Taming the Shrew: Modifying TCP to Withstand Denial of Service Attacks Florin Dinu Zheng Cai Rice University TCP is a cornerstone of today’s Internet. It is pervasive. Studies [1] have shown that TCP accounts for 80% of today’s Internet traffic. Because of its widespread use a lot of research has gone into tuning TCP’s parameters to maximize performance. There have, however, always been security issues surrounding the use of TCP. A comprehensive list was published in [2]. Other problems arise from TCP’s assumption that end-points should cooperate and use the same algorithms for congestion control when packet loss is encountered in the net- work. Yet another class of attacks has gotten a lot of attention recently. These attacks allow the throttling of TCP fiows to a small fraction of their ideal speed (Reduction of Quality attacks like [3]) and go as far as terminating TCP fiows by injecting reset packets (Denial of Service attacks). In this project we look at ways to modify TCP to make it immune to this last class of attacks. Reduction of Quality (RoQ) attacks take advantage of TCP’s back-off and retransmission mechanism to constantly create traffic loss and therefore make attacked fiows enter the slow-start phase very often. They use very short but high-rate bursts of traffic to create congestion at the same time that the attacked fiow tries to re-send lost packets. Such attacks are stealthy because they have a small average rate and therefore bypass detection systems installed in routers. There have been two main classes of solutions to alleviate this problem. One possible solution can be employed at router level and requires the identification of malicious fiows using patterns that can differentiate them from regular fiows [4]. The other approach modifies the TCP protocol itself. One straight-forward approach is the randomization of the back-off timer. This solution, however, presents an inherent trade-off between the performance of TCP and the resulting security gains. Modifications of the back-off algorithm lead to a decrease in TCP performance. In this project we look at other possible modifications that can create TCP-like transport protocols resistant to RoQ attacks. One major issue with TCP is that any modification must be backward compatible with current implementations. This inherently limits the amount of adjustment that can be done on the protocol and generally takes precedence in practice. In this project, however, we put emphasis on coming up with solutions for the attacks presented even if this necessitates changes in the protocol. We do try to keep the changes within reasonable limits. A first idea is to see how Explicit Congestion Notification (ECN) mechanisms can be leveraged to provide more information to the transport protocol about the level and type of congestion at the routers. This might give valuable information to TCP clients to enable them to differentiate congestion caused by RoQ attacks. Time permitting, we will also look at DoS attacks caused by injecting RST

packets. With enough information about the victim’s active connections and about the TCP sessions (sequence numbers) the attacker can send RST packets and disrupt the connections. To defend against this kind of attack, one idea is that in TCP, identification should not only depend on source/destination addresses and port numbers be- cause they can easily be spoofed. We still want to the functionality provided by the RST packets, but we want to make sure that a fake RST packet will not do any damage. There could either be a negotiation before the connection actually gets closed, or a fingerprint can be added to the RST packet so that only one of the peers can generate valid RST packets. To evaluate our approach, we first need to show that that it works in different attack scenarios while preserving the correct functionality of the original TCP. We also plan to evaluate how much overhead our approach adds compared to TCP, both in terms of packet size and communication time. We plan to implement our ideas using the ns2 [5] simulator.

References [1] K.-C. Lan, A. Hussain, and D. Dutta, “The effect of malicious traffic on the network,” in PAM 2003, La Jolla, April 2003. [2] S. M. Bellovin, “Security problems in the tcp/ip security suite,” in Computer Communication Review, April 1989. [3] Kuzmanovic and E. W. Knightly, “Low-rate tcp-targeted denial of service attacks (the shrew vs. the mice and elephants),” in ACM SIGCOMM, August 2003. [4] Y. Chen and K. Hwang, “Tcp flow analysis for defense against shrew ddos attacks,” in ICC, 2007. [5] “The ns2 Network Simulator.” http://nsnam.isi.edu/nsnam/index.php/ Main Page.

2

Taming the Shrew: Modifying TCP to Withstand Denial ...

modifications that can create TCP-like transport protocols resistant to RoQ attacks. One major ... network,” in PAM 2003, La Jolla, April 2003. [2] S. M. Bellovin ...
Download PDF
47KB Sizes 0 Downloads 131 Views
Report

Recommend Documents

Taming the Shrew 1 Introduction 2 The Shrew Attack
Dec 6, 2008 - Collaborative versions of this idea in which multiple routers ..... [7] K. H. Y. Chen and Y. K. Kwok, “Filtering of shrew ddos attacks in frequency ...
able-to-withstand-it-installation-automate-mechanized-blog-how-to ...
... And AutomationDoes. Page 2 of 2. able-to-withstand-it-installation-automate-mechanize ... erform-as-serve-as-notably-spinach-1499536206888.pdf.
able-to-withstand-it-installation-automate-mechanized-blog-how-to ...
... And AutomationDoes. Page 2 of 2. able-to-withstand-it-installation-automate-mechanize ... erform-as-serve-as-notably-spinach-1499536206888.pdf.
'Modifying' DE and the
result of the (defmiteness) specification of a low position hosting demonstratives and certain ..... Lisi DE to this CL case DE investigation last Asp 1-CL-hour.
Taming The Tardies.pdf
What enabled these educators to achieve such dramatic. results? It took a concerted, collaborative, choreographed effort. by both administrators and teachers to ...
Denial of Motion to Reallot.pdf
Page 1 of 1. UNITED STATES DISTRICT COURT. EASTERN DISTRICT OF LOUISIANA. In re: Oil Spill by the Oil Rig. “Deepwater Horizon” in the Gulf. of Mexico ...
'Modifying' DE and the
the relative clause and the head-noun, but Chinese is a language which is ..... SpecQP position parallel to that in other languages (and like quantifiers in.
Denial of free diet to the patients.PDF
diet lv..hpr-r, lheir,BaSi€: y .was R!. 4200/" 6. r' D"elow,". The Railway ... Denial of free diet to the patients.PDF. Denial of free diet to the patients.PDF. Open.
Denial of TA-DA to the Staff.PDF
While going through the contents of Railway Board's letter dated 2510812015, NFIR. is constrained to ... practicable route by which a traveller can reach his destination by. the ordinary ... 030-22283,22626, Fax :011-23744013, Rly. 22382 ... Denial o
Distributed Denial of Service Attacks and istributed Denial of Service ...
Hence, ingress and egress filtering are ineffective to stop DDoS attacks. 2) Router based packet filtering. Route based filtering, proposed by Park and Lee [23], extends ingress filtering and uses the route information to filter out spoofed IP packet
Modifying Motions to Meet New Constraints
and developing a motion simulation model. In this study, the robustness of the proposed motion modification method was investigated using various 2-D whole-body lifting motions. The goal is to determine: 1) How far and how robust the method can extra
Toward “Pseudo-Haptic Avatars”: Modifying the Visual ... - IEEE Xplore
In our experimental setup, participants could watch their self-avatar in a virtual environment in mirror mode while performing a weight lifting task. Users could ...
Distributed Denial of Service Attacks and istributed Denial of Service ...
1,2Patiala, Punjab, India. 147002 ... number of hosts can generate a lot of traffic at and near the target machine, clogging all the routes to the victim. Protection against such large scale .... handler program installed on a network server, an IRC
Embedding Denial
University of Melbourne [email protected]. April 10, 2011. 1 Introduction ...... denial fit to express disagreement? We've got half of what we want: if I assert.
Land rover defender modifying manual a practical guide to ...
Retrying... Land rover defender modifying manual a practical guide to upgrades pdf. Land rover defender modifying manual a practical guide to upgrades pdf.
Self Modifying Cartesian Genetic Programming
not explicitly computational in that often one must apply some other mapping ... Cartesian Genetic Programming represents programs as directed graphs [8].
Self Modifying Cartesian Genetic Programming
... a node is of type INP (shorthand for INPUT), each successive call gets the next input from .... The way self modifying functions act is defined by 4 variables. The three ..... the 9th annual conference on Genetic and evolutionary computation.
TCP/32764 backdoor - GitHub
ReAIM (http://reaim.sourceforge.net/). • Possibly vuln… – Unkown service listening on TCP/32764. • Responds ScMM\xFF\xFF\xFF\xFF\x00\x00\x00\x00 to any.
Taming Java Threads
Java's Thread Support Is Not Platform Independent . ...... from run to run, but here's a typical output (on a 200MHz P5, NT4/SP3, using JDK ver. 1.2.1 and.