DOC PREVIEW
CMU 15441 Computer Networking - 25-security

This preview shows page 1-2-3-24-25-26 out of 26 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 26 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 26 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 26 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 26 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 26 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 26 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 26 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

Security15-441With slides from: Debabrata Dash,Nick Feamster, Vyas Sekar, and others115-411: securityOur “Narrow” Focus• Yes: Protecting network resources and limiting connectivity (Part I) Creating a “secure channel” for communication (Part II)N•No: Preventing software vulnerabilities & malware, “il i i”or “social engineering”. 215-411: securityFlashback .. Internet design goals1. Interconnection2F il ili2.Failure resilience3. Multiple types of service4. Variety of networks5. Management of resourcesg6. Cost-effective7.Low entry-cost7.Low entrycost8. Accountability for resourcesWhere is security?Where is security?315-411: securityWhy did they leave it out?• Designed for connectivity• Network designed with implicit trustgp No “bad” guys• Can’t security be provided at the edge?E ti A th ti ti tEncryption, Authentication etc End-to-end arguments in system design415-411: securitySecurity Vulnerabilities• At every layer in the protocol stack!• Network-layer attacks IP-level vulnerabilities Routing attacks• Transport-layer attacks TCP vulnerabilities• Application-layer attacks515-411: securityIP-level vulnerabilities• IP addresses are provided by the source Spoofing attacks• Using IP address for authenticatione.g., login with .rhostse.g., login with .rhosts •Some“features”that have been exploited•Some features that have been exploited Fragmentation B d t f t ffi lifi tiBroadcast for traffic amplification 615-411: securitySecurity Flaws in IP• The IP addresses are filled in by the originating hostAddress spoofingAddress spoofing• Using source address for authentication r-utilities (rlogin, rsh, rhosts etc..)2.1.1.1C•Can A claim it is B to the server S?Internet1.1.1.3S•ARP Spoofing•Can C claim it is B to1.1.1.1 1.1.1.2ABCan C claim it is B to the server S?•Source Routing715-411: securitySmurf AttackInternetAttacking SystemBroadcast Enabled NetworkVictim System815-411: securityICMP Attacks• No authentication•ICMP redirect message•ICMP redirect message Can cause the host to switch gateways Benefit of doing this?g Man in the middle attack, sniffing• ICMP destination unreachableCCan cause the host to drop connection• ICMP echo request/replyMany more•Many more…  http://www.sans.org/rr/whitepapers/threats/477.php915-411: securityRouting attacks• Divert traffic to malicious nodesBlackholeBlack-hole Eavesdropping• How to implement routing attacks? Distance-Vector: Link-state:BGP l biliti•BGP vulnerabilities1015-411: securityRouting attacks• Divert traffic to malicious nodesBlackholeBlack-hole Eavesdropping• How to implement routing attacks? Distance-Vector: Announce low-cost routes Link-state: Dropping links from topologyBGP l biliti•BGP vulnerabilities Prefix-hijackingPath alterationPath alteration1115-411: securityTCP-level attacks• SYN-FloodsI l tti t tt t bfImplementations create state at servers before connection is fully established• Session hijackPretend to be a trusted hostPretend to be a trusted host Sequence number guessing• Session resetsCl l iti t tiClose a legitimate connection1215-411: securitySession HijackServerTrusted (T)First send a legitimate SYN tMalicious (M)SYN to server1315-411: securitySession HijackServerTrusted (T)Using ISN_S1 from earlier connection guess ISN S2!Malicious (M)connection guess ISN_S2!1415-411: securityTCP Layer Attacks• TCP SYN Flooding Exploit state allocated at server after initial SYN packet Send a SYN and don’t reply with ACK Server will wait for 511 seconds for ACK Finite queue size for incomplete connections (1024) Once the queue is full it doesn’t accept requests1515-411: securityTCP Layer Attacks• TCP Session Poisoning Send RST packet Will tear down connection Do you have to guess the exact sequence number?AhiidifiAnywhere in window is fine For 64k window it takes 64k packets to resetAbout 15 seconds for a T1About 15 seconds for a T11615-411: securityAn ExampleFiShimomura (S)Trusted (T)FingerShowmount -eSYN• Finger @S• showmount –e• Attack when no one is around• What other systems it trusts?Mitnick• Send 20 SYN packets to S • Determine ISN behavior1715-411: securityAn ExampleXShimomura (S)Trusted (T)Syn floodX• Finger @S• showmount –e• Attack when no one is around• What other systems it trusts?yMitnick• Send 20 SYN packets to S• SYN flood T• Determine ISN behavior• T won’t respond to packets1815-411: securityAn ExampleXSYN|ACKShimomura (S)Trusted (T)XSYNACK• Finger @S• showmount –e• Attack when no one is around• What other systems it trusts?Mitnick• Send 20 SYN packets to S• SYN flood T• Determine ISN behavior• T won’t respond to packets• Send SYN to S spoofing as T• Send ACK to S with a guessed number• S assumes that it has a session with Tg1915-411: securityAn ExampleXShimomura (S)Trusted (T)X++ > rhosts• Finger @S• showmount –e• Attack when no one is around• What other systems it trusts?Mitnick• Send 20 SYN packets to S• SYN flood T• Determine ISN behavior• T won’t respond to packets• Send SYN to S spoofing as T• Send ACK to S with a guessed number• S assumes that it has a session with T•Give permission to anyone g• Send “echo + + > ~/.rhosts”pyfrom anywhere2015-411: securityWhere do the problems come from?• Protocol-level vulnerabilities Implicit trust assumptions in design• Implementation vulnerabilitiesBoth on routers and end-hostsBoth on routers and endhostsIncomplete specifications•Incomplete specifications Often left to the imagination of programmers2115-411: securityOutline – Part I• Security Vulnerabilities• Denial of Service•Worms•Worms• Countermeasures: Firewalls/IDS2215-411: securityDenial of Service• Make a service unusable/unavailable• Disrupt service by taking down hostsEifdthE.g., ping-of-death• Consume host-level resources E.g., SYN-floods• Consume network resources E.g., UDP/ICMP floods2315-411: securitySimple DoS•Attacker usually spoofs source address ypto hide origin•Aside: Backscatter Analysis•When attack traffic results in replies from the victimE TCP SYN ICMP ECHO•E.g. TCP SYN, ICMP ECHOAttacker VictimLots of traffic2415-411: securityBackscatter Analysis• Attacker sends spoofed TCP SYN packets to www haplessvictim


View Full Document

CMU 15441 Computer Networking - 25-security

Documents in this Course
Lecture

Lecture

14 pages

Lecture

Lecture

19 pages

Lecture

Lecture

14 pages

Lecture

Lecture

78 pages

Lecture

Lecture

35 pages

Lecture

Lecture

4 pages

Lecture

Lecture

4 pages

Lecture

Lecture

29 pages

Lecture

Lecture

52 pages

Lecture

Lecture

40 pages

Lecture

Lecture

44 pages

Lecture

Lecture

41 pages

Lecture

Lecture

38 pages

Lecture

Lecture

40 pages

Lecture

Lecture

13 pages

Lecture

Lecture

47 pages

Lecture

Lecture

49 pages

Lecture

Lecture

7 pages

Lecture

Lecture

18 pages

Lecture

Lecture

15 pages

Lecture

Lecture

74 pages

Lecture

Lecture

35 pages

Lecture

Lecture

17 pages

lecture

lecture

13 pages

Lecture

Lecture

21 pages

Lecture

Lecture

14 pages

Lecture

Lecture

53 pages

Lecture

Lecture

52 pages

Lecture

Lecture

40 pages

Lecture

Lecture

11 pages

Lecture

Lecture

20 pages

Lecture

Lecture

39 pages

Lecture

Lecture

10 pages

Lecture

Lecture

40 pages

Lecture

Lecture

25 pages

lecture

lecture

11 pages

lecture

lecture

7 pages

Lecture

Lecture

10 pages

lecture

lecture

46 pages

lecture

lecture

7 pages

Lecture

Lecture

8 pages

lecture

lecture

55 pages

lecture

lecture

45 pages

lecture

lecture

47 pages

lecture

lecture

39 pages

lecture

lecture

33 pages

lecture

lecture

38 pages

lecture

lecture

9 pages

midterm

midterm

16 pages

Lecture

Lecture

39 pages

Lecture

Lecture

14 pages

Lecture

Lecture

46 pages

Lecture

Lecture

8 pages

Lecture

Lecture

40 pages

Lecture

Lecture

11 pages

Lecture

Lecture

41 pages

Lecture

Lecture

38 pages

Lecture

Lecture

9 pages

Lab

Lab

3 pages

Lecture

Lecture

53 pages

Lecture

Lecture

51 pages

Lecture

Lecture

38 pages

Lecture

Lecture

42 pages

Lecture

Lecture

49 pages

Lecture

Lecture

63 pages

Lecture

Lecture

7 pages

Lecture

Lecture

51 pages

Lecture

Lecture

35 pages

Lecture

Lecture

29 pages

Lecture

Lecture

65 pages

Lecture

Lecture

47 pages

Lecture

Lecture

41 pages

Lecture

Lecture

41 pages

Lecture

Lecture

32 pages

Lecture

Lecture

35 pages

Lecture

Lecture

15 pages

Lecture

Lecture

52 pages

Lecture

Lecture

16 pages

Lecture

Lecture

4 pages

lecture

lecture

27 pages

lecture04

lecture04

46 pages

Lecture

Lecture

46 pages

Lecture

Lecture

13 pages

lecture

lecture

41 pages

lecture

lecture

38 pages

Lecture

Lecture

40 pages

Lecture

Lecture

25 pages

Lecture

Lecture

38 pages

lecture

lecture

11 pages

Lecture

Lecture

42 pages

Lecture

Lecture

12 pages

Lecture

Lecture

36 pages

Lecture

Lecture

46 pages

Lecture

Lecture

35 pages

Lecture

Lecture

34 pages

Lecture

Lecture

9 pages

lecture

lecture

49 pages

class03

class03

39 pages

Lecture

Lecture

8 pages

Lecture 8

Lecture 8

42 pages

Lecture

Lecture

20 pages

lecture

lecture

29 pages

Lecture

Lecture

9 pages

lecture

lecture

46 pages

Lecture

Lecture

12 pages

Lecture

Lecture

24 pages

Lecture

Lecture

41 pages

Lecture

Lecture

37 pages

lecture

lecture

59 pages

Lecture

Lecture

47 pages

Lecture

Lecture

34 pages

Lecture

Lecture

38 pages

Lecture

Lecture

28 pages

Exam

Exam

17 pages

Lecture

Lecture

21 pages

Lecture

Lecture

15 pages

Lecture

Lecture

9 pages

Project

Project

20 pages

Lecture

Lecture

40 pages

L13b_Exam

L13b_Exam

17 pages

Lecture

Lecture

48 pages

Lecture

Lecture

10 pages

Lecture

Lecture

52 pages

21-p2p

21-p2p

16 pages

lecture

lecture

77 pages

Lecture

Lecture

18 pages

Lecture

Lecture

62 pages

Lecture

Lecture

25 pages

Lecture

Lecture

24 pages

Project

Project

20 pages

Lecture

Lecture

47 pages

Lecture

Lecture

38 pages

Lecture

Lecture

35 pages

Roundup

Roundup

45 pages

Lecture

Lecture

47 pages

Lecture

Lecture

39 pages

Lecture

Lecture

13 pages

Midterm

Midterm

22 pages

Project

Project

26 pages

Lecture

Lecture

11 pages

Project

Project

27 pages

Lecture

Lecture

10 pages

Lecture

Lecture

50 pages

Lab

Lab

9 pages

Lecture

Lecture

30 pages

Lecture

Lecture

6 pages

r05-ruby

r05-ruby

27 pages

Lecture

Lecture

8 pages

Lecture

Lecture

28 pages

Lecture

Lecture

30 pages

Project

Project

13 pages

Lecture

Lecture

11 pages

Lecture

Lecture

12 pages

Lecture

Lecture

48 pages

Lecture

Lecture

55 pages

Lecture

Lecture

36 pages

Lecture

Lecture

17 pages

Load more
Download 25-security
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view 25-security and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view 25-security 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?