26-security2

26-security2 - Introduction to Network Security Guest...

Info iconThis preview shows pages 1–14. Sign up to view the full content.

View Full Document Right Arrow Icon
Introduction to Network Security Guest Lecture Debabrata Dash
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Outline Security Vulnerabilities DoS and D-DoS Firewalls Intrusion Detection Systems
Background image of page 2
Security Vulnerabilities Security Problems in the TCP/IP Protocol Suite – Steve Bellovin - 89 Attacks on Different Layers IP Attacks ICMP Attacks Routing Attacks TCP Attacks Application Layer Attacks
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Why? TCP/IP was designed for connectivity Assumed to have lots of trust Host implementation vulnerabilities Software “had/have/will have” bugs Some elements in the specification were left to the implementers
Background image of page 4
Security Flaws in IP The IP addresses are filled in by the originating host Address spoofing Using source address for authentication r-utilities (rlogin, rsh, rhosts etc. .) Internet 2.1.1.1 C 1.1.1.1 1.1.1.2 A B 1.1.1.3 S •Can A claim it is B to the server S? •ARP Spoofing Can C claim it is B to the server S? •Source Routing
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Security Flaws in IP IP fragmentation attack End hosts need to keep the fragments till all the fragments arrive Traffic amplification attack IP allows broadcast destination Problems?
Background image of page 6
Ping Flood Attacking System Internet Broadcast Enabled Network Victim System
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
ICMP Attacks No authentication ICMP redirect message Can cause the host to switch gateways Benefit of doing this? Man in the middle attack, sniffing ICMP destination unreachable Can cause the host to drop connection ICMP echo request/reply Many more… http://www.sans.org/rr/whitepapers/threats/477.php
Background image of page 8
Routing Attacks Distance Vector Routing Announce 0 distance to all other nodes Blackhole traffic Eavesdrop Link State Routing Can drop links randomly Can claim direct link to any other routers A bit harder to attack than DV BGP ASes can announce arbitrary prefix ASes can alter path
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
TCP Attacks Issues? Server needs to keep waiting for ACK y+1 Server recognizes Client based on IP address/port and y+1 Client Server SYN x SYN y | ACK x+1 ACK y+1
Background image of page 10
TCP Layer Attacks TCP SYN Flooding Exploit state allocated at server after initial SYN packet Send a SYN and don’t reply with ACK Server will wait for 511 seconds for ACK Finite queue size for incomplete connections (1024) Once the queue is full it doesn’t accept requests
Background image of page 11

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
TCP Layer Attacks TCP Session Hijack When is a TCP packet valid? Address/Port/Sequence Number in window How to get sequence number? Sniff traffic Guess it Many earlier systems had predictable ISN Inject arbitrary data to the connection
Background image of page 12
TCP Layer Attacks TCP Session Poisoning Send RST packet Will tear down connection Do you have to guess the exact sequence number?
Background image of page 13

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 14
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 04/21/2011 for the course CS 224 taught by Professor De during the Spring '11 term at Kentucky.

Page1 / 47

26-security2 - Introduction to Network Security Guest...

This preview shows document pages 1 - 14. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online