FAST v3 - PowerPoint PPT Presentation

About This Presentation
Title:

FAST v3

Description:

Yahoo uses RTT to protect disk space. We receive requests, serve tests, validate answers before establishing a TCP connection ... – PowerPoint PPT presentation

Number of Views:86
Avg rating:3.0/5.0
Slides: 16
Provided by: steve658
Learn more at: http://nms.lcs.mit.edu
Category:
Tags: fast | answers | yahoo

less

Transcript and Presenter's Notes

Title: FAST v3


1
Protecting Web Servers from Content Request Floods
Srikanth Kandula ? Shantanu Sinha ? Dina Katabi
? Matthias Jacob
CSAIL MIT
2
The Attack
GET LargeFile.zip
DO LongDBQuery
www.foo.com
Want to protect DB and disk bandwidth, socket
buffers, processes,
Hard to detect or counter because malicious
requests look normal!
3
A Fairness Problem Filters
Server Resources
???

Problem Each machine gets equal share
Solution Ensure that each human gets equal share
4
Use Reverse Turing Test
Establishing Fairness
5
Use Reverse Turing Test
Establishing Fairness
Existing Sols
Our Solution
Under attack. Come back later. BTW, can solve
test to access now.
6
2 Modes
Common case Server behavior unchanged
7
Solution Overview
Unchanged Client
Server
  • Other Characteristics
  • One test per session
  • Tests generated offline
  • Test expires
  • Replay attacks are harmless
  • Each answer grants up to 4 TCPs
  • Cant attack by duplicating answers

SYN Cookie
Ignore!
Verify SYN Cookie
No connection until test answered
8
Solution Overview
SYN
SYN RECV State
SYNACK
SYNACKACK
Establish Connection
HTTP Request
HTTP Response
N/W Stack
App Server
Client
Server
Vulnerable to SYN Floods
9
Solution Overview
Common Case
10
Solution Overview
Common Case
Grant access if answer is correct
Tests are generated offline
11
Solution Overview
Server behavior unchanged (Common case)
SYN
Create Cookie
SYN Cookie
  • Create session after a correct answer
  • Up to 4 TCP connections per answer
  • One test per browsing session
  • Tests generated offline

SYNACKACK
Ignore
HTTP Request
Verify Cookie
Send Test
RST
N/W Stack
App Server
Client
Server
12
Solution Overview
Server behavior unchanged (Common case)
  • Create session after a correct answer
  • Up to 4 TCP connections per answer
  • One test per browsing session
  • Tests generated offline

13
Extra What If?
User doesnt want to solve the test?
Attacker distributes a few answers to all
worms? Each test allows access to limited
resources
14
Extra System Overhead
  • None when there is no attack
  • Under attack, per new-client overhead
  • Two hashes
  • In-kernel HTTP header parse
  • Fetch two data packets from memory and transmit

15
Extra Requirements
Yahoo/Hotmail method is not sufficient!
  • Time constraints
  • Harder resource constraints
  • Even a TCP connection cannot be established
    before test is answered
  • Other
  • Preserve TCP / HTTP semantics
  • Maintain HTTP sessions
  • Support caches and web farms

16
Extra Fairness
  • Problem A single human attacker uses more
    server resources than a human user
  • Insight Each machine gets equal share
  • Solution Each human user gets a fair share

17
Extra - Our Approach
Reverse Turing Test to distinguish humans from
machines
screenshot of yahoo image test used by yahoo to
prevent hard disk space utilization
18
Extra - The Attack
  • Attacker spreads a worm
  • Worm floods server with requests for large files
    or database queries
  • worker processes/threads, socket buffers
  • database and disk bandwidth

Hard to detect or counter because malicious
requests look normal!
19
Extra - Better than
  • Cryptographic Client puzzles
  • Computation power is cheap in DDoS attacks
  • IP source filtering
  • AOL clients use same IP address pool

20
Extra - Our Objective
  • Build a practical system to mitigate these
    attacks
  • Unmodified clients
  • Unmodified server software
  • Deployable today

21
Use Reverse Turing Test
Establishing Fairness
Suspected attack! To access www.foo.com enter the
above letters
  • Different from Prior Work
  • Crypto puzzles are easy since computation power
    is cheap
  • Yahoo! only protects disk space during account
    creation
  • We want to receive requests, deliver puzzles,
    validate answers before establishing a TCP
    connection

22
Use Reverse Turing Test
Establishing Fairness
Suspected attack! To access www.foo.com enter the
above letters
Yahoo uses RTT to protect disk space We receive
requests, serve tests, validate answers before
establishing a TCP connection
Give Me www.foo.com
Under attack. Come back later. BTW, solve the
test to access now.
Under attack. Come back later.
Users who Solve a Test can access the server
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "FAST v3" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!