Stream Outage Burst duration is long enough to induce transmission loss Average DoS rate is still low

10 juncao@cs.pdx.edu Computer Science, Portland State University10 DoS Scenario and System Model Bottleneck Rate

11 juncao@cs.pdx.edu Computer Science, Portland State University11 DoS Model Given condition DoS TCP Throughput Model

12 juncao@cs.pdx.edu Computer Science, Portland State University12 Flow Filtering Flow Filtering Behavior –Only TCP flow that satisfies the condition could be influenced by the shrew attacks

13 juncao@cs.pdx.edu Computer Science, Portland State University13 DoS TCP Throughput: Model and Simulation Depending on how well the attack can induce transmission loss Model does not consider the slow-start Zero throughput

14 juncao@cs.pdx.edu Computer Science, Portland State University14 Agenda TCP Congestion Control and Shrew Attacks Creating DoS Outages Aggregation and Heterogeneity Internet Experiments Counter-DoS Techniques and Conclusions

15 juncao@cs.pdx.edu Computer Science, Portland State University15 Instantaneous Bottleneck Queue Behavior Define B as the queue size and B 0 as the queue size at the start of an attack Time to fill the queue:

16 juncao@cs.pdx.edu Computer Science, Portland State University16 Minimum Rate DoS Streams Double-Rate DoS Stream Fill the queue Keep the queue full Use square-wave for DoS streams –Behaves the same –Simple, does not need knowledge of network params

17 juncao@cs.pdx.edu Computer Science, Portland State University17 Agenda TCP Congestion Control and Shrew Attacks Creating DoS Outages Aggregation and Heterogeneity Internet Experiments Counter-DoS Techniques and Conclusions

18 juncao@cs.pdx.edu Computer Science, Portland State University18 DoS and Aggregated TCP Flows Five long-lived homogeneity TCP flows RTT homogeneity introduces a single vulnerable timescale DoS induces the synchronization of RTO

19 juncao@cs.pdx.edu Computer Science, Portland State University19 RTT-Based Filtering 20 long-lived TCP flows on a 10 MB/s link Range of round-trip time is 20 to 460 ms Most short RTT TCP flows are influenced

20 juncao@cs.pdx.edu Computer Science, Portland State University20 High Aggregation with Heterogeneous RTT High-RTT flows are not influenced much

21 juncao@cs.pdx.edu Computer Science, Portland State University21 Impact of DoS Burst Length As the burst length increases, more TCP flows with high RTT are influenced

22 juncao@cs.pdx.edu Computer Science, Portland State University22 Impact of DoS Peak Rate Low peak rates are sufficient to filter the short-RTT flow 1 TCP Flow with RTT: 12ms to 134ms 3 TCP Flow with RTT: 108ms to 230ms

23 juncao@cs.pdx.edu Computer Science, Portland State University23 Impact on HTTP Flows Attacks have greater impact on larger files

24 juncao@cs.pdx.edu Computer Science, Portland State University24 TCP Variants

25 juncao@cs.pdx.edu Computer Science, Portland State University25 TCP Variants (Cont.) Burst length L has a great influence on the throughput

26 juncao@cs.pdx.edu Computer Science, Portland State University26 Agenda TCP Congestion Control and Shrew Attacks Creating DoS Outages Aggregation and Heterogeneity Internet Experiments Counter-DoS Techniques and Conclusions

27 juncao@cs.pdx.edu Computer Science, Portland State University27 DoS Attack Scenario Intra-LAN Scenario Inter-LAN Scenario WAN Scenario

28 juncao@cs.pdx.edu Computer Science, Portland State University28 Experiment Results Shrew attacks can come from both remote sites or near by LANs

29 juncao@cs.pdx.edu Computer Science, Portland State University29 Agenda TCP Congestion Control and Shrew Attacks Creating DoS Outages Aggregation and Heterogeneity Internet Experiments Counter-DoS Techniques and Conclusions

30 juncao@cs.pdx.edu Computer Science, Portland State University30 Impact of RED and RED-PD routers For Router-Assisted Mechanisms: relatively long- timescale measurements are required to determine with confidence that a flow is transmitting at excessively high rate and should be dropped. RED: Random Early Detection RED-PD: RED with Preferential Dropping

31 juncao@cs.pdx.edu Computer Science, Portland State University31 Detecting DoS Streams

32 juncao@cs.pdx.edu Computer Science, Portland State University32 DoS under Randomized RTO Randomized minRTO shifts and smoothes TCP’s null frequencies It will influence the TCP performance Helps but not very much to defend the attack

33 juncao@cs.pdx.edu Computer Science, Portland State University33 Conclusions Low-rate DoS attacks are successful against both short- and long-lived TCP aggregates In a heterogeneous-RTT environment, the success of the attack is weighted towards shorter-RTT flows All low-rate periodic open-loop streams could be harmful Shrew attacks can only be mitigated, but not eliminated, it is a tradeoff between performance

34 juncao@cs.pdx.edu Computer Science, Portland State University34 Questions ?

Download ppt "Low-Rate TCP-Targeted Denial of Service Attacks Presenter: Juncao Li Authors: Aleksandar Kuzmanovic Edward W. Knightly."

Similar presentations

Michele Pagano – A Survey on TCP Performance Evaluation and Modeling 1 Department of Information Engineering University of Pisa Network Telecomunication.

Michele Pagano – A Survey on TCP Performance Evaluation and Modeling 1 Department of Information Engineering University of Pisa Network Telecomunication.
Ph.D. Thesis Presentation Aleksandar Kuzmanovic Edge-based Inference, Control, and DoS Resilience for the Internet.

Ph.D. Thesis Presentation Aleksandar Kuzmanovic Edge-based Inference, Control, and DoS Resilience for the Internet.
Transport Layer3-1 TCP AIMD multiplicative decrease: cut CongWin in half after loss event additive increase: increase CongWin by 1 MSS every RTT in the.

Transport Layer3-1 TCP AIMD multiplicative decrease: cut CongWin in half after loss event additive increase: increase CongWin by 1 MSS every RTT in the.
Rice Networks Group Aleksandar Kuzmanovic Edward W. Knightly Low-Rate TCP-Targeted Denial of Service Attacks (The Shrew.

Rice Networks Group Aleksandar Kuzmanovic Edward W. Knightly Low-Rate TCP-Targeted Denial of Service Attacks (The Shrew.
Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,

Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,
TCP Congestion Control Dina Katabi & Sam Madden nms.csail.mit.edu/~dina 6.033, Spring 2014.

TCP Congestion Control Dina Katabi & Sam Madden nms.csail.mit.edu/~dina 6.033, Spring 2014.
1 End to End Bandwidth Estimation in TCP to improve Wireless Link Utilization S. Mascolo, A.Grieco, G.Pau, M.Gerla, C.Casetti Presented by Abhijit Pandey.

1 End to End Bandwidth Estimation in TCP to improve Wireless Link Utilization S. Mascolo, A.Grieco, G.Pau, M.Gerla, C.Casetti Presented by Abhijit Pandey.
Practice Questions: Congestion Control and Queuing

Practice Questions: Congestion Control and Queuing
© 2007 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. The Taming of The Shrew: Mitigating.

© 2007 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. The Taming of The Shrew: Mitigating.
1 Equation-Based Congestion Control for Unicast Applications Sally Floyd, Mark Handley, Jitendra Padhye & Jorg Widmer August 2000, ACM SIGCOMM Computer.

1 Equation-Based Congestion Control for Unicast Applications Sally Floyd, Mark Handley, Jitendra Padhye & Jorg Widmer August 2000, ACM SIGCOMM Computer.
Rice Networks Group Ph.D. Thesis Proposal Aleksandar Kuzmanovic Edge-based Inference and Control in the Internet.

Rice Networks Group Ph.D. Thesis Proposal Aleksandar Kuzmanovic Edge-based Inference and Control in the Internet.
Congestion Control Tanenbaum 5.3, 6.5. 6/12/2015Congestion Control (A Loss Based Technique: TCP)2 What? Why? Congestion occurs when –there is no reservation.

Congestion Control Tanenbaum 5.3, /12/2015Congestion Control (A Loss Based Technique: TCP)2 What? Why? Congestion occurs when –there is no reservation.
Presented by Prasanth Kalakota & Ravi Katpelly

Presented by Prasanth Kalakota & Ravi Katpelly
Denial of Service Resilience in Ad Hoc Networks Imad Aad, Jean-Pierre Hubaux, and Edward W. Knightly Designed by Yao Zhao.

Denial of Service Resilience in Ad Hoc Networks Imad Aad, Jean-Pierre Hubaux, and Edward W. Knightly Designed by Yao Zhao.
Aleksandar Kuzmanovic & Edward W. Knightly A Performance vs. Trust Perspective in the Design of End-Point Congestion Control Protocols.

Aleksandar Kuzmanovic & Edward W. Knightly A Performance vs. Trust Perspective in the Design of End-Point Congestion Control Protocols.
Defending Against Low-rate TCP Attack: Dynamic Detection and Protection Haibin Sun John C.S.Lui CSE Dept. CUHK David K.Y.Yau CS Dept. Purdue U.

Defending Against Low-rate TCP Attack: Dynamic Detection and Protection Haibin Sun John C.S.Lui CSE Dept. CUHK David K.Y.Yau CS Dept. Purdue U.
Low-Rate TCP- Targeted Denial of Service Attacks (The Shrew vs. the Mice and Elephants) Written by: Aleksandar Kuzmanovic Edward W. Knightly SIGCOMM’03,

Low-Rate TCP- Targeted Denial of Service Attacks (The Shrew vs. the Mice and Elephants) Written by: Aleksandar Kuzmanovic Edward W. Knightly SIGCOMM’03,
1 TCP-LP: A Distributed Algorithm for Low Priority Data Transfer Aleksandar Kuzmanovic, Edward W. Knightly Department of Electrical and Computer Engineering.

1 TCP-LP: A Distributed Algorithm for Low Priority Data Transfer Aleksandar Kuzmanovic, Edward W. Knightly Department of Electrical and Computer Engineering.
Fluid-based Analysis of a Network of AQM Routers Supporting TCP Flows with an Application to RED Vishal Misra Wei-Bo Gong Don Towsley University of Massachusetts,

Fluid-based Analysis of a Network of AQM Routers Supporting TCP Flows with an Application to RED Vishal Misra Wei-Bo Gong Don Towsley University of Massachusetts,
1 Emulating AQM from End Hosts Presenters: Syed Zaidi Ivor Rodrigues.

1 Emulating AQM from End Hosts Presenters: Syed Zaidi Ivor Rodrigues.

Similar presentations

Ads by Google