1 / 34

Low-Rate TCP-Targeted Denial of Service Attacks

Low-Rate TCP-Targeted Denial of Service Attacks. Authors: Aleksandar Kuzmanovic Edward W. Knightly. Presenter: Juncao Li. Contributions. Present a denial of service attack – Shrew throttle TCP flows to a small fraction Show the mechanism of Shrew attacks

halona
Download Presentation

Low-Rate TCP-Targeted Denial of Service Attacks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Low-Rate TCP-Targeted Denial of Service Attacks Authors: Aleksandar Kuzmanovic Edward W. Knightly Presenter: Juncao Li

  2. Contributions • Present a denial of service attack – Shrew • throttle TCP flows to a small fraction • Show the mechanism of Shrew attacks • Exploit TCP’s retransmission timeout mechanism • Develop several DoS traffic patterns for attacking Computer Science, Portland State University

  3. Agenda • TCP Congestion Control and Shrew Attacks • Creating DoS Outages • Aggregation and Heterogeneity • Internet Experiments • Counter-DoS Techniques and Conclusions Computer Science, Portland State University

  4. Denial of Service • From Wikipedia • an attempt to make a computer resource unavailable to its intended users • Damage • Network bandwidth • CPU cycles • Server interrupt processing capacity • Specific protocol data structures Computer Science, Portland State University

  5. TCP Congestion Control • To avoid or reduce the congestion • Small Round Trip Time (RTT) 10ms – 100ms • Additive-Increase Multiplicative-Decrease (AIMD) control • Severe congestion • Retransmission Time Out (RTO) • RTO is doubly increased when failure happens Computer Science, Portland State University

  6. TCP Congestion Control • Smoothed Round-Trip Time (SRTT) • Round-Trip Time Variation (RTTVAR) Computer Science, Portland State University

  7. TCP Retransmission Timer • Exponentioal backoff • Reduce congestion window to one • Doubles RTO Multiplicative decrease Package Loss Computer Science, Portland State University

  8. Shrew Attacks • Low-rate DoS attacks that exploit the slow-timescale dynamics of retransmission timers • Provoke a TCP flow to repeatedly enter a retransmission timeout state • Sending high-rate, but short-duration bursts • The bursts must have RTT-scale • Repeating periodically at slower RTO timescales • Outage: short durations of the attacker’s loss-inducing bursts Computer Science, Portland State University

  9. Square-Wave DoS Stream • Burst duration is long enough to induce transmission loss • Average DoS rate is still low Outage Computer Science, Portland State University

  10. DoS Scenario and System Model Bottleneck Rate Computer Science, Portland State University

  11. DoS Model • Given condition • DoS TCP Throughput Model Computer Science, Portland State University

  12. Flow Filtering • Flow Filtering Behavior • Only TCP flow that satisfies the condition could be influenced by the shrew attacks Computer Science, Portland State University

  13. DoS TCP Throughput: Model and Simulation • Depending on how well the attack can induce transmission loss • Model does not consider the slow-start Zero throughput Computer Science, Portland State University

  14. Agenda • TCP Congestion Control and Shrew Attacks • Creating DoS Outages • Aggregation and Heterogeneity • Internet Experiments • Counter-DoS Techniques and Conclusions Computer Science, Portland State University

  15. Instantaneous Bottleneck Queue Behavior • Define B as the queue size and B0 as the queue size at the start of an attack • Time to fill the queue: Computer Science, Portland State University

  16. Minimum Rate DoS Streams • Double-Rate DoS Stream Fill the queue Keep the queue full • Use square-wave for DoS streams • Behaves the same • Simple, does not need knowledge of network params Computer Science, Portland State University

  17. Agenda • TCP Congestion Control and Shrew Attacks • Creating DoS Outages • Aggregation and Heterogeneity • Internet Experiments • Counter-DoS Techniques and Conclusions Computer Science, Portland State University

  18. DoS and Aggregated TCP Flows Five long-lived homogeneity TCP flows • RTT homogeneity introduces a single vulnerable timescale • DoS induces the synchronization of RTO Computer Science, Portland State University

  19. RTT-Based Filtering Most short RTT TCP flows are influenced • 20 long-lived TCP flows on a 10 MB/s link • Range of round-trip time is 20 to 460 ms Computer Science, Portland State University

  20. High Aggregation with Heterogeneous RTT High-RTT flows are not influenced much Computer Science, Portland State University

  21. Impact of DoS Burst Length As the burst length increases, more TCP flows with high RTT are influenced Computer Science, Portland State University

  22. Impact of DoS Peak Rate • 1 TCP Flow with RTT: 12ms to 134ms • 3 TCP Flow with RTT: 108ms to 230ms Low peak rates are sufficient to filter the short-RTT flow Computer Science, Portland State University

  23. Impact on HTTP Flows Attacks have greater impact on larger files Computer Science, Portland State University

  24. TCP Variants Computer Science, Portland State University

  25. TCP Variants (Cont.) Burst length L has a great influence on the throughput Computer Science, Portland State University

  26. Agenda • TCP Congestion Control and Shrew Attacks • Creating DoS Outages • Aggregation and Heterogeneity • Internet Experiments • Counter-DoS Techniques and Conclusions Computer Science, Portland State University

  27. DoS Attack Scenario WAN Scenario Inter-LAN Scenario Intra-LAN Scenario Computer Science, Portland State University

  28. Experiment Results Shrew attacks can come from both remote sites or near by LANs Computer Science, Portland State University

  29. Agenda • TCP Congestion Control and Shrew Attacks • Creating DoS Outages • Aggregation and Heterogeneity • Internet Experiments • Counter-DoS Techniques and Conclusions Computer Science, Portland State University

  30. Impact of RED and RED-PD routers RED: Random Early Detection • For Router-Assisted Mechanisms: relatively long-timescale measurements are required to determine with confidence that a flow is transmitting at excessively high rate and should be dropped. RED-PD: RED with Preferential Dropping Computer Science, Portland State University

  31. Detecting DoS Streams Computer Science, Portland State University

  32. DoS under Randomized RTO • Randomized minRTO shifts and smoothes TCP’s null frequencies • It will influence the TCP performance • Helps but not very much to defend the attack Computer Science, Portland State University

  33. Conclusions • Low-rate DoS attacks are successful against both short- and long-lived TCP aggregates • In a heterogeneous-RTT environment, the success of the attack is weighted towards shorter-RTT flows • All low-rate periodic open-loop streams could be harmful • Shrew attacks can only be mitigated, but not eliminated, it is a tradeoff between performance Computer Science, Portland State University

  34. Questions ? Computer Science, Portland State University

More Related