220 likes | 396 Views
Possible attacks in Optical Internet. M . PRASAD M.Tech (Information security) Pondicherry Engineering College Pondicherry. Contents. Optical Internet. OBS Network Architecture. Possible Attacks in optical internet. OBS Network Architecture.
E N D
Possible attacks in Optical Internet M. PRASAD M.Tech (Information security) Pondicherry Engineering College Pondicherry.
Contents • Optical Internet. • OBS Network Architecture. • Possible Attacks in optical internet.
OBS Network Architecture • OBS networks consist of edge nodes and core nodes connected by WDM links. • Source edge nodes and destination edge nodes are called as ingress nodes and egress nodes respectively. • The input traffic from senders is assembled at the source edge node and is transmitted as bursts through high-capacity WDM links over the optical core. • A destination edge node, upon receiving a burst, disassembles the burst, and delivers the data packets to the corresponding receivers.
Possible Attacks in Optical Internet • SYN flooding • IP Spoofing • Sequence number attack • Ping O’ Death • IP half scan attack • ICMP • TCP session poisoning
SYN flooding SYN flooding occurs when a server receives more incomplete connection requests than it can handle. The SYN flood attack is based on preventing the completion of the 3-way handshake—in particular the server’s reception of the TCP ACK flag.
SYN flooding countermeasures • ISPs being responsible enough to block IP packets with non-internal addresses from leaving their network and reaching the Internet. • By reducing the connection time out and increase the maximum connection manually. • # sysctl net.inet.tcp.conntimeout 25 • # sysctl net.socket.maxconn 1024
IP Spoofing • IP spoofing, also known as IP address forgery or a host file hijack, is a hijacking technique in which a cracker masquerades as a trusted host to conceal his identity, spoof a Web site, hijack browsers, or gain access to a network. • The hijacker obtains the IP address of a legitimate host and alters packet headers so that the legitimate host appears to be the source.
IP spoofing countermeasure The simplest and most effective defence against IP spoofing, TCP spoofing, and TCP session hijacking lies with those organisations providing access to the Internet. If all of these organisations were responsible enough to prevent IP datagrams with source addresses originating from outside their networks from reaching the Internet.
Sequence number attack TCP sequence number prediction is used by attackers to attack TCP sessions, and takes advantage of the fact that TCP is a sequenced data delivery protocol.
Counter measure TCP sequence prediction attacks can be effectively stopped by any router or firewall that is configured not to allow packets from an internal IP address to originate from an external interface. These does not fix the TCP sequence prediction vulnerability, it simply prevents TCP sequence prediction attacks from being able to reach their targets.
Ping O’ Death The Ping program tests whether a host is reachable by sending it an ICMP echo request message and receiving an ICMP echo in reply. Ping also measures the round—trip time to the host, which provides an indication as to how distant the host is, and is helpful for determining whether the intervening network is congested.
Ping O’ Death countermeasures The best solution is to obtain patches for the operating systems involved. Fortunately, the “Ping O’ Death” attack is now mainly of historical interest as most operating systems released since 1996 are immune, or have patches freely available. The attack is only possible because of insufficient error handling within the effected operating systems, not because of vulnerabilities inherent in the IP protocol itself.
IP half scan attack IP Half Scan implies that a full TCP connection is never established. The process of establishing a TCP connection is three phase: The originating party first sends a TCP packet with the SYN flag on, then the target party sends a TCP packet with the flags SYN and ACK on if the port is open, or, if the port is closed, the target party resets the connection with the RST flag. The third phase of the negotiation is when the originating party sends a final TCP packet with the ACK flag on (all these packets, of course, have the corresponding sequence numbers, ack numbers, etc). The connection is now open. A SYN-scanner only sends the first packet in the three-way-handshake, the SYN packet, and waits for the SYN|ACK or a RST. When it receives one of the two it knows whether or not the port is listening.
IP half scan attack countermeasures Using a firewall that understand the state of TCP connections and rejects stealth scan packets. Stateful Inspections and Proxy firewalls will defeat IP half scan flaw. Intrusion detection system like snort is used to prevent this attack.
ICMP The Internet Control Message Protocol (ICMP) is one of the core protocols of the Internet Protocol Suite. It is chiefly used by networked computers operating systems to send error messages—indicating, for instance, that a requested service is not available or that a host or router could not be reached. ICMP relies on IP to perform its tasks, and it is an integral part of IP. It differs in purpose from transport protocols such as TCP and UDP in that it is typically not used to send and receive data between end systems. It is usually not used directly by user network applications, with some notable exceptions being the ping tool.
TCP session hijacking TCP session hijacking is when a hacker takes over a TCP session between two machines. Since most authentication only occurs at the start of a TCP session, this allows the hacker to gain access to a machine. TCP session hijacking which can be carried out against any TCP based application, e.g. Telnet, rlogin, FTP, etc.
Counter measures Utilize all countermeasures for spoofing attacks Encryption of Session information: IPSec, SSH, Kerberos with session encryption.
REFERENCES • [1] B. Mukherjee, “WDM Optical Communication Networks:Progress and Challenges,” IEEE Journal on Selected Areas in Communications, pp. 1810-1823, Oct. 2000. • [2] C. Qiao and M. Yoo, “Optical Burst Switching (OBS) - a New Paradigm for an Optical Internet”, Journal of High Speed Networks, No.8, pp.69-84, 1999. • [3] J. Ramamirtham and J. Turner, “Time Sliced Optical Burst Switching”, Proceeding of INFOCOM, 2003. • [4] W. Stevens, “TCP/IP Illustrated, Volume 1 . The protocols”, 1994. • [5] X. Cao, J. Li, Y. Chen, and C. Qiao, “Assembling TCP/IP Packets in Optical Burst Switched Networks., Proceeding of IEEE Globecom, 2002. • [6] X. Yu, C. Qiao, Y. Liu and D. Towsley “Performance Evaluations of TCP Traffic Transmitted over OBS Networks”, Tech. Report 2003-13, CSE Department, SUNY Buffalo, 2003. • [7] Steven M. Bellovin, A Look Back at “Security Problems in the TCP/IP Protocol Suite”, 20th Annual ComputerSecurity Applications Conference (ACSAC), December 2004. • [8] B. Harrisa, R. Huntb, “TCP/IP security threats and attack methods”, Elsevier Science Computer Communications 22 (1999) 885–897. 1999. • [9] Shuli Chi, Yawei Yin, Jian Wu, Xiaobin Hong, and Jintong Lin,” Experimental Evaluation of TCP Performance over OBS Network with Burst Retransmission”, Proceeding of COIN2008, 2008. • [10] Xiang Yut and ChunmingQiao, ”TCP Performance over OBS Networks with Multiple Flows Input”, Proceeding of IEEE, 2006. • [11] GurayGurel, OnurAlparslan and EzhanKarasan,”nOBS: an ns2 based simulation tool for performance evaluation of TCP traffic in OBS networks”.
[12] Gowda.S., Shenai.R., Sivalingam. K., Cankaya.H.,”Performance Evaluation Of TCP Over Optical Burst-Switched (OBS) WDM Networks”, Proc. IEEE ICC’03, 2, pp. 1433-1437, 11-15 May 2003. • [13] Stamatios V. Kartalopoulos,”Optical Network Security: Counter measures in view of Channel attack”, • [14] Guangzhi Li, Dongmei Wang, Jennifer Yates, Robert Doverspike, Charles Kalmanek., “Detailed Study of IP/ Reconfigurable Optical Networks”, Proceedings of the First International Conference on Broadband Networks (BROADNETS’04), 2004. • [15] Vasco N. G. J. Soares, Iúri D. C. Veiga and Joel J. P. C. Rodrigues.,”OBS Simulation Tools: A Comparative Study”, • [16] Oscar Pedrola, SébastienRumley, MiroslawKlinkowskiDavideCareglio, Christian Gaumier and JosepSolé-Pareta.,”Flexible Simulators for OBS Network Architectures”, Proceedings of the IEEE ICTON 2008, 2008. • [17] M. Medard, D. Marquis, R. A. Barry and S. G. Finn, “Security Issues in All-Optical Networks”, IEEE Network, vol. 3, no. 11,pp. 42-48, 1997. • [18] R. Rejeb, I. Pavlosoglou, M. S. Leeson, and R. J. Green, “Securing All-Optical Networks”, ICTON 2003, vol. 1, pp. 87-90, Warsaw, July 2003. • [19] M. Médard, D. Marquis, and S. R. Chinn, “Attack Detection Methods for All-Optical Networks”, Network and Distributed System Security Symposium, session 3, paper 2, San Diego, March 11-13, 1998. • [20] Robert Pleich, "Performance of TCP over Optical Burst Switching Networks", ECOC'05.September 2005. • [21] C.Siva Ram Murthy and Mohan Guruswamy, “WDM Optical Networks – Concepts, Design, and Algorithms”, Prentice-Hall, Inc, 2002. • [22] B. Mukherjee, “Optical Communications Networks”, McGraw-Hill, New York, 1997.