Introduction to HP OpenView Project at INAC - PowerPoint PPT Presentation

1 / 30
About This Presentation
Title:

Introduction to HP OpenView Project at INAC

Description:

Canadian Tire. Bell Canada. Catalog Request. Return Addr: V. V. Boston Pizza. Phonebook Request ... Half-open buffer has a limited size. Each half-open ... – PowerPoint PPT presentation

Number of Views:158
Avg rating:3.0/5.0
Slides: 31
Provided by: want
Category:

less

Transcript and Presenter's Notes

Title: Introduction to HP OpenView Project at INAC


1

IP Spoofing Attacks Defenses
Tao Wan Digital Security Group Carleton
University, Ottawa, Canada http//www.scs.carleton
.ca/twan November 04, 2004
2
Outline
  • Introduction
  • IP Spoofing Attacks
  • IP Spoofing Defenses
  • Concluding Remarks

3
Introduction
4
An Example of Communication
1.1.2.0
1.1.1.0
5
Protocol Stacks (1)
HTTP
SNMP
802.3
802.11
others
OSI Model
6
Protocol Stacks (2)
HTTP
SNMP
802.3
802.11
others
7
Data Transmissions
Application
data
data
Application
TCP UDP
TCP UDP
IP
IP
routing
Data link/physical
Data link/physical
A
B
8
IP Header
9
TCP Header
10
IP Spoofing Attacks
  • Basic Concept
  • Denial of Services (DoS)
  • DoS by Ping
  • TCP Sync Flooding
  • Session Hijacking

11
Basic Concept of IP Spoofing
http//www.carleton.ca
spoofed
12
Smurf IP DoS
A
ICMP Echo Reply Source T1 Dest V
V
13
Mail Address Spoofing Attacks
Catalog Request Return Addr V
Sears
A
Canadian Tire
Phonebook Request Return Addr V
Pizza orders Return Addr V
Bell Canada
V
Boston Pizza
14
TCP Sync Flooding (1)TCP 3-Way Handshake
A
TCP SYN
Half-open buffer
TCP SYNACK
A
B
TCP ACK
A
Open buffer
Half-open buffer has a limited size
Each half-open connection is associated with a
timer
15
TCP Sync Flooding (2)
A
B
C
D
J
V
I
E
Half-open buffer is full
F
G
H
16
Session Hijack
X
X
17
Session Hijack
B
18
IP Spoofing Defenses
  • Ingress/Egress Filtering
  • IP Traceback
  • IP Authentication (IPSec AH)
  • Cryptographic Generated Address (CGA)

19
Ingress/Egress Filtering (1)
if src_addr is from 10.10.0.0 then drop else
forward
10.10.0.0
10.10.10.0
if src_addr is from 10.10.0.0 then forward else
drop
20
Ingress/Egress Filtering (2)
Exchange
Exchange
Exchange
Exchange
21
Ingress/Egress Filtering (3)
Client Net
Client Net
Internet
ISP
Carleton U 134.117.x.x
if src_addr is from 134.117 then forward else
drop
22
IP Traceback
  • ICMP Traceback
  • Input Debugging
  • Packet Marking

23
IP Security (IPSec)
  • Two Protocols
  • Authentication Header (AH)
  • Encapsulating Security Payload (ESP)
  • Two Modes
  • Transport Mode
  • Tunnel Mode

24
Authentication Header (1)
25
Authentication Header (2)
26
Comments
  • Data Origin Authentication
  • IP address is NOT modified en route
  • Is it a real or spoofed IP ???
  • Message Integrity
  • Replay Prevention

27
Crypto Generated Address (IPv6)
28
Comments on CGA
  • NOT applicable to IPv4
  • Unrealistic assumptions of private/public key
    pairs
  • Creating new DoS problem (by engaging a recipient
    into endless expensive crypto operations

29
Concluding Remarks
  • A common technique for many types of attacks
  • NO effective solutions
  • An important problem to work on

30
Thanks !
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Introduction to HP OpenView Project at INAC" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!