Presentation is loading. Please wait.

Presentation is loading. Please wait.

Low-Rate TCP-Targeted DoS Attack Disrupts Internet Routing Ying Zhang Z. Morley Mao Jia Wang Presented in NDSS07 Prepared by : Hale Ismet.

Published byProsper Parker Modified over 8 years ago

Similar presentations

Presentation on theme: "Low-Rate TCP-Targeted DoS Attack Disrupts Internet Routing Ying Zhang Z. Morley Mao Jia Wang Presented in NDSS07 Prepared by : Hale Ismet."— Presentation transcript:

1 Low-Rate TCP-Targeted DoS Attack Disrupts Internet Routing Ying Zhang Z. Morley Mao Jia Wang Presented in NDSS07 Prepared by : Hale Ismet

2 The attacks Attacks targeting end hosts Attacks targeting end hosts Denial of Service attacks, worms, spam Denial of Service attacks, worms, spam Attacks targeting the routing infrastructure Attacks targeting the routing infrastructure

3 Border Gateway Protocol standard inter-domain routing protocol There are two types of BGP sessions: eBGP iBGP sessions. It is former are between routers withindifferent autonomous systems (ASes) or networks AS 2

4 To ensure liveness of the neighbor in a BGP session, routers periodically exchange keepalive messages C BR AS 1 AS 2 BGP session Transport: TCP connection C BR Keepalive confirm peer liveliness; determine peer reachability BGP HoldTimer expired BGP session reset

5 Low-rate TCP-targeted DoS attacks minRTO2 x minRTO 4 x minRTO Time TCP congestion window size (segments) Initial window size Attack flow period approximates minRTO of TCP flows

6 the attacker can indeed bring down the BGP session 1-Burst Length L needs to be long enough to cause congestion 2-Peak magnitude R also needs to be large to cause congestion. 3- Inter-burst period T needs to be minRTO to cause session reset

7 To effect of this attack on BGP 1. that attack traffic lowers the sending rate of the TCP connection carrying BGP traffic ; this increased convergence 2. the more severe effect on the BGP session is the possibility of BGP session reset caused by all packets dropped within a time interval exceeding the hold timer value.

8 Testbed experiments the high-end Cisco router GSR (It is widely used in Internet and is very powerful ) the high-end Cisco router GSR (It is widely used in Internet and is very powerful ) Demonstrating the attack feasibility by two computers Demonstrating the attack feasibility by two computers

9 UDP-based attack flow Attacker A Receiver B Router R1 C BR Router R2 C BR minRTO 2*minRTO 7 th retransmitted BGP Keepalive message BGP Session Reset Take 3 min

10 Kind of routers

11 the probability of session reset. the burst length of 225 msec, the attacker has around 30% probability to reset the session with 42% available bandwidth the burst length of 225 msec, the attacker has around 30% probability to reset the session with 42% available bandwidth

12 Attack peak magnitude’s impact on session reset and table transfer duration

13 Necessary conditions for single attack Inter-burst period approximates minRTO Inter-burst period approximates minRTO The attack flow’s path traverses at least one link of the BGP session The attack flow’s path traverses at least one link of the BGP session Attack flow’s bottleneck link is the target link Attack flow’s bottleneck link is the target link

14 bring down the BGP session To avoid sending too much traffic from each node, we perform time synchronization designed

15 Conditions for Coordinated attacks 1’. Sufficiently strong combined attack flows to cause congestion 1’. Sufficiently strong combined attack flows to cause congestion 2. The attack flow’s path traverses the BGP session 2. The attack flow’s path traverses the BGP session 3’. Identify the target link location 3’. Identify the target link location

16 Attack prevention hiding information hiding information -Kuzmanovic03 :Randomize minRTO -Hide network topology from end-hosts.  prioritize routing traffic Weighted Random Early Detection (WRED) [It is a mechanism ] Weighted Random Early Detection (WRED) [It is a mechanism ] Prevent TCP synchronization Prevent TCP synchronization Selectively drop packets : Drop low-priority packets first when the queue size exceeds defined thresholds Selectively drop packets : Drop low-priority packets first when the queue size exceeds defined thresholds ** WRED relies on the IP precedence field in the packet header

17 BGP table transfer with WRED enabled under attack

18 Conclusion Feasibility of attacks against Internet routing infrastructure Feasibility of attacks against Internet routing infrastructure Prevention solution using existing router configurations Prevention solution using existing router configurations Difficulties in detecting and defending against coordinated attacks Difficulties in detecting and defending against coordinated attacks

19 Thanks Any Questions? Any Questions? Attacker A Receiver B BGP Session Reset

Download ppt "Low-Rate TCP-Targeted DoS Attack Disrupts Internet Routing Ying Zhang Z. Morley Mao Jia Wang Presented in NDSS07 Prepared by : Hale Ismet."

Similar presentations

CCNP Network Route BGP Part -I BGP : Border Gateway Protocol. It is a distance vector protocol It is an External Gateway Protocol and basically used for.

CCNP Network Route BGP Part -I BGP : Border Gateway Protocol. It is a distance vector protocol It is an External Gateway Protocol and basically used for.
CSIT560 Internet Infrastructure: Switches and Routers Active Queue Management Presented By: Gary Po, Henry Hui and Kenny Chong.

CSIT560 Internet Infrastructure: Switches and Routers Active Queue Management Presented By: Gary Po, Henry Hui and Kenny Chong.
CISCO NETWORKING ACADEMY PROGRAM (CNAP)

CISCO NETWORKING ACADEMY PROGRAM (CNAP)
1 Copyright  1999, Cisco Systems, Inc. Module10.ppt10/7/1999 8:27 AM BGP — Border Gateway Protocol Routing Protocol used between AS’s Currently Version.

1 Copyright  1999, Cisco Systems, Inc. Module10.ppt10/7/1999 8:27 AM BGP — Border Gateway Protocol Routing Protocol used between AS’s Currently Version.
CS 672 1 Summer 2003 CS672: MPLS Architecture, Applications and Fault-Tolerance.

CS Summer 2003 CS672: MPLS Architecture, Applications and Fault-Tolerance.
Border Gateway Protocol Ankit Agarwal Dashang Trivedi Kirti Tiwari.

Border Gateway Protocol Ankit Agarwal Dashang Trivedi Kirti Tiwari.
CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.

CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.
Border Gateway Protocol Autonomous Systems and Interdomain Routing (Exterior Gateway Protocol EGP)

Border Gateway Protocol Autonomous Systems and Interdomain Routing (Exterior Gateway Protocol EGP)
Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.

Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.
1 BGP Anomaly Detection in an ISP Jian Wu (U. Michigan) Z. Morley Mao (U. Michigan) Jennifer Rexford (Princeton) Jia Wang (AT&T Labs)

1 BGP Anomaly Detection in an ISP Jian Wu (U. Michigan) Z. Morley Mao (U. Michigan) Jennifer Rexford (Princeton) Jia Wang (AT&T Labs)
© 2007 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. The Taming of The Shrew: Mitigating.

© 2007 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. The Taming of The Shrew: Mitigating.
1 Finding a Needle in a Haystack: Pinpointing Significant BGP Routing Changes in an IP Network Jian Wu (University of Michigan) Z. Morley Mao (University.

1 Finding a Needle in a Haystack: Pinpointing Significant BGP Routing Changes in an IP Network Jian Wu (University of Michigan) Z. Morley Mao (University.
S ufficient C onditions to G uarantee P ath V isibility Akeel ur Rehman Faridee 2005-03-0021.

S ufficient C onditions to G uarantee P ath V isibility Akeel ur Rehman Faridee
Presented by Prasanth Kalakota & Ravi Katpelly

Presented by Prasanth Kalakota & Ravi Katpelly
1 ELEN 602 Lecture 20 More on Routing RIP, OSPF, BGP.

1 ELEN 602 Lecture 20 More on Routing RIP, OSPF, BGP.
15-441 Computer Networking Inter-Domain Routing BGP (Border Gateway Protocol)

Computer Networking Inter-Domain Routing BGP (Border Gateway Protocol)
Computer Networking Lecture 10: Inter-Domain Routing

Computer Networking Lecture 10: Inter-Domain Routing
Unicast Routing Protocols: RIP, OSPF, and BGP

Unicast Routing Protocols: RIP, OSPF, and BGP
A Routing Control Platform for Managing IP Networks Jennifer Rexford Princeton University

A Routing Control Platform for Managing IP Networks Jennifer Rexford Princeton University
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #8 Explicit Congestion Notification (RFC 3168) Limited Transmit.

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #8 Explicit Congestion Notification (RFC 3168) Limited Transmit.

Similar presentations

Ads by Google