2.12.network-attacks2 - Network Attacks CS 161 - Computer...

Info iconThis preview shows pages 1–10. Sign up to view the full content.

View Full Document Right Arrow Icon
1 Network Attacks CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs: John Bethencourt, Erika Chin, Matthew Finifter, Cynthia Sturton, Joel Weinberger http://inst.eecs.berkeley.edu/~cs161/ Feb 10, 2010
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2 Focus of Today’s Lecture • Finish discussion of security threats in TCP – The problem of “cheaters” who exceed the allowed transmission rate – Summary of TCP issues/principles • Security threats in DHCP and DNS – Summary of issues/principles • Note that none of these threats concerns direct application threats. They all target
Background image of page 2
3 TCP ʼ s Rate Management Unless there’s loss, TCP doubles data in flight every “round-trip”. All TCPs expected to obey (“ fairness ”). Mechanism: for each arriving ack for new data, increase allowed data by 1 maximum-sized packet D 0-99 A 100 D 100-199 D 200-299 A 200 A 300 D D D D 1 2 4 3 A A A A 8 E.g., suppose maximum-sized packet = 100 bytes Src Dest Time
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
TCP Threat: Cheating on Allowed Rate How can the destination ( receiver ) get data to come to them faster than normally allowed? D 0-99 Src Dest 1 A 25 A 50 A 75 A 100 D 100-199 D 200-299 2 How do we defend against this? D 300-399 3 D 400-499 4 D 500-599 5 ACK-Splitting : each ack, even though partial , increases allowed data by one maximum-sized packet Time Change rule to require “full” ack for all data sent in a packet
Background image of page 4
5 TCP Threat: Cheating on Allowed Rate How can the destination ( receiver ) still get data to come to them faster than normally allowed? D 0-99 Src Dest 1 A 100 A 200 A 300 A 400 D 100-199 D 200-299 2 How do we defend against this ? D 300-399 3 D 400-499 4 D 500-599 5 Opportunistic ack’ing : acknowledge data not yet seen! Time
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
6 • Approach #1: if you receive an ack for data you haven’t sent , kill the connection Works only if receiver acks too far ahead • Approach #2: follow the “round trip time” (RTT) and if ack arrives too quickly , kill the connection Flaky: RTT can vary a lot, so you might kill innocent connections • Approach #3: make the receiver prove they received the data Add a nonce (“random” marker) & require receiver to include it in ack. Kill connections w/ incorrect nonces o (nonce could be function computed over payload, so sender doesn’t explicitly transmit, only implicitly) Keeping Receivers Honest Note: a protocol change
Background image of page 6
7 An attacker who can observe your TCP connection can manipulate it: Forcefully terminate by forging a RST packet Inject data into either direction by forging data packets Works because they can include in their spoofed traffic the correct sequence numbers (both directions) and TCP ports Remains a major threat today Summary of TCP Security Issues
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
8
Background image of page 8
9 An attacker who can observe your TCP connection can manipulate it: Forcefully terminate by forging a RST packet Inject data into either direction by forging data packets Works because they can include in their spoofed traffic the correct sequence numbers (both directions) and TCP ports Remains a major threat today An attacker who can predict the ISN chosen by a server
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 10
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 04/14/2010 for the course CS 161 taught by Professor Wagner during the Spring '10 term at University of Central Arkansas.

Page1 / 30

2.12.network-attacks2 - Network Attacks CS 161 - Computer...

This preview shows document pages 1 - 10. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online