150 likes | 247 Views
Protecting Web Servers from Content Request Floods. Srikanth Kandula ▪ Shantanu Sinha ▪ Dina Katabi ▪ Matthias Jacob. CSAIL –MIT. The Attack. GET LargeFile.zip. DO LongDBQuery. www.foo.com. Want to protect DB and disk bandwidth, socket buffers, processes, ….
E N D
Protecting Web Servers from Content Request Floods Srikanth Kandula ▪ Shantanu Sinha ▪Dina Katabi ▪Matthias Jacob CSAIL –MIT
The Attack GET LargeFile.zip DO LongDBQuery www.foo.com Want to protect DB and disk bandwidth, socket buffers, processes, … Hard to detect or counter because malicious requests look normal!
Humans Machines User Filter A Fairness Problem – Filters Server Resources ●●● Problem – Each machine gets equal share Solution – Ensure that each human gets equal share
Suspected attack! To access www.foo.com enter the above letters: Use Reverse Turing Test Establishing Fairness
Suspected attack! To access www.foo.com enter the above letters: Give Me www.foo.com Under attack. Come back later. Use Reverse Turing Test Establishing Fairness Existing Sols Our Solution Under attack. Come back later. BTW, can solve test to access now.
Normal Under Attack 2 Modes Common case: Server behavior unchanged
SYN SYN Cookie SYNACKACK HTTP Request Send Test TCP RST Solution Overview Unchanged Client Server Other Characteristics: • One test per session • Tests generated offline • Test expires • Replay attacks are harmless • Each answer grants up to 4 TCPs • Can’t attack by duplicating answers SYN Cookie Ignore! Verify SYN Cookie No connection until test answered
Solution Overview SYN SYN RECV State SYNACK SYNACKACK Establish Connection HTTP Request HTTP Response N/W Stack App Server Client Server Vulnerable to SYN Floods
SYN SYN Create Cookie Create Cookie SYN Cookie SYN Cookie SYNACKACK SYNACKACK Establish Connection Ignore HTTP Request HTTP Request Verify Cookie Send Test RST HTTP Response Client N/W Stack App Server N/W Stack App Server Client Server Server Send out a test from memory Solution Overview Common Case
SYN SYN Create Cookie Create Cookie SYN Cookie SYN Cookie SYNACKACK SYNACKACK Ignore Establish Connection Test Answer HTTP Request Verify Cookie & Answer HTTP Response HTTP Response N/W Stack N/W Stack App Server App Server Client Client Server Server Solution Overview Common Case Grant access if answer is correct Tests are generated offline
Solution Overview Server behavior unchanged (Common case) SYN Create Cookie SYN Cookie • Create session after a correct answer • Up to 4 TCP connections per answer • One test per browsing session • Tests generated offline SYNACKACK Ignore HTTP Request Verify Cookie Send Test RST N/W Stack App Server Client Server
SYN Create Cookie SYN Cookie SYNACKACK Ignore Test Answer Verify Cookie & Answer HTTP Response N/W Stack App Server Client Server Solution Overview Server behavior unchanged (Common case) • Create session after a correct answer • Up to 4 TCP connections per answer • One test per browsing session • Tests generated offline
Give Me www.foo.com Under attack. Come back later. BTW, solve the test to access now. Under attack. Come back later. Extra – What If? User doesn’t want to solve the test? Attacker distributes a few answers to all worms? Each test allows access to limited resources
Use Reverse Turing Test Establishing Fairness Suspected attack! To access www.foo.com enter the above letters: Different from Prior Work • Crypto puzzles are easy since computation power is cheap • Yahoo! only protects disk space during account creation • We want to receive requests, deliver puzzles, validate answers before establishing a TCP connection
Use Reverse Turing Test Establishing Fairness Suspected attack! To access www.foo.com enter the above letters: Yahoo uses RTT to protect disk space We receive requests, serve tests, validate answers before establishing a TCP connection Give Me www.foo.com Under attack. Come back later. BTW, solve the test to access now. Under attack. Come back later. Users who Solve a Test can access the server