network attacks part 1
play

Network Attacks, Part 1 CS 161: Computer Security Prof. Vern Paxson - PowerPoint PPT Presentation

Nov 02, 2022 •529 likes •959 views

Network Attacks, Part 1 CS 161: Computer Security Prof. Vern Paxson TAs: Jethro Beekman, Mobin Javed, Antonio Lupher, Paul Pearce & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ February 7, 2013 Announcements / Game Plan

  1. Network Attacks, Part 1 CS 161: Computer Security Prof. Vern Paxson TAs: Jethro Beekman, Mobin Javed, Antonio Lupher, Paul Pearce & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ February 7, 2013

  2. Announcements / Game Plan • Homework #1 out now, due next week (Friday 2/15, 10:00PM) – Turn in electronically • We expect Project #1 to ship around the end of next week • Goal for today: a look at network attacks – With a focus on network layers 1-4 • To start: what general goals do we have communication/network security?

  3. General Communication Security Goals: CIA • Confidentiality: – No one can read our data / communication unless we want them to • Integrity – No one can manipulate our data / processing / communication unless we want them to • Availability – We can access our data / conduct our processing / use our communication capabilities when we want to • Also: no additional traffic other than ours … 3

  4. Layers 1 & 2: General Threats? Framing and transmission of a collection of bits into individual messages sent across a 7 Application single “subnetwork” (one physical technology) 4 Transport 3 (Inter)Network Link 2 Encoding bits to send them over a single physical link 1 Physical e.g. patterns of voltage levels / photon intensities / RF modulation 4

  5. Physical/Link-Layer Threats: Eavesdropping • Also termed sniffing • For subnets using broadcast technologies (e.g., WiFi, some types of Ethernet), get it for “free” – Each attached system ’s NIC (= Network Interface Card) can capture any communication on the subnet – Some handy tools for doing so o tcpdump / windump (low-level ASCII printout) 5

  6. TCPDUMP: Packet Capture & ASCII Dumper 6

  7. Physical/Link-Layer Threats: Eavesdropping • Also termed sniffing • For subnets using broadcast technologies (e.g., WiFi, some types of Ethernet), get it for “free” – Each attached system ’s NIC (= Network Interface Card) can capture any communication on the subnet – Some handy tools for doing so o tcpdump / windump (low-level ASCII printout) o Wireshark (GUI for displaying 800+ protocols) 7

  8. Wireshark: GUI for Packet Capture/Exam. 8

  9. Wireshark: GUI for Packet Capture/Exam. 9

  10. Wireshark: GUI for Packet Capture/Exam. 10

  11. Physical/Link-Layer Threats: Eavesdropping • Also termed sniffing • For subnets using broadcast technologies (e.g., WiFi, some types of Ethernet), get it for “free” – Each attached system ’s NIC (= Network Interface Card) can capture any communication on the subnet – Some handy tools for doing so o tcpdump / windump (low-level ASCII printout) o Wireshark (GUI for displaying 800+ protocols) o Bro (scriptable real-time network analysis) • For any technology, routers (and internal “switches”) can look at / export traffic they forward • You can also “tap” a link – Insert a device to mirror physical signal 11 – Or: just steal it!

  12. Stealing Photons 12

  13. 13

  14. Physical/Link-Layer Threats: Disruption • With physical access to a subnetwork, attacker can – Overwhelm its signaling o E.g., jam WiFi’s RF – Send messages that violate the Layer-2 protocol’s rules o E.g., send messages > maximum allowed size, sever timing synchronization, ignore fairness rules • Routers & switches can simply “drop” traffic • There’s also the heavy-handed approach … 14

  15. 15

  16. Physical/Link-Layer Threats: Spoofing • With physical access to a subnetwork, attacker can create any message they like – When with a bogus source address: spoofing • When using a typical computer, may require root/administrator to have full freedom • Particularly powerful when combined with eavesdropping – Because attacker can understand exact state of victim’s communication and craft their spoofed traffic to match it – Spoofing w/o eavesdropping = blind spoofing 16

  17. Spoofing Considerations • “On path” attackers can see victim’s traffic ⇒ spoofing is easy • “Off path” attackers can’t see victim’s traffic – They have to resort to blind spoofing – Often must guess/infer header values to succeed o We then care about work factor: how hard is this – But sometimes they can just brute force o E.g., 16-bit value: just try all 65,536 possibilities! • When we say an attacker “can spoof”, we usually mean “w/ reasonable chance of success” 17

  18. Layer 3: General Threats? Bridges multiple “subnets” to 7 Application provide end-to-end internet 4 Transport connectivity between nodes 3 (Inter)Network 4-bit 8-bit Link 4-bit 2 16-bit Total Length (Bytes) Header Type of Service Version Length (TOS) 1 Physical 3-bit 13-bit Fragment Offset 16-bit Identification Flags 8-bit Time to 8-bit Protocol 16-bit Header Checksum Live (TTL) 32-bit Source IP Address 32-bit Destination IP Address IP = Internet Protocol Payload 18

  19. Network-Layer (IP) Threats • Can set arbitrary source address – “Spoofing” - receiver has no idea who you are – Could be blind, or could be coupled w/ sniffing – Note: many attacks require two-way communication o So successful off-path/blind spoofing might not suffice • Can set arbitrary destination address – Enables “scanning” - brute force searching for hosts • Can send like crazy (flooding) – IP has no general mechanism for tracking overuse – IP has no general mechanism for tracking consent – Very hard to tell where a spoofed flood comes from! • If attacker can manipulate routing, can bring traffic to themselves for eavesdropping (viewed as hard) 19

  20. 5 Minute Break Questions Before We Proceed?

  21. Layer 4: General Threats? End-to-end communication 7 Application between processes 4 Transport (TCP, UDP) 3 (Inter)Network Source port Destination port Link 2 Sequence number 1 Physical Acknowledgment HdrLen Advertised window Flags 0 Checksum Urgent pointer Options (variable) Data 21

  22. Layer 4: General Threats? 7 Application These plus IP addresses define a given connection 4 Transport 3 (Inter)Network Source port Destination port Link 2 Sequence number 1 Physical Acknowledgment HdrLen Advertised window Flags 0 Checksum Urgent pointer Options (variable) Data 22

  23. Layer 4: General Threats? 7 Application Defines where this packet fits within the 4 Transport sender’s bytestream 3 (Inter)Network Source port Destination port Link 2 Sequence number 1 Physical Acknowledgment HdrLen Advertised window Flags 0 Checksum Urgent pointer Options (variable) Data 23

  24. TCP Conn. Setup & Data Exchange Client (initiator) Server IP address 1.2.1.2, port 3344 IP address 9.8.7.6, port 80 S r c A = 1 . 2 . 1 . 2 , S r c P D = s 3 t A 3 4 4 = 9 , . 8 . 7 . 6 , D s t P = 8 0 , S Y N , S e q = x 0 , 8 = c P S r 6 , 7 . 1 8 . + 9 . x = = A c k r c A S , y = q S e , K A C + N Y S 4 , 4 3 = 3 P s t D 2 , . . 1 . 2 = 1 A s t D S r c A = 1 . 2 . 1 . 2 , S r c D P s = t A 3 3 = 9 4 4 . , 8 . 7 . 6 , D s t P = 8 0 , A C K , A c k = y + 1 S r c A = 1 . 2 . 1 . 2 , S r c P = 3 3 4 4 A , C D K s , t A S = e q 9 = . 8 x . + 7 . 1 6 , A , D c s k t P = = y + 8 0 1 , , D a t a = “ G E T / l o g i n . h t m l , 4 3 4 3 P = t D s , 2 1 . 2 . 1 . A = t D s … ” 0 , = 8 > P m l r c h t S < , … . 6 . 7 K . 8 O = 9 0 A 2 0 c “ S r a = t D a , 1 6 + x = k A c 1 , y + = q e S K , C A 24

  25. TCP Threat: Disruption • Normally, TCP finishes (“closes”) a connection by each side sending a FIN control message – Reliably delivered, since other side must ack • But: if a TCP endpoint finds unable to continue (process dies; info from other “peer” is inconsistent), it abruptly terminates by sending a RST control message – Unilateral – Takes effect immediately (no ack needed) – Only accepted by peer if has correct* sequence number 25

  26. Source port Destination port Sequence number Acknowledgment HdrLen Advertised window Flags 0 Checksum Urgent pointer Options (variable) Data 26

  27. Source port Destination port Sequence number Acknowledgment RST HdrLen Advertised window 0 Checksum Urgent pointer Options (variable) Data 27

  28. Abrupt Termination X B SYN ACK ACK RST SYN ACK a t a D A time • A sends a TCP packet with RESET ( RST ) flag to B – E.g., because app. process on A crashed – (Could instead be that B sends a RST to A) • Assuming that the sequence numbers in the RST fit with what B expects, That’s It: – B’s user-level process receives: ECONNRESET – No further communication on connection is possible 28

  29. TCP Threat: Disruption • Normally, TCP finishes (“closes”) a connection by each side sending a FIN control message – Reliably delivered, since other side must ack • But: if a TCP endpoint finds unable to continue (process dies; info from other “peer” is inconsistent), it abruptly terminates by sending a RST control message – Unilateral – Takes effect immediately (no ack needed) – Only accepted by peer if has correct* sequence number • So: if attacker knows ports & sequence numbers, can disrupt any TCP connection 29

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Computer and Network Security: Network Attacks Kameswari Chebrolu All the figures used as part

Computer and Network Security: Network Attacks Kameswari Chebrolu All the figures used as part

Computer and Network Security: Network Attacks Kameswari Chebrolu All the figures used as part of the slides are either self created or from the public domain with either 'creative commons' or 'public domain dedication' licensing. The public

914 views • 26 slides
Network Attacks, Part 1 CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin

Network Attacks, Part 1 CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin

Network Attacks, Part 1 CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed &amp; Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ February 3, 2011 1 Announcements / Game Plan Homework #1 out now, due

433 views • 24 slides
Wireless Security Wireless Network Attacks Access control attacks These attacks attempt to

Wireless Security Wireless Network Attacks Access control attacks These attacks attempt to

Wireless Security Wireless Network Attacks Access control attacks These attacks attempt to penetrate a network by using wireless or evading WLAN access control measures, like AP MAC filters and 802.1X port access controls. Type of Attack

184 views • 7 slides
Successive Network Coding (SNC): A Mitigating Mechanism Against Eavesdropping Attacks In Network

Successive Network Coding (SNC): A Mitigating Mechanism Against Eavesdropping Attacks In Network

Successive Network Coding (SNC): A Mitigating Mechanism Against Eavesdropping Attacks In Network Coding Based Systems Vahid N. Talooki, University of Aveiro, Portugal Network Coding (NC) allows intermediate nodes not only to store and forward

307 views • 4 slides
NETWORKING ATTACKS NETWORKING ATTACKS NOTICES Lab #2 extended to Feb. 17 @ 23:59 HW #3

NETWORKING ATTACKS NETWORKING ATTACKS NOTICES Lab #2 extended to Feb. 17 @ 23:59 HW #3

CMPS122: COMPUTER SECURITY NETWORKING ATTACKS NETWORKING ATTACKS NOTICES Lab #2 extended to Feb. 17 @ 23:59 HW #3 due tonight NETWORKING ATTACKS LAST TIME TCP/IP networking stack Physical layer Data link layer Network

1.1k views • 61 slides
Overview Network and Server Goal of Security Control Attacks and Penetration Phases of

Overview Network and Server Goal of Security Control Attacks and Penetration Phases of

Overview Network and Server Goal of Security Control Attacks and Penetration Phases of Control Methods of Taking Control Common Points of Attack Multifront Attacks Chapter 12 Auditing to Recognize Attacks Malicious

535 views • 7 slides
Networking Attacks: Link-, IP-, and TCP-layer attacks Network Security Prof. Haojin Zhu

Networking Attacks: Link-, IP-, and TCP-layer attacks Network Security Prof. Haojin Zhu

Networking Attacks: Link-, IP-, and TCP-layer attacks Network Security Prof. Haojin Zhu Materials adopted from Prof. David Wagner 2019 General Communication Security Goals: CIA Confidentiality: No one can read our data / communication

876 views • 60 slides
CSE 127: Introduction to Security Lecture 11: Network Attacks Nadia Heninger and Deian Stefan

CSE 127: Introduction to Security Lecture 11: Network Attacks Nadia Heninger and Deian Stefan

CSE 127: Introduction to Security Lecture 11: Network Attacks Nadia Heninger and Deian Stefan UCSD Fall 2019 Some material from Stefan Savage, David Wagner, and Nick Weaver Threat Modeling for Network Attacks Basic security goals:

804 views • 31 slides
Network Threats &amp; Attacks 1 Internet Structure backbone ISP local network Internet

Network Threats &amp; Attacks 1 Internet Structure backbone ISP local network Internet

CS 134 Winter 2018 Lecture 16 Network Threats &amp; Attacks 1 Internet Structure backbone ISP local network Internet service Autonomous system (AS) is a provider (ISP) collection of IP networks under control local network of a single

769 views • 54 slides
CSE 127: Introduction to Security Lecture 10: Network Attacks Deian Stefan UCSD Winter 2020

CSE 127: Introduction to Security Lecture 10: Network Attacks Deian Stefan UCSD Winter 2020

CSE 127: Introduction to Security Lecture 10: Network Attacks Deian Stefan UCSD Winter 2020 Material from Nadia Heninger, Stefan Savage, David Wagner, and Nick Weaver Threat Modeling for Network Attacks Basic security goals:

585 views • 36 slides
CSE 127: Introduction to Security Lecture 13: Network Attacks Deian Stefan UCSD Fall 2020

CSE 127: Introduction to Security Lecture 13: Network Attacks Deian Stefan UCSD Fall 2020

CSE 127: Introduction to Security Lecture 13: Network Attacks Deian Stefan UCSD Fall 2020 Material from Nadia Heninger, Stefan Savage, David Wagner, and Nick Weaver Threat modeling for network attacks Basic security goals:

1.11k views • 39 slides
Network/Internet Threats/Attacks 1 Internet Structure backbone ISP local network Internet

Network/Internet Threats/Attacks 1 Internet Structure backbone ISP local network Internet

Lecture 17 CS 134 Spring 2019 Network/Internet Threats/Attacks 1 Internet Structure backbone ISP local network Internet service Autonomous system (AS) is a provider (ISP) local network collection of IP networks under control of a

643 views • 25 slides
Attacks in SDN Domains Kostas Giotis , Maria Apostolaki, Vasilis Maglaris IEEE/IFIP Network

Attacks in SDN Domains Kostas Giotis , Maria Apostolaki, Vasilis Maglaris IEEE/IFIP Network

NATIONAL TECHNICAL UNIVERSITY OF ATHENS - NTUA SCHOOL OF ELECTRICAL &amp; COMPUTER ENGINEERING NETWORK MANAGEMENT &amp; OPTIMAL DESIGN LABORATORY (NETMODE) A Reputation-based Collaborative Schema for the Mitigation of Distributed Attacks in SDN

631 views • 9 slides
TCP/IP: sniffing, ARP attacks, IP fragmentation Network Security Lecture 3 Recap and overview

TCP/IP: sniffing, ARP attacks, IP fragmentation Network Security Lecture 3 Recap and overview

TCP/IP: sniffing, ARP attacks, IP fragmentation Network Security Lecture 3 Recap and overview Last time Today TCP/IP Attacks IP Sniffing Ethernet Spoofing ARP Hijacking (ARP) Tools/libraries Libnet,

729 views • 37 slides
Do we need a new Internet? Part 2: Motivations for Change Adrian Perrig Network Security Group,

Do we need a new Internet? Part 2: Motivations for Change Adrian Perrig Network Security Group,

Do we need a new Internet? Part 2: Motivations for Change Adrian Perrig Network Security Group, ETH Zrich Worst Internet Security Problems? Malware (worms, viruses, etc.) Spyware Ransomware APT HTTP-based attacks Spam,

424 views • 17 slides
Mitigating Sybil Attacks on the I2P Network Using Blockchain RP #97, Kotaiba Alachkar &amp; Dirk

Mitigating Sybil Attacks on the I2P Network Using Blockchain RP #97, Kotaiba Alachkar &amp; Dirk

Mitigating Sybil Attacks on the I2P Network Using Blockchain RP #97, Kotaiba Alachkar &amp; Dirk Gaastra Supervisor: Vincent Van Mieghem, Deloitte 3 July, 2018 MSc Security and Network Engineering University of Amsterdam Introduction I2P -

720 views • 37 slides
FIT5124 Advanced Topics in Security Lecture 9: Malware Functionality and Analysis Techniques

FIT5124 Advanced Topics in Security Lecture 9: Malware Functionality and Analysis Techniques

FIT5124 Advanced Topics in Security Lecture 9: Malware Functionality and Analysis Techniques Ron Steinfeld Clayton School of IT Monash University April 2015 Ron Steinfeld FIT5124 Advanced Topics in SecurityLecture 9: Malware

450 views • 29 slides
IC ICL Evangelism lism and Disc iscip iple lesh ship ip Timothy R. Valentino What is the

IC ICL Evangelism lism and Disc iscip iple lesh ship ip Timothy R. Valentino What is the

IC ICL Evangelism lism and Disc iscip iple lesh ship ip Timothy R. Valentino What is the gospel? We will endeavor to start answering this question over the next two weeks. Resources: Handout: Clarifying the Gospel A

1.02k views • 41 slides
Attacking a Big Data Developer Dr. Olaf Flebbe of t oflebbe.de ApacheCon Bigdata Europe

Attacking a Big Data Developer Dr. Olaf Flebbe of t oflebbe.de ApacheCon Bigdata Europe

Attacking a Big Data Developer Dr. Olaf Flebbe of t oflebbe.de ApacheCon Bigdata Europe 16.Nov.2016 Seville About me PhD in computational physics Former projects: Minix68k (68k FP Emulation), Linux libm.so.5 (High Precision FP), perl and

1.12k views • 56 slides
Manipulation Techniques &amp; Visualization Sanity Check Have you looked at the notes and

Manipulation Techniques &amp; Visualization Sanity Check Have you looked at the notes and

Manipulation Techniques &amp; Visualization Sanity Check Have you looked at the notes and started the quiz? Are you getting email notifications from Piazza? Did you enroll yourself on the Student Center? Are you in a group of

910 views • 39 slides
Volume and Surface-Enhanced Negative Ion Sources Martin P. Stockli Oak Ridge National

Volume and Surface-Enhanced Negative Ion Sources Martin P. Stockli Oak Ridge National

Volume and Surface-Enhanced Negative Ion Sources Martin P. Stockli Oak Ridge National Laboratory Oak Ridge, TN 37830, USA A Lecture of the CERN Accelerator School on &quot;Ion Sources&quot; in collaboration with Senec, Slovakia June 2,

543 views • 51 slides
CONFLICT MANAGEMENT Advanced Management, Inc. 1936 Oak Ridge Turnpike, Oak Ridge, TN 37830

CONFLICT MANAGEMENT Advanced Management, Inc. 1936 Oak Ridge Turnpike, Oak Ridge, TN 37830

CONFLICT MANAGEMENT Advanced Management, Inc. 1936 Oak Ridge Turnpike, Oak Ridge, TN 37830 865-483-9500 |www.ami-tn.com The history of man is replete with mechanisms and attempts to control aggression. People have tried to pray it away,

458 views • 43 slides
PyCSP Revisited Brian Vinter John Markus Bjrndalen Rune Mllegaard Friborg Dias 1 eScience

PyCSP Revisited Brian Vinter John Markus Bjrndalen Rune Mllegaard Friborg Dias 1 eScience

PyCSP Revisited Brian Vinter John Markus Bjrndalen Rune Mllegaard Friborg Dias 1 eScience Centre Target domain History of PyCSP Started at CPA 2006 Presented at CPA 2007 Based on Python (OS) threads A GUI and multiple minor

377 views • 34 slides
When foes are friends adversarial examples as protective technologies Carmela Troncoso

When foes are friends adversarial examples as protective technologies Carmela Troncoso

When foes are friends adversarial examples as protective technologies Carmela Troncoso @carmelatroncoso Security and Privacy Engineering Lab The machine learning revolution 2 Machine Learning ) Definition (Wikipedia) Machine learning [...]

965 views • 58 slides

More recommend