Download Presentation

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
Document related concepts

Data center wikipedia , lookup

Data analysis wikipedia , lookup

Information privacy law wikipedia , lookup

Data vault modeling wikipedia , lookup

3D optical data storage wikipedia , lookup

Business intelligence wikipedia , lookup

Open data in the United Kingdom wikipedia , lookup

Transcript 
DoS attacks prevention
Avital Yachin
Under supervision of Gal Badishi
SoftLab – June 2006
What is DoS
server
client
attacker
What is DDoS
zombie
zombie
server
zombie
zombie
zombie
zombie
Possible solutions



Firewall (specific ports) ?
Heuristic (identifying and blocking the
attacker) ?
Clients Authentication ?

At what level ?
Selected solution



Both sides authenticate the other side
at the packet level.
Current implementation filters packets
at the transport layer (UDP).
Can be generalized to the IP layer.
How it works
IP Header
IP Data
UDP Header
UDP Header
IP Header
UDP Data
UDP Data
IP Data
Outgoing Packets
Key
How it works
IP Header
IP Data
UDP Header
UDP Header
IP Header
UDP Data
UDP Data
Key
IP Data
Incoming Packets
Key
?
=
How it works
Application
TCP/IP Driver
NDIS Driver
Encapsulator
NDIS
Hook Driver
User mode
Kernel mode
Network Card
Authentication Method




Hashing (SHA-1) of current time and a
secret code.
Authentication token changes
periodically (not for every packet 
much cheaper).
Clocks synchronization.
Client’s secret code is known to server.
Conclusions



There’s no simple solution to wire flood.
Packets can be filtered at lower levels
thus preventing system resources
abuse.
Solution is “cheaper” than IPSEC (but
doesn’t handle encryption).
Future Enhancements



Filtering packets at the IP layer
(solution for TCP and others).
Auto time synchronization.
Full kernel mode implementation
(performance / flexibility tradeoff).
Demo
Related documents
Intro to UDP and TCP
Intro to UDP and TCP
The Transport Layer
The Transport Layer
chap01 - cknuckles
chap01 - cknuckles
Lecture4_Networking_..
Lecture4_Networking_..
Trojan Horse
Trojan Horse
UDP : User Datagram Protocol
UDP : User Datagram Protocol
Information Fusion
Information Fusion
lesson5
lesson5
PPT - UMD Department of Computer Science
PPT - UMD Department of Computer Science
1. Application layer, Transport layer, Internet layer, Link layer 2
1. Application layer, Transport layer, Internet layer, Link layer 2
No Slide Title
No Slide Title
Really, C o What’s
Really, C o What’s
Advanced_UDP_Sockets
Advanced_UDP_Sockets
ppt
ppt
Chapter 1 - Introduction
Chapter 1 - Introduction
7 Programming client-server communication UDP
7 Programming client-server communication UDP
pH-induced conformational changes in human ABO(H) blood group
pH-induced conformational changes in human ABO(H) blood group
Taking Your Math Program to the Extreme!
Taking Your Math Program to the Extreme!