TCP/IP: TCP. Network Security Lecture 7. Eike Ritter Network Security - Lecture 7

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "TCP/IP: TCP. Network Security Lecture 7. Eike Ritter Network Security - Lecture 7"

Transcription

1 TCP/IP: TCP Network Security Lecture 7 1

2 TCP spoofing Alice trusts Bob (e.g., logins on Alice are allowed with no password if TCP connection comes from host Bob) Mallory wants to impersonate Bob when opening a TCP connection to Alice Steps M kills B (e.g., flooding) M sends SYN segment to A with source IP address set to B s IP address A sends a SYN/ACK to B, with its initial sequence number I A M completes the 3-way handshake, with ACK set to I A + 1 M eavesdrops A s response containing I A [we know how to do this] M guesses the correct I A value ( blind spoofing ) [we will focus on this] 2

3 TCP spoofing Described in R. T. Morris, A Weakness in the 4.2BSD UNIX TCP/IP Software Used by Kevin Mitnickattack in his attack against the San Diego Supercomputer Center Addressed by S. Bellovin, RFC 1984, Defending Against Sequence Number Attacks Set initial sequence number to the timer prescribed originally +the value of a cryptographic hash function of each connection: ISN = M + F(localhost, localport, remotehost, remoteport) It is vital that F not be computable from the outside, so it is keyed with with some secret data True random number Per-host secret and boot time of the machine Thus, each connection is given a separate sequence number space That s the theory, at least 3

4 Initial sequence number revisited How about the actual implementations? Are the different OSes correctly implementing initial sequence number generators? How do you test it? MichalZalewskilooks at this problem in Strange Attractors and TCP/IP Sequence Number Analysis and the follow-up study One Year Later Derive properties of ISN generators by observing the generated ISNs(instead of, say, looking at their implementation) For example: , , , , , , , , ,... Phase space analysis to visualize hidden dependencies Represent a sequence of ISNsin a 3-d space: x[t] = seq[t] -seq[t-1] y[t] = seq[t-1] -seq[t-2] z[t] = seq[t-2] - seq[t-3] Look for unexpected regularities in this space ( attractors ) Use attractor to build Spoofing Sets, i.e., likely values for the next ISN 4

5 Linux 2.2 5

6 Windows

7 Windows 98 7

8 Cisco IOS -before 8

9 Cisco IOS -after 9

10 TCP hijacking We saw: TCP spoofing + address-based authentication = attacker wins What if authentication is performed by other means, e.g., password-based? Attacker needs a more powerful attack Attacker waits for TCP connection to be established and then creates a desynchronized state on both ends of the connection Two points cannot communicate Then creates acceptable packets for both ends At this point, attacker completely controls the connection Performed by using spoofed TCP segments to Insert data in the streams Reset an existing connection (denial of service) First described in L. Joncheray, Simple Active Attack Against TCP 10

11 TCP hijacking Scenario: attacker wants to inject data into existing TCP connection between two hosts Think of telnet connection between A and B M wants to hijack connection to inject commands that will be executed on B Attacker waits until the connection to hijack is quiet All the sent data has been acknowledged Attacker injects data into the stream ( desynchronization ) echo + + > ~/.rhosts Source IP is spoofed to A s IP address SEG.SEQ = last ACK from the server SEG.ACK = last SEQ from the server Datagram is acceptable and will be processed by the server 11

12 TCP hijacking What happens next? Server sends ACK to A Remember: attacker is spoofing A s address SRV.ACK = M Client receives segment, notices it is out of order, and sends ACK with the right sequence number CLN.ACK = N (N < M) Server receives segment, notices it is out of order, and sends ACK with the right sequence number SRV.ACK = M... Ack storm 12

13 ACK storm > : P : (21) ack > :. seq ack > :. seq ack > :. seq ack > :. seq ack > :. seq ack > :. seq ack > :. seq ack > :. seq ack > :. seq ack > :. seq ack > :. seq ack > :. seq ack > :. seq ack > :. seq ack > :. seq ack > :. seq ack

14 Fixing the ACK storm How to prevent/stop? Disable the client so that it does not reply to server s ACKs Resynchronize Send null data to client so that it resyncswith the server In telnet, NOP commands Just wait ACKsthat carry no data are not retransmitted if lost ACK storm will congest the network So eventually, ACKswill be lost ARP spoofing Spoofs client so that server ACKsonly reach the attacker 14

15 SYN flooding Denial of service attack Attacker sends a SYN packet Victim replies with SYN/ACK segment Internally, the victim allocates resources to keep track of the half-open connection Transmission Control Block (TCB) In practice, some memory Attacker does not send ACK The victim has limited number of available TCBsto keep track of the half-open connection When limit is reached, it will not accept any other connection Can the attacker easily hide (spoof) its source address? 15

16 SYN flooding defenses How would you protect from this attack? Filtering To block spoofed packets Increase the length of the queue storing half-open connections Recycle existing half-open connections when the limit is reached and new connections arrive Reduce the SYN-RECEIVED timeout Time waited between receiving a SYN and recycling the resources allocated to this connection Do not allocate any state at all for a received SYN SYN cookie 16

17 SYN cookie Encode the connection state in the initial sequence number and/or other fields (e.g., the Timestamp option) Set ISN to t m s t: timestamp m: MSS s: result of crypto function on server address and port, client address and port, t When ACK is received Recover the ISN (ACK 1) Check t against current timestamp and check that it is close enough Recomputes and check that it is valid Decode m 17

TCP/IP Security Problems. History that still teaches

TCP/IP Security Problems. History that still teaches TCP/IP Security Problems History that still teaches 1 remote login without a password rsh and rcp were programs that allowed you to login from a remote site without a password The.rhosts file in your home

More information

OSI Transport layer. Dr. Luca Allodi - Network Security - University of Trento, DISI (AA 2015/2016)

OSI Transport layer. Dr. Luca Allodi - Network Security - University of Trento, DISI (AA 2015/2016) OSI Transport layer Dr. Luca Allodi - Network Security - University of Trento, DISI (AA 2015/2016) 1 Transmission Control Protocol (TCP) IP can only be used to send datagrams chunks or streams of information

More information

CIT 480: Securing Computer Systems. TCP/IP Security

CIT 480: Securing Computer Systems. TCP/IP Security CIT 480: Securing Computer Systems TCP/IP Security Topics 1. Internet Protocol (IP) 2. IP Spoofing and Other Vulnerabilities 3. ICMP 4. Transmission Control Protocol (TCP) 5. TCP Session Hijacking 6. UDP

More information

- TCP and UDP - Transport Layer Protocols

- TCP and UDP - Transport Layer Protocols 1 Transport Layer Protocols - TCP and UDP - The Transport layer (OSI Layer-4) does not actually transport data, despite its name. Instead, this layer is responsible for the reliable transfer of data, by

More information

Denial Of Service. Types of attacks

Denial Of Service. Types of attacks Denial Of Service The goal of a denial of service attack is to deny legitimate users access to a particular resource. An incident is considered an attack if a malicious user intentionally disrupts service

More information

Session Hijacking Exploiting TCP, UDP and HTTP Sessions

Session Hijacking Exploiting TCP, UDP and HTTP Sessions Session Hijacking Exploiting TCP, UDP and HTTP Sessions Shray Kapoor shray.kapoor@gmail.com Preface With the emerging fields in e-commerce, financial and identity information are at a higher risk of being

More information

Security weaknesses inherent in the design of TCP over IP

Security weaknesses inherent in the design of TCP over IP www.harmonysecurity.com info@harmonysecurity.com Security weaknesses inherent in the design of TCP over IP By Stephen Fewer Contents 1 Introduction 2 2 TCP/IP Overview 2 2.1 The Internet Protocol 2 2.2

More information

Outline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg

Outline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg Outline Network Topology CSc 466/566 Computer Security 18 : Network Security Introduction Version: 2012/05/03 13:59:29 Department of Computer Science University of Arizona collberg@gmail.com Copyright

More information

Attack Lab: Attacks on TCP/IP Protocols

Attack Lab: Attacks on TCP/IP Protocols Laboratory for Computer Security Education 1 Attack Lab: Attacks on TCP/IP Protocols Copyright c 2006-2010 Wenliang Du, Syracuse University. The development of this document is funded by the National Science

More information

Attack Lab: Attacks on TCP/IP Protocols

Attack Lab: Attacks on TCP/IP Protocols Laboratory for Computer Security Education 1 Attack Lab: Attacks on TCP/IP Protocols Copyright c 2006-2009 Wenliang Du, Syracuse University. The development of this document is funded by the National Science

More information

Lecture Notes (Syracuse University) TCP Protocols & Attacks: 1. TCP Protocols. (1) TCP Protocol (Transmission Control Protocol)

Lecture Notes (Syracuse University) TCP Protocols & Attacks: 1. TCP Protocols. (1) TCP Protocol (Transmission Control Protocol) Lecture Notes (Syracuse University) TCP Protocols & Attacks: 1 TCP Protocols (1) TCP Protocol (Transmission Control Protocol) The Need for Stream Delivery Out of order packet delivery Packet delay Packet

More information

TCP SYN Flood - Denial of Service Seung Jae Won University of Windsor wons@uwindsor.ca

TCP SYN Flood - Denial of Service Seung Jae Won University of Windsor wons@uwindsor.ca TCP SYN Flood - Denial of Service Seung Jae Won University of Windsor wons@uwindsor.ca Abstract TCP SYN flooding attack is a kind of denial-of-service attack. This SYN flooding attack is using the weakness

More information

Configuring TCP Intercept (Preventing Denial-of-Service Attacks)

Configuring TCP Intercept (Preventing Denial-of-Service Attacks) Configuring TCP Intercept (Preventing Denial-of-Service Attacks) This chapter describes how to configure your router to protect TCP servers from TCP SYN-flooding attacks, a type of denial-of-service attack.

More information

CS 3251: Computer Networking 1 Security Protocols I

CS 3251: Computer Networking 1 Security Protocols I Georgia Tech CS 3251: Computer Networking 1 Security Protocols I Brad Reaves, PhD Student 11/21/13 (slides from Prof. Patrick Traynor) CS 3251 - Computer Networks I Last Time Trying to prove who you are

More information

Attacks on TCP/IP Protocols

Attacks on TCP/IP Protocols Attacks on TCP/IP Protocols CPSC4620: Computer Network Security Robbie Myers Abstract: TCP/IP protocols serve as the backbone of the Internet transmission structure. As such an important component of this

More information

CIS 551 / TCOM 401 Computer and Network Security

CIS 551 / TCOM 401 Computer and Network Security CIS 551 / TCOM 401 Computer and Network Security Spring 2008 Lecture 11 2/26/08 CIS/TCOM 551 1 Wireless (802.11) Spread spectrum radio 2.4GHz frequency band Bandwidth ranges 1, 2, 5.5, 11, 22, 54, 248

More information

Denial of Service Attacks. Notes derived from Michael R. Grimaila s originals

Denial of Service Attacks. Notes derived from Michael R. Grimaila s originals Denial of Service Attacks Notes derived from Michael R. Grimaila s originals Denial Of Service The goal of a denial of service attack is to deny legitimate users access to a particular resource. An incident

More information

Improving TCP/IP Security Through Randomization Without Sacrificing Interoperability. Michael J. Silbersack 5/13/2006.

Improving TCP/IP Security Through Randomization Without Sacrificing Interoperability. Michael J. Silbersack 5/13/2006. Improving TCP/IP Security Through Randomization Without Sacrificing Interoperability Michael J. Silbersack 5/13/2006 http://www.silby.com/bsdcan06/ What does that title mean? TCP was not designed with

More information

A1.1.1.11.1.1.2 1.1.1.3S B

A1.1.1.11.1.1.2 1.1.1.3S B CS Computer 640: Network AdityaAkella Lecture Introduction Networks Security 25 to Security DoS Firewalls and The D-DoS Vulnerabilities Road Ahead Security Attacks Protocol IP ICMP Routing TCP Security

More information

Special Topic: TCP Session Hijacking

Special Topic: TCP Session Hijacking Special Topic: TCP Session Hijacking Prof. Yinqian Zhang The Ohio State University Copyright Prof. Zhiyun Qian, UC Riverside 2 Outline TCP Attacks Off-path TCP sequence number prediction Off-path TCP sequence

More information

Security: Attack and Defense

Security: Attack and Defense Security: Attack and Defense Aaron Hertz Carnegie Mellon University Outline! Breaking into hosts! DOS Attacks! Firewalls and other tools 15-441 Computer Networks Spring 2003 Breaking Into Hosts! Guessing

More information

Analysis on Some Defences against SYN-Flood Based Denial-of-Service Attacks

Analysis on Some Defences against SYN-Flood Based Denial-of-Service Attacks Analysis on Some Defences against SYN-Flood Based Denial-of-Service Attacks Sau Fan LEE (ID: 3484135) Computer Science Department, University of Auckland Email: slee283@ec.auckland.ac.nz Abstract A denial-of-service

More information

Chapter 7 Protecting Against Denial of Service Attacks

Chapter 7 Protecting Against Denial of Service Attacks Chapter 7 Protecting Against Denial of Service Attacks In a Denial of Service (DoS) attack, a Routing Switch is flooded with useless packets, hindering normal operation. HP devices include measures for

More information

CSCE 465 Computer & Network Security

CSCE 465 Computer & Network Security CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Vulnerability Analysis 1 Roadmap Why vulnerability analysis? Example: TCP/IP related vulnerabilities

More information

Basic Security Problems. Network protocols. Smurf Attack. Packet Sniffing. SYN Flooding. TCP Handshake. Network packets pass by untrusted hosts

Basic Security Problems. Network protocols. Smurf Attack. Packet Sniffing. SYN Flooding. TCP Handshake. Network packets pass by untrusted hosts Basic Security Problems Network protocols Vulnerabilities Network packets pass by untrusted hosts Eavesdropping, packet sniffing IP addresses are public Smurf TCP connection requires state SYN flooding

More information

SY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

SY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. From a high-level standpoint, attacks on computer systems and networks can be grouped

More information

CS5008: Internet Computing

CS5008: Internet Computing CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is

More information

9/15: Security problems with TCP/IP

9/15: Security problems with TCP/IP 9/15: Security problems with TCP/IP Scribe: Derek Leung The TCP and IP protocols have been a classic area of focus for network security owing to their ubiquity, age, and importance. Designed at a time

More information

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding? Page 1 of 5 1. Introduction The present document explains about common attack scenarios to computer networks and describes with some examples the following features of the MilsGates: Protection against

More information

Off-Path TCP Sequence Number Inference Attack (How Firewall Middleboxes Reduce Security) Zhiyun Qian, Z. Morley Mao University of Michigan

Off-Path TCP Sequence Number Inference Attack (How Firewall Middleboxes Reduce Security) Zhiyun Qian, Z. Morley Mao University of Michigan Off-Path TCP Sequence Number Inference Attack (How Firewall Middleboxes Reduce Security) Zhiyun Qian, Z. Morley Mao University of Michigan 1 Known Attacks against TCP 2 Man-in-the-middle based attacks

More information

Security vulnerabilities in the Internet and possible solutions

Security vulnerabilities in the Internet and possible solutions Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in

More information

Lecture 6: Network Attacks II. Course Admin

Lecture 6: Network Attacks II. Course Admin Lecture 6: Network Attacks II CS 336/536: Computer Network Security Fall 2014 Nitesh Saxena Adopted from previous lectures by Keith Ross, and Gene Tsudik Course Admin HW/Lab 1 We are grading (should return

More information

What is TCP. TCP = Transmission Control Protocol. Part of the IP network protocol suite. It is a connection-based protocol

What is TCP. TCP = Transmission Control Protocol. Part of the IP network protocol suite. It is a connection-based protocol TCP Hijacking What is TCP TCP = Transmission Control Protocol Part of the IP network protocol suite It is a connection-based protocol It is a point-to-point protocol It is used for data transfer across

More information

Client Server Registration Protocol

Client Server Registration Protocol Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are

More information

Transmission Control Protocol (TCP) A brief summary

Transmission Control Protocol (TCP) A brief summary Transmission Control Protocol (TCP) A brief summary TCP Basics TCP (RFC 793) is a connection-oriented transport protocol TCP entities only present at hosts (end-end) retain state of each open connection

More information

Linux Network Security

Linux Network Security Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols

More information

Networks: IP and TCP. Internet Protocol

Networks: IP and TCP. Internet Protocol Networks: IP and TCP 11/1/2010 Networks: IP and TCP 1 Internet Protocol Connectionless Each packet is transported independently from other packets Unreliable Delivery on a best effort basis No acknowledgments

More information

Internet Protocol (IP)

Internet Protocol (IP) TCP/IP CIS 218/238 Internet Protocol (IP) The Internet Protocol (IP) is responsible for ensuring that data is transferred between two Intenret hosts based on a 32 bit address. To be ROUTABLE, a protocol

More information

MONITORING OF TRAFFIC OVER THE VICTIM UNDER TCP SYN FLOOD IN A LAN

MONITORING OF TRAFFIC OVER THE VICTIM UNDER TCP SYN FLOOD IN A LAN MONITORING OF TRAFFIC OVER THE VICTIM UNDER TCP SYN FLOOD IN A LAN Kanika 1, Renuka Goyal 2, Gurmeet Kaur 3 1 M.Tech Scholar, Computer Science and Technology, Central University of Punjab, Punjab, India

More information

Using SYN Flood Protection in SonicOS Enhanced

Using SYN Flood Protection in SonicOS Enhanced SonicOS Using SYN Flood Protection in SonicOS Enhanced Introduction This TechNote will describe SYN Flood protection can be activated on SonicWALL security appliance to protect internal networks. It will

More information

The Transmission Control Protocol (TCP): Lecture 1

The Transmission Control Protocol (TCP): Lecture 1 Today s Lecture The Transmission Control Protocol (TCP): Lecture 1 I. TCP overview II. The TCP Header III. Connection establishment and termination Internet Protocols CSC / ECE 573 Fall, 2005 N. C. State

More information

TCP - Introduction. Features of TCP

TCP - Introduction. Features of TCP TCP - Introduction The Internet Protocol (IP) provides unreliable datagram service between hosts The Transmission Control Protocol (TCP) provides reliable data delivery It uses IP for datagram delivery

More information

Slides from TCP/IP - Forouzan. Chapter 12 TCP

Slides from TCP/IP - Forouzan. Chapter 12 TCP Chapter 12 Services Segments and Options Flow Control and Error Control rs Connections State Transition Diagram Congestion Control Operation and Design Figure Application layer Position of in /IP protocol

More information

TCP: Transmission Control Protocol RFC 793,1122,1223. Prof. Lin Weiguo Copyleft 2009~2015, College of Computing, CUC

TCP: Transmission Control Protocol RFC 793,1122,1223. Prof. Lin Weiguo Copyleft 2009~2015, College of Computing, CUC TCP: Transmission Control Protocol RFC 793,1122,1223 Prof. Lin Weiguo Copyleft 2009~2015, College of Computing, CUC Nov. 2015 TCP/IP Protocol Stack Application Layer FTP, Telnet, HTTP, Transport Layer

More information

TCP/IP Attack Lab. 1 Lab Overview. 2 Lab Environment. 2.1 Environment Setup. SEED Labs TCP/IP Attack Lab 1

TCP/IP Attack Lab. 1 Lab Overview. 2 Lab Environment. 2.1 Environment Setup. SEED Labs TCP/IP Attack Lab 1 SEED Labs TCP/IP Attack Lab 1 TCP/IP Attack Lab Copyright c 2006-2016 Wenliang Du, Syracuse University. The development of this document was partially funded by the National Science Foundation under Award

More information

DNS: the Kaminsky Blind Spoofing Attack

DNS: the Kaminsky Blind Spoofing Attack DNS: the Kaminsky Blind Spoofing Attack CS 161: Computer Security Prof. David Wagner April 1, 2016 DNS Blind Spoofing, cont. Once we randomize the Identification, attacker has a 1/65536 chance of guessing

More information

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology Port Scanning and Vulnerability Assessment ECE4893 Internetwork Security Georgia Institute of Technology Agenda Reconnaissance Scanning Network Mapping OS detection Vulnerability assessment Reconnaissance

More information

Denial of Service Attacks

Denial of Service Attacks (DoS) What Can be DoSed? First Internet DoS Attack The TCP State Diagram SYN Flooding Anti-Spoofing Better Data Structures Attacking Compact Data Structures Generic Solution SYN Cookies It s Not Perfect

More information

20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7

20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7 20-CS-6053-00X Network Security Spring, 2014 An Introduction To Network Security Week 1 January 7 Attacks Criminal: fraud, scams, destruction; IP, ID, brand theft Privacy: surveillance, databases, traffic

More information

Transport Layer: UDP vs. TCP

Transport Layer: UDP vs. TCP EEC 189Q: Computer Networks Transport Layer: UDP vs. TCP Reading: 8.4 & 8.5 Review: Internet Protocol Stack Application Telnet FTP HTTP Transport Network Link Physical bits on wire TCP LAN IP UDP Packet

More information

Guide to TCP/IP, Third Edition. Chapter 5: Transport Layer TCP/IP Protocols

Guide to TCP/IP, Third Edition. Chapter 5: Transport Layer TCP/IP Protocols Guide to TCP/IP, Third Edition Chapter 5: Transport Layer TCP/IP Protocols Objectives Understand the key features and functions of the User Datagram Protocol Explain the mechanisms that drive segmentation,

More information

Seminar Computer Security

Seminar Computer Security Seminar Computer Security DoS/DDoS attacks and botnets Hannes Korte Overview Introduction What is a Denial of Service attack? The distributed version The attacker's motivation Basics Bots and botnets Example

More information

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks

More information

TCP/IP Concepts Review. Ed Crowley

TCP/IP Concepts Review. Ed Crowley TCP/IP Concepts Review Ed Crowley 1 Objectives At the end of this unit, you will be able to: Describe the TCP/IP protocol stack For each level, explain roles and vulnerabilities Explain basic IP addressing

More information

Final exam review, Fall 2005 FSU (CIS-5357) Network Security

Final exam review, Fall 2005 FSU (CIS-5357) Network Security Final exam review, Fall 2005 FSU (CIS-5357) Network Security Instructor: Breno de Medeiros 1. What is an insertion attack against a NIDS? Answer: An insertion attack against a network intrusion detection

More information

Tutorial 1 Solutions (Week 5)

Tutorial 1 Solutions (Week 5) COMP 333/933 Computer Networks and Applications Tutorial Solutions (Week 5) Introduction Suppose two hosts, A and B are separated by, kms and are connected by a direct link of R = Mbps. Suppose the propagation

More information

Network Security. Chapter 9. Attack prevention, detection and response. Attack Prevention. Part I: Attack Prevention

Network Security. Chapter 9. Attack prevention, detection and response. Attack Prevention. Part I: Attack Prevention Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Part I: Attack Prevention Network Security Chapter 9 Attack prevention, detection and response Part Part I:

More information

2.2 Methods of Distributed Denial of Service Attacks. 2.1 Methods of Denial of Service Attacks

2.2 Methods of Distributed Denial of Service Attacks. 2.1 Methods of Denial of Service Attacks Distributed Denial of Service Attacks Felix Lau Simon Fraser University Burnaby, BC, Canada V5A 1S6 fwlau@cs.sfu.ca Stuart H. Rubin SPAWAR Systems Center San Diego, CA, USA 92152-5001 srubin@spawar.navy.mil

More information

Abstract. Introduction. Section I. What is Denial of Service Attack?

Abstract. Introduction. Section I. What is Denial of Service Attack? Abstract In this report, I am describing the main types of DoS attacks and their effect on computer and network environment. This report will form the basis of my forthcoming report which will discuss

More information

SECURING APACHE : DOS & DDOS ATTACKS - I

SECURING APACHE : DOS & DDOS ATTACKS - I SECURING APACHE : DOS & DDOS ATTACKS - I In this part of the series, we focus on DoS/DDoS attacks, which have been among the major threats to Web servers since the beginning of the Web 2.0 era. Denial

More information

There s nothing like a Firewall. Olivier Paul, GET/INT MONAM 07, Toulouse, France

There s nothing like a Firewall. Olivier Paul, GET/INT MONAM 07, Toulouse, France There s nothing like a Firewall Olivier Paul, GET/INT MONAM 07, Toulouse, France How does this relate to risk? From wikipedia Risk = (probability of incident) * (Cost of incident) From risk evaluation

More information

Secure SCTP against DoS Attacks in Wireless Internet

Secure SCTP against DoS Attacks in Wireless Internet Secure SCTP against DoS Attacks in Wireless Internet Inwhee Joe College of Information and Communications Hanyang University Seoul, Korea iwjoe@hanyang.ac.kr Abstract. The Stream Control Transport Protocol

More information

Reflections on TCP. Florian Westphal. 22. Juni D/F260502D 1C81 1AD5 EA8F E8EE 5E2F DA6C F D - TCP -

Reflections on TCP. Florian Westphal. 22. Juni D/F260502D 1C81 1AD5 EA8F E8EE 5E2F DA6C F D - TCP - Reflections on TCP Florian Westphal 22. Juni 2008 1024D/F260502D 1C81 1AD5 EA8F 3047 7555 E8EE 5E2F DA6C F260 502D - TCP - Abstract In the 25+ years the TCP/IP protocol family has been deployed

More information

I. Internet Control Message Protocol (ICMP) Week 10

I. Internet Control Message Protocol (ICMP) Week 10 I. Internet Control Message Protocol (ICMP) Week 10 described in RFC 792 helper protocol for IP, but more like a 3 ½ layer protocol (like ARP as a 2 ½ layer protocol) since a helper protocol for IP, uses

More information

TCP. Raj Jain. Professor of CIS The Ohio State University Columbus, OH 43210 Raj Jain 20-1

TCP. Raj Jain. Professor of CIS The Ohio State University Columbus, OH 43210  Raj Jain 20-1 TCP Professor of CIS Columbus, OH 43210 Jain@ACM.Org http://www.cis.ohio-state.edu/~jain/ 20-1 Overview Key features, Header format Mechanisms, Implementation choices Slow start congestion avoidance, Fast

More information

Chapter 15. Transmission Control Protocol (TCP) TCP/IP Protocol Suite 1

Chapter 15. Transmission Control Protocol (TCP) TCP/IP Protocol Suite 1 Chapter 15 Transmission Control Protocol (TCP) TCP/IP Protocol Suite 1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. OBJECTIVES: To introduce TCP as a protocol

More information

CS 640 Introduction to Computer Networks. Network security (continued) Key Distribution a first step. Lecture24

CS 640 Introduction to Computer Networks. Network security (continued) Key Distribution a first step. Lecture24 Introduction to Computer Networks Lecture24 Network security (continued) Key distribution Secure Shell Overview Authentication Practical issues Firewalls Denial of Service Attacks Definition Examples Key

More information

Authentication Types. Password-based Authentication. Off-Line Password Guessing

Authentication Types. Password-based Authentication. Off-Line Password Guessing Authentication Types Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4:

More information

CYBER ATTACKS EXPLAINED: PACKET CRAFTING

CYBER ATTACKS EXPLAINED: PACKET CRAFTING CYBER ATTACKS EXPLAINED: PACKET CRAFTING Protect your FOSS-based IT infrastructure from packet crafting by learning more about it. In the previous articles in this series, we explored common infrastructure

More information

Module 11: TCP/IP Transport and Application Layers

Module 11: TCP/IP Transport and Application Layers Module 11: TCP/IP Transport and Application Layers 11.1 TCP/IP Transport Layer 11.1.1 Introduction to the TCP/IP transport layer The primary duties of the transport layer are to transport and regulate

More information

Good Ideas So Far Computer Networking. Outline. Sequence Number Space. Lecture 18 More TCP & Congestion Control. The devilish details of TCP

Good Ideas So Far Computer Networking. Outline. Sequence Number Space. Lecture 18 More TCP & Congestion Control. The devilish details of TCP Good Ideas So Far 15-441 Computer Networking Lecture 18 More TCP & Congestion Control Flow control Stop & wait Parallel stop & wait Sliding window (e.g., advertised windows) Loss recovery outs Acknowledgement-driven

More information

A Very Incomplete Diagram of Network Attacks

A Very Incomplete Diagram of Network Attacks A Very Incomplete Diagram of Network Attacks TCP/IP Stack Reconnaissance Spoofing Tamper DoS Internet Transport Application HTTP SMTP DNS TCP UDP IP ICMP Network/Link 1) HTML/JS files 2)Banner Grabbing

More information

Today s outline. CSE 127 Computer Security. NAT, Firewalls IDS DDoS. Basic Firewall Concept. TCP/IP Protocol Stack. Packet Filtering.

Today s outline. CSE 127 Computer Security. NAT, Firewalls IDS DDoS. Basic Firewall Concept. TCP/IP Protocol Stack. Packet Filtering. CSE 127 Computer Security Fall 2011 More on network security Todays outline NAT, Firewalls IDS DDoS Chris Kanich (standing in for Hovav) [some slides courtesy Dan Boneh & John Mitchell] TCP/IP Protocol

More information

2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries

2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application

More information

CSE 127: Computer Security. Network Security. Kirill Levchenko

CSE 127: Computer Security. Network Security. Kirill Levchenko CSE 127: Computer Security Network Security Kirill Levchenko December 4, 2014 Network Security Original TCP/IP design: Trusted network and hosts Hosts and networks administered by mutually trusted parties

More information

Computer Networks. Chapter 5 Transport Protocols

Computer Networks. Chapter 5 Transport Protocols Computer Networks Chapter 5 Transport Protocols Transport Protocol Provides end-to-end transport Hides the network details Transport protocol or service (TS) offers: Different types of services QoS Data

More information

Data Communication & Networks G22.2262-001. Session 9 - Main Theme The Internet Transport Protocols: TCP, UDP. Dr. Jean-Claude Franchitti

Data Communication & Networks G22.2262-001. Session 9 - Main Theme The Internet Transport Protocols: TCP, UDP. Dr. Jean-Claude Franchitti Data Communication & Networks G22.2262-001 Session 9 - Main Theme The Internet Transport Protocols: TCP, UDP Dr. Jean-Claude Franchitti New York University Computer Science Department Courant Institute

More information

SCTP-Sec: A secure Transmission Control Protocol

SCTP-Sec: A secure Transmission Control Protocol SCTP-Sec: A secure Transmission Control Protocol Rahul Choudhari Indian Institute of Information Technology & Management, Gwalior, INDIA Email: rahul.choudhari@iiitm.ac.in { Somanath Tripathy Indian Institute

More information

Outline. Network Protocols and Vulnerabilities. Internet Infrastructure. TCP Protocol Stack

Outline. Network Protocols and Vulnerabilities. Internet Infrastructure. TCP Protocol Stack Network Protocols and Vulnerabilities John Mitchell Outline u Basic Networking (FMU) u Network attacks Attack host networking protocols SYN flooding, TCP Spoofing, Attack network infrastructure Routing

More information

Network and Services Discovery

Network and Services Discovery A quick theorical introduction to network scanning January 8, 2016 Disclaimer/Intro Disclaimer/Intro Network scanning is not exact science When an information system is able to interact over the network

More information

Dos & DDoS Attack Signatures (note supplied by Steve Tonkovich of CAPTUS NETWORKS)

Dos & DDoS Attack Signatures (note supplied by Steve Tonkovich of CAPTUS NETWORKS) Dos & DDoS Attack Signatures (note supplied by Steve Tonkovich of CAPTUS NETWORKS) Signature based IDS systems use these fingerprints to verify that an attack is taking place. The problem with this method

More information

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module CS 665: Computer System Security Network Security Bojan Cukic Lane Department of Computer Science and Electrical Engineering West Virginia University 1 Usage environment Anonymity Automation, minimal human

More information

What is a DoS attack?

What is a DoS attack? CprE 592-YG Computer and Network Forensics Log-based Signature Analysis Denial of Service Attacks - from analyst s point of view Yong Guan 3216 Coover Tel: (515) 294-8378 Email: guan@ee.iastate.edu October

More information

Denial of Service Attacks

Denial of Service Attacks 2 Denial of Service Attacks : IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 13 August 2013 its335y13s2l06, Steve/Courses/2013/s2/its335/lectures/malicious.tex,

More information

Computer Networking. TCP: Overview RFCs: 793, 1122, 1323, 2018, 2581

Computer Networking. TCP: Overview RFCs: 793, 1122, 1323, 2018, 2581 Computer Networking Connec1on- Oriented Transport: : Overview RFCs: 793, 1122, 1323, 2018, 2581 point- to- point: one sender, one receiver reliable, in- order byte steam: no message boundaries pipelined:

More information

TCP and UDP. Raj Jain. Professor of CIS The Ohio State University Columbus, OH

TCP and UDP. Raj Jain. Professor of CIS The Ohio State University Columbus, OH TCP and UDP Professor of CIS Columbus, OH 43210 Jain@ACM.Org http://www.cis.ohio-state.edu/~jain/ 12-1 Overview Key features Header format Mechanisms Implementation choices Slow start congestion avoidance

More information

Programming Project #2. Network Security (TCP/IP and DNS) Overview. Overview. Man in the Middle. Proxy Server. Tadayoshi Kohno

Programming Project #2. Network Security (TCP/IP and DNS) Overview. Overview. Man in the Middle. Proxy Server. Tadayoshi Kohno CSE 490K Lecture 13 Network Security (TCP/IP and DNS) Tadayoshi Kohno Some slides based on Dan Boneh s and Vitaly Shmatikov s Programming Project #2! Out today, Tuesday, May 8! Due Thursday, May 24, 11:59pm

More information

CIT 380: Securing Computer Systems

CIT 380: Securing Computer Systems CIT 380: Securing Computer Systems Scanning CIT 380: Securing Computer Systems Slide #1 Topics 1. Port Scanning 2. Stealth Scanning 3. Version Identification 4. OS Fingerprinting 5. Vulnerability Scanning

More information

TCP/IP Concepts Review. A CEH Perspective

TCP/IP Concepts Review. A CEH Perspective TCP/IP Concepts Review A CEH Perspective 1 Objectives At the end of this unit, you will be able to: Describe the TCP/IP protocol stack For each level, explain roles and vulnerabilities Explain basic IP

More information

TCP/IP Revisited. IP s Transport Layer UDP and TCP. Computer Science 742 S2C, 2010 TCP UDP

TCP/IP Revisited. IP s Transport Layer UDP and TCP. Computer Science 742 S2C, 2010 TCP UDP TCP/IP, COMPSCI 742, 2010 p. 3/29 IP s Transport Layer UDP and TCP TCP/IP, COMPSCI 742, 2010 p. 4/29 TCP/IP Revisited Computer Science 742 S2C, 2010 Nevil Brownlee, with acknowledgements to Ulrich Speidel

More information

Hands-On Ethical Hacking and Network Defense - Second Edition. Chapter 2 - TCP/IP Concepts Review

Hands-On Ethical Hacking and Network Defense - Second Edition. Chapter 2 - TCP/IP Concepts Review Objectives After reading this chapter and completing the exercises, you will be able to: Overview of TCP/IP Describe the TCP/IP protocol stack Explain the basic concepts of IP addressing Explain the binary,

More information

Network Security (TCP/IP and DNS)

Network Security (TCP/IP and DNS) CSE 490K Lecture 13 Network Security (TCP/IP and DNS) Tadayoshi Kohno Some slides based on Dan Boneh s and Vitaly Shmatikov s Programming Project #2 Out today, Tuesday, May 8 Due Thursday, May 24, 11:59pm

More information

DENIAL OF SERVICE ATTACKS

DENIAL OF SERVICE ATTACKS DENIAL OF SERVICE ATTACKS Alexandru Enaceanu, acid@rau.ro Abstract This paper describes the most common types of DoS, including the latest one, named Distributed Reflection Denial of Service. The operation

More information

IMPROVING THE FUNCTIONALITY OF SYN COOKIES

IMPROVING THE FUNCTIONALITY OF SYN COOKIES IMPROVING THE FUNCTIONALITY OF SYN COOKIES André Zúquete IST / INESC-ID Lisboa, Lisboa, Portugal andre.zuquete@gsd.inesc-id.pt Abstract Current Linux kernels include a facility called TCP SYN cookies,

More information

Secure Software Programming and Vulnerability Analysis

Secure Software Programming and Vulnerability Analysis Secure Software Programming and Vulnerability Analysis Christopher Kruegel chris@auto.tuwien.ac.at http://www.auto.tuwien.ac.at/~chris Operations and Denial of Service Secure Software Programming 2 Overview

More information

APNIC elearning: Network Security Fundamentals. 20 March 2013 10:30 pm Brisbane Time (GMT+10)

APNIC elearning: Network Security Fundamentals. 20 March 2013 10:30 pm Brisbane Time (GMT+10) APNIC elearning: Network Security Fundamentals 20 March 2013 10:30 pm Brisbane Time (GMT+10) Introduction Presenter/s Nurul Islam Roman Senior Training Specialist nurul@apnic.net Specialties: Routing &

More information

TCP Service Model. Announcements. TCP: Reliable, In-Order Delivery. Today s Lecture. TCP Header. TCP Support for Reliable Delivery

TCP Service Model. Announcements. TCP: Reliable, In-Order Delivery. Today s Lecture. TCP Header. TCP Support for Reliable Delivery Announcements Sukun is away this week. Dilip will cover his section and office hours. TCP: Reliable, In-Order Delivery EE 122: Intro to Communication Networks Fall 2006 (MW 4-5:30 in Donner 155) Vern Paxson

More information

TCP/IP Concepts Review. A CEH Perspective

TCP/IP Concepts Review. A CEH Perspective TCP/IP Concepts Review A CEH Perspective 1 Objectives At the end of this unit, you will be able to: Describe the TCP/IP protocol stack For each level, explain roles and vulnerabilities Explain basic IP

More information

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall.

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall. Firewalls 1 Firewalls Idea: separate local network from the Internet Trusted hosts and networks Firewall Intranet Router DMZ Demilitarized Zone: publicly accessible servers and networks 2 1 Castle and

More information

TCP (Transmission Control Protocol)

TCP (Transmission Control Protocol) TCP (Transmission Control Protocol) Originally defined in RFC 793 (September 1981) UDP features: multiplexing + protection against bit errors Ports, checksum Connection-oriented Establishment and teardown

More information