identifying load balanced backends
play

Identifying Load-Balanced Backends Ian Rodney 1 Why does it - PowerPoint PPT Presentation

Mar 12, 2024 •241 likes •619 views

Identifying Load-Balanced Backends Ian Rodney 1 Why does it matter? Targeted DDoS Service degradation - - - 2 Load Balancers Terminate & regenerate :( Pass through :) Hashing IP/Port - - - 3 Side Channels

  1. Identifying Load-Balanced Backends Ian Rodney 1

  2. Why does it matter? • Targeted DDoS • Service degradation - - - 2

  3. Load Balancers • Terminate & regenerate :( • Pass through :) • Hashing – IP/Port - - - 3

  4. Side Channels • Information leaks around shared state ���� • Well studied • Setup: �������� 4

  5. IPID Mechanism • Unique fragment ID • Counter types: • 16-bit field in IPv4 • Global • IPv6 Extension • Per-Destination • Hybrid (2048 counters) 5

  6. IPID Side Channel • Global Counter • Covered in lecture! • Per-Dest • Hybrid 6

  7. IPID Side Channel • Global Counter • Pretty hard to defeat • Per-Dest • But there is a way • Hybrid 7

  8. IPID Side Channel • Global Counter Source: IPv6 Test; S/A • Per-Dest RST, IPID: n • Hybrid Source: Victim; S/A RST, IPID: ? Source: IPv6 Test ; S/A RST, IPID: n+1 Global Counter with or n+2 found IPv6 Address 10 Xu 2018

  9. Timestamps Mechanisms • Systems have a unique clock drift TCP TCP ICMP ICMP HTTP HTTP Resolution 1Hz – 1 kHz 1Hz – 1 kHz 1kHz 1kHz 1Hz 1Hz Constant Drift Yes Yes NTP adjusted NTP adjusted Yes Yes NTP removes offset • Is 1Hz too low? 12:00:01 12:00:00 Kohno & Et. Al. 2005, Zander 2008, Rye 2019 11

  10. Shared State Mechanisms • Fragment reassembly buffer • TCP SYN Cache • Challenge ACK rate limit 13

  11. Rate-Limit Mechanism • Challenge ACK rate limit SEQ: 900 • SYN or RST variants ACK: 1000 RST: 1201 Challenge; ACK: 1000 99 left RST: 1000 RFC 5961 14

  12. Rate-Limit Mechanism • Challenge ACK rate limit SEQ: 900 • SYN or RST variants ACK: 1000 RST; SEQ: 60,000 RST; SEQ: 1200 Challenge; ACK: 1000 99 left RFC 5961 15

  13. Rate-Limit Side Channel • Infer presence of connection ���� Seq: 1000 Challenge ACK 99 left 0 left Source: User, SYN Seq: 500 Cao & Et. Al 2016 16

  14. Rate-Limit Side Channel • Infer presence of connection ���� Seq: 1000 Challenge ACK 100x 99 left 0 left Source: A, SYN Challenge 99x ACK Cao & Et. Al 2016 17

  15. Buffer Side Channel U, IPID: 10 • Fragment buffer A, IPID: 80 U, IPID: 20 & per-destination Source: A, Frag A, IPID: 90 Source: U, Frag IPID • subtle IPID: 20 ���� Source: V, Full Cao & Et. Al 2016 18

  16. Buffer Side Channel U, IPID: 10 • Fragment buffer A, IPID: 80 Source: A, New Frag A, IPID: 100 & per-destination A, IPID: 90 IPID • subtle ���� Zhang 2018 19

  17. Buffer Side Channel U, IPID: 10 Source: A, Remainders: • Fragment buffer A, IPID: 80 A, IPID: 100 & per-destination A, IPID: 90 80, 90, 100 IPID Reply for 80, 90, 100 • subtle ���� Zhang 2018 20

  18. SYN Cache Side Channel V, SYN • Fill up cache (SYN cookies) V, SYN : V e • Different source ports c r u o S SYN Exists: RST S/A ? �������� Zhang & Et. Al 2015 21

  19. SYN Cache Side Channel V, SYN • Fill up cache (SYN cookies) V, SYN Source: A • Different source ports SYN SYN Cookie �������� Zhang & Et. Al 2015 22

  20. How to leverage? • IPID: • Global --> straight forward • Per-Dest/2048 --> impossible/hard • Timestamps --> straight forward • Shared State --> overwhelm and check 25

  21. My contributions • Check for side-channel presence • Alexa Top 1000 26

  22. My contributions • Check for side-channel presence • Alexa Top 1000 • ICMP/TCP/HTTP timestamps • TCP traceroute (termination location) 27

  23. Tools • Scapy • Raw pcaps • Packet manipulation • Requests • HTTP • Ray • Distributed programming (scanning) 28

  24. (a few) Results • 986 responses • 98% had TCP responses • 60% had TCP timestamps • 85% had HTTP responses • 0 ICMP 29

  25. (a few) Results 30

  26. (a few) Results 31

  27. (a few) Results ICMP … TCP 32

  28. (a few) Results ICMP ICMP … TCP TCP 33

  29. (a few) Results ICMP ICMP … TCP 34

  30. (a few) Results 35

  31. Lessons Learned • Don't underestimate the kernel Kernel Scapy TCP NIC 36

  32. Lessons Learned • Don't underestimate the kernel • ISPs can be annoying

  33. Lessons Learned • Don't underestimate the kernel • ISPs can be annoying • I don't get IPv6 • Google IPv6 DNS + IPv6 ISP support = No connection?! 38

  34. Experiments Next Steps • Existence of Challenge ACKs • IPv6 reachability • HTTP timestamp analysis 39

  35. Validation Next Steps • Simple GCP Load Balanced Web Server • Easy ground-truth • In-the-wild validation server: mw1325.eqiad.wmnet 41

  36. Questions? Thanks for listening! 42

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Efficient Discovery of Load-Balanced Paths Alistair King al@bellstreet.co.nz Load-Balancer

Efficient Discovery of Load-Balanced Paths Alistair King al@bellstreet.co.nz Load-Balancer

Efficient Discovery of Load-Balanced Paths Alistair King al@bellstreet.co.nz Load-Balancer Traceroute Gives confidence that the complete topology has been discovered. Probes each TTL repeatedly to discover alternate interfaces. Uses a large

172 views • 16 slides
A Reconfigurable Architecture for Load-Balanced Rendering Jiawen Chen Michael I. Gordon

A Reconfigurable Architecture for Load-Balanced Rendering Jiawen Chen Michael I. Gordon

A Reconfigurable Architecture for Load-Balanced Rendering Jiawen Chen Michael I. Gordon William Thies Matthias Zwicker Kari Pulli Frdo Durand Graphics Hardware July 31, 2005, Los Angeles, CA The Load Balancing Problem data parallel

543 views • 29 slides
LB-MAP: LOAD-BALANCED MIDDLEBOX ASSIGNMENT IN POLICY-DRIVEN DATA CENTERS MANAR ALQARNI

LB-MAP: LOAD-BALANCED MIDDLEBOX ASSIGNMENT IN POLICY-DRIVEN DATA CENTERS MANAR ALQARNI

LB-MAP: LOAD-BALANCED MIDDLEBOX ASSIGNMENT IN POLICY-DRIVEN DATA CENTERS MANAR ALQARNI DEPARTMENT OF COMPUTER SCIENCE CALIFORNIA STATE UNIVERSITY DOMINGUEZ HILLS 1 INTRODUCTION - Middleboxes network appliances or network functions

489 views • 25 slides
Load Balanced Parallel GPU Out-of-Core for Continuous LOD Model Visualization Chao Peng, Peng Mi

Load Balanced Parallel GPU Out-of-Core for Continuous LOD Model Visualization Chao Peng, Peng Mi

Load Balanced Parallel GPU Out-of-Core for Continuous LOD Model Visualization Chao Peng, Peng Mi and Yong Cao Department of Computer Science, Virginia Tech, Blacksburg, Virginia, USA Ultrascale Visualization Workshop 2012 Motivation How

380 views • 24 slides
Load Balanced Link Reversal Routing in Mobile Wireless Ad Hoc Networks Nabhendra Bisnik,

Load Balanced Link Reversal Routing in Mobile Wireless Ad Hoc Networks Nabhendra Bisnik,

Load Balanced Link Reversal Routing in Mobile Wireless Ad Hoc Networks Nabhendra Bisnik, Alhussein Abouzeid Costas Busch ECSE Department CSCI Department RPI RPI Mobile Wireless Networks Wireless nodes are mostly battery driven ) limited

616 views • 35 slides
Exercises for 8.1.3 1. Give a parse tree with semantic records for the statement Z = 2 + 2. Show

Exercises for 8.1.3 1. Give a parse tree with semantic records for the statement Z = 2 + 2. Show

326 Chapter 8 Computer Languages TABLE 4. Semantic record label Address Code Expression translated T6 3 The variable Y. T7 Load 0,A The assignment statement Load 2,B Y = 3 + 2*X. Mult A,B,4 Load 4,A Load 1,B Add A,B,5 Load 5,A

427 views • 8 slides
Load Balancing Load Balancing Load balancing: distributing data and/or computations across

Load Balancing Load Balancing Load balancing: distributing data and/or computations across

Load Balancing Load Balancing Load balancing: distributing data and/or computations across multiple processes to maximize efficiency for a parallel program. Static load-balancing: the algorithm decides a priori how to divide the workload.

444 views • 27 slides
The Design and Implementation of OpenMP 4.5 and OpenACC Backends for the RAJA C++ Performance

The Design and Implementation of OpenMP 4.5 and OpenACC Backends for the RAJA C++ Performance

The Design and Implementation of OpenMP 4.5 and OpenACC Backends for the RAJA C++ Performance Portability Layer William Killian Tom Scogland, Adam Kunen John Cavazos Millersville University of Pennsylvania Lawrence Livermore National Lab

249 views • 22 slides
A few additional AST lowerings that can simplify the development of new backends Miguel Garcia

A few additional AST lowerings that can simplify the development of new backends Miguel Garcia

A few additional AST lowerings that can simplify the development of new backends A few additional AST lowerings that can simplify the development of new backends Miguel Garcia http://lamp.epfl.ch/~magarcia LAMP , EPFL 2011-02-22 1 / 7 A few

604 views • 9 slides
Efficient Storage Backends for IoT Data Master Thesis, Mid Talk Florian Kreitmair Advisors:

Efficient Storage Backends for IoT Data Master Thesis, Mid Talk Florian Kreitmair Advisors:

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Efficient Storage Backends for IoT Data Master Thesis, Mid Talk Florian Kreitmair Advisors: Marc-Oliver Pahl, Cyrille Artho, Stefan Liebald

748 views • 19 slides
Balanced Literacy Balanced Literacy M A R Y R O W L A N D S O N E L E M E N T A R Y S CH O O L

Balanced Literacy Balanced Literacy M A R Y R O W L A N D S O N E L E M E N T A R Y S CH O O L

Balanced Literacy Balanced Literacy M A R Y R O W L A N D S O N E L E M E N T A R Y S CH O O L M A R Y R O W L A N D S O N E L E M E N T A R Y S CH O O L 2 0 13 To create independent readers readers, competent writers, articulate i

534 views • 16 slides
Keras: Performance Analysis of Tensorflow, Theano, and CNTK Backends R244 Presentation By:

Keras: Performance Analysis of Tensorflow, Theano, and CNTK Backends R244 Presentation By:

Keras: Performance Analysis of Tensorflow, Theano, and CNTK Backends R244 Presentation By: Vikash Singh November 28, 2018 Session 8 What is Keras [1] ? High level neural networks API in Python that is capable of running on top of TensorFlow

653 views • 9 slides
Load Balancing with nftables by Laura Garca (Zen Load Balancer Team) Netdev 1.1 Prototype of

Load Balancing with nftables by Laura Garca (Zen Load Balancer Team) Netdev 1.1 Prototype of

Load Balancing with nftables by Laura Garca (Zen Load Balancer Team) Netdev 1.1 Prototype of Load Balancing with nftables Goal: High Performance Load Balancer Load Balancing Solutions Load Balancing Solutions Linux Virtual Server

1.31k views • 40 slides
~ FURNACE LOAD COMPLEX ELEVATOR TRANSFER (LEAN ... UN- .....,_ UN- Lo Ar LOAD INSPECT

~ FURNACE LOAD COMPLEX ELEVATOR TRANSFER (LEAN ... UN- .....,_ UN- Lo Ar LOAD INSPECT

I~ ~ FURNACE LOAD COMPLEX ELEVATOR TRANSFER (LEAN ... UN- .....,_ UN- Lo Ar LOAD INSPECT LOAD L-OAD CASSETTE CASSETTE .. 1 IN Our I COMPLEXITY REQUIRES WORK STATION TO CONTROL j BRUCE SYSTEMS . 1 AUTOMATION . TARGETS SALES

1.09k views • 81 slides
Focal Plane Arrays, Data Transmission, Pulsars, and Spectral Line Backends John Ford Bob Garwood

Focal Plane Arrays, Data Transmission, Pulsars, and Spectral Line Backends John Ford Bob Garwood

Focal Plane Arrays, Data Transmission, Pulsars, and Spectral Line Backends John Ford Bob Garwood July 29th, 2009 The NRAO is operated for the National Science Foundation (NSF) by Associated Universities, Inc. (AUI), under a cooperative

314 views • 13 slides
Direct-FUSE: A User-level File System with Multiple Backends Yue Zhu yzhu@cs.fsu.edu Florida

Direct-FUSE: A User-level File System with Multiple Backends Yue Zhu yzhu@cs.fsu.edu Florida

Direct-FUSE: A User-level File System with Multiple Backends Yue Zhu yzhu@cs.fsu.edu Florida State University Outline Background & Motivation The Overview of Direct-FUSE Performance Evaluation Conclusions S-2 User Space vs.

987 views • 22 slides
S iRiUS: Securing Remote Untrusted S torage NDS S 2003 Eu-Jin Goh, Hovav S hacham,

S iRiUS: Securing Remote Untrusted S torage NDS S 2003 Eu-Jin Goh, Hovav S hacham,

S iRiUS: Securing Remote Untrusted S torage NDS S 2003 Eu-Jin Goh, Hovav S hacham, Nagendra Modadugu, and Dan Boneh S tanford University Introduction S ecure network file syst ems not widespread. Why? 1. Hard to deploy No

739 views • 56 slides
ProtoDUNE-SP Purity Monitor Operation Jianming Bian, Isloo Seong (UCI) Casandra Morris, Andrew

ProtoDUNE-SP Purity Monitor Operation Jianming Bian, Isloo Seong (UCI) Casandra Morris, Andrew

ProtoDUNE-SP Purity Monitor Operation Jianming Bian, Isloo Seong (UCI) Casandra Morris, Andrew Renshaw (UH) Stephen Pordes (FNAL) ProtoDUNE-SP Purity Monitors Top PrM M. Adamowski et al., JINST 9, P07005 (2014). Middle PrM Individual PrMon:

904 views • 12 slides
Unit 2: Natural Language Learning Unsupervised Learning (EM, forward-backward, inside-outside)

Unit 2: Natural Language Learning Unsupervised Learning (EM, forward-backward, inside-outside)

Natural Language Processing Spring 2017 Unit 2: Natural Language Learning Unsupervised Learning (EM, forward-backward, inside-outside) Liang Huang liang.huang.sh@gmAYl.com Review of Noisy-Channel Model CS 562 - EM 2 Example 1:

469 views • 23 slides
Regeneration: A New Algorithm in Numerical Algebraic Geometry Charles Wampler General Motors

Regeneration: A New Algorithm in Numerical Algebraic Geometry Charles Wampler General Motors

Regeneration: A New Algorithm in Numerical Algebraic Geometry Charles Wampler General Motors R&D Center (Adjunct, Univ. Notre Dame) Including joint work with Andrew Sommese, University of Notre Dame University of Notre Dame Jon

1.02k views • 35 slides
Welcome. @wordpressscv meetup.com/wordpressscv twitter.com/wordpressscv

Welcome. @wordpressscv meetup.com/wordpressscv twitter.com/wordpressscv

Welcome. @wordpressscv meetup.com/wordpressscv twitter.com/wordpressscv instagram.com/wordpressscv facebook.com/groups/wordpressscv The Five Good Faith Rules 1. WordPress Meetups are for the benefit of the WordPress community as a whole, not

761 views • 41 slides
Memory Forensics of a Java Card Dump jean-louis.lanet@inria.fr Cardis 2014 Paris Nov. 5-7 2014

Memory Forensics of a Java Card Dump jean-louis.lanet@inria.fr Cardis 2014 Paris Nov. 5-7 2014

Memory Forensics of a Java Card Dump jean-louis.lanet@inria.fr Cardis 2014 Paris Nov. 5-7 2014 Episode 2 Previous episode: how to obtain a dump Hypothesis Find the code Reverse it Conclusion Memory Dump At that time we

719 views • 15 slides
CMOS Comparator Design Extra Slides Vishal Saxena, Boise State University

CMOS Comparator Design Extra Slides Vishal Saxena, Boise State University

Department of Electrical and Computer Engineering CMOS Comparator Design Extra Slides Vishal Saxena, Boise State University (vishalsaxena@boisestate.edu) Vishal Saxena -1- Comparator Design Considerations Comparator = Preamp

917 views • 44 slides
CSC2/458 Parallel and Distributed Systems Mutual Exclusion and Leader Elections Sreepathi Pai

CSC2/458 Parallel and Distributed Systems Mutual Exclusion and Leader Elections Sreepathi Pai

CSC2/458 Parallel and Distributed Systems Mutual Exclusion and Leader Elections Sreepathi Pai March 29, 2018 URCS Outline Mutual Exclusion Using Voting Misras Token Recovery Algorithm Election Algorithms Outline Mutual Exclusion Using

589 views • 31 slides

More recommend