intro to networking for the insufficiently paranoid
play

Intro to Networking for the Insufficiently Paranoid Mihai - PowerPoint PPT Presentation

Sep 01, 2023 •382 likes •1.05k views

Intro to Networking for the Insufficiently Paranoid Mihai Christodorescu CS 642 Spring 2007 mihai@cs.wisc.edu Original slides by Jonathon Giffin Internet: Attack and Defenses Makes communication easier and faster Makes attacks

  1. Intro to Networking for the Insufficiently Paranoid Mihai Christodorescu CS 642 – Spring 2007 mihai@cs.wisc.edu Original slides by Jonathon Giffin

  2. Internet: Attack and Defenses � Makes communication easier and faster � Makes attacks easier and faster Today’s topics: � Short introduction to networking � Network-level attacks � Network-level defenses 22 March 2007 Mihai Christodorescu - UW CS 642 - Spring 2007 2

  3. Switched Networks � A network can be defined recursively as... � two or more nodes � two or more networks connected by a link, or connected by two or more nodes 22 March 2007 Mihai Christodorescu - UW CS 642 - Spring 2007 3

  4. Layering Motivation � Use abstractions to hide complexity � Abstraction naturally lead to layering � Alternative abstractions at each layer Application programs Request/reply Message stream channel channel Host-to-host connectivity Hardware 22 March 2007 Mihai Christodorescu - UW CS 642 - Spring 2007 4

  5. 7-Layer Architecture � Early inter-networks were the result of gluing together dissimilar networks End host � The International Standards Application Organization came up with a model for Presentation describing interconnect between Session networks (Open Systems Interconnect) Transport Network Data link Physical 22 March 2007 Mihai Christodorescu - UW CS 642 - Spring 2007 5

  6. Physical Layer � Raw bits over a communications link � Examples: End host � Ethernet (Electrical and connector) Application � Wireless IEEE-802.11a/b/g/n Presentation � Cable Modem Session � DSL Transport Network Data link Software Hardware Physical Think of this as an Ethernet card and cable and vendor-specific APIs 22 March 2007 Mihai Christodorescu - UW CS 642 - Spring 2007 6

  7. Data link layer � Frames of data from one device to another directly-attached device End host � Example: Ethernet frames Application � Collision detection, flow control Presentation � Discovery of new devices Session Transport Network Multi-hop Single-hop Data link Example Ethernet address 08:00:2b:e4:b1:02 Physical Frame Preamble FrameCRC Payload Think of this as the FRAMES from your cable modem to your PC 22 March 2007 Mihai Christodorescu - UW CS 642 - Spring 2007 7

  8. Network layer � Packets delivered multiple hops � Addressed to a globally-unique, End host aggregatable address Application � Routed to the next hop Presentation Session Transport Reliable Best Effort Network Typical IPv4 address: 128.105.2.10 Data link IPHeader Physical IP Payload Think of this as a packet from a web server to your computer 22 March 2007 Mihai Christodorescu - UW CS 642 - Spring 2007 8

  9. Transport layer � End-to-End in-order delivery of exactly one copy of each message (TCP) End host � Retransmits lost packets (TCP) Application � Holds received packets until Presentation requested by the application Session Connection (UDP) Message Transport � Examples: TCP, UDP Network Data link TCP Header Physical TCP Payload Think of this as a packet from a web server to your computer 22 March 2007 Mihai Christodorescu - UW CS 642 - Spring 2007 9

  10. Session layer � Initiates and monitors whole sessions End host � Translates host names to host Application addresses Presentation User � Allocates ports and sockets Kernel Session Transport Network Data link Physical 22 March 2007 Mihai Christodorescu - UW CS 642 - Spring 2007 10

  11. Presentation layer � Translates from standard network data representation End host to local Application App � Handles encryption, Library Presentation compression, and OS- Session specific transmogrifications Transport Network Data link Physical 22 March 2007 Mihai Christodorescu - UW CS 642 - Spring 2007 11

  12. Application layer � Requestor for network service End host � Examples: Bittorrent, FTP, Firefox, Application The SIMS online, Quake, AIM, Presentation Sendmail, . . . Session Transport Network Data link Physical 22 March 2007 Mihai Christodorescu - UW CS 642 - Spring 2007 12

  13. Typical Routed Delivery Path End host End host Logical Messages Application Application Presentation Presentation Session Session Control Messages Transport Transport Network Network Network Network Data link Data link Data link Data link Physical Physical Physical Physical One or more nodes within the network 22 March 2007 Mihai Christodorescu - UW CS 642 - Spring 2007 13

  14. IP Packet Header � Connectionless (datagram-based) � Best-effort delivery 0 4 8 16 19 31 (unreliable service) Version HLen TOS Length Ident Flags Offset � packets are lost TTL Protocol Checksum � packets are delivered SourceAddr out of order DestinationAddr Pad Options (variable) � duplicate copies of a (variable) Data packet are delivered � packets can be delayed for a long time � Datagram format 22 March 2007 Mihai Christodorescu - UW CS 642 - Spring 2007 14

  15. TCP Overview � Byte-stream � app writes bytes � TCP sends segments � app reads bytes Application process Application process Write Read … bytes … bytes TCP TCP Send buffer Receive buffer … Segment Segment Segment Transmit segments 22 March 2007 Mihai Christodorescu - UW CS 642 - Spring 2007 15

  16. TCP Protocol Header � Connection oriented � Reliable delivery 0 4 10 16 31 SrcPort DstPort � Flow control: keep sender SequenceNum from overrunning receiver Acknowledgment HdrLen 0 Flags AdvertisedWindow � Congestion control: keep sender from overrunning Checksum UrgPtr network Options (variable) Data 22 March 2007 Mihai Christodorescu - UW CS 642 - Spring 2007 16

  17. Normal Connection Establishment The Server sets up retransmission timers, allocates receive buffers, etc. Imagine a web server that can handle 12,000 connections. If the process fails, a timeout occurs after 120 seconds, freeing up the resources. Note: SYN packets are very small and take up very little bandwidth. Graphics from http://grc.com/dos/drdos.htm 22 March 2007 Mihai Christodorescu - UW CS 642 - Spring 2007 17

  18. State Transition Diagram Not Connected CLOSED Active open/SYN Passive open Close Close Waiting for Connection LISTEN SYN/SYN + ACK Send/SYN TCP Handshake SYN/SYN + ACK SYN_RCVD SYN_SENT ACK SYN + ACK/ACK Connected Close/FIN ESTABLISHED Close/FIN FIN/ACK FIN_WAIT_1 CLOSE_WAIT FIN/ACK ACK + FIN/ACK ACK Close/FIN FIN_WAIT_2 CLOSING LAST_ACK Closing the Connection Timeout after two ACK ACK segment lifetimes FIN/ACK TIME_WAIT CLOSED 22 March 2007 Mihai Christodorescu - UW CS 642 - Spring 2007 18

  19. Attack #1: SYN Flood � Each SYN creates one half-open connection � Half-open connections take minutes to time-out � Servers have finite connection tables � Perpetrator would be easily caught (Source IP) � Unless SourceIP is spoofed � See: CERT Advisory CA-1996-21 http://www.cert.org/advisories/CA-1996-21.html � 100 SYN packets per second fits in 56 Kbps Graphics from http://grc.com/dos/drdos.htm 22 March 2007 Mihai Christodorescu - UW CS 642 - Spring 2007 19

  20. Spoofed IP Address The SYN/ACK is delivered to the fake (spoofed) IP Address. The attacker doesn’t see it, and doesn’t care. (Backscatter) Graphics from http://grc.com/dos/drdos.htm 22 March 2007 Mihai Christodorescu - UW CS 642 - Spring 2007 20

  21. Example SYN Flood Attacks � February 2000 � Victims included CNN, eBay, Yahoo, Amazon � Attackers (allegedly) used simple, readily available tools (script-kiddies) � Law enforcement unable (unwilling?) to help � Under-age perpetrators have blanket immunity � October 2002 � Root DNS servers � 9 of 13 servers brought down 22 March 2007 Mihai Christodorescu - UW CS 642 - Spring 2007 21

  22. 22 March 2007 Mihai Christodorescu - UW CS 642 - Spring 2007 22

  23. Attack #2: Distributed DoS � Rather than filling connection table, fill all available bandwidth � Infect innocent bystanders (zombies) � Zombies listen (e.g. on IRC channel) for attack command (or simply attack at will) � Attacker need not have high bandwidth connection Typical Program: EvilGoat EvilBot Graphics from http://grc.com/dos/drdos.htm 22 March 2007 Mihai Christodorescu - UW CS 642 - Spring 2007 23

  24. Example Distributed DOS Attack � 6 attacks on 5 different days � One attack lasted for 17 hours � 474 infected windows PC as zombies � 2.4 billion malicious packets Legitimate throughput Time Graphics from http://grc.com/dos/grcdos.htm 22 March 2007 Mihai Christodorescu - UW CS 642 - Spring 2007 24

  25. Flood-based Distributed DoS Attacks � Coordinate zombies to attack with big packets � Use up “last-hop” bandwidth � “Last-hop” router discards packets indiscriminately � Zombies need not spoof addresses Graphics from http://grc.com/dos/drdos.htm 22 March 2007 Mihai Christodorescu - UW CS 642 - Spring 2007 25

  26. Recent Twist - Reflection � Many routers accept connections on port 179 (Border Gateway Protocol) � Although any big server and any port it listens on will work � Send a SYN to a server, claiming it came from the victim � The server will send a SYN/ACK to the victim � And then re-transmit several times before giving up (typically about 4X) 22 March 2007 Mihai Christodorescu - UW CS 642 - Spring 2007 26

  27. Reflection Mechanism Graphics from http://grc.com/dos/drdos.htm 22 March 2007 Mihai Christodorescu - UW CS 642 - Spring 2007 27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Jerry: Linda, do you think Im paranoid? Linda: Youre not really paranoid if

Jerry: Linda, do you think Im paranoid? Linda: Youre not really paranoid if

Jerry: Linda, do you think Im paranoid? Linda: Youre not really paranoid if everyone really is after you, Jerry. Jerry: Maybe all security people are crazy! Linda: No, theyre just insecure. Everything You

444 views • 17 slides
Affiliate Networking Fair A Quick Intro To Today Networking How can the with local MVP support

Affiliate Networking Fair A Quick Intro To Today Networking How can the with local MVP support

Mortimer Village Partnership Affiliate Networking Fair A Quick Intro To Today Networking How can the with local MVP support COLLABORATION groups your group Diverse Local Groups... Common needs... Fund Raising Venues Committees

531 views • 17 slides
Becoming Paranoid Or how I learned to start worrying and fear the Internet George V.

Becoming Paranoid Or how I learned to start worrying and fear the Internet George V.

Becoming Paranoid Or how I learned to start worrying and fear the Internet George V. Neville-Neil www.neville-neil.com Why This Talk? To make all of you more paranoid Give people a grounding in current problems with securing internet

659 views • 33 slides
Chap 3. Networking and Internetworking Road map: 3.1. Intro 3.2. Types of network

Chap 3. Networking and Internetworking Road map: 3.1. Intro 3.2. Types of network

Chap 3. Networking and Internetworking Road map: 3.1. Intro 3.2. Types of network 3.3. Network principles 3.4. Internet protocols 3.5. Case studies 2005/9/11 1 3.1. Intro As an infrastructure for DS Distributed

1.24k views • 41 slides
Paranoid Habits Part 1: Security Tips Denis Rechkunov @pragmader / pragmader.me Whats this

Paranoid Habits Part 1: Security Tips Denis Rechkunov @pragmader / pragmader.me Whats this

Paranoid Habits Part 1: Security Tips Denis Rechkunov @pragmader / pragmader.me Whats this about? Topics: Authentication Phishing PGP SSH USB Networking Can I trust you, Denis? Trust no one,

531 views • 41 slides
How to be a paranoid Dates of birth or just think like one Exposure to identity theft

How to be a paranoid Dates of birth or just think like one Exposure to identity theft

Leaking information Stealing 26.5 million veteran s data Pro rotection a and S d Securi rity Data on laptop stolen from employee s home (5/06) Veterans names Social Security numbers How to be a paranoid Dates of birth or

337 views • 5 slides
NETWORKING NETWORKING PART RT 2: 2: LI LINUX UX commands PART 2: LINUX commands Agenda

NETWORKING NETWORKING PART RT 2: 2: LI LINUX UX commands PART 2: LINUX commands Agenda

Moreno Baricevic CNR-IOM DEMOCRITOS Trieste, ITALY INTRO TO INTRO TO NETWORKING NETWORKING PART RT 2: 2: LI LINUX UX commands PART 2: LINUX commands Agenda Agenda Network Interfaces Network Interfaces LINUX command line utilities

612 views • 46 slides
NETWORKING NETWORKING PART RT 1: Basic c co concep cepts ts PART 1: Basic concepts (full)

NETWORKING NETWORKING PART RT 1: Basic c co concep cepts ts PART 1: Basic concepts (full)

Moreno Baricevic CNR-IOM DEMOCRITOS Trieste, ITALY INTRO TO INTRO TO NETWORKING NETWORKING PART RT 1: Basic c co concep cepts ts PART 1: Basic concepts (full) (full) Agenda Agenda Connections Connections Concept of Packet

1.1k views • 77 slides
NETWORKING NETWORKING PART RT 1: Ba Basic concep epts ts PART 1: Basic concepts (full)

NETWORKING NETWORKING PART RT 1: Ba Basic concep epts ts PART 1: Basic concepts (full)

Moreno Baricevic CNR-INFM DEMOCRITOS Trieste, ITALY INTRO TO INTRO TO NETWORKING NETWORKING PART RT 1: Ba Basic concep epts ts PART 1: Basic concepts (full) (full) Agenda Agenda Connections Connections Concept of Packet Concept

858 views • 75 slides
NETWORKING NETWORKING PART 1: Basic ic conce cepts PART 1: Basic concepts Agenda Agenda

NETWORKING NETWORKING PART 1: Basic ic conce cepts PART 1: Basic concepts Agenda Agenda

Moreno Baricevic CNR-INFM DEMOCRITOS Trieste, ITALY INTRO TO INTRO TO NETWORKING NETWORKING PART 1: Basic ic conce cepts PART 1: Basic concepts Agenda Agenda Connections Connections Concept of Packet Concept of Packet Network Stack

515 views • 33 slides
NETWORKING NETWORKING PART 2: LINUX UX commands PART 2: LINUX commands Agenda Agenda Network

NETWORKING NETWORKING PART 2: LINUX UX commands PART 2: LINUX commands Agenda Agenda Network

Moreno Baricevic CNR-INFM DEMOCRITOS Trieste, ITALY INTRO TO INTRO TO NETWORKING NETWORKING PART 2: LINUX UX commands PART 2: LINUX commands Agenda Agenda Network Interfaces Network Interfaces LINUX command line utilities LINUX

598 views • 38 slides
How to be a paranoid or just think like one 1 2 Leaking information Stealing 26.5 million

How to be a paranoid or just think like one 1 2 Leaking information Stealing 26.5 million

Pro rotection a and S d Securi rity How to be a paranoid or just think like one 1 2 Leaking information Stealing 26.5 million veteran s data Data on laptop stolen from employee s home (5/06) Veterans names Social Security

580 views • 30 slides
How to be a paranoid or just think like one 1 2 Leaking information Stealing 26.5 million

How to be a paranoid or just think like one 1 2 Leaking information Stealing 26.5 million

Protection tion and Se Secur urity ity How to be a paranoid or just think like one 1 2 Leaking information Stealing 26.5 million veterans data Data on laptop stolen from employees home (5/06) Veterans names Social Security

619 views • 27 slides
Intro(vert) to Networking: A Guide for Both Extroverts and Introverts Hosted By: Alvin

Intro(vert) to Networking: A Guide for Both Extroverts and Introverts Hosted By: Alvin

8/29/2019 1 Intro(vert) to Networking: A Guide for Both Extroverts and Introverts Hosted By: Alvin Pilobello and Elyse Rester 2 1 8/29/2019 How to Participate Today Audio Modes Listen using Mic & S peakers Or,

404 views • 9 slides
Demystifying the Network Networking 101 for Security Peeps RVASec 2019 Rick Lull Agenda Intro

Demystifying the Network Networking 101 for Security Peeps RVASec 2019 Rick Lull Agenda Intro

Bits, Frames and Packets Demystifying the Network Networking 101 for Security Peeps RVASec 2019 Rick Lull Agenda Intro Why this Talk What this Talk isnt Networking what, where, why, how Securing networks Network Security

433 views • 40 slides
CSE 127: Introduction to Security Lecture 10: Intro to Networking Nadia Heninger and Deian

CSE 127: Introduction to Security Lecture 10: Intro to Networking Nadia Heninger and Deian

CSE 127: Introduction to Security Lecture 10: Intro to Networking Nadia Heninger and Deian Stefan UCSD Fall 2019 Some material from Zakir Durumeric, David Wagner The Internet you the internet ucsd.edu Original Idea: Network is dumb

468 views • 31 slides
Mirai and IoT Botnet Analysis Robert Graham http://blog.erratasec.com @ErrataRob #RSAC What

Mirai and IoT Botnet Analysis Robert Graham http://blog.erratasec.com @ErrataRob #RSAC What

#RSAC SESSION ID: SESSION ID: HTA-W10 Mirai and IoT Botnet Analysis Robert Graham http://blog.erratasec.com @ErrataRob #RSAC What this talk will cover? Brief overview of Mirai The cameras themselves Step by step from infection to attacks

962 views • 63 slides
ELEC / COMP 177 Fall 2011 Some slides from Kurose

ELEC / COMP 177 Fall 2011 Some slides from Kurose

ELEC / COMP 177 Fall 2011 Some slides from Kurose and Ross, Computer Networking , 5 th Edition Some slides from CS244a @ Stanford Homework

1.15k views • 56 slides
author profiling shared task on: Bots and gender profiling Francisco Rangel & Paolo Rosso

author profiling shared task on: Bots and gender profiling Francisco Rangel & Paolo Rosso

Overview of the 7 th author profiling shared task on: Bots and gender profiling Francisco Rangel & Paolo Rosso 10th September 2019 Bots: propaganda, fake news, inflammatory content Bots may influence users with comercial, political or

512 views • 35 slides
Malware, cont CS 161: Computer Security Prof. Vern Paxson TAs: Jethro Beekman, Mobin Javed,

Malware, cont CS 161: Computer Security Prof. Vern Paxson TAs: Jethro Beekman, Mobin Javed,

Malware, cont CS 161: Computer Security Prof. Vern Paxson TAs: Jethro Beekman, Mobin Javed, Antonio Lupher, Paul Pearce & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ April 18, 2013 Large-Scale Malware Worm = code

734 views • 39 slides
Free Speech No longer an issue of allowing people to speak, it is now an issue of who is paying

Free Speech No longer an issue of allowing people to speak, it is now an issue of who is paying

Free Speech No longer an issue of allowing people to speak, it is now an issue of who is paying attention Also an issue of how credible is the information How did this come about? 3 important developments: 1) Cheap speech via

596 views • 3 slides
On NDN and (lack of ) Measurement Thomas Silverston National Institute of Information and

On NDN and (lack of ) Measurement Thomas Silverston National Institute of Information and

On NDN and (lack of ) Measurement Thomas Silverston National Institute of Information and Communications Technology (NICT) ICT Testbed Research, Development and Operation Lab P2P-TV Measurement Experiments and Traffic Analysis

631 views • 19 slides
Service Security by Chris Riley 11/21/2009 www.hkmconsultingllc.com 1 overview Web-based

Service Security by Chris Riley 11/21/2009 www.hkmconsultingllc.com 1 overview Web-based

Service Security by Chris Riley 11/21/2009 www.hkmconsultingllc.com 1 overview Web-based Services (SOAP / REST) challenge organizations in ways similar to web applications. Unlike web applications, service contracts provide simpler

1.21k views • 31 slides
My Background Ph.D. at Carnegie Mellon University Research

My Background Ph.D. at Carnegie Mellon University Research

2/17/15 Introduc)on to Security The Role of Data Science Prof. Tudor Dumitra Assistant Professor, ECE University of Maryland, College Park

719 views • 15 slides

More recommend