Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 SIGCOMM ’ 03 Low-Rate TCP-Targeted Denial of Service Attacks A. Kuzmanovic and E. W. Knightly Rice University Reviewed by Haoyu Song 9/25/2003.

Published byErnest Spencer Modified over 8 years ago

Similar presentations

Presentation on theme: "1 SIGCOMM ’ 03 Low-Rate TCP-Targeted Denial of Service Attacks A. Kuzmanovic and E. W. Knightly Rice University Reviewed by Haoyu Song 9/25/2003."— Presentation transcript:

1 1 SIGCOMM ’ 03 Low-Rate TCP-Targeted Denial of Service Attacks A. Kuzmanovic and E. W. Knightly Rice University Reviewed by Haoyu Song 9/25/2003

2 2 Denial of Service Attack Preventing or degrading service to legitimate users.  TCP SYN Attack  ICMP directed broadcasts Target  Network bandwidth  Server/router CPU cycles  Interrupt processing capacity  Operating system/protocol data structure

3 3 DoS Attack Common Characteristics Exploits the bugs or features of the operating system or inherent limitations of the networking Involves large number of compromised computers High-rate traffic toward victim node Can be detected, traced back, mitigated or cleared. Firewall, Intrusion Detect Device, Operating System Patches.

4 4 Low-Rate DoS Attack Exploits the vulnerability of the TCP’s congestion control algorithm; The rate is so low that it is hard to be detected; Degrade the victim’s throughput significantly; Not easy to fix.

5 5 Layout of the Paper Background: TCP’s Timeout Mechanism DoS Modeling Extensive Simulation and Experiments Counter-DoS Techniques Conclusion

6 6 TCP Retransmission Timeout Mechanism If less than 3 duplicate ACKs are received before RTO expires  Shrink its congestion window to 1 packets (slow start).  Set new RTO to 2*RTO (exponential backoff)  Retransmit the lost packet. RTO Selection is a tradeoff  Spurious timeout and extraneous retransmission if too small.  Too slow to recover from congestion if too large.

7 7 RTO Estimation SRTT – smoothed round trip time RTTVAR – round trip time variation R’ – RTT sample minRTO – lower bound for RTO, 1 second G – clock granularity

8 8 The Idea of Low-rate DoS Attack What to do  Provoke a TCP flow to repeatedly enter a retransmission timeout state Throttle the TCP throughput to near-zero How to do  Sending high-rate, RTT scale short duration bursts and repeating periodically at RTO scale period. Low average rate is hard to be detected

9 9 DoS Modeling

10 10 DoS TCP Throughput Two “null” point: T=minRTO/2 and T=minRTO

11 11 In Practice Periodic DoS attack are not utilizing TCP exponential backoff mechanism but rather exploit repeated timeout. If only subset of TCP flows satisfy the conditions, only the subset obtain the degraded throughput (flow filtering)

12 12 Creating DoS Outages Minimize the rate of DoS stream

13 13 Impact on Long-lived Homogeneous-RTT TCP Traffic 1.5Mb/s link One way propagation delay = 6ms RTT varies from 12ms to 132 ms DoS Traffic: 1.5Mb/s peak rate, 100ms burst and 50-byte packet 5 TCP flows simulation

14 14 Impact on Long-lived Heterogeneous- RTT TCP Traffic 20 TCP flows 10 Mb/s link RTT varies from 29 to 460 ms DoS burst traffic: 10Mb/s, 100ms burst and 1.1sec period

15 15 DoS Burst Length High-RTT-pass filter As burst length increase, more TCP flows are filtered thus the aggregate TCP throughput decreases.

16 16 DoS Peak Rate Background traffic potentially lower the DoS peak rate while maintaining an effective attack Senario: 1 DoS flow and 4 TCP flows. 3 TCP flows with long RTT serve as the background traffic Relatively low peak rates are sufficient to filter the short-RTT flow

17 17 Impact on HTTP Traffic HTTP traffic is more dynamic Have more impact on heavy load Have more impact on large file size Some flows benefit from the attack: avoid the outages.

18 18 DoS on TCP Variants Effect attacks depend on the ability to create correlated packet loss and force TCP flows to enter retransmission timeout.

19 19 Internet Experiments Intra-LAN Inter-LAN WAN

20 20 Intra-LAN Scenario 10Mb/s Ethernet Attacker: 10Mb/s peak rate, 200ms burst length. Null frequency: 1.2 sec. DoS average rate: 1.67 Mb/s if period is 1.2 sec. TCP flow throughput drops from 6.6 Mb/s to 780 kb/s

21 21 Inter-LAN Scenario Attacker and TCP sender are on different 100Mb/s Ethernet Attacked host is on a 10 Mb/s Ethernet DoS peak rate 10Mb/s, burst duration 100ms Null frequency : 1.1 sec At this time scale, DoS average rate is 909Kb/s TCP flow throughput drops from 9.8Mb/s to 800 kb/s

22 22 WAN Scenario DoS source is 8 hops away, 10Mb/s peak rate and 100ms burst duration. T = 1.1 sec, TCP througput drops to 909Kb/s from 9.8Mb/s

23 23 Router-Assisted Counter-DoS Consider only dropping algorithms rather than scheduling RED and RED-PD

24 24 Router-Assisted Counter-DoS cont ’ Vary the DoS peak rate or burst length 9 TCP SACK flows Bottleneck Rate 1.5 Mb/s

25 25 End-point minRTO Randomization Counter-DoS Fact: low rate attacks exploit minRTO homogeneity Remedy: Radomize end systems minRTO to randomize their null fequecnies Experiment: minRTO = uniform(a,b) Result: the longest most vulnerable timescale becomes T = b

26 26 Conclusion This attack can against both short and long- lived TCP flows. In heterogeneous RTT environment, it shows to be a high-RTT pass filter. No effective way to defend the system in the presence of this low-rate DoS attack.

Download ppt "1 SIGCOMM ’ 03 Low-Rate TCP-Targeted Denial of Service Attacks A. Kuzmanovic and E. W. Knightly Rice University Reviewed by Haoyu Song 9/25/2003."

Similar presentations

Internet Measurement Conference 2003 Source-Level IP Packet Bursts: Causes and Effects Hao Jiang Constantinos Dovrolis (hjiang,

Internet Measurement Conference 2003 Source-Level IP Packet Bursts: Causes and Effects Hao Jiang Constantinos Dovrolis (hjiang,
Michele Pagano – A Survey on TCP Performance Evaluation and Modeling 1 Department of Information Engineering University of Pisa Network Telecomunication.

Michele Pagano – A Survey on TCP Performance Evaluation and Modeling 1 Department of Information Engineering University of Pisa Network Telecomunication.
Ph.D. Thesis Presentation Aleksandar Kuzmanovic Edge-based Inference, Control, and DoS Resilience for the Internet.

Ph.D. Thesis Presentation Aleksandar Kuzmanovic Edge-based Inference, Control, and DoS Resilience for the Internet.
3/2/2001Hanoch Levy, CS, TAU1 TCP Behavior and Performance Workshop on QoS Hanoch Levy April 2004.

3/2/2001Hanoch Levy, CS, TAU1 TCP Behavior and Performance Workshop on QoS Hanoch Levy April 2004.
Rice Networks Group Aleksandar Kuzmanovic Edward W. Knightly Low-Rate TCP-Targeted Denial of Service Attacks (The Shrew.

Rice Networks Group Aleksandar Kuzmanovic Edward W. Knightly Low-Rate TCP-Targeted Denial of Service Attacks (The Shrew.
1 Transport Protocols & TCP CSE 3213 Fall 2007 130 April 2015.

1 Transport Protocols & TCP CSE 3213 Fall April 2015.
Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,

Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,
1 End to End Bandwidth Estimation in TCP to improve Wireless Link Utilization S. Mascolo, A.Grieco, G.Pau, M.Gerla, C.Casetti Presented by Abhijit Pandey.

1 End to End Bandwidth Estimation in TCP to improve Wireless Link Utilization S. Mascolo, A.Grieco, G.Pau, M.Gerla, C.Casetti Presented by Abhijit Pandey.
Simulating Large Networks using Fluid Flow Model Yong Liu Joint work with Francesco LoPresti, Vishal Misra Don Towsley, Yu Gu.

Simulating Large Networks using Fluid Flow Model Yong Liu Joint work with Francesco LoPresti, Vishal Misra Don Towsley, Yu Gu.
© 2007 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. The Taming of The Shrew: Mitigating.

© 2007 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. The Taming of The Shrew: Mitigating.
Defending Against Low-rate TCP Attack: Dynamic Detection and Protection Prof. John C.S. Lui CSE Dept. CUHK.

Defending Against Low-rate TCP Attack: Dynamic Detection and Protection Prof. John C.S. Lui CSE Dept. CUHK.
School of Information Technologies TCP Congestion Control NETS3303/3603 Week 9.

School of Information Technologies TCP Congestion Control NETS3303/3603 Week 9.
Vijay Vasudevan, Amar Phanishayee, Hiral Shah, Elie Krevat David Andersen, Greg Ganger, Garth Gibson, Brian Mueller* Carnegie Mellon University, *Panasas.

Vijay Vasudevan, Amar Phanishayee, Hiral Shah, Elie Krevat David Andersen, Greg Ganger, Garth Gibson, Brian Mueller* Carnegie Mellon University, *Panasas.
The War Between Mice and Elephants Presented By Eric Wang Liang Guo and Ibrahim Matta Boston University ICNP 2001 1.

The War Between Mice and Elephants Presented By Eric Wang Liang Guo and Ibrahim Matta Boston University ICNP
Rice Networks Group Ph.D. Thesis Proposal Aleksandar Kuzmanovic Edge-based Inference and Control in the Internet.

Rice Networks Group Ph.D. Thesis Proposal Aleksandar Kuzmanovic Edge-based Inference and Control in the Internet.
Congestion Control Tanenbaum 5.3, 6.5. 6/12/2015Congestion Control (A Loss Based Technique: TCP)2 What? Why? Congestion occurs when –there is no reservation.

Congestion Control Tanenbaum 5.3, /12/2015Congestion Control (A Loss Based Technique: TCP)2 What? Why? Congestion occurs when –there is no reservation.
Analyzing the jitter-attacks against TCP flows Mentors: Dr. Imad Aad, Prof. Jean-Pierre Hubaux Moumbe Arno Patrice 09 february 2005.

Analyzing the jitter-attacks against TCP flows Mentors: Dr. Imad Aad, Prof. Jean-Pierre Hubaux Moumbe Arno Patrice 09 february 2005.
Presented by Prasanth Kalakota & Ravi Katpelly

Presented by Prasanth Kalakota & Ravi Katpelly
Denial of Service Resilience in Ad Hoc Networks Imad Aad, Jean-Pierre Hubaux, and Edward W. Knightly Designed by Yao Zhao.

Denial of Service Resilience in Ad Hoc Networks Imad Aad, Jean-Pierre Hubaux, and Edward W. Knightly Designed by Yao Zhao.
Aleksandar Kuzmanovic & Edward W. Knightly A Performance vs. Trust Perspective in the Design of End-Point Congestion Control Protocols.

Aleksandar Kuzmanovic & Edward W. Knightly A Performance vs. Trust Perspective in the Design of End-Point Congestion Control Protocols.

Similar presentations

Ads by Google