Re Resilience of of Dep Deployed ed TC TCP to to Bl Blink - - PowerPoint PPT Presentation

re resilience of of dep deployed ed tc tcp to to bl blink
SMART_READER_LITE
LIVE PREVIEW

Re Resilience of of Dep Deployed ed TC TCP to to Bl Blink - - PowerPoint PPT Presentation

Feb 27, 2023 250 likes •374 views

Chair of Connected Mobility TUM Department of Informatics Re Resilience of of Dep Deployed ed TC TCP to to Bl Blink Attack At Paper written by Matthew Luckie Robert Beverly Tiange Wu Naval Postgraduate School University of Waikato

slide-1
SLIDE 1

Re Resilience of

  • f Dep

Deployed ed TC TCP to to Bl Blink At Attack

Paper written by

Chair of Connected Mobility TUM Department of Informatics

1 Matthew Luckie University of Waikato mjl@wand.net.nz Robert Beverly Naval Postgraduate School rbeverly@nps.edu Tiange Wu CAIDA / UC San Diego tiangewu@caida.org Mark Allman ICSI mallman@icir.org Kc Claffy CAIDA / UC San Diego kc@caida.org

Presented by: Victor Aguboshim 03679101

slide-2
SLIDE 2

Co Conten ent

vMotivation vMethodology

vActive Measured Methods vVantage Points

vConducted Tests

vResult of Tests

vConclusions

Chair of Connected Mobility TUM Department of Informatics

2

slide-3
SLIDE 3

Mo Moti tivati tion

Ø To determine how a TCP connection will react to an attack from a unrevealed false IP address such that the attacker does not intend to receive traffic from the attack.

Ø Does this attack cause a TCP connection reset? Ø Is it accepted, Challenged or just ignored?

Ø Understand what TCP features enhance its resistance to Blind attacks

Chair of Connected Mobility TUM Department of Informatics

3

slide-4
SLIDE 4

Me Metho thodo dology

Ø Active Measured Methods

Ø Blind Reset and SYN Test Ø Blind Data Test Ø Fingerprinting Test

Chair of Connected Mobility TUM Department of Informatics

4

slide-5
SLIDE 5

Me Metho thodo dology

Ø Vantage Points of Measurement:

Ø cld-us, hosted by CAIDA (San Diego, USA) Ø hlz-nz, hosted by the University of Waikato ( Waikato, New zealand) Ø Hosted by Massachusetts Institute of Technology (MIT), Cambridge.

Chair of Connected Mobility TUM Department of Informatics

5

slide-6
SLIDE 6

Conduct cted Tests and Results

vWebserver Vulnerability

Chair of Connected Mobility TUM Department of Informatics

6

Fig1: Overview of Results from the cld-us VP Fig 2: Overview of the Results based on VPs Fig 3: Overlap of results from the cld-us VP

slide-7
SLIDE 7

Conduct cted Tests and Results

vInfrastructure Vulnerability

Chair of Connected Mobility TUM Department of Informatics

7

Fig 4: Overview of Response Laboratory testing of blind TCP attacks against BGP-speaking router and OpenFlow-speaking switches

slide-8
SLIDE 8

Conduct cted Tests and Results

vPorts Selection Predictability

Chair of Connected Mobility TUM Department of Informatics

8

Fig 5: Overview of the predictability of the observed ports

slide-9
SLIDE 9

Concl clusion

Ø TCP is an important protocol with huge traffic and so the need for constant security and performance improvements. Ø 22% of connections are vulnerable to SYN and rest packets Ø 30% vulnerable to in-window data packets Ø 38.4% vulnerable to at least one of the three tested in-window attacks tested

Chair of Connected Mobility TUM Department of Informatics

9

slide-10
SLIDE 10

Reference ces

  • Alexa. Top 1,000,000 sites.

http://www.alexa.com/topsites.

  • Cisco. TCP Vulnerabilities in Multiple IOS-Based Cisco

Products,2004.http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory /cisco-sa-20040420-tcp-ios.

  • M. Zalewski. p0f v3 (version3.08b).http://lcamtuf.coredump.cx/p0f3/.
  • M. Luckie. Scamper: a scalable and extensible packet prober for active measurement
  • f the Internet. In IMC, pages 239–245, Nov. 2010.

Chair of Connected Mobility TUM Department of Informatics

10

slide-11
SLIDE 11

Thank k you for your time Qu Ques estions? s?

Chair of Connected Mobility TUM Department of Informatics

11