DOC PREVIEW
Berkeley ELENG 122 - Denial-of-Service / Wireless / Multimedia

This preview shows page 1-2-22-23 out of 23 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 23 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 23 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 23 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 23 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 23 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

11Denial-of-Service / Wireless /MultimediaEE 122: Intro to Communication NetworksFall 2006 (MW 4-5:30 in Donner 155)Vern PaxsonTAs: Dilip Antony Joseph and Sukun Kimhttp://inst.eecs.berkeley.edu/~ee122/Materials with thanks to Jennifer Rexford, Ion Stoica,and colleagues at Princeton and UC Berkeley2Announcements• Office hours this week by appointment• I’ll be giving a lecture on Experiences WithCountering Internet Attacks next Wednesday,2:30-4PM in Cory 540 A/B (optional!)• Next Lecture: Final Review– and course evaluation23Goals of Today’s Lecture• Denial-of-Service– Transport layer (SYN flooding)– Application layer (CAPTCHAs)• Wireless link layers– 802.X, Bluetooth• Issues for transmitting multimedia content– Audio– Video– Voice-over-IP (VOIP)4Recap: Defending Against Network Flooding• How do we defend against such floods?• Answer: basically, we don’t! Big problem today!• Techniques exist to trace spoofed traffic back toorigins, but this isn’t useful in face of a large attack• Techniques exist to filter traffic, but a well-designedflooding stream defies stateless filtering• Best solutions to date:– Overprovision - have enough raw capacity that it’s hard toflood your links Largest confirmed botnet to date: 1.5 million hosts Floods seen to date: 40+ Gbps– Distribute your services - force attacker to flood many points E.g., the root name servers35Transport-Level Denial-of-Service• Recall TCP’s 3-way connection establishmenthandshake– Goal: agree on initial sequence numbers– Starting sequence numbers are based on clockClient (initiator)SYN, SeqNum = xSYN and ACK, SeqNum = y, Ack = x + 1ACK, Ack = y + 1Serverto prevent attacker from guessing them to establishconnections using spoofed source addressesrandomServer creates stateassociated withconnection here6SYN Flooding• Attacker sends victim TCP SYNs with randomclient ports and spoofed source address• Victim responds with SYN+ACKs– Victim also allocates memory for connection, sets timers– Holds memory until 3-way handshake completes Or until eventual timeout (e.g., 3 minutes)• Victim quickly runs out of memory– Newly arriving connections are denied– Many of these are the attacker’s bogus conn. attempts– But others are legitimate. No one new can get to the site.• Note: network capacity/overprovisioning doesn’thelp47Flooding Defense: SYN CookiesClient (initiator)SYN, SeqNum = xSYN and ACK, SeqNum = y, Ack = x + 1ACK, Ack = y + 1Server• Server: when SYN arrives, encode connectionstate entirely within SYN-ACK’s sequence # y– y = SHA-1(client_addr, client_port, ISN x, server_secret)• When ACK of SYN-ACK arrives, server onlycreates state if seq # y in it agrees with hashServer only createsstate here8SYN Cookies: Discussion• Illustrates general strategy: rather than holdingstate, encode it so that it is returned when needed• For SYN cookies, attacker must complete 3-wayhandshake in order to burden the server– Can’t use spoofed source addresses• Note #1: strategy requires that you have enoughbits to encode all the state– This is just barely the case for SYN cookies You only have 32 bits to work with in server’s ISN– (And not the case once connection is established)• Note #2: if it’s expensive to generate or check thecookie, then it’s not a win59Application-Layer Flooding• Attacker makes a lot of expensive service requests– E.g., http://victim.com/back_end_database.cgi?search=…• Expense of request gives attacker leverage– It can also be very hard to tell legitimate requests from bogus• CAPTCHAs (Completely Automated Public Turing test to tell Computers and Humans Apart)– Idea: “Reverse Turing Test” Prove that a client is a human rather than a machine– Based on known-hard AI problems that humans solve readily– Drawbacks: If visual, discriminates against blind users Sometimes you want machines to be able to make (legit) requests Depending on the problem, an arms race (driving technology forward) …10611Summary of Denial-of-Service• Can occur at different semantic levels– Network layer vs. transport layer vs. application layer– Very hard to address if attacker has a lot of zombies• Principle: attacker finds bottleneck element …– … and sends it more work than it can cope with• E.g.:– Router’s packets-per-second processing capability– Link’s bits-per-second transmission capability– End host’s memory available for new connections …– … or cycles available to validate connections (cookies)– Server’s cycles for processing requests• Defend via– Overprovisioning– Force sender to prove they’re not spoofing (cookies)– Force sender to prove they’re not a robot (CAPTCHAs)12Wireless Links713Wireless Media Access (courtesy of S. Savage, UCSD)• Wireless links are extremely convenient• What makes wireless links more problematic thanwired links?– Why not just use Ethernet algorithms?• It’s technically difficult to detect collisions– Transmitter swamps co-located receiver• … even if we could, it wouldn’t work– Different transmitters have different coverage areas• In addition, wireless links are much more prone toloss than wired links14• A and C can both send to B but can’t hear each other– A is a hidden terminal for C and vice versa• CSMA/CD will be ineffective – need to sense at receiverHidden TerminalsA B Ctransmit range815Exposed Terminals• B, C can hear each other …• .. But can safely send to A, DA B Ctransmit rangeD16CSMA/CA: CSMA w/ Collision Avoidance• Since we can’t detect collisions, we try to avoidthem• When medium busy, choose random interval(contention window)– Wait for that many idle timeslots to pass beforesending• When a collision is inferred, retransmit withbinary exponential backoff (like Ethernet)– Use ACK from receiver to infer “no collision”– Use exponential backoff to adapt contentionwindow917 MACA = Multiple Access with Collision AvoidanceOvercome exposed/hidden terminal problems withcontention-free protocol1. B stimulates C with Request To Send (RTS)2. A hears RTS and defers (to allow C to answer)3. C replies to B with Clear To Send (CTS)4. D hears CTS and defers to allow the data5. B sends to CRTS / CTS Protocols (MACA)B C DRTSCTSA18MACA, con’t• If sender doesn’t get a CTS or ACK back, itassumes collision• If other nodes hear RTS, but not CTS: send–


View Full Document

Berkeley ELENG 122 - Denial-of-Service / Wireless / Multimedia

Documents in this Course
Lecture 6

Lecture 6

22 pages

Wireless

Wireless

16 pages

Links

Links

21 pages

Ethernet

Ethernet

10 pages

routing

routing

11 pages

Links

Links

7 pages

Switches

Switches

30 pages

Multicast

Multicast

36 pages

Switches

Switches

18 pages

Security

Security

16 pages

Switches

Switches

18 pages

Lecture 1

Lecture 1

56 pages

OPNET

OPNET

5 pages

Lecture 4

Lecture 4

16 pages

Ethernet

Ethernet

65 pages

Models

Models

30 pages

TCP

TCP

16 pages

Wireless

Wireless

48 pages

Load more
Download Denial-of-Service / Wireless / Multimedia
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Denial-of-Service / Wireless / Multimedia and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Denial-of-Service / Wireless / Multimedia 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?