ip and arp security earlence fernandes
play

IP and ARP Security, Earlence Fernandes UW Madison CS 642 1 Todays - PowerPoint PPT Presentation

Apr 12, 2023 •1.35k likes •1.72k views

IP and ARP Security, Earlence Fernandes UW Madison CS 642 1 Todays agenda IP Spoofing Denial of Service attack (DoS) Distributed DoS (DoS) Source address validation Link layer security Address resolution protocol (ARP)

  1. IP and ARP Security, Earlence Fernandes UW Madison CS 642 1

  2. Today’s agenda • IP Spoofing • Denial of Service attack (DoS) • Distributed DoS (DoS) • Source address validation • Link layer security • Address resolution protocol (ARP) • Mapping IP to MAC address • MAC address spoofing UW Madison CS 642 2

  3. Announcements • Midterm 1 in class Mar 10 Tuesday • Open notes/books with laptop but NO INTERNET • 70 minutes, 70 points • Everything we’ve covered until and including today • Questions biased towards earlier material • Free form, recall and creative thinking • Feedback forms are out • Take a minute now to put some feedback in • Very helpful for us UW Madison CS 642 3

  4. Recap: Network threat model ISP2 ISP1 2. Subverted backbone routes or links 1. Malicious hosts 3. Malicious ISPs or backbone UW Madison CS 642 4

  5. Recap: Internet Protocol Stack user data HTTP, FTP, SMTP, Appl user data SSH, etc. hdr TCP segment PORT TCP, UDP TCP Appl user data hdr hdr IP, ICMP, IGMP IP datagram IP IP TCP Appl user data hdr hdr hdr Ethernet frame 802.11, Ethernet, MAC ENet IP TCP Appl ENet 802x user data hdr hdr hdr hdr tlr 14 20 20 46 to 1500 bytes UW Madison CS 642 5

  6. Recap: Identifiers on the internet • Port: 0 – 65535 (16-bit) • 0 – 1023 : System reserved, 80: HTTP, 443: HTTPS, 53: DNS, • 1024 – 49151 : Semi-reserved, used by application developer • 49152 – 65535 : Used by client programs, e.g. Browser • IP: 32-bit (IPv4) or 128-bit (IPv6) identifier • a.b.c.d – four unsigned integers • CIDR (Classless Inter-Domain routing): a.b.c.d/x • x – bit prefix is “owned” by the entity, • Or, IP addresses with same /x prefix share some portion of route • MAC # (Media access control): 48-bit identifier • Unique for the ethernet/wifi card • Often preset by manufacturer, but one can change them easily UW Madison CS 642 6

  7. Denial of Service (DoS) attacks 5.6.7.8 victim Backbone ISP2 ISP1 1.2.3.4 Goal: prevent legitimate users from accessing victim (1.2.3.4) 15.6.9.18

  8. DoS • Overwhelm the victim with malicious traffic • E.g., ICMP Flood, SYN flood • Many types • Application layer DoS • Locking all user accounts in a system (by repeated password guesses) • Distributed DoS • Get a pool of (compromised) machines/devices to send malicious traffic • SYN floods • Reflected DoS • Send spoofed IP packets to benign servers who responds with large amount data UW Madison CS 642 8

  9. ICMP (Internet Control Message Protocol) IP ICMP ICMP message hdr hdr 8-bit 8-bit 16-bit type code checksum 4-byte more of header (depends on type) message …

  10. ICMP Flood 5.6.7.8 victim Backbone ISP2 ISP1 1.2.3.4 15.6.9.18 ICMP ping flood - Attacker sends ICMP pings as fast as possible to victim - When will this work as a DoS? Attacker resources > victim’s - How can this be prevented? Ingress filtering near victim

  11. TCP SYN Flood Send a bunch of SYN packet to a router/server - Never respond with an ACK - Half-open TCP connections hold resources in the server - Legitimate users cannot access the server UW Madison CS 642 11

  12. Reflected DoS attacks 5.6.7.8 victim Backbone ISP2 ISP1 1.2.3.4 ISP3 source: 1.2.3.4 5.6.7.8 sends IP 8.7.3.4 dest: 8.7.3.4 packet like this Attacker sends packets with spoofed source address Filter based on source may be incorrect

  13. DoS with resource asymmetry 5.6.7.8 Backbone ISP2 ISP1 1.2.3.4 Attacker uses few resources to cause victim to consume lots of resources - DNS amplification attack - Send DNS request w/ spoofed target IP (~64-byte request) - DNS replies sent to target (~512-byte response) - Smurf Attack - Broadcast ICMP ping on a router with spoofed victim’s IP address - (not allowed with newer router) - Ping of death - A single packet that causes crash on remote system - Early on: ping packet with size > 65,535

  14. How to prevent spoofing? 5.6.7.8 Backbone ISP2 ISP1 1.2.3.4 ISP3 8.7.3.4 Spoofed IPs means we cannot know where packets came from. Solution: - BCP 38 (RFC 2827) - upstream ingress filtering to drop spoofed packets - source address validation - IP traceback - Identify sources of attack

  15. IP traceback 5.6.7.8 Backbone ISP2 ISP1 1.2.3.4 ISP3 8.7.3.4 IP traceback approaches: • Logging – each router keeps logs of packets going by • Input debugging – feature of routers allowing filtering egress port traffic based on ingress port. Associate egress with ingress • Controlled flooding – mount your own DoS on links selectively to see how it affects malicious flood • Marking – router probabilistically marks packets with info

  16. BCP38: Network Ingress filtering 5.6.7.8 Backbone ISP2 ISP1 1.2.3.4 ISP3 8.7.3.4 Before forwarding on packets, check at ingress that source IP legitimate

  17. BCP 38: We are getting there… Still 14-21% are still spoofable

  18. Preventing DoS: beat the power Lots of SYNs Lots of SYN/ACKs 1.2.3.4 Filtering box Few ACKs Just need a beefy box to help with filtering. There are several anti-DoS protection - Prolexic (acquired by Akamai) - Cloudflare - Google Cloud Armor

  19. Mirai • September 2016, 600 Gbps attack on Krebs, Dyn. • IoT devices: IP Cameras • Peak infection: 600k devices, steady state: 200 to 300k • Default username/passwords on IP Cameras UW Madison CS 642 19

  20. UW Madison CS 642 20

  21. Paras Jha, co-author of Mirai • 2500 hours community service • Home confinement • 8.6 million USD in restitution • Why DDoS? • Juvenile reasons (student at Rutgers CS) • Delay calculus exam • Prevent others from registering for an advanced CS course he wanted to take https://krebsonsecurity.com/2017/01/who-is-anna-senpai-the-mirai-worm-author/ https://krebsonsecurity.com/2018/10/mirai-co-author-gets-6-months-confinement-8-6m-in- fines-for-rutgers-attacks/ UW Madison CS 642 21

  22. Link layer security UW Madison CS 642 22

  23. Link layer: Ethernet/WiFi Carrier Sense, Multiple Access with Collision Detection (CSMA/CD) - Take turns using broadcast channel (the wire) - Detect collisions, jam, and random back off Security issues? UW Madison CS 642 23

  24. Address resolution protocol (ARP) IP IP routin ing: - Figure out where to send an IP packet based on destination address. - Link layer and IP layer must cooperate to get things sent - ARP/RARP enables this cooperation by mapping IPs to MACs 32-bit IP address ARP RARP 48-bit MAC address UW Madison CS 642 24

  25. Media Access Control Number (MAC) • “Unique” identifier for a device. Two types • Globally administered • Locally administered • OS can “change” MAC https://en.wikipedia.org/wiki/MAC_address UW Madison CS 642 25

  26. MAC Spoofing For privacy APPLE: $ sudo ifconfig en0 ether xx:xx:xx:xx:xx:xx LINUX $ sudo ip link set eth0 address xx:xx:xx:xx:xx:xx For stealing UW Madison CS 642 26

  27. MAC spoofing is not illegal, but can show criminal intent Aaron Swartz, a fellow at Harvard University's Center for Ethics and an open source programmer involved with creating the RSS 1.0 specification and more generally in the open culture movement, has been arrested and charged with wire fraud, computer fraud, unlawfully obtaining information from a protected computer, and recklessly damaging a protected computer after he entered a computer lab at MIT in Cambridge, Massachusetts and downloaded two-thirds of the material on JSTOR, an academic journal repository. http://en.wikinews.org/wiki/Aaron_Swartz_arrested_and_charge d_for_downloading_JSTOR_articles https://www.internethalloffame.org/inductees/aaron-swartz UW Madison CS 642 27

  28. Address resolution protocol ARP message (28B) Ethernet header (14B) 6 6 2 2 2 1 1 2 6 4 6 4 18 4 enet enet hw prot hw prot sender ip target ip type op pad CRC dest src type type size size hw addr sender hw addr target Target t hw hw add address Ignored in ARP request fra rame typ ype op op specifies whether this is en enet dest - 0x0806 (ARP) an ARP request, ARP reply, - all 1’s, - 0x8035 (RARP) RARP request, RARP reply 0xFFFFFFFFFFFF Sender hw Se hw add address for broadcast Host’s MAC address for hw typ hw ype, pr prot ot(ocol) typ ype ARP and ARP reply specify what types of addresses we’re looking up UW Madison CS 642 28

  29. ARP caches • Hosts maintain cache of ARP data • just a table mapping between IPs and MACs UW Madison CS 642 29

  30. ARP has no authentication • Easy to sniff packets on (non-switched) ethernet • What else can we do? Easy Denial of Service (DoS): Send ARP reply associating gateway 192.168.1.1 with a non-used MAC address UW Madison CS 642 30

  31. ARP has no authentication • Easy to sniff packets on (non-switched) ethernet • What else can we do? 192.168.1.1 MAC1 Active Man-in-the-Middle: ARP reply to MAC2 192.168.1.1 -> MAC3 192.168.1.2 192.168.1.3 ARP reply to MAC1 MAC2 MAC3 192.168.1.2 -> MAC3 Now traffic “routed” through malicious box UW Madison CS 642 31

  32. ARP Poisoning UW Madison CS 642 32

  33. UW Madison CS 642 33

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

TLS/SSL and Certificates (CS 642) Earlence Fernandes earlence@cs.wisc.edu * Some slides are

TLS/SSL and Certificates (CS 642) Earlence Fernandes earlence@cs.wisc.edu * Some slides are

Transport Layer Security: TLS/SSL and Certificates (CS 642) Earlence Fernandes earlence@cs.wisc.edu * Some slides are borrowed from Clarkson, Shmatikov, Jana UW-Madison 1 Internet: The network of computers History - Started as (D)ARPANET

548 views • 33 slides
Web Security [Privacy] Spring 2020 Earlence Fernandes earlence@cs.wisc.edu Thanks to Dan

Web Security [Privacy] Spring 2020 Earlence Fernandes earlence@cs.wisc.edu Thanks to Dan

CS 642: Computer Security and Privacy Web Security [Privacy] Spring 2020 Earlence Fernandes earlence@cs.wisc.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, Ada Lerner, John Manferdelli, John Mitchell, Franzi Roesner,

839 views • 32 slides
User Authentication Earlence Fernandes earlence@cs.wisc.edu Admin Homework 1 is out: start

User Authentication Earlence Fernandes earlence@cs.wisc.edu Admin Homework 1 is out: start

Computer Security and Privacy (CS642) User Authentication Earlence Fernandes earlence@cs.wisc.edu Admin Homework 1 is out: start doing it Talk to TAs to figure out any setup issues You may discuss high- level ideas but DONT

880 views • 49 slides
Anonymity Spring 2020 Earlence Fernandes earlence@cs.wisc.edu Thanks to Dan Boneh, Franzi

Anonymity Spring 2020 Earlence Fernandes earlence@cs.wisc.edu Thanks to Dan Boneh, Franzi

CS 642: Computer Security and Privacy Anonymity Spring 2020 Earlence Fernandes earlence@cs.wisc.edu Thanks to Dan Boneh, Franzi Roesner Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee,

881 views • 29 slides
IoT Security What, Why, How Earlence Fernandes Your car is a computer with wheels and an engine

IoT Security What, Why, How Earlence Fernandes Your car is a computer with wheels and an engine

IoT Security What, Why, How Earlence Fernandes Your car is a computer with wheels and an engine Your refrigerator is a computer that keeps food cold Your ATM is a computer with money inside -- Bruce Schneier to the US House Committee on Energy

559 views • 40 slides
Network Security CS 642 UW Madison Earlence Fernandes UW Madison CS 642 1 Web Security TLS

Network Security CS 642 UW Madison Earlence Fernandes UW Madison CS 642 1 Web Security TLS

Network Security CS 642 UW Madison Earlence Fernandes UW Madison CS 642 1 Web Security TLS DNS and BGP Oct 8, 2019 Network Security UW Madison CS 642 2 128.105.37.141 We dont want to have to remember IP addresses Early days of

615 views • 36 slides
Cryptography [Finish Asymmetric Cryptography] Spring 2020 Earlence Fernandes

Cryptography [Finish Asymmetric Cryptography] Spring 2020 Earlence Fernandes

CS 642: Computer Security and Privacy Cryptography [Finish Asymmetric Cryptography] Spring 2020 Earlence Fernandes earlence@cs.wisc.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, Ada Lerner, John Manferdelli, John

670 views • 20 slides
SECURITY ANALYSIS OF EMERGING SMART HOME APPLICATIONS Earlence Fernandes, Jaeyeon jung, Atul

SECURITY ANALYSIS OF EMERGING SMART HOME APPLICATIONS Earlence Fernandes, Jaeyeon jung, Atul

SECURITY ANALYSIS OF EMERGING SMART HOME APPLICATIONS Earlence Fernandes, Jaeyeon jung, Atul Prakash Presented by Surya Mani Content Motivation Related Work SmartThings-Big Picture Security Analysis Proof-of-concept attacks

858 views • 30 slides
Security Analysis of Emerging Smart Home Applica6ons Earlence Fernandes, Jaeyeon Jung, Atul

Security Analysis of Emerging Smart Home Applica6ons Earlence Fernandes, Jaeyeon Jung, Atul

Security Analysis of Emerging Smart Home Applica6ons Earlence Fernandes, Jaeyeon Jung, Atul Prakash Presented by: Gohar Irfan Chaudhry IEEE Security and Privacy 24 May 2016 Smart Door Locks nsors Connected Ovens Plugs IP Cameras Emerging

484 views • 31 slides
Security Analysis of Emerging Smart Home Applications Earlence Fernandes, Jaeyeon Jung, Atul

Security Analysis of Emerging Smart Home Applications Earlence Fernandes, Jaeyeon Jung, Atul

Security Analysis of Emerging Smart Home Applications Earlence Fernandes, Jaeyeon Jung, Atul Prakash IEEE Security and Privacy 24 May 2016 Smart Door Locks CO Sensors Connected Ovens Smart Plugs IP Cameras Emerging Smart Home Frameworks

502 views • 35 slides
FlowFence: Prac-cal Data Protec-on for Emerging IoT Applica-on Frameworks Earlence Fernandes,

FlowFence: Prac-cal Data Protec-on for Emerging IoT Applica-on Frameworks Earlence Fernandes,

FlowFence: Prac-cal Data Protec-on for Emerging IoT Applica-on Frameworks Earlence Fernandes, Jus/n Paupore, Amir Rahma/, Daniel Simionato, Mauro Con/, Atul Prakash University of Michigan, University of Padova Published at USENIX Security 2016

468 views • 22 slides
Announcements You shouldve received an email from the mailing list with a link to course

Announcements You shouldve received an email from the mailing list with a link to course

CS 642: Computer Security and Privacy Cryptography [Intro] Spring 2020 Earlence Fernandes earlence@cs.wisc.edu Thanks to Franzi Roesner Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, Ada Lerner, John Manferdelli, John Mitchell, Vitaly

692 views • 26 slides
Physical Attacks on Deep Learning Systems Ivan Evtimov Collaborators and slide content

Physical Attacks on Deep Learning Systems Ivan Evtimov Collaborators and slide content

Physical Attacks on Deep Learning Systems Ivan Evtimov Collaborators and slide content contributions: Earlence Fernandes, Kevin Eykholt, Chaowei Xiao, Amir Rahmati, Florian Tramer, Bo Li, Atul Prakash, Tadayoshi Kohno, Dawn Song Deep Learning

556 views • 44 slides
Table of contents 1. Introduction 2. Experimental setup (driftless-GSPC + RGA) 3. EL Yield &

Table of contents 1. Introduction 2. Experimental setup (driftless-GSPC + RGA) 3. EL Yield &

1 EL Yield & R E of Xe - M x mixtures for the NEXT TPC Carlos A.O. Henriques 1 , A.F.M. Fernandes, C.D.R. Azevedo, D. Gonzalez-Diaz, C.M.B. Monteiro, L.M.P. Fernandes, N. Lpez-March, J.J. Gmez-Cadenas, NEXT Collaboration

1.16k views • 27 slides
Components with Symbolic Transition Fabrcio Fernandes, Systems: a Java Implementation

Components with Symbolic Transition Fabrcio Fernandes, Systems: a Java Implementation

Components with STS : a Java Imple- mentation Components with Symbolic Transition Fabrcio Fernandes, Systems: a Java Implementation Jean-Claude Royer, Robin Passama of Rendezvous Outline Introduction Fabrcio de Alexandria Fernandes

585 views • 34 slides
Session 3. Numerical problem C. Fernandes, L.L. Ferr as, J.M. N obrega Institute for

Session 3. Numerical problem C. Fernandes, L.L. Ferr as, J.M. N obrega Institute for

Session 3. Numerical problem C. Fernandes, L.L. Ferr as, J.M. N obrega Institute for Polymers and Composites (i3N), University of Minho C. Fernandes, L.L. Ferr as, J.M. N obrega Session 3. Numerical problem CloudPYME Project El

649 views • 60 slides
Multi6 Threats draft-nordmark-multi6-threats-00.txt Design Team Members (alphabetical order):

Multi6 Threats draft-nordmark-multi6-threats-00.txt Design Team Members (alphabetical order):

Multi6 Threats draft-nordmark-multi6-threats-00.txt Design Team Members (alphabetical order): Iljitsch van Beijnum, Steve Bellovin, Brian Carpenter, Mike O'Dell, Sean Doran, Dave Katz, Tony Li, Erik Nordmark, and Pekka Savola Why? Allowing

612 views • 11 slides
1 Connection Establishment Data Exchange Clients connect to an SSH server on port Once

1 Connection Establishment Data Exchange Clients connect to an SSH server on port Once

Where in the stack is security? Attacks can be targeted at any layer of the 16: protocol stack Application layer: Password and data sniffing, Forged Exploits and Defenses Up and transactions, Security holes, Buffer Overflows?

1.15k views • 9 slides
Findings Port Security is ineffective at preventing 3 different MAC Spoofing attacks in

Findings Port Security is ineffective at preventing 3 different MAC Spoofing attacks in

M EDIA A CCESS C ONTROL (MAC) A DDRESS S POOFING A TTACKS AGAINST P ORT S ECURITY Andrew Buhr, Dale Lindskog, Pavol Zavarsky, Ron Ruhl Concordia University College of Alberta Findings Port Security is ineffective at preventing 3 different

455 views • 24 slides
Packet Sniffing and Spoofing Chester Rebeiro IIT Madras Some of the slides borrowed from the

Packet Sniffing and Spoofing Chester Rebeiro IIT Madras Some of the slides borrowed from the

Packet Sniffing and Spoofing Chester Rebeiro IIT Madras Some of the slides borrowed from the book Computer Security: A Hands on Approach by Wenliang Du Shared Networks Every network packet reaches every computer's network Interface

960 views • 59 slides
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 3 Network Protocol Attacks Roadmap Network security The basic objectives: CIA

1.68k views • 39 slides
IoT Security in Action! Julien Vermillard , Sierra Wireless @vrmvrm -

IoT Security in Action! Julien Vermillard , Sierra Wireless @vrmvrm -

IoT Security in Action! Julien Vermillard , Sierra Wireless @vrmvrm - jvermillard@sierrawireless.com EclipseCON EU 2016 Introduction Managing connected devices Why it is simple to exploit non-secured systems How simple to have the minimum

1.14k views • 39 slides
New developments on BREACH Dimitris Karakostas, Dionysis Zindros Stanford, Real World Crypto

New developments on BREACH Dimitris Karakostas, Dionysis Zindros Stanford, Real World Crypto

New developments on BREACH Dimitris Karakostas, Dionysis Zindros Stanford, Real World Crypto 2016 Overview BREACH review Our contributions Statistical attacks Attacking block ciphers Attacking noise Optimization

477 views • 33 slides
The Dark Side of Operational Wi-Fi Calling Services Tian Xie 1 , Guan-Hua Tu 1 , Chi-Yu Li 2 ,

The Dark Side of Operational Wi-Fi Calling Services Tian Xie 1 , Guan-Hua Tu 1 , Chi-Yu Li 2 ,

The Dark Side of Operational Wi-Fi Calling Services Tian Xie 1 , Guan-Hua Tu 1 , Chi-Yu Li 2 , Chunyi Peng, Mi Zhang 1 1 Michigan State University 2 National Chiao Tung University 3 Purdue University Wi-Fi Calling Services Wi-Fi Calling

621 views • 31 slides

More recommend