Beruflich Dokumente
Kultur Dokumente
! Introduction
Protocol Attacks ! What is a protocol attack?
! How does it work?
Sushant Rewaskar
! Smurf Attack
! SYN attack
! UDP Attack, ICMP Attack
ICMP echo ICMP echo
! CGI request attack request response
SRC :X SRC :X
! Authentication server attack
! Attack using DNS systems.
! Attack using spoofed address in ping Y X
UDP Attack, ICMP Attack, Ping attack TCP SYN
Server X
DNS request
features
SRC X ! Line between protocol and brute force
X
commands is very thin
! Can these attacks be identified?
! YES
Conclusion : Part 1 Alternate Protocol attacks
RTT
/* slowstart is over; 12
! Exponential increase in window two se
gments congWin > threshold 11
size each RTT until:
(segments)
! whenever congWin segments 7
Threshold
(Not so slow!) four s
ACKed: 6
Threshold
egmen congWin++ 5
! Note: TCP implementations ts
} 4 Loss
detect loss differently /* loss event timeout */ 3 event
2
! TCP Tahoe: Timeout threshold = congWin/2 1
! TCP Reno: Timeout or three congWin = 1 MSS 0
duplicate ACKs perform slowstart 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14
Time Window transmissions
24
Slow Congestion
2
! Throughput at initial 4
! Congestion avoidance slows 0
threshold = 1 MB/RTT 2
probes for additional 0 2 4 6 8 10 12 14 16 18 20 ! At 1st threshold: 16MSS/RTT 0
available bandwidth beyond Window transmissions ! At 2nd threshold: 10MSS/RTT
0 2 4 6 8 10 12 14 16 18 20
the threshold Window transmissions
w x MSS w x MSS
Assume RTT > Assume RTT >
R R
Misbehavior
Expected behavior
Misbehavior
! TCP mechanism
! Congestion window modification
! Congestion avoidance
n
o
i
t
s
e
g
n
o
C
Time
! Very small but aggressive mammal that
ferociously attacks and kills much larger ! Operates at the RTT time-scale
animals with a venomous bite
w
o
TCP mechanism- timeout
d
n TCP dual time scale operation
i
W
C
Time
w
o
d
n
w
Shrew
o Attack Shrew Attack
i
W
d
n n
i o
! Induce
W
an outage again after minRTO i
t
s
n
e
o g
i n
t o minRTO minRTO
s C
e
Time
g
n ! Shrew periodically repeats pulse
o minRTO minRTO
! T= 1 second
C C
DoS DoS TCP (long-RTT)
TCP-S
! Analyze TCP congestion avoidance ! Shrews have low average rate, yet send high-
rate bursts on short time-scales
! Design attack to take advantage of the ! Key questions
mechanism (shrew attack) ! Can algorithms intended to find high-rate attacks
detect Shrews?
! Explore TCP response to shrew attack ! Can we tune the algorithms to detect Shrews
without having too many false alarms?
! Modeling, simulation, Internet experiments
! A number of schemes can detect malicious
! Evaluate detection mechanism flows
! E.g., RED-PD:
! use the packet drop history to detect high-bandwidth flows
and preferentially drop packets from these flows
Open Questions