Chair of Connected Mobility TUM Department of Informatics Re Resilience of of Dep Deployed ed TC TCP to to Bl Blink Attack At Paper written by Matthew Luckie Robert Beverly Tiange Wu Naval Postgraduate School University of Waikato CAIDA / UC San Diego mjl@wand.net.nz rbeverly@nps.edu tiangewu@caida.org Mark Allman Kc Claffy ICSI CAIDA / UC San Diego mallman@icir.org kc@caida.org Presented by: Victor Aguboshim 03679101 1
Chair of Connected Mobility TUM Department of Informatics Co Conten ent v Motivation v Methodology v Active Measured Methods v Vantage Points v Conducted Tests v Result of Tests v Conclusions 2
Chair of Connected Mobility TUM Department of Informatics Mo Moti tivati tion Ø To determine how a TCP connection will react to an attack from a unrevealed false IP address such that the attacker does not intend to receive traffic from the attack. Ø Does this attack cause a TCP connection reset? Ø Is it accepted, Challenged or just ignored? Ø Understand what TCP features enhance its resistance to Blind attacks 3
Chair of Connected Mobility TUM Department of Informatics Me Metho thodo dology Ø Active Measured Methods Ø Blind Reset and SYN Test Ø Blind Data Test Ø Fingerprinting Test 4
Chair of Connected Mobility TUM Department of Informatics Me Metho thodo dology Ø Vantage Points of Measurement: cld-us, hosted by CAIDA (San Diego, USA) Ø hlz-nz, hosted by the University of Waikato ( Waikato, New zealand) Ø Hosted by Massachusetts Institute of Technology (MIT), Cambridge. Ø 5
Chair of Connected Mobility TUM Department of Informatics Conduct cted Tests and Results v Webserver Vulnerability Fig 2: Overview of the Results based on VPs Fig1: Overview of Results from the cld-us VP Fig 3: Overlap of results from the cld-us VP 6
Chair of Connected Mobility TUM Department of Informatics Conduct cted Tests and Results v Infrastructure Vulnerability Fig 4: Overview of Response Laboratory testing of blind TCP attacks against BGP-speaking router and OpenFlow-speaking switches 7
Chair of Connected Mobility TUM Department of Informatics Conduct cted Tests and Results v Ports Selection Predictability Fig 5: Overview of the predictability of the observed ports 8
Chair of Connected Mobility TUM Department of Informatics Concl clusion Ø TCP is an important protocol with huge traffic and so the need for constant security and performance improvements. Ø 22% of connections are vulnerable to SYN and rest packets Ø 30% vulnerable to in-window data packets Ø 38.4% vulnerable to at least one of the three tested in-window attacks tested 9
Chair of Connected Mobility TUM Department of Informatics Reference ces Alexa. Top 1,000,000 sites. • http://www.alexa.com/topsites. Cisco. TCP Vulnerabilities in Multiple IOS-Based Cisco • Products,2004.http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory /cisco-sa-20040420-tcp-ios. M. Zalewski. p0f v3 (version3.08b).http://lcamtuf.coredump.cx/p0f3/. • M. Luckie. Scamper: a scalable and extensible packet prober for active measurement • of the Internet. In IMC, pages 239–245, Nov. 2010. 10
Chair of Connected Mobility TUM Department of Informatics Thank k you for your time Qu Ques estions? s? 11
Recommend
More recommend