Professional Documents
Culture Documents
Information Security CS 526
Information Security CS 526
CS 526
CS526
Spring 2012/Topic 12
Application
Application protocol
TCP protocol
Transport
Application
Transport
Network
IP protocol
IP
IP protocol
Network
Link
Dat
a
Link
Network
Access
Dat
a
Link
Link
CS526
Spring 2012/Topic 12
Spring 2012/Topic 12
CS526
Spring 2012/Topic 12
Threats in Networking
Confidentiality
Packet sniffing
Integrity
Session hijacking
Availability
Denial of service attacks
Common
Address translation poisoning attacks
Routing attacks
CS526
Spring 2012/Topic 12
Open access
Vulnerable to DoS attacks
CS526
Spring 2012/Topic 12
CS526
Spring 2012/Topic 12
http://www.netrino.com/Embedded-Systems/How-To/ARP-RARP
CS526
Spring 2012/Topic 12
Defenses
static ARP table
DHCP snooping (use access control to ensure that hosts only use
the IP addresses assigned to them, and that only authorized DHCP
servers are accessible).
detection: Arpwatch (sending email when updates occur),
Legitimate use
redirect a user to a registration page before allow usage of the
network
CS526
Spring 2012/Topic 12
IP Routing
Meg
Packet
121.42.33.12
Office gateway
Source 121.42.33.12
132.14.11.51
Destination
5
Sequence
132.14.11.1
ISP
Tom
132.14.11.51
121.42.33.1
Internet routing uses numeric IP address
Typical route uses several hops
CS526
Spring 2012/Topic 12
10
Packet Sniffing
Promiscuous Network Interface Card reads all
packets
Read all unencrypted data (e.g., ngrep)
ftp, telnet send passwords in clear!
Eve
Alice
Network
Network
Prevention: Encryption
CS526
Bob
(IPSEC, TLS)
Spring 2012/Topic 12
11
Minimal guarantees
No acknowledgment
No flow control
No message continuation
CS526
Spring 2012/Topic 12
12
Receiver
Acknowledge receipt; lost packets are resent
Reassemble packets in correct order
Book
Reassemble book
1
19
5
1
CS526
Spring 2012/Topic 12
1
13
CS526
Spring 2012/Topic 12
14
TCP Handshake
C
S
SYN
(seq=x)
Listening
Store data
ACK (ack=y+1,seq=x+1)
CS526
Spring 2012/Topic 12
Wait
Connected
15
CS526
Spring 2012/Topic 12
16
Server A
E impersonates B to A
E
Spring 2012/Topic 12
17
CS526
Spring 2012/Topic 12
18
Spring 2012/Topic 12
19
Categories of Denial-of-service
Attacks
Stopping services
Locally
Process killing
Spawning processes
to fill the process table
Process crashing
System reconfiguration Filling up the whole
file system
Saturate comm
bandwidth
Malformed packets to
Remotely crash buggy services
CS526
Exhausting resources
Spring 2012/Topic 12
Packet floods
(Smurf, SYN flood,
DDoS, etc)
20
SYN Flooding
C
S
SYNC1
SYNC2
SYNC3
Listening
Store data
SYNC4
SYNC5
CS526
Spring 2012/Topic 12
21
SYN Flooding
Attacker sends many connection requests
Spoofed source addresses
CS526
Spring 2012/Topic 12
22
gateway
DoS
Target
Spring 2012/Topic 12
23
CS526
Destination unreachable
Time-to-live exceeded
Parameter problem
Redirect to better gateway
Echo/echo reply - reachability test
Timestamp request/reply - measure transit delay
Spring 2012/Topic 12
24
CS526
Spring 2012/Topic 12
25
CS526
Spring 2012/Topic 12
26
CS526
Spring 2012/Topic 12
27
CS526
Spring 2012/Topic 12
28
Coming Attractions
DNS Security
CS526
Spring 2012/Topic 12
29