network attacks con t
play

Network Attacks, Cont CS 161: Computer Security Prof. Vern Paxson - PowerPoint PPT Presentation

Oct 01, 2023 •125 likes •699 views

Network Attacks, Cont CS 161: Computer Security Prof. Vern Paxson TAs: Paul Bramsen, Apoorva Dornadula, David Fifield, Mia Gil Epner, David Hahn, Warren He, Grant Ho, Frank Li, Nathan Malkin, Mitar Milutinovic, Rishabh Poddar, Rebecca

  1. Network Attacks, Con’t CS 161: Computer Security Prof. Vern Paxson TAs: Paul Bramsen, Apoorva Dornadula, David Fifield, Mia Gil Epner, David Hahn, Warren He, Grant Ho, Frank Li, Nathan Malkin, Mitar Milutinovic, Rishabh Poddar, Rebecca Portnoff, Nate Wang http://inst.eecs.berkeley.edu/~cs161 / March 14, 2017

  2. The Transport Layer: TCP

  3. “ Best Effort ” is Lame! What to do? • It’s the job of our Transport (layer 4) protocols to build data delivery services that our apps need out of IP’s modest layer-3 service

  4. Layer 4: Transport Layer End-to-end communication between processes 7 Application Different services provided: TCP = reliable byte stream 4 Transport UDP = unreliable datagrams 3 (Inter)Network ( Datagram = single packet message) 2 Link 1 Physical

  5. “ Best Effort ” is Lame! What to do? • It’s the job of our Transport (layer 4) protocols to build data delivery services that our apps need out of IP’s modest layer-3 service • #1 workhorse: TCP ( Transmission Control Protocol ) • Service provided by TCP: – Connection oriented (explicit set-up / tear-down) o End hosts (processes) can have multiple concurrent long-lived communication – Reliable , in-order, byte-stream delivery o Robust detection & retransmission of lost data

  6. TCP “ Bytestream ” Service Process A on host H1 Byte 0 Byte 1 Byte 2 Byte 3 Byte 80 Processes don’t ever see packet boundaries, lost or corrupted packets, retransmissions, etc. Process B on host H2 Byte 0 Byte 1 Byte 2 Byte 3 Byte 80

  7. Bidirectional communication: Process B on host H2 Byte 0 Byte 1 Byte 2 Byte 3 Byte 73 There are two separate bytestreams , one in each direction Process A on host H1 Byte 0 Byte 1 Byte 2 Byte 3 Byte 73

  8. (Link Layer Header) TCP Header (IP Header) Source port Destination port Sequence number Acknowledgment HdrLen Advertised window Flags 0 Checksum Urgent pointer Options (variable) Data …

  9. (Link Layer Header) TCP Header (IP Header) Ports are Source port Destination port associated with OS Sequence number processes Acknowledgment HdrLen Advertised window Flags 0 Checksum Urgent pointer Options (variable) Data …

  10. (Link Layer Header) TCP Header (IP Header) Ports are Source port Destination port associated with OS Sequence number processes Acknowledgment IP source & destination HdrLen Advertised window Flags 0 addresses plus TCP source and destination Checksum Urgent pointer ports uniquely identifies a (bidirectional) TCP Options (variable) connection Data …

  11. 4. Connect to google.com server Ti Ti e Res gateway 216.97.19.132 ti e In ti e In tf tf router resolver Suppose our browser used port 23144 for our connection, and Google’s server used 443 . 172.217.6.78 Then our connection will be fully specified by the single tuple < 216.97.19.132 , 23144 , 172.217.6.78 , 443 >

  12. TCP Header Ports are Source port Destination port associated with OS Sequence number processes Acknowledgment IP source & destination HdrLen Advertised window Flags 0 addresses plus TCP source and destination Checksum Urgent pointer ports uniquely identifies a (bidirectional) TCP Options (variable) connection Some port numbers are Data … “ well known ” e.g. port 443 = HTTPS

  13. TCP Header Source port Destination port Starting sequence Sequence number number (byte offset) of data Acknowledgment carried in this HdrLen Advertised window Flags 0 “segment” Checksum Urgent pointer Options (variable) Data …

  14. TCP Header Source port Destination port Starting sequence Sequence number number (byte offset) of data Acknowledgment carried in this HdrLen Advertised window Flags 0 “segment” Checksum Urgent pointer Byte streams Options (variable) numbered independently in each direction Data …

  15. TCP Header Source port Destination port Starting sequence Sequence number number (byte offset) of data Acknowledgment carried in this HdrLen Advertised window Flags 0 “segment” Checksum Urgent pointer Byte streams Options (variable) numbered independently in each direction Data … Sequence number assigned to start of byte stream is picked when connection begins; doesn’t start at 0

  16. TCP Header Source port Destination port Sequence number Acknowledgment gives seq # just Acknowledgment beyond highest seq. received in order . HdrLen Advertised window Flags 0 Checksum Urgent pointer If sender successfully sends N bytestream Options (variable) bytes starting at seq S then “ ack ” for that Data … will be S+N .

  17. Sequence Numbers Host A ISN (initial sequence number) Sequence ACK sequence TCP TCP Data HDR number from A number from B = 1 st byte of = next data expected byte TCP TCP Data HDR Host B

  18. TCP Header Source port Destination port Sequence number Uses include: Acknowledgment acknowledging data ( “ ACK ” ) HdrLen Advertised window Flags 0 Checksum Urgent pointer setting up ( “ SYN ” ) and closing Options (variable) connections ( “ FIN ” and “ RST ” ) Data …

  19. Establishing a TCP Connection B A • Three-way handshake to establish connection

  20. Establishing a TCP Connection B A Each host tells its Initial Sequence Number (ISN) to the other host. (Spec says to pick based on a clock) • Three-way handshake to establish connection

  21. Establishing a TCP Connection B A SYN Each host tells its Initial Sequence Number (ISN) to the other host. (Spec says to pick based on a clock) • Three-way handshake to establish connection – Host A sends a SYN (open; “synchronize sequence numbers”) to host B

  22. Establishing a TCP Connection B A SYN Each host tells its Initial Sequence Number SYN+ACK (ISN) to the other host. (Spec says to pick based on a clock) • Three-way handshake to establish connection – Host A sends a SYN (open; “synchronize sequence numbers”) to host B – Host B returns a SYN acknowledgment ( SYN + ACK )

  23. Establishing a TCP Connection B A SYN Each host tells its Initial Sequence Number SYN+ACK (ISN) to the other host. ACK (Spec says to pick based on a clock) • Three-way handshake to establish connection – Host A sends a SYN (open; “synchronize sequence numbers”) to host B – Host B returns a SYN acknowledgment ( SYN + ACK ) – Host A sends an ACK to acknowledge the SYN + ACK

  24. Establishing a TCP Connection B A SYN Each host tells its Initial Sequence Number SYN+ACK (ISN) to the other host. ACK (Spec says to pick based D a t on a clock) a D a t a • Three-way handshake to establish connection – Host A sends a SYN (open; “synchronize sequence numbers”) to host B – Host B returns a SYN acknowledgment ( SYN + ACK ) – Host A sends an ACK to acknowledge the SYN + ACK

  25. Timing Diagram: 3-Way Handshaking Passive Different starting Open initial sequence Active numbers (ISNs) in Server Open each direction listen() Client (initiator) connect() SYN, SeqNum = x 1 + x = k c A , y = m u N q e S K , C A + N Y S ACK, SeqNum = x + 1, Ack = y + 1 accept()

  26. TCP Conn. Setup & Data Exchange Client (initiator) Server IP address 1.2.1.2, port 3344 IP address 9.8.7.6, port 80 S r c A = 1 . 2 . 1 . 2 , S r c D P s = 3 t A 3 = 4 9 4 . 8 , . 7 . 6 , D s t P = 8 0 , S Y N , S e q = x SrcA=9.8.7.6, SrcP=80, DstA=1.2.1.2, DstP=3344, SYN+ACK, Seq = y, Ack = x+1 S r c A = 1 . 2 . 1 . 2 , S r D c s P t A = 3 = 3 9 4 . 8 4 . , 7 . 6 , D s t P = 8 0 , A C K , A c k = y + 1 S r c A = 1 . 2 . 1 . 2 , S r c P = 3 3 A 4 C 4 , D K s , S t e A q = = 9 . x 8 + . 7 1 , . 6 A , c D k s = t P y = + 8 1 0 , , D a t a = “ “ G E T / l o g i n . h t m l SrcA=9.8.7.6, SrcP=80, DstA=1.2.1.2, DstP=3344, ACK, Seq = y+1, Ack = x+16, Data= “ 200 OK … <html> … ”

  27. TCP Threat: Disruption • Normally, TCP finishes ( “ closes ” ) a connection by each side sending a FIN control message – Reliably delivered, since other side must ack • But: if a TCP endpoint finds unable to continue (process dies; info from other “ peer ” is inconsistent), it abruptly terminates by sending a RST control message – Unilateral – Takes effect immediately (no ack needed) – Only accepted by peer if has correct* sequence number 27

  28. Source port Destination port Sequence number Acknowledgment HdrLen Advertised window Flags 0 Checksum Urgent pointer Options (variable) Data …

  29. Source port Destination port Sequence number Acknowledgment RST HdrLen Advertised window 0 Checksum Urgent pointer Options (variable)

  30. Abrupt Termination X B ACK SYN ACK SYN A T a t S C a R D K A time • A sends a TCP packet with RESET ( RST ) flag to B – E.g., because app. process on A crashed – (Could instead be that B sends a RST to A) • Assuming that the sequence numbers in the RST fit with what B expects, That’s It: – B’s user-level process receives: ECONNRESET – No further communication on connection is possible

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Wireless Security Wireless Network Attacks Access control attacks These attacks attempt to

Wireless Security Wireless Network Attacks Access control attacks These attacks attempt to

Wireless Security Wireless Network Attacks Access control attacks These attacks attempt to penetrate a network by using wireless or evading WLAN access control measures, like AP MAC filters and 802.1X port access controls. Type of Attack

184 views • 7 slides
Successive Network Coding (SNC): A Mitigating Mechanism Against Eavesdropping Attacks In Network

Successive Network Coding (SNC): A Mitigating Mechanism Against Eavesdropping Attacks In Network

Successive Network Coding (SNC): A Mitigating Mechanism Against Eavesdropping Attacks In Network Coding Based Systems Vahid N. Talooki, University of Aveiro, Portugal Network Coding (NC) allows intermediate nodes not only to store and forward

307 views • 4 slides
NETWORKING ATTACKS NETWORKING ATTACKS NOTICES Lab #2 extended to Feb. 17 @ 23:59 HW #3

NETWORKING ATTACKS NETWORKING ATTACKS NOTICES Lab #2 extended to Feb. 17 @ 23:59 HW #3

CMPS122: COMPUTER SECURITY NETWORKING ATTACKS NETWORKING ATTACKS NOTICES Lab #2 extended to Feb. 17 @ 23:59 HW #3 due tonight NETWORKING ATTACKS LAST TIME TCP/IP networking stack Physical layer Data link layer Network

1.1k views • 61 slides
Overview Network and Server Goal of Security Control Attacks and Penetration Phases of

Overview Network and Server Goal of Security Control Attacks and Penetration Phases of

Overview Network and Server Goal of Security Control Attacks and Penetration Phases of Control Methods of Taking Control Common Points of Attack Multifront Attacks Chapter 12 Auditing to Recognize Attacks Malicious

535 views • 7 slides
Networking Attacks: Link-, IP-, and TCP-layer attacks Network Security Prof. Haojin Zhu

Networking Attacks: Link-, IP-, and TCP-layer attacks Network Security Prof. Haojin Zhu

Networking Attacks: Link-, IP-, and TCP-layer attacks Network Security Prof. Haojin Zhu Materials adopted from Prof. David Wagner 2019 General Communication Security Goals: CIA Confidentiality: No one can read our data / communication

876 views • 60 slides
CSE 127: Introduction to Security Lecture 11: Network Attacks Nadia Heninger and Deian Stefan

CSE 127: Introduction to Security Lecture 11: Network Attacks Nadia Heninger and Deian Stefan

CSE 127: Introduction to Security Lecture 11: Network Attacks Nadia Heninger and Deian Stefan UCSD Fall 2019 Some material from Stefan Savage, David Wagner, and Nick Weaver Threat Modeling for Network Attacks Basic security goals:

804 views • 31 slides
Network Threats &amp; Attacks 1 Internet Structure backbone ISP local network Internet

Network Threats &amp; Attacks 1 Internet Structure backbone ISP local network Internet

CS 134 Winter 2018 Lecture 16 Network Threats &amp; Attacks 1 Internet Structure backbone ISP local network Internet service Autonomous system (AS) is a provider (ISP) collection of IP networks under control local network of a single

769 views • 54 slides
CSE 127: Introduction to Security Lecture 13: Network Attacks Deian Stefan UCSD Fall 2020

CSE 127: Introduction to Security Lecture 13: Network Attacks Deian Stefan UCSD Fall 2020

CSE 127: Introduction to Security Lecture 13: Network Attacks Deian Stefan UCSD Fall 2020 Material from Nadia Heninger, Stefan Savage, David Wagner, and Nick Weaver Threat modeling for network attacks Basic security goals:

1.11k views • 39 slides
CSE 127: Introduction to Security Lecture 10: Network Attacks Deian Stefan UCSD Winter 2020

CSE 127: Introduction to Security Lecture 10: Network Attacks Deian Stefan UCSD Winter 2020

CSE 127: Introduction to Security Lecture 10: Network Attacks Deian Stefan UCSD Winter 2020 Material from Nadia Heninger, Stefan Savage, David Wagner, and Nick Weaver Threat Modeling for Network Attacks Basic security goals:

585 views • 36 slides
Network/Internet Threats/Attacks 1 Internet Structure backbone ISP local network Internet

Network/Internet Threats/Attacks 1 Internet Structure backbone ISP local network Internet

Lecture 17 CS 134 Spring 2019 Network/Internet Threats/Attacks 1 Internet Structure backbone ISP local network Internet service Autonomous system (AS) is a provider (ISP) local network collection of IP networks under control of a

643 views • 25 slides
Attacks in SDN Domains Kostas Giotis , Maria Apostolaki, Vasilis Maglaris IEEE/IFIP Network

Attacks in SDN Domains Kostas Giotis , Maria Apostolaki, Vasilis Maglaris IEEE/IFIP Network

NATIONAL TECHNICAL UNIVERSITY OF ATHENS - NTUA SCHOOL OF ELECTRICAL &amp; COMPUTER ENGINEERING NETWORK MANAGEMENT &amp; OPTIMAL DESIGN LABORATORY (NETMODE) A Reputation-based Collaborative Schema for the Mitigation of Distributed Attacks in SDN

631 views • 9 slides
TCP/IP: sniffing, ARP attacks, IP fragmentation Network Security Lecture 3 Recap and overview

TCP/IP: sniffing, ARP attacks, IP fragmentation Network Security Lecture 3 Recap and overview

TCP/IP: sniffing, ARP attacks, IP fragmentation Network Security Lecture 3 Recap and overview Last time Today TCP/IP Attacks IP Sniffing Ethernet Spoofing ARP Hijacking (ARP) Tools/libraries Libnet,

729 views • 37 slides
Mitigating Sybil Attacks on the I2P Network Using Blockchain RP #97, Kotaiba Alachkar &amp; Dirk

Mitigating Sybil Attacks on the I2P Network Using Blockchain RP #97, Kotaiba Alachkar &amp; Dirk

Mitigating Sybil Attacks on the I2P Network Using Blockchain RP #97, Kotaiba Alachkar &amp; Dirk Gaastra Supervisor: Vincent Van Mieghem, Deloitte 3 July, 2018 MSc Security and Network Engineering University of Amsterdam Introduction I2P -

720 views • 37 slides
Introduction to Network Security Chapter 4 Taxonomy of Network-Based Vulnerabilities Dr. Doug

Introduction to Network Security Chapter 4 Taxonomy of Network-Based Vulnerabilities Dr. Doug

Introduction to Network Security Chapter 4 Taxonomy of Network-Based Vulnerabilities Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Topics Network Security Model Header attacks Protocol Attacks

597 views • 25 slides
Backbone Infrastructure Attacks and Protections draft-savola-rtgwg-backbone-attacks-01.txt Pekka

Backbone Infrastructure Attacks and Protections draft-savola-rtgwg-backbone-attacks-01.txt Pekka

Backbone Infrastructure Attacks and Protections draft-savola-rtgwg-backbone-attacks-01.txt Pekka Savola Introduction Describes a view of ISP backbone network attacks Lots of folks in IETF and elsewhere had quite different ideas whats out

529 views • 9 slides
Network Forensics and Next Generation Internet Attacks Moderated by: Moheeb Rajab Background

Network Forensics and Next Generation Internet Attacks Moderated by: Moheeb Rajab Background

Network Forensics and Next Generation Internet Attacks Moderated by: Moheeb Rajab Background singers: Jay and Fabian 1 Agenda Questions and Critique of Timezones paper Extensions Network Monitoring (recap) Post-Mortem Analysis

666 views • 40 slides
Failure to Disrupt: Why Technology Alone Cant Transform Education failuretodisrupt.com Free

Failure to Disrupt: Why Technology Alone Cant Transform Education failuretodisrupt.com Free

Failure to Disrupt: Why Technology Alone Cant Transform Education failuretodisrupt.com Free online book club starting Sept 21 failuretodisrupt.com/virtualbookclub Justin Reich Mitsui Career Development Professor Massachusetts Institute

401 views • 22 slides
Cyber-Physical Security for the Smart Grid Deepa Kundur Texas A&amp;M University (Joint work

Cyber-Physical Security for the Smart Grid Deepa Kundur Texas A&amp;M University (Joint work

Cyber-Physical Security for the Smart Grid Deepa Kundur Texas A&amp;M University (Joint work with Shan Liu, Takis Zourntos and Karen Butler-Purry) CYBER SECURITY POWER SYSTEMS DYNAMICAL SYSTEMS 2 A Smarter Grid MARRIAGE OF INFORMATION

1.86k views • 46 slides
Make TCP more Robust to Long Connectivity Disruptions Alexander Zimmermann and Arnd Hannemann

Make TCP more Robust to Long Connectivity Disruptions Alexander Zimmermann and Arnd Hannemann

427 views • 17 slides
Network Attacks, Part 1 CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin

Network Attacks, Part 1 CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin

Network Attacks, Part 1 CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed &amp; Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ February 3, 2011 1 Announcements / Game Plan Homework #1 out now, due

433 views • 24 slides
During School Disruption Station Webinar | March 25, 2020 | 4-5 PM EDT Presented by PBS

During School Disruption Station Webinar | March 25, 2020 | 4-5 PM EDT Presented by PBS

Supporting Local Educators During School Disruption Station Webinar | March 25, 2020 | 4-5 PM EDT Presented by PBS Childrens Media &amp; Education Welcome Toda ys Agenda : Review Localization Features Review Browsing and

580 views • 44 slides
Gravitational Waves from NS tidal disruption in NSNS and NSBH binaries Michele Vallisneri

Gravitational Waves from NS tidal disruption in NSNS and NSBH binaries Michele Vallisneri

Gravitational Waves from NS tidal disruption in NSNS and NSBH binaries Michele Vallisneri Jet Propulsion Laboratory, Caltech Oct 28, 2002 Knowledge of m(R) provides information about the NS equation of state Modern NS equations of

137 views • 12 slides
SMT Solvers: A Disruptive Technology John Rushby Computer Science Laboratory SRI International

SMT Solvers: A Disruptive Technology John Rushby Computer Science Laboratory SRI International

SMT Solvers: A Disruptive Technology John Rushby Computer Science Laboratory SRI International Menlo Park, California, USA John Rushby, SR I SMT Solvers: 1 SMT Solvers SMT stands for Satisfiability Modulo Theories SMT solvers

770 views • 39 slides
Improving performance in delay/disruption tolerant networks through passive relay points Saeed

Improving performance in delay/disruption tolerant networks through passive relay points Saeed

Wireless Netw (2012) 18:931 DOI 10.1007/s11276-011-0384-1 Improving performance in delay/disruption tolerant networks through passive relay points Saeed Shahbazi Shanika Karunasekera Aaron Harwood Published online: 30 September 2011

605 views • 23 slides

More recommend