Lecture 3

Lecture 3 - CS 6823 - Network Security CS 6823 - Network...

Info iconThis preview shows pages 1–14. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: CS 6823 - Network Security CS 6823 - Network Security 1 Network Security CS 6823 Lecture 3 Attacks, Vulnerabilities and Exploits Keith OBrien keith@keithobrien.org ] CS 6823 - Network Security NETWORK ATTACK TECHNIQUES 2 CS 6823 - Network Security IP address spoofing (1) Attacker doesnt want actions traced back Simply re-configure IP address in Windows or Unix. Or enter spoofed address in an application e.g., decoy packets with Nmap 3 212.68.212.7 145.13.145.67 SA: 36.220.9.59 DA: 212.68.212.7 CS 6823 - Network Security 4 IP address spoofing (2) But attacker cannot interact with victim. Unless attacker is on path between victim and spoofed address. 212.68.212.7 145.13.145.67 SA: 36.220.9.59 DA: 212.68.212.7 36.220.9.59 SA: 212.68.212.7 DA: 36.220.9.59 attacker victim CS 6823 - Network Security IP spoofing with TCP? Can an attacker make a TCP connection to server with a spoofed IP address? Not easy: SYNACK and any subsequent packets sent to spoofed address. If attacker can guess initial sequence number, can attempt to send commands Send ACK with spoofed IP and correct seq #, say, one second after SYN But TCP uses random initial sequence numbers. 5 CS 6823 - Network Security 6 Defense: Ingress filtering: access ISP 127.32.1.1 x Internet privately administered 222.22/16 127.32.1.1 x CS 6823 - Network Security 7 Ingress Filtering: Upstream ISP (1) 12.12/24 34.34/24 56.56/24 78.78/24 BGP update: 12.12/24, 34.35/24 BGP update: 56.56/24, 78.78/24 regional ISP regional ISP tier-1 ISP CS 6823 - Network Security 8 Ingress Filtering: Upstream ISP (2) 12.12/24 34.34/24 56.56/24 78.78/24 BGP update: 12.12/24, 34.34/24 BGP update: 56.56/24, 78.78/24 Filter all but 12.12/24 and 34.34/24 Filter all but 56.56/24 and 78.78/24 CS 6823 - Network Security 9 Ingress Filtering: Upstream ISP (3) 12.12/24 34.34/24 56.56/24 78.78/24 Filter all but 12.12/24 and 34.34/24 Filter all but 56.56/24 and 78.78/24 56.56.1.1 regional ISP regional ISP tier-1 ISP x CS 6823 - Network Security 10 Ingress Filtering: Upstream ISP (4) 12.12/24 34.34/24 56.56/24 78.78/24 Filter all but 12.12/24 and 34.34/24 Filter all but 56.56/24 and 78.78/24 34.34.1.1 regional ISP regional ISP tier-1 ISP spoofed packet gets through! CS 6823 - Network Security Attacks 11 Ingress filtering: summary Effectiveness depends on widespread deployment at access ISPs Deployment in upstream ISPs helps, but does not eliminate IP spoofing Filtering can impact router forwarding perf Even if universally deployed at access, hacker can still spoof another address in its access network 12.12/24 See RFC 2827 Network Ingress Filtering: Defeating DDoS CS 6823 - Network Security 12 Session hijacking Take control of one side of a TCP connection Marriage of sniffing and spoofing Alice telnet Alice Bob Attacker CS 6823 - Network Security 13 Session hijacking: The details Attacker is on segment where traffic passes from Alice to Bob Attacker sniffs packets...
View Full Document

This note was uploaded on 11/02/2010 for the course CS 393 taught by Professor Staff during the Spring '08 term at NYU Poly.

Page1 / 74

Lecture 3 - CS 6823 - Network Security CS 6823 - Network...

This preview shows document pages 1 - 14. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online