Last Lecture: TCP. Stream of bytes sent and received, not stream of packets

Similar documents
Transport Layer Protocols

B-2 Analyzing TCP/IP Networks with Wireshark. Ray Tompkins Founder of Gearbit

ICOM : Computer Networks Chapter 6: The Transport Layer. By Dr Yi Qian Department of Electronic and Computer Engineering Fall 2006 UPRM

Computer Networks. Chapter 5 Transport Protocols

Computer Networks UDP and TCP

[Prof. Rupesh G Vaishnav] Page 1

What is a DoS attack?

Attack Lab: Attacks on TCP/IP Protocols

TCP/IP Optimization for Wide Area Storage Networks. Dr. Joseph L White Juniper Networks

Chapter 5. Transport layer protocols

TCP Performance Management for Dummies

Port Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap.

TCP Flow Control. TCP Receiver Window. Sliding Window. Computer Networks. Lecture 30: Flow Control, Reliable Delivery

Transport Layer. Chapter 3.4. Think about

First Midterm for ECE374 03/09/12 Solution!!

Outline. TCP connection setup/data transfer Computer Networking. TCP Reliability. Congestion sources and collapse. Congestion control basics

Chapter 8 Security Pt 2

Ethernet. Ethernet. Network Devices

CSCE 465 Computer & Network Security

CIT 380: Securing Computer Systems

La couche transport dans l'internet (la suite TCP/IP)

Names & Addresses. Names & Addresses. Hop-by-Hop Packet Forwarding. Longest-Prefix-Match Forwarding. Longest-Prefix-Match Forwarding

Higher Layer Protocols: UDP, TCP, ATM, MPLS

La couche transport dans l'internet (la suite TCP/IP)

COMP 3331/9331: Computer Networks and Applications. Lab Exercise 3: TCP and UDP (Solutions)

Access Control: Firewalls (1)

COMP 361 Computer Communications Networks. Fall Semester Midterm Examination

Configuring TCP Intercept (Preventing Denial-of-Service Attacks)

Final for ECE374 05/06/13 Solution!!

q Connection establishment (if connection-oriented) q Data transfer q Connection release (if conn-oriented) q Addressing the transport user

Networks: IP and TCP. Internet Protocol

Lecture 15: Congestion Control. CSE 123: Computer Networks Stefan Savage

Lecture 5: Network Attacks I. Course Admin

Content Distribution Networks (CDN)

Mobile Communications Chapter 9: Mobile Transport Layer

Abstract. Introduction. Section I. What is Denial of Service Attack?

Visualizations and Correlations in Troubleshooting

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

CS5008: Internet Computing

co Characterizing and Tracing Packet Floods Using Cisco R

Networking Overview. (as usual, thanks to Dave Wagner and Vern Paxson)

TCP and Wireless Networks Classical Approaches Optimizations TCP for 2.5G/3G Systems. Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme

CS 640 Introduction to Computer Networks. Network security (continued) Key Distribution a first step. Lecture24

Solution of Exercise Sheet 5

Project 4: (E)DoS Attacks

This sequence diagram was generated with EventStudio System Designer (

IP address format: Dotted decimal notation:

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall.

Denial of Service Attacks. Notes derived from Michael R. Grimaila s originals

Denial Of Service. Types of attacks

Hands-on Network Traffic Analysis Cyber Defense Boot Camp

Prefix AggregaNon. Company X and Company Y connect to the same ISP, and they are assigned the prefixes:

TCP in Wireless Mobile Networks

Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst

CSE 473 Introduction to Computer Networks. Exam 2 Solutions. Your name: 10/31/2013

Computer Networks Practicum 2015

TCP/IP Security Problems. History that still teaches

Lecture Objectives. Lecture 07 Mobile Networks: TCP in Wireless Networks. Agenda. TCP Flow Control. Flow Control Can Limit Throughput (1)

TOE2-IP FTP Server Demo Reference Design Manual Rev1.0 9-Jan-15

Attack and Defense Techniques

Internet Control Protocols Reading: Chapter 3

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

A Transport Protocol for Multimedia Wireless Sensor Networks

Recent advances in transport protocols

How do I get to

TCP/IP Networking for Wireless Systems. Integrated Communication Systems Group Ilmenau University of Technology

Stateful Firewalls. Hank and Foo

Troubleshooting Tips and Tricks

TCP Adaptation for MPI on Long-and-Fat Networks

ACHILLES CERTIFICATION. SIS Module SLS 1508

Data Networks Summer 2007 Homework #3

OCS Training Workshop LAB14. Setup

Understanding Slow Start

TCP/IP Fundamentals. OSI Seven Layer Model & Seminar Outline

Algorithms and Techniques Used for Auto-discovery of Network Topology, Assets and Services

Security vulnerabilities in the Internet and possible solutions

Network and Services Discovery

Session Hijacking Exploiting TCP, UDP and HTTP Sessions

Defending Computer Networks Lecture 6: TCP and Scanning. Stuart Staniford Adjunct Professor of Computer Science

Applications. Network Application Performance Analysis. Laboratory. Objective. Overview

Network Security. Chapter 3. Cornelius Diekmann. Version: October 21, Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik

8-bit Microcontroller. Application Note. AVR460: Embedded Web Server. Introduction. System Description

TCP SYN Flood - Denial of Service Seung Jae Won University of Windsor wons@uwindsor.ca

CS155: Computer and Network Security

Network Security TCP/IP Refresher

CS155 - Firewalls. Simon Cooper <sc@sgi.com> CS155 Firewalls 22 May 2003

TCP/IP Inside the Data Center and Beyond. Dr. Joseph L White, Juniper Networks

CSE331: Introduction to Networks and Security. Lecture 12 Fall 2006

Effect of Packet-Size over Network Performance

Guide to Network Defense and Countermeasures Third Edition. Chapter 2 TCP/IP

Host Fingerprinting and Firewalking With hping

Application Note. Windows 2000/XP TCP Tuning for High Bandwidth Networks. mguard smart mguard PCI mguard blade

Firewall Design Principles Firewall Characteristics Types of Firewalls

Chapter 6 Congestion Control and Resource Allocation

Overview of TCP/IP. TCP/IP and Internet

Security: Attack and Defense

High-Speed TCP Performance Characterization under Various Operating Systems

UNDERSTANDING FIREWALLS TECHNICAL NOTE 10/04

IP Network Layer. Datagram ID FLAG Fragment Offset. IP Datagrams. IP Addresses. IP Addresses. CSCE 515: Computer Network Programming TCP/IP

Midterm Exam CMPSCI 453: Computer Networks Fall 2011 Prof. Jim Kurose

Transcription:

Last Lecture: TCP 1. Multiplexing and Demultiplexing 2. Byte-stream service Stream of bytes sent and received, not stream of packets 3. Reliable data transfer A combination of go-back-n and selective repeat, and performance tuning heuristics 4. Connection management Connection establishment and tear down 5. Flow control Prevent sender from overflowing receiver 6. Congestion control (later) SUNY at Buffalo; CSE 489/589 Modern Networking Concepts; Fall 2010; Instructor: Hung Q. Ngo 1

This Lecture: TCP 1. Multiplexing and Demultiplexing 2. Byte-stream service Stream of bytes sent and received, not stream of packets 3. Reliable data transfer A combination of go-back-n and selective repeat, and performance tuning heuristics 4. Connection management Connection establishment and tear down 5. Flow control Prevent sender from overflowing receiver 6. Congestion control (later) SUNY at Buffalo; CSE 489/589 Modern Networking Concepts; Fall 2010; Instructor: Hung Q. Ngo 2

TCP Segment Structure URG: urgent data (generally not used) ACK: ACK # valid PSH: push data now (generally not used) RST, SYN, FIN: connection estab (setup, teardown commands) Internet checksum (as in UDP) 32 bits source port # dest port # head len sequence number acknowledgement number not used U A P R S F checksum Receive window Urg data pnter Options (variable length) application data (variable length) counting by bytes of data (not segments!) # bytes rcvr willing to accept SUNY at Buffalo; CSE 489/589 Modern Networking Concepts; Fall 2010; Instructor: Hung Q. Ngo 3

TCP Options Options is a list of options, in one of two formats: (kind) [1 byte] (kind, length, data) [1 byte, 1 byte, N bytes] length counts all bytes in the option List of common options: Kind Length Meaning RFC 0 - End of option list 793 1 - No Operation, for padding 793 2 4 MSS 793 3 3 Window Scale 1323 4 2 SACK permitted 2018 5 N SACK 2018 8 10 Timestamp option 1323 SUNY at Buffalo; CSE 489/589 Modern Networking Concepts; Fall 2010; Instructor: Hung Q. Ngo 4

4. TCP Connection Management Connection establishment Allow each end to know the other exists Trigger allocation of transport entity resources Buffer Timers (if any), Set up optional parameters Max segment size (MSS) Initial Sequence Numbers (ISN) Window size,... Connection termination Tell the other end you re done Clean up after yourself (e.g., wait for delayed duplicates to die) SUNY at Buffalo; CSE 489/589 Modern Networking Concepts; Fall 2010; Instructor: Hung Q. Ngo 5

Establishment Using 3-way Handshake Each side tells its ISN to the other side." o Three-way handshake to establish connection 1. Host A sends a SYN (open) to the host B 2. Host B returns a SYN acknowledgment (SYN ACK) 3. Host A sends an ACK to acknowledge the SYN ACK SUNY at Buffalo; CSE 489/589 Modern Networking Concepts; Fall 2010; Instructor: Hung Q. Ngo 6

Step 1: A s Initial SYN Segment A s port B s port Flags: SYN FIN RST PSH URG ACK A s Initial Sequence Number 24 Flags 0 Checksum Acknowledgment Advertised window Urgent pointer Options (variable) (MSS here) A tells B it wants to open a connection " SUNY at Buffalo; CSE 489/589 Modern Networking Concepts; Fall 2010; Instructor: Hung Q. Ngo 7

Step 2: B s SYN/ACK Segment B s port A s port Flags: SYN FIN RST PSH URG ACK B s Initial Sequence Number 20 Flags 0 Checksum A s ISN plus 1 Advertised window Urgent pointer Options (variable) B tells A it accepts, and is ready to hear the next byte " upon receiving this packet, A can start sending data" SUNY at Buffalo; CSE 489/589 Modern Networking Concepts; Fall 2010; Instructor: Hung Q. Ngo 8

Step 3: A Acknowledges the SYN/ACK A s port B s port Flags: SYN FIN RST PSH URG ACK 20 Flags 0 Checksum Sequence number B s ISN plus 1 Advertised window Urgent pointer Options (variable) A tells B it is okay to start sending" upon receiving this packet, B can start sending data" SUNY at Buffalo; CSE 489/589 Modern Networking Concepts; Fall 2010; Instructor: Hung Q. Ngo 9

Timeout for SYN Retransmission On BSD and the likes: 6 seconds after the first SYN 24 seconds after the second SYN 48 seconds after the third SYN give up Most Berkeley-derived OS have an upper limit of 75 seconds SUNY at Buffalo; CSE 489/589 Modern Networking Concepts; Fall 2010; Instructor: Hung Q. Ngo 10

SYN Loss and Web Download User clicks on a hypertext link Browser creates a socket and does a connect The connect triggers the OS to transmit a SYN If the SYN is lost The 6 seconds of delay may be very long The user may get impatient and click the hyperlink again, or click reload Reload triggers an abort of the connect Browser creates a new socket and does a connect Essentially, forces a faster send of a new SYN packet! Sometimes very effective, and the page comes fast SUNY at Buffalo; CSE 489/589 Modern Networking Concepts; Fall 2010; Instructor: Hung Q. Ngo 11

Tips and Tricks The Morris attack (1985) Robert H. Morris is the father of the other Morris He worked for Bell Labs, then chief scientist at NSA Up to the early 90 s, ISN is chosen sort of like this RFC 793 says: counter++ every 4μs, use counter for ISN Berkeley-derived kernels: counter += C every second, and += D for every new connection, C&D are constants To attack server S who trusts host A (rlogin/rsh) Wait for A to be turned off (or DoS it) Spoof a SYN from A, ignore the SYN/ACK from S Send final ACK from A with correct ISN + 1 (how?) Send commands to server S SUNY at Buffalo; CSE 489/589 Modern Networking Concepts; Fall 2010; Instructor: Hung Q. Ngo 12

The attack: Security Issue: SYN Flooding IP-spoof a SYN packet, send it to server. Server sends back SYN-ACK, wait for connection timeout (typically 75 seconds) Thousands of SYN packets can eat up server s resources and new requests can t be granted No best solution Routers can reduce IP-spoofed packets Routers (Cisco & others) have the TCP intercept mode SYN cookies, SYN cache, SYN proxying, SYNkill, etc. (Some defenses subject to the attack themselves!!!) SUNY at Buffalo; CSE 489/589 Modern Networking Concepts; Fall 2010; Instructor: Hung Q. Ngo 13

History of SYN Flooding Discovered in 1994 (Bill Cheswick, Bellovin) Firewalls and Internet Security: Repelling the Wily Hacker No countermeasure developed in next 2 years Description and exploit tool: Phrack P48-13 (1996) Sep 1996, SYN Flooding attacks seen in the wild CERT Advisory released Remedies quickly developed (partial solution) Some made their ways to OS codes SUNY at Buffalo; CSE 489/589 Modern Networking Concepts; Fall 2010; Instructor: Hung Q. Ngo 14

SYN Flooding Some Technical Details Implementation dependent Linux kernel 2.6.10: 1300-byte sock structure per SYN Other OS: at least 280 bytes The backlog parameter of listen() has an effect on the queue size Defenses Avoid IP-spoofing (more later): RFCs 2827, 3013, 3704 SYN Cache, SYN Cookies: Drawback: can t pigging back application data in SYN segment Sometime disabled by default in implementations Most BSD-derived OS implement one of these Linux version > 2.6.5 does too Windows 2K and later does too (modify some registry) SUNY at Buffalo; CSE 489/589 Modern Networking Concepts; Fall 2010; Instructor: Hung Q. Ngo 15

Connection Termination Asymmetric release: close the connection when one side asks for it Abrupt and may result in data loss Symmetric release: two separate directions FIN and ACK for each direction Not an easy task. What about a 3-way handshake? SUNY at Buffalo; CSE 489/589 Modern Networking Concepts; Fall 2010; Instructor: Hung Q. Ngo 16

Data Loss in Asymmetric Release SUNY at Buffalo; CSE 489/589 Modern Networking Concepts; Fall 2010; Instructor: Hung Q. Ngo 17

Symmetric Release is Hard Too SUNY at Buffalo; CSE 489/589 Modern Networking Concepts; Fall 2010; Instructor: Hung Q. Ngo 18

TCP s Connection Termination client server close FIN ACK FIN close timed wait closed ACK SUNY at Buffalo; CSE 489/589 Modern Networking Concepts; Fall 2010; Instructor: Hung Q. Ngo 19

SUNY at Buffalo; CSE 489/589 Modern Networking Concepts; Fall 2010; Instructor: Hung Q. Ngo 20

Normal Operations SUNY at Buffalo; CSE 489/589 Modern Networking Concepts; Fall 2010; Instructor: Hung Q. Ngo 21

TCP Allows Half-Close with Shutdown() SUNY at Buffalo; CSE 489/589 Modern Networking Concepts; Fall 2010; Instructor: Hung Q. Ngo 22

Simultaneous Close Allowed SUNY at Buffalo; CSE 489/589 Modern Networking Concepts; Fall 2010; Instructor: Hung Q. Ngo 23

BTW, Simultaneous Open is Possible Too SUNY at Buffalo; CSE 489/589 Modern Networking Concepts; Fall 2010; Instructor: Hung Q. Ngo 24

The Time_Wait (2MSL) state MSL stands for Maximum Segment Lifetime Common implementations are either 30sec, 1min, 2min Purposes of the 2MSL state Let TCP resend the final ACK if needed (when?) The socket can only be reused after 2MSL (why?) Sometime you can t bind a server port because of this 2MSL state However, setting socket option SO_REUSEADDR allows us to reuse the port number (violation of RFC) But still, no two identical socket quadruples Quiet time (RFC 793): no connection creation within 2MSL after crashing (why?) SUNY at Buffalo; CSE 489/589 Modern Networking Concepts; Fall 2010; Instructor: Hung Q. Ngo 25

RESET Segments RST is used to Reply to connection requests to some port no-one is listening on In UDP, an ICMP port unreachable is generated instead Reply to connection requests within 2MSL after crashing Abort an existing connection Note: RST has its own sequence number SUNY at Buffalo; CSE 489/589 Modern Networking Concepts; Fall 2010; Instructor: Hung Q. Ngo 26

Crash Recovery After restart all state information is lost Connection is half open Side that did not crash still thinks it is connected We should close connections using keep-alive timer This is controversial: is TCP or application responsible? Implementation dependent Crashed side (after reboot) sends RST i in response to any segment i arriving User must decide whether to reconnect Problems with lost or duplicate data SUNY at Buffalo; CSE 489/589 Modern Networking Concepts; Fall 2010; Instructor: Hung Q. Ngo 27

Tips and Tricks TCP Connection Killing Using RST Using FIN Again, just need to know the right sequence number Network SUNY at Buffalo; CSE 489/589 Modern Networking Concepts; Fall 2010; Instructor: Hung Q. Ngo 28

Flow Control: 5. Flow Control in TCP Avoid fast sender overflowing slow receiver Basic Mechanism: Receiver advertises its available window size (FWind) Sender ensures that LastByteSent LastByteAcked FWind FWind is re-advertised in packets flowing back SUNY at Buffalo; CSE 489/589 Modern Networking Concepts; Fall 2010; Instructor: Hung Q. Ngo 29

TCP Flow Control: Sender Side Sent and acked FWind Advertised by receiver Sent but not acked Not yet sent Window slides As data is ACK ed LastByteACKed by receiver LastByteSent LastByteWritten SUNY at Buffalo; CSE 489/589 Modern Networking Concepts; Fall 2010; Instructor: Hung Q. Ngo 30

TCP Flow Control: Sender Side Packet Sent Source Port Dest. Port Sequence Number Acknowledgment HL/Flags Window D. Checksum Urgent Pointer Options.. Packet Received Source Port Dest. Port Sequence Number Acknowledgment HL/Flags FWind D. Checksum Urgent Pointer Options.. App write acknowledged sent to be sent outside window Picture taken and modified from Shiv Kalyanaraman s slides SUNY at Buffalo; CSE 489/589 Modern Networking Concepts; Fall 2010; Instructor: Hung Q. Ngo 31

TCP Flow Control: Receiver Side Receive buffer Acked but not delivered to user Not yet acked Not yet acked FWind Picture taken and modified from Shiv Kalyanaraman s slides SUNY at Buffalo; CSE 489/589 Modern Networking Concepts; Fall 2010; Instructor: Hung Q. Ngo 32

FWind Size In Practice Old implementations default: 4KB Newer implementations: up to 16KB How large should it be, suppose we have plenty of memory and receiver s CPU is infinitely fast? Recall the bandwidth-delay product: RTT x transmission rate For T1 link across US: 60ms x 1.544M bps 11.58 KB For T3 link across US: 60ms x 45 Mbps 337.5 KB Note: 337.5 KB >> 16-bit window size 65KB For OC-12 link across US: 60ms x 622 Mbps 4.7MB Solution: use the Window Scale option SUNY at Buffalo; CSE 489/589 Modern Networking Concepts; Fall 2010; Instructor: Hung Q. Ngo 33

A. Deadlock Technical Issues with Flow Control Can deadlock occur with current flow control mechanism? B. Performance tuning for interactive data flow telnet, SSH, Rlogin,, 10% of TCP segments (with a few to tens of data bytes per segment) C. Performance tuning for bulk data flow FTP, Email, HTTP,, 90% of TCP segments (with hundred of data bytes) SUNY at Buffalo; CSE 489/589 Modern Networking Concepts; Fall 2010; Instructor: Hung Q. Ngo 34

A. Deadlock & TCP Persistence Timer To prevent deadlock, persistence timer is used to send window probes Normal segment with just one byte of data (past current window) Host required to respond to data sent past window Exponential back-off is used for persistence timer Start with 1.5 seconds Double every time up to 60 seconds SUNY at Buffalo; CSE 489/589 Modern Networking Concepts; Fall 2010; Instructor: Hung Q. Ngo 35

Tips and Tricks Talking about interactive data flows: how fast can people type? Guinness record is about 190 wpm (Natalie Lantos, 1999) If each word has 5 letters on average, then it is about 950cpm or 15.8 characters per second. If each word has 10 letters on average, then it s still only about 31 characters per second! (or ~ 1 byte for each 32ms, twice longer than typical local RTT) SUNY at Buffalo; CSE 489/589 Modern Networking Concepts; Fall 2010; Instructor: Hung Q. Ngo 36

B. TCP Interactive Data Flow Data might be sent 1 byte at a time Heuristics to improve performance for interactive data flow? Delayed ACK (200ms, or every other segment) Nagle Algorithm: try to delay sending small segments until outstanding data is acknowledged or a full-sized segment is available This algorithm is self-clocking! In an Ethernet with RTT 16ms, would Nagle algorithm have any effect for an interactive data flow? Sometime Nagle needs to be turned off (e.g. for X-server, each mouse movement needs to be reported), using TCP_NODELAY socket option SUNY at Buffalo; CSE 489/589 Modern Networking Concepts; Fall 2010; Instructor: Hung Q. Ngo 37

Nagle s Algorithm in More Details Sender does not transmit unless one of the following conditions is true: a full-sized segment can be sent at least ½ of the maximum FWind which has ever been advertised no outstanding unacknowledged data What are the pros and cons of Nagle s algorithm? SUNY at Buffalo; CSE 489/589 Modern Networking Concepts; Fall 2010; Instructor: Hung Q. Ngo 38

Silly Window Syndrome Receiver advertises small FWind gradually Suppose starting from FWind=0, application reads 1 byte of data at a time, slowly Sender then would send a few bytes at a time, wasting lots of header overhead Symmetric to Nagle s algorithm, we can impose the following rule (David Clark s algorithm) receiver should not advertise larger window than the current FWind until FWind can be increased by min(mss, ½ buffer space) SUNY at Buffalo; CSE 489/589 Modern Networking Concepts; Fall 2010; Instructor: Hung Q. Ngo 39

C. Bulk Data Flow Sliding window with scale option Delayed ACK also helps SUNY at Buffalo; CSE 489/589 Modern Networking Concepts; Fall 2010; Instructor: Hung Q. Ngo 40

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information