43
The Internet! Layers, TCP, UDP, IP DDoS Reflection Attacks IPSEC, ARP Sharon Goldberg CS558 Boston University Spring 2015 Most slides and images borrowed from others.
| Date post: | 15-Dec-2015 |
| Category: |
Documents |
| Upload: | brianna-richarson |
| View: | 214 times |
| Download: | 0 times |
The InternetLayers TCP UDP IP
DDoS Reflection AttacksIPSEC ARP
Sharon Goldberg CS558Boston University Spring 2015
Most slides and images borrowed from others
ISPISP
Internet Infrastructure
bull Local and interdomain routingndash TCPIP for routing and messagingndash BGP for routing announcements
bull Domain Name Systemndash Find IP address from symbolic name (wwwcsstanfordedu)
ISP
Based on slides from CS155 at Stanford
TCP Protocol Stack
Application
Transport
Network
Link
Application protocol
TCP protocol
IP protocol
Data
Link
IP
Network Access
IP protocol
Data
Link
Application
Transport
Network
Link
Port
IP addresses
MAC address
Based on slides from CS155 at Stanford
Data Formats
Application
Transport (TCP UDP)
Network (IP)
Link Layer
Application message - data
TCP data TCP data TCP data
TCP Header
dataTCPIP
IP Header
dataTCPIPETH ETF
Link (Ethernet) Header
Link (Ethernet) Trailer
segment
packet
frame
message
Based on slides from CS155 at Stanford
Source httpsdevcentralf5comarticlesapplication-is-more-than-header-deep
IP Prefixes amp Addresses
20416254024 is
204 16 254
1 8 16 24 32
0 1 1 0 1 0 0 0 0 0 0 0 1 0 0 0 1 1 1 1 1 1 1 0
IP Routing
bull Typical route uses several hopsbull IP no orderingdelivery guarantees connectionless
Best effort
Meg
Tom
ISP
Office gateway
121423312132141151
SourceDestination
Packet
121423312
12142331132141151
13214111
ROUTING TABLE
Destination Prefix Next Hop IP
132140016 123141111
1320008 13234555
Based on slides from CS155 at Stanford
IP Protocol Functions (Summary)
bull Routingndash IP host knows location of router (gateway)ndash IP gateway must know route to other networks
bull Fragmentation and reassemblyndash If max-packet-size less than the user-data-size
bull Error reportingndash ICMP packet to source if packet is dropped
bull TTL field decremented after every hopndash Packet dropped f TTL=0 Prevents infinite loops
Based on slides from CS155 at Stanford
The IP address space
NATS
User Datagram Protocol (protocol=17)
bull Unreliable transport on top of IPndash No acks or congenstion control
ndash Used for VoIP video NTP (network time protocol) anything else where latency matters more than reliability
UDP Based on slides from CS155 at Stanford
Problem no src IP authentication
bull Client is trusted to embed correct source IPndash Easy to override using raw socketsndash Libnet a library for formatting raw packets
with arbitrary IP headers
Anyone who owns their machine can send packets with arbitrary source IP hellip response will be sent back to forged source IP
Implications (solutions in DDoS lecture)
Anonymous DoS attacks Anonymous infection attacks (eg slammer worm)
Based on slides from CS155 at Stanford
DoS Reflection amp Amplification AttackUsing protocols over UDP like NTP DNS etc
UDP
Evillll Meg
Tom
1321411518888
Source IPDest IP
DNS Query
121423312
132141151
Public DNS Server
8888
8888132141151
Source IPDest IP
DNS response
DNS Data
Short query
Huge response
Tom gets hit by toomany packets
Transmission Control Protocol
bull Connection-oriented preserves orderndash Sender
bull Break data into packetsbull Attach packet numbers
ndash Receiverbull Acknowledge receipt lost packets are
resentbull Reassemble packets in correct order
TCP
Book
Mail each pageReassemble book
19
5
1
1 1
Based on slides from CS155 at Stanford
Source httpsdevcentralf5comarticlesapplication-is-more-than-header-deep
bull FROM httpcodeidolcomimgcsharp-networkf0209_0jpg
Review TCP HandshakeC S
SYN
SYNACK
ACK
Listening
Store SNC SNS
Wait
Established
SNCrandC
ANC0
SNSrandS
ANSSNC
SNSNC+1ANSNS
Received packets with SN too far out of window are dropped
Based on slides from CS155 at Stanford
Basic Security Problems
1 Network packets pass by untrusted hostsndash Eavesdropping packet sniffingndash Especially easy when attacker controls a
machine close to victim
2 TCP state can be easy to guessndash Enables spoofing and session hijackingndash Depending on how sequence number is chosen
3 Denial of Service (DoS) vulnerabilitiesndash Syn connection state attacks
Based on slides from CS155 at Stanford
1 Packet Sniffing
Promiscuous NIC reads all packetsbull Read all unencrypted data (eg ldquowiresharkrdquo)bull ftp telnet (and POP IMAP) may send passwords in
clear
Alice Bob
Eve
NetworkNetwork
Prevention Encryption (next lecture IPSEC)
Based on slides from CS155 at Stanford
2 TCP Connection Spoofing
bull Why random initial sequence numbers (SNC SNS )
bull Suppose init sequence numbers are predictablendash Attacker can create TCP session on behalf of forged
source IP
Victim
Server
SYNACKdstIP=victimSN=server SNS
ACKsrcIP=victimAN=predicted SNS
commandserver thinks command is from victim IP addr
attacker
TCP SYNsrcIP=victim
Based on slides from CS155 at Stanford
Example DoS vulnerability [Watsonrsquo04]
bull Suppose attacker can guess seq number for an existing connectionndash Attacker can send Reset packet to
close connection Results in DoSndash Naively success prob is 1232 (32-bit seq rsquos)ndash Most systems allow for a large window of
acceptable seq rsquosbull Much higher success probability
bull Attack is most effective against long lived connections eg BGP
Based on slides from CS155 at Stanford
Random initial TCP SNs
bull Unpredictable SNs prevent basic packet injectionndash hellip but attacker can inject packets after
eavesdropping to obtain current SN
bull Most TCP stacks now generate random SNs
ndash Random generator should be unpredictable
ndash GPRrsquo06 Linux RNG for generating SNs is predictable
bull Attacker repeatedly connects to serverbull Obtains sequence of SNsbull Can predict next SNbull Attacker can now do TCP spoofing
(create TCP session with forged source IP)
Based on slides from CS155 at Stanford
Securing the IPTCP stack
TCP
IPIPSEC
HTTP FTP SMTP
TCP
IP
HTTP FTP SMTP
SSLTLS
TCP
IP
SMIME PGP
UDP
Kerberos SMTP
SET
HTTP
At the Network LevelAt the Transport Level
At the Application Level
Who uses IPsec From Stallings 5th edition
Mode 1 Transport
Mode 2 Tunnel
ESP Tunnel mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing) between the tunnels (DoS attacks too)
Source and dest address INSIDE the tunnel is protected
ESP without authentication (From Steve Friedl)
BAD IDEA
Now we can encrypt or encrypt and authenticateThe padding allows us to reduce traffic analysis attacks but people almost never use it
AH Tunnel mode (From Steve Friedl)
Authenticated connection for VPN Packet encapsulated source and dest address protectedCanrsquot work with NATs
AH Transport mode (From Steve Friedl)
Authenticated connection between two hosts (HMAC)Doesnrsquot work with NAT (network address translation)
ESP Transport mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing)
P0
P1
P2
bull If a received packet falls in the windowndash if authenticated and unmarked mark itndash if marked then replay
bull If a received packet is gt Nndash if authenticated advance the window so that this packet is at the
rightmost edge and mark it
bull If a received packet is lt= N-Wndash packet is discarded
window size W (default is 64)
AH ndash Anti-replay Service in Ipsec
From Stallings 5th edition
N highest seq number for a valid paket recevied so far
Other considerations
bull Traffic analysis ndash packet lengths ndash Timingndash Source and destination addressesndash ToS fields
bull Dealing with NATsbull Replay attacksbull Key management
From CAIDA
TLS Handshake
TLS packet format
As opposed to unsecured HTTP URLs which begin with http and use port 80 by default secure HTTPS URLs begin with https and use port 443 by default
IPSEC VS TLS
bull People are still talking about this httpwwwmetzdowdcompipermailcryptography2014-April020674html
[Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)
Nico Williams nico at cryptonectorcom Wed Apr 2 115952 EDT 2014bullPrevious message [Cryptography] TLSDTLS Use CasesbullNext message [Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)bullMessages sorted by [ date ] [ thread ] [ subject ] [ author ]
On Tue Apr 01 2014 at 103154PM -0400 Jerry Leichter wrote gt IPSec has many faults - so many as to render it unusable - but it did gt get one thing right To most code an IPSec socket looks just like a gt plain TCP socket Anything that talks TCP can talk TCP securely gt over IPSec with essentially no changes (Securely in quotes because gt its a rather specialized notion of securely)
What is ARPbull Address Resolution Protocol (ARP) is how network devices associate
MAC addresses with IP Addresses so that devices on the local network can find each other ARP is basically a form of networking roll call
bull ARP a very simple protocol consists of merely four basic message types
bull An ARP Request Computer A asks the network Who has this IP address
bull An ARP Reply Computer B tells Computer A I have that IP My MAC address is [whatever it is]
bull A Reverse ARP Request (RARP) Same concept as ARP Request but Computer A asks Who has this MAC address
bull A RARP Reply Computer B tells Computer A I have that MAC My IP address is [whatever it is]ldquo
FROM httpwwwwatchguardcominfocentereditorial135324asp
ARP poisoning
ARP poisoning
ARP poisoning
What is the threat model for arp poisoning
ISPISP
Internet Infrastructure
bull Local and interdomain routingndash TCPIP for routing and messagingndash BGP for routing announcements
bull Domain Name Systemndash Find IP address from symbolic name (wwwcsstanfordedu)
ISP
Based on slides from CS155 at Stanford
TCP Protocol Stack
Application
Transport
Network
Link
Application protocol
TCP protocol
IP protocol
Data
Link
IP
Network Access
IP protocol
Data
Link
Application
Transport
Network
Link
Port
IP addresses
MAC address
Based on slides from CS155 at Stanford
Data Formats
Application
Transport (TCP UDP)
Network (IP)
Link Layer
Application message - data
TCP data TCP data TCP data
TCP Header
dataTCPIP
IP Header
dataTCPIPETH ETF
Link (Ethernet) Header
Link (Ethernet) Trailer
segment
packet
frame
message
Based on slides from CS155 at Stanford
Source httpsdevcentralf5comarticlesapplication-is-more-than-header-deep
IP Prefixes amp Addresses
20416254024 is
204 16 254
1 8 16 24 32
0 1 1 0 1 0 0 0 0 0 0 0 1 0 0 0 1 1 1 1 1 1 1 0
IP Routing
bull Typical route uses several hopsbull IP no orderingdelivery guarantees connectionless
Best effort
Meg
Tom
ISP
Office gateway
121423312132141151
SourceDestination
Packet
121423312
12142331132141151
13214111
ROUTING TABLE
Destination Prefix Next Hop IP
132140016 123141111
1320008 13234555
Based on slides from CS155 at Stanford
IP Protocol Functions (Summary)
bull Routingndash IP host knows location of router (gateway)ndash IP gateway must know route to other networks
bull Fragmentation and reassemblyndash If max-packet-size less than the user-data-size
bull Error reportingndash ICMP packet to source if packet is dropped
bull TTL field decremented after every hopndash Packet dropped f TTL=0 Prevents infinite loops
Based on slides from CS155 at Stanford
The IP address space
NATS
User Datagram Protocol (protocol=17)
bull Unreliable transport on top of IPndash No acks or congenstion control
ndash Used for VoIP video NTP (network time protocol) anything else where latency matters more than reliability
UDP Based on slides from CS155 at Stanford
Problem no src IP authentication
bull Client is trusted to embed correct source IPndash Easy to override using raw socketsndash Libnet a library for formatting raw packets
with arbitrary IP headers
Anyone who owns their machine can send packets with arbitrary source IP hellip response will be sent back to forged source IP
Implications (solutions in DDoS lecture)
Anonymous DoS attacks Anonymous infection attacks (eg slammer worm)
Based on slides from CS155 at Stanford
DoS Reflection amp Amplification AttackUsing protocols over UDP like NTP DNS etc
UDP
Evillll Meg
Tom
1321411518888
Source IPDest IP
DNS Query
121423312
132141151
Public DNS Server
8888
8888132141151
Source IPDest IP
DNS response
DNS Data
Short query
Huge response
Tom gets hit by toomany packets
Transmission Control Protocol
bull Connection-oriented preserves orderndash Sender
bull Break data into packetsbull Attach packet numbers
ndash Receiverbull Acknowledge receipt lost packets are
resentbull Reassemble packets in correct order
TCP
Book
Mail each pageReassemble book
19
5
1
1 1
Based on slides from CS155 at Stanford
Source httpsdevcentralf5comarticlesapplication-is-more-than-header-deep
bull FROM httpcodeidolcomimgcsharp-networkf0209_0jpg
Review TCP HandshakeC S
SYN
SYNACK
ACK
Listening
Store SNC SNS
Wait
Established
SNCrandC
ANC0
SNSrandS
ANSSNC
SNSNC+1ANSNS
Received packets with SN too far out of window are dropped
Based on slides from CS155 at Stanford
Basic Security Problems
1 Network packets pass by untrusted hostsndash Eavesdropping packet sniffingndash Especially easy when attacker controls a
machine close to victim
2 TCP state can be easy to guessndash Enables spoofing and session hijackingndash Depending on how sequence number is chosen
3 Denial of Service (DoS) vulnerabilitiesndash Syn connection state attacks
Based on slides from CS155 at Stanford
1 Packet Sniffing
Promiscuous NIC reads all packetsbull Read all unencrypted data (eg ldquowiresharkrdquo)bull ftp telnet (and POP IMAP) may send passwords in
clear
Alice Bob
Eve
NetworkNetwork
Prevention Encryption (next lecture IPSEC)
Based on slides from CS155 at Stanford
2 TCP Connection Spoofing
bull Why random initial sequence numbers (SNC SNS )
bull Suppose init sequence numbers are predictablendash Attacker can create TCP session on behalf of forged
source IP
Victim
Server
SYNACKdstIP=victimSN=server SNS
ACKsrcIP=victimAN=predicted SNS
commandserver thinks command is from victim IP addr
attacker
TCP SYNsrcIP=victim
Based on slides from CS155 at Stanford
Example DoS vulnerability [Watsonrsquo04]
bull Suppose attacker can guess seq number for an existing connectionndash Attacker can send Reset packet to
close connection Results in DoSndash Naively success prob is 1232 (32-bit seq rsquos)ndash Most systems allow for a large window of
acceptable seq rsquosbull Much higher success probability
bull Attack is most effective against long lived connections eg BGP
Based on slides from CS155 at Stanford
Random initial TCP SNs
bull Unpredictable SNs prevent basic packet injectionndash hellip but attacker can inject packets after
eavesdropping to obtain current SN
bull Most TCP stacks now generate random SNs
ndash Random generator should be unpredictable
ndash GPRrsquo06 Linux RNG for generating SNs is predictable
bull Attacker repeatedly connects to serverbull Obtains sequence of SNsbull Can predict next SNbull Attacker can now do TCP spoofing
(create TCP session with forged source IP)
Based on slides from CS155 at Stanford
Securing the IPTCP stack
TCP
IPIPSEC
HTTP FTP SMTP
TCP
IP
HTTP FTP SMTP
SSLTLS
TCP
IP
SMIME PGP
UDP
Kerberos SMTP
SET
HTTP
At the Network LevelAt the Transport Level
At the Application Level
Who uses IPsec From Stallings 5th edition
Mode 1 Transport
Mode 2 Tunnel
ESP Tunnel mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing) between the tunnels (DoS attacks too)
Source and dest address INSIDE the tunnel is protected
ESP without authentication (From Steve Friedl)
BAD IDEA
Now we can encrypt or encrypt and authenticateThe padding allows us to reduce traffic analysis attacks but people almost never use it
AH Tunnel mode (From Steve Friedl)
Authenticated connection for VPN Packet encapsulated source and dest address protectedCanrsquot work with NATs
AH Transport mode (From Steve Friedl)
Authenticated connection between two hosts (HMAC)Doesnrsquot work with NAT (network address translation)
ESP Transport mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing)
P0
P1
P2
bull If a received packet falls in the windowndash if authenticated and unmarked mark itndash if marked then replay
bull If a received packet is gt Nndash if authenticated advance the window so that this packet is at the
rightmost edge and mark it
bull If a received packet is lt= N-Wndash packet is discarded
window size W (default is 64)
AH ndash Anti-replay Service in Ipsec
From Stallings 5th edition
N highest seq number for a valid paket recevied so far
Other considerations
bull Traffic analysis ndash packet lengths ndash Timingndash Source and destination addressesndash ToS fields
bull Dealing with NATsbull Replay attacksbull Key management
From CAIDA
TLS Handshake
TLS packet format
As opposed to unsecured HTTP URLs which begin with http and use port 80 by default secure HTTPS URLs begin with https and use port 443 by default
IPSEC VS TLS
bull People are still talking about this httpwwwmetzdowdcompipermailcryptography2014-April020674html
[Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)
Nico Williams nico at cryptonectorcom Wed Apr 2 115952 EDT 2014bullPrevious message [Cryptography] TLSDTLS Use CasesbullNext message [Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)bullMessages sorted by [ date ] [ thread ] [ subject ] [ author ]
On Tue Apr 01 2014 at 103154PM -0400 Jerry Leichter wrote gt IPSec has many faults - so many as to render it unusable - but it did gt get one thing right To most code an IPSec socket looks just like a gt plain TCP socket Anything that talks TCP can talk TCP securely gt over IPSec with essentially no changes (Securely in quotes because gt its a rather specialized notion of securely)
What is ARPbull Address Resolution Protocol (ARP) is how network devices associate
MAC addresses with IP Addresses so that devices on the local network can find each other ARP is basically a form of networking roll call
bull ARP a very simple protocol consists of merely four basic message types
bull An ARP Request Computer A asks the network Who has this IP address
bull An ARP Reply Computer B tells Computer A I have that IP My MAC address is [whatever it is]
bull A Reverse ARP Request (RARP) Same concept as ARP Request but Computer A asks Who has this MAC address
bull A RARP Reply Computer B tells Computer A I have that MAC My IP address is [whatever it is]ldquo
FROM httpwwwwatchguardcominfocentereditorial135324asp
ARP poisoning
ARP poisoning
ARP poisoning
What is the threat model for arp poisoning
TCP Protocol Stack
Application
Transport
Network
Link
Application protocol
TCP protocol
IP protocol
Data
Link
IP
Network Access
IP protocol
Data
Link
Application
Transport
Network
Link
Port
IP addresses
MAC address
Based on slides from CS155 at Stanford
Data Formats
Application
Transport (TCP UDP)
Network (IP)
Link Layer
Application message - data
TCP data TCP data TCP data
TCP Header
dataTCPIP
IP Header
dataTCPIPETH ETF
Link (Ethernet) Header
Link (Ethernet) Trailer
segment
packet
frame
message
Based on slides from CS155 at Stanford
Source httpsdevcentralf5comarticlesapplication-is-more-than-header-deep
IP Prefixes amp Addresses
20416254024 is
204 16 254
1 8 16 24 32
0 1 1 0 1 0 0 0 0 0 0 0 1 0 0 0 1 1 1 1 1 1 1 0
IP Routing
bull Typical route uses several hopsbull IP no orderingdelivery guarantees connectionless
Best effort
Meg
Tom
ISP
Office gateway
121423312132141151
SourceDestination
Packet
121423312
12142331132141151
13214111
ROUTING TABLE
Destination Prefix Next Hop IP
132140016 123141111
1320008 13234555
Based on slides from CS155 at Stanford
IP Protocol Functions (Summary)
bull Routingndash IP host knows location of router (gateway)ndash IP gateway must know route to other networks
bull Fragmentation and reassemblyndash If max-packet-size less than the user-data-size
bull Error reportingndash ICMP packet to source if packet is dropped
bull TTL field decremented after every hopndash Packet dropped f TTL=0 Prevents infinite loops
Based on slides from CS155 at Stanford
The IP address space
NATS
User Datagram Protocol (protocol=17)
bull Unreliable transport on top of IPndash No acks or congenstion control
ndash Used for VoIP video NTP (network time protocol) anything else where latency matters more than reliability
UDP Based on slides from CS155 at Stanford
Problem no src IP authentication
bull Client is trusted to embed correct source IPndash Easy to override using raw socketsndash Libnet a library for formatting raw packets
with arbitrary IP headers
Anyone who owns their machine can send packets with arbitrary source IP hellip response will be sent back to forged source IP
Implications (solutions in DDoS lecture)
Anonymous DoS attacks Anonymous infection attacks (eg slammer worm)
Based on slides from CS155 at Stanford
DoS Reflection amp Amplification AttackUsing protocols over UDP like NTP DNS etc
UDP
Evillll Meg
Tom
1321411518888
Source IPDest IP
DNS Query
121423312
132141151
Public DNS Server
8888
8888132141151
Source IPDest IP
DNS response
DNS Data
Short query
Huge response
Tom gets hit by toomany packets
Transmission Control Protocol
bull Connection-oriented preserves orderndash Sender
bull Break data into packetsbull Attach packet numbers
ndash Receiverbull Acknowledge receipt lost packets are
resentbull Reassemble packets in correct order
TCP
Book
Mail each pageReassemble book
19
5
1
1 1
Based on slides from CS155 at Stanford
Source httpsdevcentralf5comarticlesapplication-is-more-than-header-deep
bull FROM httpcodeidolcomimgcsharp-networkf0209_0jpg
Review TCP HandshakeC S
SYN
SYNACK
ACK
Listening
Store SNC SNS
Wait
Established
SNCrandC
ANC0
SNSrandS
ANSSNC
SNSNC+1ANSNS
Received packets with SN too far out of window are dropped
Based on slides from CS155 at Stanford
Basic Security Problems
1 Network packets pass by untrusted hostsndash Eavesdropping packet sniffingndash Especially easy when attacker controls a
machine close to victim
2 TCP state can be easy to guessndash Enables spoofing and session hijackingndash Depending on how sequence number is chosen
3 Denial of Service (DoS) vulnerabilitiesndash Syn connection state attacks
Based on slides from CS155 at Stanford
1 Packet Sniffing
Promiscuous NIC reads all packetsbull Read all unencrypted data (eg ldquowiresharkrdquo)bull ftp telnet (and POP IMAP) may send passwords in
clear
Alice Bob
Eve
NetworkNetwork
Prevention Encryption (next lecture IPSEC)
Based on slides from CS155 at Stanford
2 TCP Connection Spoofing
bull Why random initial sequence numbers (SNC SNS )
bull Suppose init sequence numbers are predictablendash Attacker can create TCP session on behalf of forged
source IP
Victim
Server
SYNACKdstIP=victimSN=server SNS
ACKsrcIP=victimAN=predicted SNS
commandserver thinks command is from victim IP addr
attacker
TCP SYNsrcIP=victim
Based on slides from CS155 at Stanford
Example DoS vulnerability [Watsonrsquo04]
bull Suppose attacker can guess seq number for an existing connectionndash Attacker can send Reset packet to
close connection Results in DoSndash Naively success prob is 1232 (32-bit seq rsquos)ndash Most systems allow for a large window of
acceptable seq rsquosbull Much higher success probability
bull Attack is most effective against long lived connections eg BGP
Based on slides from CS155 at Stanford
Random initial TCP SNs
bull Unpredictable SNs prevent basic packet injectionndash hellip but attacker can inject packets after
eavesdropping to obtain current SN
bull Most TCP stacks now generate random SNs
ndash Random generator should be unpredictable
ndash GPRrsquo06 Linux RNG for generating SNs is predictable
bull Attacker repeatedly connects to serverbull Obtains sequence of SNsbull Can predict next SNbull Attacker can now do TCP spoofing
(create TCP session with forged source IP)
Based on slides from CS155 at Stanford
Securing the IPTCP stack
TCP
IPIPSEC
HTTP FTP SMTP
TCP
IP
HTTP FTP SMTP
SSLTLS
TCP
IP
SMIME PGP
UDP
Kerberos SMTP
SET
HTTP
At the Network LevelAt the Transport Level
At the Application Level
Who uses IPsec From Stallings 5th edition
Mode 1 Transport
Mode 2 Tunnel
ESP Tunnel mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing) between the tunnels (DoS attacks too)
Source and dest address INSIDE the tunnel is protected
ESP without authentication (From Steve Friedl)
BAD IDEA
Now we can encrypt or encrypt and authenticateThe padding allows us to reduce traffic analysis attacks but people almost never use it
AH Tunnel mode (From Steve Friedl)
Authenticated connection for VPN Packet encapsulated source and dest address protectedCanrsquot work with NATs
AH Transport mode (From Steve Friedl)
Authenticated connection between two hosts (HMAC)Doesnrsquot work with NAT (network address translation)
ESP Transport mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing)
P0
P1
P2
bull If a received packet falls in the windowndash if authenticated and unmarked mark itndash if marked then replay
bull If a received packet is gt Nndash if authenticated advance the window so that this packet is at the
rightmost edge and mark it
bull If a received packet is lt= N-Wndash packet is discarded
window size W (default is 64)
AH ndash Anti-replay Service in Ipsec
From Stallings 5th edition
N highest seq number for a valid paket recevied so far
Other considerations
bull Traffic analysis ndash packet lengths ndash Timingndash Source and destination addressesndash ToS fields
bull Dealing with NATsbull Replay attacksbull Key management
From CAIDA
TLS Handshake
TLS packet format
As opposed to unsecured HTTP URLs which begin with http and use port 80 by default secure HTTPS URLs begin with https and use port 443 by default
IPSEC VS TLS
bull People are still talking about this httpwwwmetzdowdcompipermailcryptography2014-April020674html
[Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)
Nico Williams nico at cryptonectorcom Wed Apr 2 115952 EDT 2014bullPrevious message [Cryptography] TLSDTLS Use CasesbullNext message [Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)bullMessages sorted by [ date ] [ thread ] [ subject ] [ author ]
On Tue Apr 01 2014 at 103154PM -0400 Jerry Leichter wrote gt IPSec has many faults - so many as to render it unusable - but it did gt get one thing right To most code an IPSec socket looks just like a gt plain TCP socket Anything that talks TCP can talk TCP securely gt over IPSec with essentially no changes (Securely in quotes because gt its a rather specialized notion of securely)
What is ARPbull Address Resolution Protocol (ARP) is how network devices associate
MAC addresses with IP Addresses so that devices on the local network can find each other ARP is basically a form of networking roll call
bull ARP a very simple protocol consists of merely four basic message types
bull An ARP Request Computer A asks the network Who has this IP address
bull An ARP Reply Computer B tells Computer A I have that IP My MAC address is [whatever it is]
bull A Reverse ARP Request (RARP) Same concept as ARP Request but Computer A asks Who has this MAC address
bull A RARP Reply Computer B tells Computer A I have that MAC My IP address is [whatever it is]ldquo
FROM httpwwwwatchguardcominfocentereditorial135324asp
ARP poisoning
ARP poisoning
ARP poisoning
What is the threat model for arp poisoning
Data Formats
Application
Transport (TCP UDP)
Network (IP)
Link Layer
Application message - data
TCP data TCP data TCP data
TCP Header
dataTCPIP
IP Header
dataTCPIPETH ETF
Link (Ethernet) Header
Link (Ethernet) Trailer
segment
packet
frame
message
Based on slides from CS155 at Stanford
Source httpsdevcentralf5comarticlesapplication-is-more-than-header-deep
IP Prefixes amp Addresses
20416254024 is
204 16 254
1 8 16 24 32
0 1 1 0 1 0 0 0 0 0 0 0 1 0 0 0 1 1 1 1 1 1 1 0
IP Routing
bull Typical route uses several hopsbull IP no orderingdelivery guarantees connectionless
Best effort
Meg
Tom
ISP
Office gateway
121423312132141151
SourceDestination
Packet
121423312
12142331132141151
13214111
ROUTING TABLE
Destination Prefix Next Hop IP
132140016 123141111
1320008 13234555
Based on slides from CS155 at Stanford
IP Protocol Functions (Summary)
bull Routingndash IP host knows location of router (gateway)ndash IP gateway must know route to other networks
bull Fragmentation and reassemblyndash If max-packet-size less than the user-data-size
bull Error reportingndash ICMP packet to source if packet is dropped
bull TTL field decremented after every hopndash Packet dropped f TTL=0 Prevents infinite loops
Based on slides from CS155 at Stanford
The IP address space
NATS
User Datagram Protocol (protocol=17)
bull Unreliable transport on top of IPndash No acks or congenstion control
ndash Used for VoIP video NTP (network time protocol) anything else where latency matters more than reliability
UDP Based on slides from CS155 at Stanford
Problem no src IP authentication
bull Client is trusted to embed correct source IPndash Easy to override using raw socketsndash Libnet a library for formatting raw packets
with arbitrary IP headers
Anyone who owns their machine can send packets with arbitrary source IP hellip response will be sent back to forged source IP
Implications (solutions in DDoS lecture)
Anonymous DoS attacks Anonymous infection attacks (eg slammer worm)
Based on slides from CS155 at Stanford
DoS Reflection amp Amplification AttackUsing protocols over UDP like NTP DNS etc
UDP
Evillll Meg
Tom
1321411518888
Source IPDest IP
DNS Query
121423312
132141151
Public DNS Server
8888
8888132141151
Source IPDest IP
DNS response
DNS Data
Short query
Huge response
Tom gets hit by toomany packets
Transmission Control Protocol
bull Connection-oriented preserves orderndash Sender
bull Break data into packetsbull Attach packet numbers
ndash Receiverbull Acknowledge receipt lost packets are
resentbull Reassemble packets in correct order
TCP
Book
Mail each pageReassemble book
19
5
1
1 1
Based on slides from CS155 at Stanford
Source httpsdevcentralf5comarticlesapplication-is-more-than-header-deep
bull FROM httpcodeidolcomimgcsharp-networkf0209_0jpg
Review TCP HandshakeC S
SYN
SYNACK
ACK
Listening
Store SNC SNS
Wait
Established
SNCrandC
ANC0
SNSrandS
ANSSNC
SNSNC+1ANSNS
Received packets with SN too far out of window are dropped
Based on slides from CS155 at Stanford
Basic Security Problems
1 Network packets pass by untrusted hostsndash Eavesdropping packet sniffingndash Especially easy when attacker controls a
machine close to victim
2 TCP state can be easy to guessndash Enables spoofing and session hijackingndash Depending on how sequence number is chosen
3 Denial of Service (DoS) vulnerabilitiesndash Syn connection state attacks
Based on slides from CS155 at Stanford
1 Packet Sniffing
Promiscuous NIC reads all packetsbull Read all unencrypted data (eg ldquowiresharkrdquo)bull ftp telnet (and POP IMAP) may send passwords in
clear
Alice Bob
Eve
NetworkNetwork
Prevention Encryption (next lecture IPSEC)
Based on slides from CS155 at Stanford
2 TCP Connection Spoofing
bull Why random initial sequence numbers (SNC SNS )
bull Suppose init sequence numbers are predictablendash Attacker can create TCP session on behalf of forged
source IP
Victim
Server
SYNACKdstIP=victimSN=server SNS
ACKsrcIP=victimAN=predicted SNS
commandserver thinks command is from victim IP addr
attacker
TCP SYNsrcIP=victim
Based on slides from CS155 at Stanford
Example DoS vulnerability [Watsonrsquo04]
bull Suppose attacker can guess seq number for an existing connectionndash Attacker can send Reset packet to
close connection Results in DoSndash Naively success prob is 1232 (32-bit seq rsquos)ndash Most systems allow for a large window of
acceptable seq rsquosbull Much higher success probability
bull Attack is most effective against long lived connections eg BGP
Based on slides from CS155 at Stanford
Random initial TCP SNs
bull Unpredictable SNs prevent basic packet injectionndash hellip but attacker can inject packets after
eavesdropping to obtain current SN
bull Most TCP stacks now generate random SNs
ndash Random generator should be unpredictable
ndash GPRrsquo06 Linux RNG for generating SNs is predictable
bull Attacker repeatedly connects to serverbull Obtains sequence of SNsbull Can predict next SNbull Attacker can now do TCP spoofing
(create TCP session with forged source IP)
Based on slides from CS155 at Stanford
Securing the IPTCP stack
TCP
IPIPSEC
HTTP FTP SMTP
TCP
IP
HTTP FTP SMTP
SSLTLS
TCP
IP
SMIME PGP
UDP
Kerberos SMTP
SET
HTTP
At the Network LevelAt the Transport Level
At the Application Level
Who uses IPsec From Stallings 5th edition
Mode 1 Transport
Mode 2 Tunnel
ESP Tunnel mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing) between the tunnels (DoS attacks too)
Source and dest address INSIDE the tunnel is protected
ESP without authentication (From Steve Friedl)
BAD IDEA
Now we can encrypt or encrypt and authenticateThe padding allows us to reduce traffic analysis attacks but people almost never use it
AH Tunnel mode (From Steve Friedl)
Authenticated connection for VPN Packet encapsulated source and dest address protectedCanrsquot work with NATs
AH Transport mode (From Steve Friedl)
Authenticated connection between two hosts (HMAC)Doesnrsquot work with NAT (network address translation)
ESP Transport mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing)
P0
P1
P2
bull If a received packet falls in the windowndash if authenticated and unmarked mark itndash if marked then replay
bull If a received packet is gt Nndash if authenticated advance the window so that this packet is at the
rightmost edge and mark it
bull If a received packet is lt= N-Wndash packet is discarded
window size W (default is 64)
AH ndash Anti-replay Service in Ipsec
From Stallings 5th edition
N highest seq number for a valid paket recevied so far
Other considerations
bull Traffic analysis ndash packet lengths ndash Timingndash Source and destination addressesndash ToS fields
bull Dealing with NATsbull Replay attacksbull Key management
From CAIDA
TLS Handshake
TLS packet format
As opposed to unsecured HTTP URLs which begin with http and use port 80 by default secure HTTPS URLs begin with https and use port 443 by default
IPSEC VS TLS
bull People are still talking about this httpwwwmetzdowdcompipermailcryptography2014-April020674html
[Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)
Nico Williams nico at cryptonectorcom Wed Apr 2 115952 EDT 2014bullPrevious message [Cryptography] TLSDTLS Use CasesbullNext message [Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)bullMessages sorted by [ date ] [ thread ] [ subject ] [ author ]
On Tue Apr 01 2014 at 103154PM -0400 Jerry Leichter wrote gt IPSec has many faults - so many as to render it unusable - but it did gt get one thing right To most code an IPSec socket looks just like a gt plain TCP socket Anything that talks TCP can talk TCP securely gt over IPSec with essentially no changes (Securely in quotes because gt its a rather specialized notion of securely)
What is ARPbull Address Resolution Protocol (ARP) is how network devices associate
MAC addresses with IP Addresses so that devices on the local network can find each other ARP is basically a form of networking roll call
bull ARP a very simple protocol consists of merely four basic message types
bull An ARP Request Computer A asks the network Who has this IP address
bull An ARP Reply Computer B tells Computer A I have that IP My MAC address is [whatever it is]
bull A Reverse ARP Request (RARP) Same concept as ARP Request but Computer A asks Who has this MAC address
bull A RARP Reply Computer B tells Computer A I have that MAC My IP address is [whatever it is]ldquo
FROM httpwwwwatchguardcominfocentereditorial135324asp
ARP poisoning
ARP poisoning
ARP poisoning
What is the threat model for arp poisoning
Source httpsdevcentralf5comarticlesapplication-is-more-than-header-deep
IP Prefixes amp Addresses
20416254024 is
204 16 254
1 8 16 24 32
0 1 1 0 1 0 0 0 0 0 0 0 1 0 0 0 1 1 1 1 1 1 1 0
IP Routing
bull Typical route uses several hopsbull IP no orderingdelivery guarantees connectionless
Best effort
Meg
Tom
ISP
Office gateway
121423312132141151
SourceDestination
Packet
121423312
12142331132141151
13214111
ROUTING TABLE
Destination Prefix Next Hop IP
132140016 123141111
1320008 13234555
Based on slides from CS155 at Stanford
IP Protocol Functions (Summary)
bull Routingndash IP host knows location of router (gateway)ndash IP gateway must know route to other networks
bull Fragmentation and reassemblyndash If max-packet-size less than the user-data-size
bull Error reportingndash ICMP packet to source if packet is dropped
bull TTL field decremented after every hopndash Packet dropped f TTL=0 Prevents infinite loops
Based on slides from CS155 at Stanford
The IP address space
NATS
User Datagram Protocol (protocol=17)
bull Unreliable transport on top of IPndash No acks or congenstion control
ndash Used for VoIP video NTP (network time protocol) anything else where latency matters more than reliability
UDP Based on slides from CS155 at Stanford
Problem no src IP authentication
bull Client is trusted to embed correct source IPndash Easy to override using raw socketsndash Libnet a library for formatting raw packets
with arbitrary IP headers
Anyone who owns their machine can send packets with arbitrary source IP hellip response will be sent back to forged source IP
Implications (solutions in DDoS lecture)
Anonymous DoS attacks Anonymous infection attacks (eg slammer worm)
Based on slides from CS155 at Stanford
DoS Reflection amp Amplification AttackUsing protocols over UDP like NTP DNS etc
UDP
Evillll Meg
Tom
1321411518888
Source IPDest IP
DNS Query
121423312
132141151
Public DNS Server
8888
8888132141151
Source IPDest IP
DNS response
DNS Data
Short query
Huge response
Tom gets hit by toomany packets
Transmission Control Protocol
bull Connection-oriented preserves orderndash Sender
bull Break data into packetsbull Attach packet numbers
ndash Receiverbull Acknowledge receipt lost packets are
resentbull Reassemble packets in correct order
TCP
Book
Mail each pageReassemble book
19
5
1
1 1
Based on slides from CS155 at Stanford
Source httpsdevcentralf5comarticlesapplication-is-more-than-header-deep
bull FROM httpcodeidolcomimgcsharp-networkf0209_0jpg
Review TCP HandshakeC S
SYN
SYNACK
ACK
Listening
Store SNC SNS
Wait
Established
SNCrandC
ANC0
SNSrandS
ANSSNC
SNSNC+1ANSNS
Received packets with SN too far out of window are dropped
Based on slides from CS155 at Stanford
Basic Security Problems
1 Network packets pass by untrusted hostsndash Eavesdropping packet sniffingndash Especially easy when attacker controls a
machine close to victim
2 TCP state can be easy to guessndash Enables spoofing and session hijackingndash Depending on how sequence number is chosen
3 Denial of Service (DoS) vulnerabilitiesndash Syn connection state attacks
Based on slides from CS155 at Stanford
1 Packet Sniffing
Promiscuous NIC reads all packetsbull Read all unencrypted data (eg ldquowiresharkrdquo)bull ftp telnet (and POP IMAP) may send passwords in
clear
Alice Bob
Eve
NetworkNetwork
Prevention Encryption (next lecture IPSEC)
Based on slides from CS155 at Stanford
2 TCP Connection Spoofing
bull Why random initial sequence numbers (SNC SNS )
bull Suppose init sequence numbers are predictablendash Attacker can create TCP session on behalf of forged
source IP
Victim
Server
SYNACKdstIP=victimSN=server SNS
ACKsrcIP=victimAN=predicted SNS
commandserver thinks command is from victim IP addr
attacker
TCP SYNsrcIP=victim
Based on slides from CS155 at Stanford
Example DoS vulnerability [Watsonrsquo04]
bull Suppose attacker can guess seq number for an existing connectionndash Attacker can send Reset packet to
close connection Results in DoSndash Naively success prob is 1232 (32-bit seq rsquos)ndash Most systems allow for a large window of
acceptable seq rsquosbull Much higher success probability
bull Attack is most effective against long lived connections eg BGP
Based on slides from CS155 at Stanford
Random initial TCP SNs
bull Unpredictable SNs prevent basic packet injectionndash hellip but attacker can inject packets after
eavesdropping to obtain current SN
bull Most TCP stacks now generate random SNs
ndash Random generator should be unpredictable
ndash GPRrsquo06 Linux RNG for generating SNs is predictable
bull Attacker repeatedly connects to serverbull Obtains sequence of SNsbull Can predict next SNbull Attacker can now do TCP spoofing
(create TCP session with forged source IP)
Based on slides from CS155 at Stanford
Securing the IPTCP stack
TCP
IPIPSEC
HTTP FTP SMTP
TCP
IP
HTTP FTP SMTP
SSLTLS
TCP
IP
SMIME PGP
UDP
Kerberos SMTP
SET
HTTP
At the Network LevelAt the Transport Level
At the Application Level
Who uses IPsec From Stallings 5th edition
Mode 1 Transport
Mode 2 Tunnel
ESP Tunnel mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing) between the tunnels (DoS attacks too)
Source and dest address INSIDE the tunnel is protected
ESP without authentication (From Steve Friedl)
BAD IDEA
Now we can encrypt or encrypt and authenticateThe padding allows us to reduce traffic analysis attacks but people almost never use it
AH Tunnel mode (From Steve Friedl)
Authenticated connection for VPN Packet encapsulated source and dest address protectedCanrsquot work with NATs
AH Transport mode (From Steve Friedl)
Authenticated connection between two hosts (HMAC)Doesnrsquot work with NAT (network address translation)
ESP Transport mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing)
P0
P1
P2
bull If a received packet falls in the windowndash if authenticated and unmarked mark itndash if marked then replay
bull If a received packet is gt Nndash if authenticated advance the window so that this packet is at the
rightmost edge and mark it
bull If a received packet is lt= N-Wndash packet is discarded
window size W (default is 64)
AH ndash Anti-replay Service in Ipsec
From Stallings 5th edition
N highest seq number for a valid paket recevied so far
Other considerations
bull Traffic analysis ndash packet lengths ndash Timingndash Source and destination addressesndash ToS fields
bull Dealing with NATsbull Replay attacksbull Key management
From CAIDA
TLS Handshake
TLS packet format
As opposed to unsecured HTTP URLs which begin with http and use port 80 by default secure HTTPS URLs begin with https and use port 443 by default
IPSEC VS TLS
bull People are still talking about this httpwwwmetzdowdcompipermailcryptography2014-April020674html
[Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)
Nico Williams nico at cryptonectorcom Wed Apr 2 115952 EDT 2014bullPrevious message [Cryptography] TLSDTLS Use CasesbullNext message [Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)bullMessages sorted by [ date ] [ thread ] [ subject ] [ author ]
On Tue Apr 01 2014 at 103154PM -0400 Jerry Leichter wrote gt IPSec has many faults - so many as to render it unusable - but it did gt get one thing right To most code an IPSec socket looks just like a gt plain TCP socket Anything that talks TCP can talk TCP securely gt over IPSec with essentially no changes (Securely in quotes because gt its a rather specialized notion of securely)
What is ARPbull Address Resolution Protocol (ARP) is how network devices associate
MAC addresses with IP Addresses so that devices on the local network can find each other ARP is basically a form of networking roll call
bull ARP a very simple protocol consists of merely four basic message types
bull An ARP Request Computer A asks the network Who has this IP address
bull An ARP Reply Computer B tells Computer A I have that IP My MAC address is [whatever it is]
bull A Reverse ARP Request (RARP) Same concept as ARP Request but Computer A asks Who has this MAC address
bull A RARP Reply Computer B tells Computer A I have that MAC My IP address is [whatever it is]ldquo
FROM httpwwwwatchguardcominfocentereditorial135324asp
ARP poisoning
ARP poisoning
ARP poisoning
What is the threat model for arp poisoning
IP Prefixes amp Addresses
20416254024 is
204 16 254
1 8 16 24 32
0 1 1 0 1 0 0 0 0 0 0 0 1 0 0 0 1 1 1 1 1 1 1 0
IP Routing
bull Typical route uses several hopsbull IP no orderingdelivery guarantees connectionless
Best effort
Meg
Tom
ISP
Office gateway
121423312132141151
SourceDestination
Packet
121423312
12142331132141151
13214111
ROUTING TABLE
Destination Prefix Next Hop IP
132140016 123141111
1320008 13234555
Based on slides from CS155 at Stanford
IP Protocol Functions (Summary)
bull Routingndash IP host knows location of router (gateway)ndash IP gateway must know route to other networks
bull Fragmentation and reassemblyndash If max-packet-size less than the user-data-size
bull Error reportingndash ICMP packet to source if packet is dropped
bull TTL field decremented after every hopndash Packet dropped f TTL=0 Prevents infinite loops
Based on slides from CS155 at Stanford
The IP address space
NATS
User Datagram Protocol (protocol=17)
bull Unreliable transport on top of IPndash No acks or congenstion control
ndash Used for VoIP video NTP (network time protocol) anything else where latency matters more than reliability
UDP Based on slides from CS155 at Stanford
Problem no src IP authentication
bull Client is trusted to embed correct source IPndash Easy to override using raw socketsndash Libnet a library for formatting raw packets
with arbitrary IP headers
Anyone who owns their machine can send packets with arbitrary source IP hellip response will be sent back to forged source IP
Implications (solutions in DDoS lecture)
Anonymous DoS attacks Anonymous infection attacks (eg slammer worm)
Based on slides from CS155 at Stanford
DoS Reflection amp Amplification AttackUsing protocols over UDP like NTP DNS etc
UDP
Evillll Meg
Tom
1321411518888
Source IPDest IP
DNS Query
121423312
132141151
Public DNS Server
8888
8888132141151
Source IPDest IP
DNS response
DNS Data
Short query
Huge response
Tom gets hit by toomany packets
Transmission Control Protocol
bull Connection-oriented preserves orderndash Sender
bull Break data into packetsbull Attach packet numbers
ndash Receiverbull Acknowledge receipt lost packets are
resentbull Reassemble packets in correct order
TCP
Book
Mail each pageReassemble book
19
5
1
1 1
Based on slides from CS155 at Stanford
Source httpsdevcentralf5comarticlesapplication-is-more-than-header-deep
bull FROM httpcodeidolcomimgcsharp-networkf0209_0jpg
Review TCP HandshakeC S
SYN
SYNACK
ACK
Listening
Store SNC SNS
Wait
Established
SNCrandC
ANC0
SNSrandS
ANSSNC
SNSNC+1ANSNS
Received packets with SN too far out of window are dropped
Based on slides from CS155 at Stanford
Basic Security Problems
1 Network packets pass by untrusted hostsndash Eavesdropping packet sniffingndash Especially easy when attacker controls a
machine close to victim
2 TCP state can be easy to guessndash Enables spoofing and session hijackingndash Depending on how sequence number is chosen
3 Denial of Service (DoS) vulnerabilitiesndash Syn connection state attacks
Based on slides from CS155 at Stanford
1 Packet Sniffing
Promiscuous NIC reads all packetsbull Read all unencrypted data (eg ldquowiresharkrdquo)bull ftp telnet (and POP IMAP) may send passwords in
clear
Alice Bob
Eve
NetworkNetwork
Prevention Encryption (next lecture IPSEC)
Based on slides from CS155 at Stanford
2 TCP Connection Spoofing
bull Why random initial sequence numbers (SNC SNS )
bull Suppose init sequence numbers are predictablendash Attacker can create TCP session on behalf of forged
source IP
Victim
Server
SYNACKdstIP=victimSN=server SNS
ACKsrcIP=victimAN=predicted SNS
commandserver thinks command is from victim IP addr
attacker
TCP SYNsrcIP=victim
Based on slides from CS155 at Stanford
Example DoS vulnerability [Watsonrsquo04]
bull Suppose attacker can guess seq number for an existing connectionndash Attacker can send Reset packet to
close connection Results in DoSndash Naively success prob is 1232 (32-bit seq rsquos)ndash Most systems allow for a large window of
acceptable seq rsquosbull Much higher success probability
bull Attack is most effective against long lived connections eg BGP
Based on slides from CS155 at Stanford
Random initial TCP SNs
bull Unpredictable SNs prevent basic packet injectionndash hellip but attacker can inject packets after
eavesdropping to obtain current SN
bull Most TCP stacks now generate random SNs
ndash Random generator should be unpredictable
ndash GPRrsquo06 Linux RNG for generating SNs is predictable
bull Attacker repeatedly connects to serverbull Obtains sequence of SNsbull Can predict next SNbull Attacker can now do TCP spoofing
(create TCP session with forged source IP)
Based on slides from CS155 at Stanford
Securing the IPTCP stack
TCP
IPIPSEC
HTTP FTP SMTP
TCP
IP
HTTP FTP SMTP
SSLTLS
TCP
IP
SMIME PGP
UDP
Kerberos SMTP
SET
HTTP
At the Network LevelAt the Transport Level
At the Application Level
Who uses IPsec From Stallings 5th edition
Mode 1 Transport
Mode 2 Tunnel
ESP Tunnel mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing) between the tunnels (DoS attacks too)
Source and dest address INSIDE the tunnel is protected
ESP without authentication (From Steve Friedl)
BAD IDEA
Now we can encrypt or encrypt and authenticateThe padding allows us to reduce traffic analysis attacks but people almost never use it
AH Tunnel mode (From Steve Friedl)
Authenticated connection for VPN Packet encapsulated source and dest address protectedCanrsquot work with NATs
AH Transport mode (From Steve Friedl)
Authenticated connection between two hosts (HMAC)Doesnrsquot work with NAT (network address translation)
ESP Transport mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing)
P0
P1
P2
bull If a received packet falls in the windowndash if authenticated and unmarked mark itndash if marked then replay
bull If a received packet is gt Nndash if authenticated advance the window so that this packet is at the
rightmost edge and mark it
bull If a received packet is lt= N-Wndash packet is discarded
window size W (default is 64)
AH ndash Anti-replay Service in Ipsec
From Stallings 5th edition
N highest seq number for a valid paket recevied so far
Other considerations
bull Traffic analysis ndash packet lengths ndash Timingndash Source and destination addressesndash ToS fields
bull Dealing with NATsbull Replay attacksbull Key management
From CAIDA
TLS Handshake
TLS packet format
As opposed to unsecured HTTP URLs which begin with http and use port 80 by default secure HTTPS URLs begin with https and use port 443 by default
IPSEC VS TLS
bull People are still talking about this httpwwwmetzdowdcompipermailcryptography2014-April020674html
[Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)
Nico Williams nico at cryptonectorcom Wed Apr 2 115952 EDT 2014bullPrevious message [Cryptography] TLSDTLS Use CasesbullNext message [Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)bullMessages sorted by [ date ] [ thread ] [ subject ] [ author ]
On Tue Apr 01 2014 at 103154PM -0400 Jerry Leichter wrote gt IPSec has many faults - so many as to render it unusable - but it did gt get one thing right To most code an IPSec socket looks just like a gt plain TCP socket Anything that talks TCP can talk TCP securely gt over IPSec with essentially no changes (Securely in quotes because gt its a rather specialized notion of securely)
What is ARPbull Address Resolution Protocol (ARP) is how network devices associate
MAC addresses with IP Addresses so that devices on the local network can find each other ARP is basically a form of networking roll call
bull ARP a very simple protocol consists of merely four basic message types
bull An ARP Request Computer A asks the network Who has this IP address
bull An ARP Reply Computer B tells Computer A I have that IP My MAC address is [whatever it is]
bull A Reverse ARP Request (RARP) Same concept as ARP Request but Computer A asks Who has this MAC address
bull A RARP Reply Computer B tells Computer A I have that MAC My IP address is [whatever it is]ldquo
FROM httpwwwwatchguardcominfocentereditorial135324asp
ARP poisoning
ARP poisoning
ARP poisoning
What is the threat model for arp poisoning
IP Routing
bull Typical route uses several hopsbull IP no orderingdelivery guarantees connectionless
Best effort
Meg
Tom
ISP
Office gateway
121423312132141151
SourceDestination
Packet
121423312
12142331132141151
13214111
ROUTING TABLE
Destination Prefix Next Hop IP
132140016 123141111
1320008 13234555
Based on slides from CS155 at Stanford
IP Protocol Functions (Summary)
bull Routingndash IP host knows location of router (gateway)ndash IP gateway must know route to other networks
bull Fragmentation and reassemblyndash If max-packet-size less than the user-data-size
bull Error reportingndash ICMP packet to source if packet is dropped
bull TTL field decremented after every hopndash Packet dropped f TTL=0 Prevents infinite loops
Based on slides from CS155 at Stanford
The IP address space
NATS
User Datagram Protocol (protocol=17)
bull Unreliable transport on top of IPndash No acks or congenstion control
ndash Used for VoIP video NTP (network time protocol) anything else where latency matters more than reliability
UDP Based on slides from CS155 at Stanford
Problem no src IP authentication
bull Client is trusted to embed correct source IPndash Easy to override using raw socketsndash Libnet a library for formatting raw packets
with arbitrary IP headers
Anyone who owns their machine can send packets with arbitrary source IP hellip response will be sent back to forged source IP
Implications (solutions in DDoS lecture)
Anonymous DoS attacks Anonymous infection attacks (eg slammer worm)
Based on slides from CS155 at Stanford
DoS Reflection amp Amplification AttackUsing protocols over UDP like NTP DNS etc
UDP
Evillll Meg
Tom
1321411518888
Source IPDest IP
DNS Query
121423312
132141151
Public DNS Server
8888
8888132141151
Source IPDest IP
DNS response
DNS Data
Short query
Huge response
Tom gets hit by toomany packets
Transmission Control Protocol
bull Connection-oriented preserves orderndash Sender
bull Break data into packetsbull Attach packet numbers
ndash Receiverbull Acknowledge receipt lost packets are
resentbull Reassemble packets in correct order
TCP
Book
Mail each pageReassemble book
19
5
1
1 1
Based on slides from CS155 at Stanford
Source httpsdevcentralf5comarticlesapplication-is-more-than-header-deep
bull FROM httpcodeidolcomimgcsharp-networkf0209_0jpg
Review TCP HandshakeC S
SYN
SYNACK
ACK
Listening
Store SNC SNS
Wait
Established
SNCrandC
ANC0
SNSrandS
ANSSNC
SNSNC+1ANSNS
Received packets with SN too far out of window are dropped
Based on slides from CS155 at Stanford
Basic Security Problems
1 Network packets pass by untrusted hostsndash Eavesdropping packet sniffingndash Especially easy when attacker controls a
machine close to victim
2 TCP state can be easy to guessndash Enables spoofing and session hijackingndash Depending on how sequence number is chosen
3 Denial of Service (DoS) vulnerabilitiesndash Syn connection state attacks
Based on slides from CS155 at Stanford
1 Packet Sniffing
Promiscuous NIC reads all packetsbull Read all unencrypted data (eg ldquowiresharkrdquo)bull ftp telnet (and POP IMAP) may send passwords in
clear
Alice Bob
Eve
NetworkNetwork
Prevention Encryption (next lecture IPSEC)
Based on slides from CS155 at Stanford
2 TCP Connection Spoofing
bull Why random initial sequence numbers (SNC SNS )
bull Suppose init sequence numbers are predictablendash Attacker can create TCP session on behalf of forged
source IP
Victim
Server
SYNACKdstIP=victimSN=server SNS
ACKsrcIP=victimAN=predicted SNS
commandserver thinks command is from victim IP addr
attacker
TCP SYNsrcIP=victim
Based on slides from CS155 at Stanford
Example DoS vulnerability [Watsonrsquo04]
bull Suppose attacker can guess seq number for an existing connectionndash Attacker can send Reset packet to
close connection Results in DoSndash Naively success prob is 1232 (32-bit seq rsquos)ndash Most systems allow for a large window of
acceptable seq rsquosbull Much higher success probability
bull Attack is most effective against long lived connections eg BGP
Based on slides from CS155 at Stanford
Random initial TCP SNs
bull Unpredictable SNs prevent basic packet injectionndash hellip but attacker can inject packets after
eavesdropping to obtain current SN
bull Most TCP stacks now generate random SNs
ndash Random generator should be unpredictable
ndash GPRrsquo06 Linux RNG for generating SNs is predictable
bull Attacker repeatedly connects to serverbull Obtains sequence of SNsbull Can predict next SNbull Attacker can now do TCP spoofing
(create TCP session with forged source IP)
Based on slides from CS155 at Stanford
Securing the IPTCP stack
TCP
IPIPSEC
HTTP FTP SMTP
TCP
IP
HTTP FTP SMTP
SSLTLS
TCP
IP
SMIME PGP
UDP
Kerberos SMTP
SET
HTTP
At the Network LevelAt the Transport Level
At the Application Level
Who uses IPsec From Stallings 5th edition
Mode 1 Transport
Mode 2 Tunnel
ESP Tunnel mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing) between the tunnels (DoS attacks too)
Source and dest address INSIDE the tunnel is protected
ESP without authentication (From Steve Friedl)
BAD IDEA
Now we can encrypt or encrypt and authenticateThe padding allows us to reduce traffic analysis attacks but people almost never use it
AH Tunnel mode (From Steve Friedl)
Authenticated connection for VPN Packet encapsulated source and dest address protectedCanrsquot work with NATs
AH Transport mode (From Steve Friedl)
Authenticated connection between two hosts (HMAC)Doesnrsquot work with NAT (network address translation)
ESP Transport mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing)
P0
P1
P2
bull If a received packet falls in the windowndash if authenticated and unmarked mark itndash if marked then replay
bull If a received packet is gt Nndash if authenticated advance the window so that this packet is at the
rightmost edge and mark it
bull If a received packet is lt= N-Wndash packet is discarded
window size W (default is 64)
AH ndash Anti-replay Service in Ipsec
From Stallings 5th edition
N highest seq number for a valid paket recevied so far
Other considerations
bull Traffic analysis ndash packet lengths ndash Timingndash Source and destination addressesndash ToS fields
bull Dealing with NATsbull Replay attacksbull Key management
From CAIDA
TLS Handshake
TLS packet format
As opposed to unsecured HTTP URLs which begin with http and use port 80 by default secure HTTPS URLs begin with https and use port 443 by default
IPSEC VS TLS
bull People are still talking about this httpwwwmetzdowdcompipermailcryptography2014-April020674html
[Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)
Nico Williams nico at cryptonectorcom Wed Apr 2 115952 EDT 2014bullPrevious message [Cryptography] TLSDTLS Use CasesbullNext message [Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)bullMessages sorted by [ date ] [ thread ] [ subject ] [ author ]
On Tue Apr 01 2014 at 103154PM -0400 Jerry Leichter wrote gt IPSec has many faults - so many as to render it unusable - but it did gt get one thing right To most code an IPSec socket looks just like a gt plain TCP socket Anything that talks TCP can talk TCP securely gt over IPSec with essentially no changes (Securely in quotes because gt its a rather specialized notion of securely)
What is ARPbull Address Resolution Protocol (ARP) is how network devices associate
MAC addresses with IP Addresses so that devices on the local network can find each other ARP is basically a form of networking roll call
bull ARP a very simple protocol consists of merely four basic message types
bull An ARP Request Computer A asks the network Who has this IP address
bull An ARP Reply Computer B tells Computer A I have that IP My MAC address is [whatever it is]
bull A Reverse ARP Request (RARP) Same concept as ARP Request but Computer A asks Who has this MAC address
bull A RARP Reply Computer B tells Computer A I have that MAC My IP address is [whatever it is]ldquo
FROM httpwwwwatchguardcominfocentereditorial135324asp
ARP poisoning
ARP poisoning
ARP poisoning
What is the threat model for arp poisoning
IP Protocol Functions (Summary)
bull Routingndash IP host knows location of router (gateway)ndash IP gateway must know route to other networks
bull Fragmentation and reassemblyndash If max-packet-size less than the user-data-size
bull Error reportingndash ICMP packet to source if packet is dropped
bull TTL field decremented after every hopndash Packet dropped f TTL=0 Prevents infinite loops
Based on slides from CS155 at Stanford
The IP address space
NATS
User Datagram Protocol (protocol=17)
bull Unreliable transport on top of IPndash No acks or congenstion control
ndash Used for VoIP video NTP (network time protocol) anything else where latency matters more than reliability
UDP Based on slides from CS155 at Stanford
Problem no src IP authentication
bull Client is trusted to embed correct source IPndash Easy to override using raw socketsndash Libnet a library for formatting raw packets
with arbitrary IP headers
Anyone who owns their machine can send packets with arbitrary source IP hellip response will be sent back to forged source IP
Implications (solutions in DDoS lecture)
Anonymous DoS attacks Anonymous infection attacks (eg slammer worm)
Based on slides from CS155 at Stanford
DoS Reflection amp Amplification AttackUsing protocols over UDP like NTP DNS etc
UDP
Evillll Meg
Tom
1321411518888
Source IPDest IP
DNS Query
121423312
132141151
Public DNS Server
8888
8888132141151
Source IPDest IP
DNS response
DNS Data
Short query
Huge response
Tom gets hit by toomany packets
Transmission Control Protocol
bull Connection-oriented preserves orderndash Sender
bull Break data into packetsbull Attach packet numbers
ndash Receiverbull Acknowledge receipt lost packets are
resentbull Reassemble packets in correct order
TCP
Book
Mail each pageReassemble book
19
5
1
1 1
Based on slides from CS155 at Stanford
Source httpsdevcentralf5comarticlesapplication-is-more-than-header-deep
bull FROM httpcodeidolcomimgcsharp-networkf0209_0jpg
Review TCP HandshakeC S
SYN
SYNACK
ACK
Listening
Store SNC SNS
Wait
Established
SNCrandC
ANC0
SNSrandS
ANSSNC
SNSNC+1ANSNS
Received packets with SN too far out of window are dropped
Based on slides from CS155 at Stanford
Basic Security Problems
1 Network packets pass by untrusted hostsndash Eavesdropping packet sniffingndash Especially easy when attacker controls a
machine close to victim
2 TCP state can be easy to guessndash Enables spoofing and session hijackingndash Depending on how sequence number is chosen
3 Denial of Service (DoS) vulnerabilitiesndash Syn connection state attacks
Based on slides from CS155 at Stanford
1 Packet Sniffing
Promiscuous NIC reads all packetsbull Read all unencrypted data (eg ldquowiresharkrdquo)bull ftp telnet (and POP IMAP) may send passwords in
clear
Alice Bob
Eve
NetworkNetwork
Prevention Encryption (next lecture IPSEC)
Based on slides from CS155 at Stanford
2 TCP Connection Spoofing
bull Why random initial sequence numbers (SNC SNS )
bull Suppose init sequence numbers are predictablendash Attacker can create TCP session on behalf of forged
source IP
Victim
Server
SYNACKdstIP=victimSN=server SNS
ACKsrcIP=victimAN=predicted SNS
commandserver thinks command is from victim IP addr
attacker
TCP SYNsrcIP=victim
Based on slides from CS155 at Stanford
Example DoS vulnerability [Watsonrsquo04]
bull Suppose attacker can guess seq number for an existing connectionndash Attacker can send Reset packet to
close connection Results in DoSndash Naively success prob is 1232 (32-bit seq rsquos)ndash Most systems allow for a large window of
acceptable seq rsquosbull Much higher success probability
bull Attack is most effective against long lived connections eg BGP
Based on slides from CS155 at Stanford
Random initial TCP SNs
bull Unpredictable SNs prevent basic packet injectionndash hellip but attacker can inject packets after
eavesdropping to obtain current SN
bull Most TCP stacks now generate random SNs
ndash Random generator should be unpredictable
ndash GPRrsquo06 Linux RNG for generating SNs is predictable
bull Attacker repeatedly connects to serverbull Obtains sequence of SNsbull Can predict next SNbull Attacker can now do TCP spoofing
(create TCP session with forged source IP)
Based on slides from CS155 at Stanford
Securing the IPTCP stack
TCP
IPIPSEC
HTTP FTP SMTP
TCP
IP
HTTP FTP SMTP
SSLTLS
TCP
IP
SMIME PGP
UDP
Kerberos SMTP
SET
HTTP
At the Network LevelAt the Transport Level
At the Application Level
Who uses IPsec From Stallings 5th edition
Mode 1 Transport
Mode 2 Tunnel
ESP Tunnel mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing) between the tunnels (DoS attacks too)
Source and dest address INSIDE the tunnel is protected
ESP without authentication (From Steve Friedl)
BAD IDEA
Now we can encrypt or encrypt and authenticateThe padding allows us to reduce traffic analysis attacks but people almost never use it
AH Tunnel mode (From Steve Friedl)
Authenticated connection for VPN Packet encapsulated source and dest address protectedCanrsquot work with NATs
AH Transport mode (From Steve Friedl)
Authenticated connection between two hosts (HMAC)Doesnrsquot work with NAT (network address translation)
ESP Transport mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing)
P0
P1
P2
bull If a received packet falls in the windowndash if authenticated and unmarked mark itndash if marked then replay
bull If a received packet is gt Nndash if authenticated advance the window so that this packet is at the
rightmost edge and mark it
bull If a received packet is lt= N-Wndash packet is discarded
window size W (default is 64)
AH ndash Anti-replay Service in Ipsec
From Stallings 5th edition
N highest seq number for a valid paket recevied so far
Other considerations
bull Traffic analysis ndash packet lengths ndash Timingndash Source and destination addressesndash ToS fields
bull Dealing with NATsbull Replay attacksbull Key management
From CAIDA
TLS Handshake
TLS packet format
As opposed to unsecured HTTP URLs which begin with http and use port 80 by default secure HTTPS URLs begin with https and use port 443 by default
IPSEC VS TLS
bull People are still talking about this httpwwwmetzdowdcompipermailcryptography2014-April020674html
[Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)
Nico Williams nico at cryptonectorcom Wed Apr 2 115952 EDT 2014bullPrevious message [Cryptography] TLSDTLS Use CasesbullNext message [Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)bullMessages sorted by [ date ] [ thread ] [ subject ] [ author ]
On Tue Apr 01 2014 at 103154PM -0400 Jerry Leichter wrote gt IPSec has many faults - so many as to render it unusable - but it did gt get one thing right To most code an IPSec socket looks just like a gt plain TCP socket Anything that talks TCP can talk TCP securely gt over IPSec with essentially no changes (Securely in quotes because gt its a rather specialized notion of securely)
What is ARPbull Address Resolution Protocol (ARP) is how network devices associate
MAC addresses with IP Addresses so that devices on the local network can find each other ARP is basically a form of networking roll call
bull ARP a very simple protocol consists of merely four basic message types
bull An ARP Request Computer A asks the network Who has this IP address
bull An ARP Reply Computer B tells Computer A I have that IP My MAC address is [whatever it is]
bull A Reverse ARP Request (RARP) Same concept as ARP Request but Computer A asks Who has this MAC address
bull A RARP Reply Computer B tells Computer A I have that MAC My IP address is [whatever it is]ldquo
FROM httpwwwwatchguardcominfocentereditorial135324asp
ARP poisoning
ARP poisoning
ARP poisoning
What is the threat model for arp poisoning
The IP address space
NATS
User Datagram Protocol (protocol=17)
bull Unreliable transport on top of IPndash No acks or congenstion control
ndash Used for VoIP video NTP (network time protocol) anything else where latency matters more than reliability
UDP Based on slides from CS155 at Stanford
Problem no src IP authentication
bull Client is trusted to embed correct source IPndash Easy to override using raw socketsndash Libnet a library for formatting raw packets
with arbitrary IP headers
Anyone who owns their machine can send packets with arbitrary source IP hellip response will be sent back to forged source IP
Implications (solutions in DDoS lecture)
Anonymous DoS attacks Anonymous infection attacks (eg slammer worm)
Based on slides from CS155 at Stanford
DoS Reflection amp Amplification AttackUsing protocols over UDP like NTP DNS etc
UDP
Evillll Meg
Tom
1321411518888
Source IPDest IP
DNS Query
121423312
132141151
Public DNS Server
8888
8888132141151
Source IPDest IP
DNS response
DNS Data
Short query
Huge response
Tom gets hit by toomany packets
Transmission Control Protocol
bull Connection-oriented preserves orderndash Sender
bull Break data into packetsbull Attach packet numbers
ndash Receiverbull Acknowledge receipt lost packets are
resentbull Reassemble packets in correct order
TCP
Book
Mail each pageReassemble book
19
5
1
1 1
Based on slides from CS155 at Stanford
Source httpsdevcentralf5comarticlesapplication-is-more-than-header-deep
bull FROM httpcodeidolcomimgcsharp-networkf0209_0jpg
Review TCP HandshakeC S
SYN
SYNACK
ACK
Listening
Store SNC SNS
Wait
Established
SNCrandC
ANC0
SNSrandS
ANSSNC
SNSNC+1ANSNS
Received packets with SN too far out of window are dropped
Based on slides from CS155 at Stanford
Basic Security Problems
1 Network packets pass by untrusted hostsndash Eavesdropping packet sniffingndash Especially easy when attacker controls a
machine close to victim
2 TCP state can be easy to guessndash Enables spoofing and session hijackingndash Depending on how sequence number is chosen
3 Denial of Service (DoS) vulnerabilitiesndash Syn connection state attacks
Based on slides from CS155 at Stanford
1 Packet Sniffing
Promiscuous NIC reads all packetsbull Read all unencrypted data (eg ldquowiresharkrdquo)bull ftp telnet (and POP IMAP) may send passwords in
clear
Alice Bob
Eve
NetworkNetwork
Prevention Encryption (next lecture IPSEC)
Based on slides from CS155 at Stanford
2 TCP Connection Spoofing
bull Why random initial sequence numbers (SNC SNS )
bull Suppose init sequence numbers are predictablendash Attacker can create TCP session on behalf of forged
source IP
Victim
Server
SYNACKdstIP=victimSN=server SNS
ACKsrcIP=victimAN=predicted SNS
commandserver thinks command is from victim IP addr
attacker
TCP SYNsrcIP=victim
Based on slides from CS155 at Stanford
Example DoS vulnerability [Watsonrsquo04]
bull Suppose attacker can guess seq number for an existing connectionndash Attacker can send Reset packet to
close connection Results in DoSndash Naively success prob is 1232 (32-bit seq rsquos)ndash Most systems allow for a large window of
acceptable seq rsquosbull Much higher success probability
bull Attack is most effective against long lived connections eg BGP
Based on slides from CS155 at Stanford
Random initial TCP SNs
bull Unpredictable SNs prevent basic packet injectionndash hellip but attacker can inject packets after
eavesdropping to obtain current SN
bull Most TCP stacks now generate random SNs
ndash Random generator should be unpredictable
ndash GPRrsquo06 Linux RNG for generating SNs is predictable
bull Attacker repeatedly connects to serverbull Obtains sequence of SNsbull Can predict next SNbull Attacker can now do TCP spoofing
(create TCP session with forged source IP)
Based on slides from CS155 at Stanford
Securing the IPTCP stack
TCP
IPIPSEC
HTTP FTP SMTP
TCP
IP
HTTP FTP SMTP
SSLTLS
TCP
IP
SMIME PGP
UDP
Kerberos SMTP
SET
HTTP
At the Network LevelAt the Transport Level
At the Application Level
Who uses IPsec From Stallings 5th edition
Mode 1 Transport
Mode 2 Tunnel
ESP Tunnel mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing) between the tunnels (DoS attacks too)
Source and dest address INSIDE the tunnel is protected
ESP without authentication (From Steve Friedl)
BAD IDEA
Now we can encrypt or encrypt and authenticateThe padding allows us to reduce traffic analysis attacks but people almost never use it
AH Tunnel mode (From Steve Friedl)
Authenticated connection for VPN Packet encapsulated source and dest address protectedCanrsquot work with NATs
AH Transport mode (From Steve Friedl)
Authenticated connection between two hosts (HMAC)Doesnrsquot work with NAT (network address translation)
ESP Transport mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing)
P0
P1
P2
bull If a received packet falls in the windowndash if authenticated and unmarked mark itndash if marked then replay
bull If a received packet is gt Nndash if authenticated advance the window so that this packet is at the
rightmost edge and mark it
bull If a received packet is lt= N-Wndash packet is discarded
window size W (default is 64)
AH ndash Anti-replay Service in Ipsec
From Stallings 5th edition
N highest seq number for a valid paket recevied so far
Other considerations
bull Traffic analysis ndash packet lengths ndash Timingndash Source and destination addressesndash ToS fields
bull Dealing with NATsbull Replay attacksbull Key management
From CAIDA
TLS Handshake
TLS packet format
As opposed to unsecured HTTP URLs which begin with http and use port 80 by default secure HTTPS URLs begin with https and use port 443 by default
IPSEC VS TLS
bull People are still talking about this httpwwwmetzdowdcompipermailcryptography2014-April020674html
[Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)
Nico Williams nico at cryptonectorcom Wed Apr 2 115952 EDT 2014bullPrevious message [Cryptography] TLSDTLS Use CasesbullNext message [Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)bullMessages sorted by [ date ] [ thread ] [ subject ] [ author ]
On Tue Apr 01 2014 at 103154PM -0400 Jerry Leichter wrote gt IPSec has many faults - so many as to render it unusable - but it did gt get one thing right To most code an IPSec socket looks just like a gt plain TCP socket Anything that talks TCP can talk TCP securely gt over IPSec with essentially no changes (Securely in quotes because gt its a rather specialized notion of securely)
What is ARPbull Address Resolution Protocol (ARP) is how network devices associate
MAC addresses with IP Addresses so that devices on the local network can find each other ARP is basically a form of networking roll call
bull ARP a very simple protocol consists of merely four basic message types
bull An ARP Request Computer A asks the network Who has this IP address
bull An ARP Reply Computer B tells Computer A I have that IP My MAC address is [whatever it is]
bull A Reverse ARP Request (RARP) Same concept as ARP Request but Computer A asks Who has this MAC address
bull A RARP Reply Computer B tells Computer A I have that MAC My IP address is [whatever it is]ldquo
FROM httpwwwwatchguardcominfocentereditorial135324asp
ARP poisoning
ARP poisoning
ARP poisoning
What is the threat model for arp poisoning
NATS
User Datagram Protocol (protocol=17)
bull Unreliable transport on top of IPndash No acks or congenstion control
ndash Used for VoIP video NTP (network time protocol) anything else where latency matters more than reliability
UDP Based on slides from CS155 at Stanford
Problem no src IP authentication
bull Client is trusted to embed correct source IPndash Easy to override using raw socketsndash Libnet a library for formatting raw packets
with arbitrary IP headers
Anyone who owns their machine can send packets with arbitrary source IP hellip response will be sent back to forged source IP
Implications (solutions in DDoS lecture)
Anonymous DoS attacks Anonymous infection attacks (eg slammer worm)
Based on slides from CS155 at Stanford
DoS Reflection amp Amplification AttackUsing protocols over UDP like NTP DNS etc
UDP
Evillll Meg
Tom
1321411518888
Source IPDest IP
DNS Query
121423312
132141151
Public DNS Server
8888
8888132141151
Source IPDest IP
DNS response
DNS Data
Short query
Huge response
Tom gets hit by toomany packets
Transmission Control Protocol
bull Connection-oriented preserves orderndash Sender
bull Break data into packetsbull Attach packet numbers
ndash Receiverbull Acknowledge receipt lost packets are
resentbull Reassemble packets in correct order
TCP
Book
Mail each pageReassemble book
19
5
1
1 1
Based on slides from CS155 at Stanford
Source httpsdevcentralf5comarticlesapplication-is-more-than-header-deep
bull FROM httpcodeidolcomimgcsharp-networkf0209_0jpg
Review TCP HandshakeC S
SYN
SYNACK
ACK
Listening
Store SNC SNS
Wait
Established
SNCrandC
ANC0
SNSrandS
ANSSNC
SNSNC+1ANSNS
Received packets with SN too far out of window are dropped
Based on slides from CS155 at Stanford
Basic Security Problems
1 Network packets pass by untrusted hostsndash Eavesdropping packet sniffingndash Especially easy when attacker controls a
machine close to victim
2 TCP state can be easy to guessndash Enables spoofing and session hijackingndash Depending on how sequence number is chosen
3 Denial of Service (DoS) vulnerabilitiesndash Syn connection state attacks
Based on slides from CS155 at Stanford
1 Packet Sniffing
Promiscuous NIC reads all packetsbull Read all unencrypted data (eg ldquowiresharkrdquo)bull ftp telnet (and POP IMAP) may send passwords in
clear
Alice Bob
Eve
NetworkNetwork
Prevention Encryption (next lecture IPSEC)
Based on slides from CS155 at Stanford
2 TCP Connection Spoofing
bull Why random initial sequence numbers (SNC SNS )
bull Suppose init sequence numbers are predictablendash Attacker can create TCP session on behalf of forged
source IP
Victim
Server
SYNACKdstIP=victimSN=server SNS
ACKsrcIP=victimAN=predicted SNS
commandserver thinks command is from victim IP addr
attacker
TCP SYNsrcIP=victim
Based on slides from CS155 at Stanford
Example DoS vulnerability [Watsonrsquo04]
bull Suppose attacker can guess seq number for an existing connectionndash Attacker can send Reset packet to
close connection Results in DoSndash Naively success prob is 1232 (32-bit seq rsquos)ndash Most systems allow for a large window of
acceptable seq rsquosbull Much higher success probability
bull Attack is most effective against long lived connections eg BGP
Based on slides from CS155 at Stanford
Random initial TCP SNs
bull Unpredictable SNs prevent basic packet injectionndash hellip but attacker can inject packets after
eavesdropping to obtain current SN
bull Most TCP stacks now generate random SNs
ndash Random generator should be unpredictable
ndash GPRrsquo06 Linux RNG for generating SNs is predictable
bull Attacker repeatedly connects to serverbull Obtains sequence of SNsbull Can predict next SNbull Attacker can now do TCP spoofing
(create TCP session with forged source IP)
Based on slides from CS155 at Stanford
Securing the IPTCP stack
TCP
IPIPSEC
HTTP FTP SMTP
TCP
IP
HTTP FTP SMTP
SSLTLS
TCP
IP
SMIME PGP
UDP
Kerberos SMTP
SET
HTTP
At the Network LevelAt the Transport Level
At the Application Level
Who uses IPsec From Stallings 5th edition
Mode 1 Transport
Mode 2 Tunnel
ESP Tunnel mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing) between the tunnels (DoS attacks too)
Source and dest address INSIDE the tunnel is protected
ESP without authentication (From Steve Friedl)
BAD IDEA
Now we can encrypt or encrypt and authenticateThe padding allows us to reduce traffic analysis attacks but people almost never use it
AH Tunnel mode (From Steve Friedl)
Authenticated connection for VPN Packet encapsulated source and dest address protectedCanrsquot work with NATs
AH Transport mode (From Steve Friedl)
Authenticated connection between two hosts (HMAC)Doesnrsquot work with NAT (network address translation)
ESP Transport mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing)
P0
P1
P2
bull If a received packet falls in the windowndash if authenticated and unmarked mark itndash if marked then replay
bull If a received packet is gt Nndash if authenticated advance the window so that this packet is at the
rightmost edge and mark it
bull If a received packet is lt= N-Wndash packet is discarded
window size W (default is 64)
AH ndash Anti-replay Service in Ipsec
From Stallings 5th edition
N highest seq number for a valid paket recevied so far
Other considerations
bull Traffic analysis ndash packet lengths ndash Timingndash Source and destination addressesndash ToS fields
bull Dealing with NATsbull Replay attacksbull Key management
From CAIDA
TLS Handshake
TLS packet format
As opposed to unsecured HTTP URLs which begin with http and use port 80 by default secure HTTPS URLs begin with https and use port 443 by default
IPSEC VS TLS
bull People are still talking about this httpwwwmetzdowdcompipermailcryptography2014-April020674html
[Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)
Nico Williams nico at cryptonectorcom Wed Apr 2 115952 EDT 2014bullPrevious message [Cryptography] TLSDTLS Use CasesbullNext message [Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)bullMessages sorted by [ date ] [ thread ] [ subject ] [ author ]
On Tue Apr 01 2014 at 103154PM -0400 Jerry Leichter wrote gt IPSec has many faults - so many as to render it unusable - but it did gt get one thing right To most code an IPSec socket looks just like a gt plain TCP socket Anything that talks TCP can talk TCP securely gt over IPSec with essentially no changes (Securely in quotes because gt its a rather specialized notion of securely)
What is ARPbull Address Resolution Protocol (ARP) is how network devices associate
MAC addresses with IP Addresses so that devices on the local network can find each other ARP is basically a form of networking roll call
bull ARP a very simple protocol consists of merely four basic message types
bull An ARP Request Computer A asks the network Who has this IP address
bull An ARP Reply Computer B tells Computer A I have that IP My MAC address is [whatever it is]
bull A Reverse ARP Request (RARP) Same concept as ARP Request but Computer A asks Who has this MAC address
bull A RARP Reply Computer B tells Computer A I have that MAC My IP address is [whatever it is]ldquo
FROM httpwwwwatchguardcominfocentereditorial135324asp
ARP poisoning
ARP poisoning
ARP poisoning
What is the threat model for arp poisoning
User Datagram Protocol (protocol=17)
bull Unreliable transport on top of IPndash No acks or congenstion control
ndash Used for VoIP video NTP (network time protocol) anything else where latency matters more than reliability
UDP Based on slides from CS155 at Stanford
Problem no src IP authentication
bull Client is trusted to embed correct source IPndash Easy to override using raw socketsndash Libnet a library for formatting raw packets
with arbitrary IP headers
Anyone who owns their machine can send packets with arbitrary source IP hellip response will be sent back to forged source IP
Implications (solutions in DDoS lecture)
Anonymous DoS attacks Anonymous infection attacks (eg slammer worm)
Based on slides from CS155 at Stanford
DoS Reflection amp Amplification AttackUsing protocols over UDP like NTP DNS etc
UDP
Evillll Meg
Tom
1321411518888
Source IPDest IP
DNS Query
121423312
132141151
Public DNS Server
8888
8888132141151
Source IPDest IP
DNS response
DNS Data
Short query
Huge response
Tom gets hit by toomany packets
Transmission Control Protocol
bull Connection-oriented preserves orderndash Sender
bull Break data into packetsbull Attach packet numbers
ndash Receiverbull Acknowledge receipt lost packets are
resentbull Reassemble packets in correct order
TCP
Book
Mail each pageReassemble book
19
5
1
1 1
Based on slides from CS155 at Stanford
Source httpsdevcentralf5comarticlesapplication-is-more-than-header-deep
bull FROM httpcodeidolcomimgcsharp-networkf0209_0jpg
Review TCP HandshakeC S
SYN
SYNACK
ACK
Listening
Store SNC SNS
Wait
Established
SNCrandC
ANC0
SNSrandS
ANSSNC
SNSNC+1ANSNS
Received packets with SN too far out of window are dropped
Based on slides from CS155 at Stanford
Basic Security Problems
1 Network packets pass by untrusted hostsndash Eavesdropping packet sniffingndash Especially easy when attacker controls a
machine close to victim
2 TCP state can be easy to guessndash Enables spoofing and session hijackingndash Depending on how sequence number is chosen
3 Denial of Service (DoS) vulnerabilitiesndash Syn connection state attacks
Based on slides from CS155 at Stanford
1 Packet Sniffing
Promiscuous NIC reads all packetsbull Read all unencrypted data (eg ldquowiresharkrdquo)bull ftp telnet (and POP IMAP) may send passwords in
clear
Alice Bob
Eve
NetworkNetwork
Prevention Encryption (next lecture IPSEC)
Based on slides from CS155 at Stanford
2 TCP Connection Spoofing
bull Why random initial sequence numbers (SNC SNS )
bull Suppose init sequence numbers are predictablendash Attacker can create TCP session on behalf of forged
source IP
Victim
Server
SYNACKdstIP=victimSN=server SNS
ACKsrcIP=victimAN=predicted SNS
commandserver thinks command is from victim IP addr
attacker
TCP SYNsrcIP=victim
Based on slides from CS155 at Stanford
Example DoS vulnerability [Watsonrsquo04]
bull Suppose attacker can guess seq number for an existing connectionndash Attacker can send Reset packet to
close connection Results in DoSndash Naively success prob is 1232 (32-bit seq rsquos)ndash Most systems allow for a large window of
acceptable seq rsquosbull Much higher success probability
bull Attack is most effective against long lived connections eg BGP
Based on slides from CS155 at Stanford
Random initial TCP SNs
bull Unpredictable SNs prevent basic packet injectionndash hellip but attacker can inject packets after
eavesdropping to obtain current SN
bull Most TCP stacks now generate random SNs
ndash Random generator should be unpredictable
ndash GPRrsquo06 Linux RNG for generating SNs is predictable
bull Attacker repeatedly connects to serverbull Obtains sequence of SNsbull Can predict next SNbull Attacker can now do TCP spoofing
(create TCP session with forged source IP)
Based on slides from CS155 at Stanford
Securing the IPTCP stack
TCP
IPIPSEC
HTTP FTP SMTP
TCP
IP
HTTP FTP SMTP
SSLTLS
TCP
IP
SMIME PGP
UDP
Kerberos SMTP
SET
HTTP
At the Network LevelAt the Transport Level
At the Application Level
Who uses IPsec From Stallings 5th edition
Mode 1 Transport
Mode 2 Tunnel
ESP Tunnel mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing) between the tunnels (DoS attacks too)
Source and dest address INSIDE the tunnel is protected
ESP without authentication (From Steve Friedl)
BAD IDEA
Now we can encrypt or encrypt and authenticateThe padding allows us to reduce traffic analysis attacks but people almost never use it
AH Tunnel mode (From Steve Friedl)
Authenticated connection for VPN Packet encapsulated source and dest address protectedCanrsquot work with NATs
AH Transport mode (From Steve Friedl)
Authenticated connection between two hosts (HMAC)Doesnrsquot work with NAT (network address translation)
ESP Transport mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing)
P0
P1
P2
bull If a received packet falls in the windowndash if authenticated and unmarked mark itndash if marked then replay
bull If a received packet is gt Nndash if authenticated advance the window so that this packet is at the
rightmost edge and mark it
bull If a received packet is lt= N-Wndash packet is discarded
window size W (default is 64)
AH ndash Anti-replay Service in Ipsec
From Stallings 5th edition
N highest seq number for a valid paket recevied so far
Other considerations
bull Traffic analysis ndash packet lengths ndash Timingndash Source and destination addressesndash ToS fields
bull Dealing with NATsbull Replay attacksbull Key management
From CAIDA
TLS Handshake
TLS packet format
As opposed to unsecured HTTP URLs which begin with http and use port 80 by default secure HTTPS URLs begin with https and use port 443 by default
IPSEC VS TLS
bull People are still talking about this httpwwwmetzdowdcompipermailcryptography2014-April020674html
[Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)
Nico Williams nico at cryptonectorcom Wed Apr 2 115952 EDT 2014bullPrevious message [Cryptography] TLSDTLS Use CasesbullNext message [Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)bullMessages sorted by [ date ] [ thread ] [ subject ] [ author ]
On Tue Apr 01 2014 at 103154PM -0400 Jerry Leichter wrote gt IPSec has many faults - so many as to render it unusable - but it did gt get one thing right To most code an IPSec socket looks just like a gt plain TCP socket Anything that talks TCP can talk TCP securely gt over IPSec with essentially no changes (Securely in quotes because gt its a rather specialized notion of securely)
What is ARPbull Address Resolution Protocol (ARP) is how network devices associate
MAC addresses with IP Addresses so that devices on the local network can find each other ARP is basically a form of networking roll call
bull ARP a very simple protocol consists of merely four basic message types
bull An ARP Request Computer A asks the network Who has this IP address
bull An ARP Reply Computer B tells Computer A I have that IP My MAC address is [whatever it is]
bull A Reverse ARP Request (RARP) Same concept as ARP Request but Computer A asks Who has this MAC address
bull A RARP Reply Computer B tells Computer A I have that MAC My IP address is [whatever it is]ldquo
FROM httpwwwwatchguardcominfocentereditorial135324asp
ARP poisoning
ARP poisoning
ARP poisoning
What is the threat model for arp poisoning
Problem no src IP authentication
bull Client is trusted to embed correct source IPndash Easy to override using raw socketsndash Libnet a library for formatting raw packets
with arbitrary IP headers
Anyone who owns their machine can send packets with arbitrary source IP hellip response will be sent back to forged source IP
Implications (solutions in DDoS lecture)
Anonymous DoS attacks Anonymous infection attacks (eg slammer worm)
Based on slides from CS155 at Stanford
DoS Reflection amp Amplification AttackUsing protocols over UDP like NTP DNS etc
UDP
Evillll Meg
Tom
1321411518888
Source IPDest IP
DNS Query
121423312
132141151
Public DNS Server
8888
8888132141151
Source IPDest IP
DNS response
DNS Data
Short query
Huge response
Tom gets hit by toomany packets
Transmission Control Protocol
bull Connection-oriented preserves orderndash Sender
bull Break data into packetsbull Attach packet numbers
ndash Receiverbull Acknowledge receipt lost packets are
resentbull Reassemble packets in correct order
TCP
Book
Mail each pageReassemble book
19
5
1
1 1
Based on slides from CS155 at Stanford
Source httpsdevcentralf5comarticlesapplication-is-more-than-header-deep
bull FROM httpcodeidolcomimgcsharp-networkf0209_0jpg
Review TCP HandshakeC S
SYN
SYNACK
ACK
Listening
Store SNC SNS
Wait
Established
SNCrandC
ANC0
SNSrandS
ANSSNC
SNSNC+1ANSNS
Received packets with SN too far out of window are dropped
Based on slides from CS155 at Stanford
Basic Security Problems
1 Network packets pass by untrusted hostsndash Eavesdropping packet sniffingndash Especially easy when attacker controls a
machine close to victim
2 TCP state can be easy to guessndash Enables spoofing and session hijackingndash Depending on how sequence number is chosen
3 Denial of Service (DoS) vulnerabilitiesndash Syn connection state attacks
Based on slides from CS155 at Stanford
1 Packet Sniffing
Promiscuous NIC reads all packetsbull Read all unencrypted data (eg ldquowiresharkrdquo)bull ftp telnet (and POP IMAP) may send passwords in
clear
Alice Bob
Eve
NetworkNetwork
Prevention Encryption (next lecture IPSEC)
Based on slides from CS155 at Stanford
2 TCP Connection Spoofing
bull Why random initial sequence numbers (SNC SNS )
bull Suppose init sequence numbers are predictablendash Attacker can create TCP session on behalf of forged
source IP
Victim
Server
SYNACKdstIP=victimSN=server SNS
ACKsrcIP=victimAN=predicted SNS
commandserver thinks command is from victim IP addr
attacker
TCP SYNsrcIP=victim
Based on slides from CS155 at Stanford
Example DoS vulnerability [Watsonrsquo04]
bull Suppose attacker can guess seq number for an existing connectionndash Attacker can send Reset packet to
close connection Results in DoSndash Naively success prob is 1232 (32-bit seq rsquos)ndash Most systems allow for a large window of
acceptable seq rsquosbull Much higher success probability
bull Attack is most effective against long lived connections eg BGP
Based on slides from CS155 at Stanford
Random initial TCP SNs
bull Unpredictable SNs prevent basic packet injectionndash hellip but attacker can inject packets after
eavesdropping to obtain current SN
bull Most TCP stacks now generate random SNs
ndash Random generator should be unpredictable
ndash GPRrsquo06 Linux RNG for generating SNs is predictable
bull Attacker repeatedly connects to serverbull Obtains sequence of SNsbull Can predict next SNbull Attacker can now do TCP spoofing
(create TCP session with forged source IP)
Based on slides from CS155 at Stanford
Securing the IPTCP stack
TCP
IPIPSEC
HTTP FTP SMTP
TCP
IP
HTTP FTP SMTP
SSLTLS
TCP
IP
SMIME PGP
UDP
Kerberos SMTP
SET
HTTP
At the Network LevelAt the Transport Level
At the Application Level
Who uses IPsec From Stallings 5th edition
Mode 1 Transport
Mode 2 Tunnel
ESP Tunnel mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing) between the tunnels (DoS attacks too)
Source and dest address INSIDE the tunnel is protected
ESP without authentication (From Steve Friedl)
BAD IDEA
Now we can encrypt or encrypt and authenticateThe padding allows us to reduce traffic analysis attacks but people almost never use it
AH Tunnel mode (From Steve Friedl)
Authenticated connection for VPN Packet encapsulated source and dest address protectedCanrsquot work with NATs
AH Transport mode (From Steve Friedl)
Authenticated connection between two hosts (HMAC)Doesnrsquot work with NAT (network address translation)
ESP Transport mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing)
P0
P1
P2
bull If a received packet falls in the windowndash if authenticated and unmarked mark itndash if marked then replay
bull If a received packet is gt Nndash if authenticated advance the window so that this packet is at the
rightmost edge and mark it
bull If a received packet is lt= N-Wndash packet is discarded
window size W (default is 64)
AH ndash Anti-replay Service in Ipsec
From Stallings 5th edition
N highest seq number for a valid paket recevied so far
Other considerations
bull Traffic analysis ndash packet lengths ndash Timingndash Source and destination addressesndash ToS fields
bull Dealing with NATsbull Replay attacksbull Key management
From CAIDA
TLS Handshake
TLS packet format
As opposed to unsecured HTTP URLs which begin with http and use port 80 by default secure HTTPS URLs begin with https and use port 443 by default
IPSEC VS TLS
bull People are still talking about this httpwwwmetzdowdcompipermailcryptography2014-April020674html
[Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)
Nico Williams nico at cryptonectorcom Wed Apr 2 115952 EDT 2014bullPrevious message [Cryptography] TLSDTLS Use CasesbullNext message [Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)bullMessages sorted by [ date ] [ thread ] [ subject ] [ author ]
On Tue Apr 01 2014 at 103154PM -0400 Jerry Leichter wrote gt IPSec has many faults - so many as to render it unusable - but it did gt get one thing right To most code an IPSec socket looks just like a gt plain TCP socket Anything that talks TCP can talk TCP securely gt over IPSec with essentially no changes (Securely in quotes because gt its a rather specialized notion of securely)
What is ARPbull Address Resolution Protocol (ARP) is how network devices associate
MAC addresses with IP Addresses so that devices on the local network can find each other ARP is basically a form of networking roll call
bull ARP a very simple protocol consists of merely four basic message types
bull An ARP Request Computer A asks the network Who has this IP address
bull An ARP Reply Computer B tells Computer A I have that IP My MAC address is [whatever it is]
bull A Reverse ARP Request (RARP) Same concept as ARP Request but Computer A asks Who has this MAC address
bull A RARP Reply Computer B tells Computer A I have that MAC My IP address is [whatever it is]ldquo
FROM httpwwwwatchguardcominfocentereditorial135324asp
ARP poisoning
ARP poisoning
ARP poisoning
What is the threat model for arp poisoning
DoS Reflection amp Amplification AttackUsing protocols over UDP like NTP DNS etc
UDP
Evillll Meg
Tom
1321411518888
Source IPDest IP
DNS Query
121423312
132141151
Public DNS Server
8888
8888132141151
Source IPDest IP
DNS response
DNS Data
Short query
Huge response
Tom gets hit by toomany packets
Transmission Control Protocol
bull Connection-oriented preserves orderndash Sender
bull Break data into packetsbull Attach packet numbers
ndash Receiverbull Acknowledge receipt lost packets are
resentbull Reassemble packets in correct order
TCP
Book
Mail each pageReassemble book
19
5
1
1 1
Based on slides from CS155 at Stanford
Source httpsdevcentralf5comarticlesapplication-is-more-than-header-deep
bull FROM httpcodeidolcomimgcsharp-networkf0209_0jpg
Review TCP HandshakeC S
SYN
SYNACK
ACK
Listening
Store SNC SNS
Wait
Established
SNCrandC
ANC0
SNSrandS
ANSSNC
SNSNC+1ANSNS
Received packets with SN too far out of window are dropped
Based on slides from CS155 at Stanford
Basic Security Problems
1 Network packets pass by untrusted hostsndash Eavesdropping packet sniffingndash Especially easy when attacker controls a
machine close to victim
2 TCP state can be easy to guessndash Enables spoofing and session hijackingndash Depending on how sequence number is chosen
3 Denial of Service (DoS) vulnerabilitiesndash Syn connection state attacks
Based on slides from CS155 at Stanford
1 Packet Sniffing
Promiscuous NIC reads all packetsbull Read all unencrypted data (eg ldquowiresharkrdquo)bull ftp telnet (and POP IMAP) may send passwords in
clear
Alice Bob
Eve
NetworkNetwork
Prevention Encryption (next lecture IPSEC)
Based on slides from CS155 at Stanford
2 TCP Connection Spoofing
bull Why random initial sequence numbers (SNC SNS )
bull Suppose init sequence numbers are predictablendash Attacker can create TCP session on behalf of forged
source IP
Victim
Server
SYNACKdstIP=victimSN=server SNS
ACKsrcIP=victimAN=predicted SNS
commandserver thinks command is from victim IP addr
attacker
TCP SYNsrcIP=victim
Based on slides from CS155 at Stanford
Example DoS vulnerability [Watsonrsquo04]
bull Suppose attacker can guess seq number for an existing connectionndash Attacker can send Reset packet to
close connection Results in DoSndash Naively success prob is 1232 (32-bit seq rsquos)ndash Most systems allow for a large window of
acceptable seq rsquosbull Much higher success probability
bull Attack is most effective against long lived connections eg BGP
Based on slides from CS155 at Stanford
Random initial TCP SNs
bull Unpredictable SNs prevent basic packet injectionndash hellip but attacker can inject packets after
eavesdropping to obtain current SN
bull Most TCP stacks now generate random SNs
ndash Random generator should be unpredictable
ndash GPRrsquo06 Linux RNG for generating SNs is predictable
bull Attacker repeatedly connects to serverbull Obtains sequence of SNsbull Can predict next SNbull Attacker can now do TCP spoofing
(create TCP session with forged source IP)
Based on slides from CS155 at Stanford
Securing the IPTCP stack
TCP
IPIPSEC
HTTP FTP SMTP
TCP
IP
HTTP FTP SMTP
SSLTLS
TCP
IP
SMIME PGP
UDP
Kerberos SMTP
SET
HTTP
At the Network LevelAt the Transport Level
At the Application Level
Who uses IPsec From Stallings 5th edition
Mode 1 Transport
Mode 2 Tunnel
ESP Tunnel mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing) between the tunnels (DoS attacks too)
Source and dest address INSIDE the tunnel is protected
ESP without authentication (From Steve Friedl)
BAD IDEA
Now we can encrypt or encrypt and authenticateThe padding allows us to reduce traffic analysis attacks but people almost never use it
AH Tunnel mode (From Steve Friedl)
Authenticated connection for VPN Packet encapsulated source and dest address protectedCanrsquot work with NATs
AH Transport mode (From Steve Friedl)
Authenticated connection between two hosts (HMAC)Doesnrsquot work with NAT (network address translation)
ESP Transport mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing)
P0
P1
P2
bull If a received packet falls in the windowndash if authenticated and unmarked mark itndash if marked then replay
bull If a received packet is gt Nndash if authenticated advance the window so that this packet is at the
rightmost edge and mark it
bull If a received packet is lt= N-Wndash packet is discarded
window size W (default is 64)
AH ndash Anti-replay Service in Ipsec
From Stallings 5th edition
N highest seq number for a valid paket recevied so far
Other considerations
bull Traffic analysis ndash packet lengths ndash Timingndash Source and destination addressesndash ToS fields
bull Dealing with NATsbull Replay attacksbull Key management
From CAIDA
TLS Handshake
TLS packet format
As opposed to unsecured HTTP URLs which begin with http and use port 80 by default secure HTTPS URLs begin with https and use port 443 by default
IPSEC VS TLS
bull People are still talking about this httpwwwmetzdowdcompipermailcryptography2014-April020674html
[Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)
Nico Williams nico at cryptonectorcom Wed Apr 2 115952 EDT 2014bullPrevious message [Cryptography] TLSDTLS Use CasesbullNext message [Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)bullMessages sorted by [ date ] [ thread ] [ subject ] [ author ]
On Tue Apr 01 2014 at 103154PM -0400 Jerry Leichter wrote gt IPSec has many faults - so many as to render it unusable - but it did gt get one thing right To most code an IPSec socket looks just like a gt plain TCP socket Anything that talks TCP can talk TCP securely gt over IPSec with essentially no changes (Securely in quotes because gt its a rather specialized notion of securely)
What is ARPbull Address Resolution Protocol (ARP) is how network devices associate
MAC addresses with IP Addresses so that devices on the local network can find each other ARP is basically a form of networking roll call
bull ARP a very simple protocol consists of merely four basic message types
bull An ARP Request Computer A asks the network Who has this IP address
bull An ARP Reply Computer B tells Computer A I have that IP My MAC address is [whatever it is]
bull A Reverse ARP Request (RARP) Same concept as ARP Request but Computer A asks Who has this MAC address
bull A RARP Reply Computer B tells Computer A I have that MAC My IP address is [whatever it is]ldquo
FROM httpwwwwatchguardcominfocentereditorial135324asp
ARP poisoning
ARP poisoning
ARP poisoning
What is the threat model for arp poisoning
Transmission Control Protocol
bull Connection-oriented preserves orderndash Sender
bull Break data into packetsbull Attach packet numbers
ndash Receiverbull Acknowledge receipt lost packets are
resentbull Reassemble packets in correct order
TCP
Book
Mail each pageReassemble book
19
5
1
1 1
Based on slides from CS155 at Stanford
Source httpsdevcentralf5comarticlesapplication-is-more-than-header-deep
bull FROM httpcodeidolcomimgcsharp-networkf0209_0jpg
Review TCP HandshakeC S
SYN
SYNACK
ACK
Listening
Store SNC SNS
Wait
Established
SNCrandC
ANC0
SNSrandS
ANSSNC
SNSNC+1ANSNS
Received packets with SN too far out of window are dropped
Based on slides from CS155 at Stanford
Basic Security Problems
1 Network packets pass by untrusted hostsndash Eavesdropping packet sniffingndash Especially easy when attacker controls a
machine close to victim
2 TCP state can be easy to guessndash Enables spoofing and session hijackingndash Depending on how sequence number is chosen
3 Denial of Service (DoS) vulnerabilitiesndash Syn connection state attacks
Based on slides from CS155 at Stanford
1 Packet Sniffing
Promiscuous NIC reads all packetsbull Read all unencrypted data (eg ldquowiresharkrdquo)bull ftp telnet (and POP IMAP) may send passwords in
clear
Alice Bob
Eve
NetworkNetwork
Prevention Encryption (next lecture IPSEC)
Based on slides from CS155 at Stanford
2 TCP Connection Spoofing
bull Why random initial sequence numbers (SNC SNS )
bull Suppose init sequence numbers are predictablendash Attacker can create TCP session on behalf of forged
source IP
Victim
Server
SYNACKdstIP=victimSN=server SNS
ACKsrcIP=victimAN=predicted SNS
commandserver thinks command is from victim IP addr
attacker
TCP SYNsrcIP=victim
Based on slides from CS155 at Stanford
Example DoS vulnerability [Watsonrsquo04]
bull Suppose attacker can guess seq number for an existing connectionndash Attacker can send Reset packet to
close connection Results in DoSndash Naively success prob is 1232 (32-bit seq rsquos)ndash Most systems allow for a large window of
acceptable seq rsquosbull Much higher success probability
bull Attack is most effective against long lived connections eg BGP
Based on slides from CS155 at Stanford
Random initial TCP SNs
bull Unpredictable SNs prevent basic packet injectionndash hellip but attacker can inject packets after
eavesdropping to obtain current SN
bull Most TCP stacks now generate random SNs
ndash Random generator should be unpredictable
ndash GPRrsquo06 Linux RNG for generating SNs is predictable
bull Attacker repeatedly connects to serverbull Obtains sequence of SNsbull Can predict next SNbull Attacker can now do TCP spoofing
(create TCP session with forged source IP)
Based on slides from CS155 at Stanford
Securing the IPTCP stack
TCP
IPIPSEC
HTTP FTP SMTP
TCP
IP
HTTP FTP SMTP
SSLTLS
TCP
IP
SMIME PGP
UDP
Kerberos SMTP
SET
HTTP
At the Network LevelAt the Transport Level
At the Application Level
Who uses IPsec From Stallings 5th edition
Mode 1 Transport
Mode 2 Tunnel
ESP Tunnel mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing) between the tunnels (DoS attacks too)
Source and dest address INSIDE the tunnel is protected
ESP without authentication (From Steve Friedl)
BAD IDEA
Now we can encrypt or encrypt and authenticateThe padding allows us to reduce traffic analysis attacks but people almost never use it
AH Tunnel mode (From Steve Friedl)
Authenticated connection for VPN Packet encapsulated source and dest address protectedCanrsquot work with NATs
AH Transport mode (From Steve Friedl)
Authenticated connection between two hosts (HMAC)Doesnrsquot work with NAT (network address translation)
ESP Transport mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing)
P0
P1
P2
bull If a received packet falls in the windowndash if authenticated and unmarked mark itndash if marked then replay
bull If a received packet is gt Nndash if authenticated advance the window so that this packet is at the
rightmost edge and mark it
bull If a received packet is lt= N-Wndash packet is discarded
window size W (default is 64)
AH ndash Anti-replay Service in Ipsec
From Stallings 5th edition
N highest seq number for a valid paket recevied so far
Other considerations
bull Traffic analysis ndash packet lengths ndash Timingndash Source and destination addressesndash ToS fields
bull Dealing with NATsbull Replay attacksbull Key management
From CAIDA
TLS Handshake
TLS packet format
As opposed to unsecured HTTP URLs which begin with http and use port 80 by default secure HTTPS URLs begin with https and use port 443 by default
IPSEC VS TLS
bull People are still talking about this httpwwwmetzdowdcompipermailcryptography2014-April020674html
[Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)
Nico Williams nico at cryptonectorcom Wed Apr 2 115952 EDT 2014bullPrevious message [Cryptography] TLSDTLS Use CasesbullNext message [Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)bullMessages sorted by [ date ] [ thread ] [ subject ] [ author ]
On Tue Apr 01 2014 at 103154PM -0400 Jerry Leichter wrote gt IPSec has many faults - so many as to render it unusable - but it did gt get one thing right To most code an IPSec socket looks just like a gt plain TCP socket Anything that talks TCP can talk TCP securely gt over IPSec with essentially no changes (Securely in quotes because gt its a rather specialized notion of securely)
What is ARPbull Address Resolution Protocol (ARP) is how network devices associate
MAC addresses with IP Addresses so that devices on the local network can find each other ARP is basically a form of networking roll call
bull ARP a very simple protocol consists of merely four basic message types
bull An ARP Request Computer A asks the network Who has this IP address
bull An ARP Reply Computer B tells Computer A I have that IP My MAC address is [whatever it is]
bull A Reverse ARP Request (RARP) Same concept as ARP Request but Computer A asks Who has this MAC address
bull A RARP Reply Computer B tells Computer A I have that MAC My IP address is [whatever it is]ldquo
FROM httpwwwwatchguardcominfocentereditorial135324asp
ARP poisoning
ARP poisoning
ARP poisoning
What is the threat model for arp poisoning
Source httpsdevcentralf5comarticlesapplication-is-more-than-header-deep
bull FROM httpcodeidolcomimgcsharp-networkf0209_0jpg
Review TCP HandshakeC S
SYN
SYNACK
ACK
Listening
Store SNC SNS
Wait
Established
SNCrandC
ANC0
SNSrandS
ANSSNC
SNSNC+1ANSNS
Received packets with SN too far out of window are dropped
Based on slides from CS155 at Stanford
Basic Security Problems
1 Network packets pass by untrusted hostsndash Eavesdropping packet sniffingndash Especially easy when attacker controls a
machine close to victim
2 TCP state can be easy to guessndash Enables spoofing and session hijackingndash Depending on how sequence number is chosen
3 Denial of Service (DoS) vulnerabilitiesndash Syn connection state attacks
Based on slides from CS155 at Stanford
1 Packet Sniffing
Promiscuous NIC reads all packetsbull Read all unencrypted data (eg ldquowiresharkrdquo)bull ftp telnet (and POP IMAP) may send passwords in
clear
Alice Bob
Eve
NetworkNetwork
Prevention Encryption (next lecture IPSEC)
Based on slides from CS155 at Stanford
2 TCP Connection Spoofing
bull Why random initial sequence numbers (SNC SNS )
bull Suppose init sequence numbers are predictablendash Attacker can create TCP session on behalf of forged
source IP
Victim
Server
SYNACKdstIP=victimSN=server SNS
ACKsrcIP=victimAN=predicted SNS
commandserver thinks command is from victim IP addr
attacker
TCP SYNsrcIP=victim
Based on slides from CS155 at Stanford
Example DoS vulnerability [Watsonrsquo04]
bull Suppose attacker can guess seq number for an existing connectionndash Attacker can send Reset packet to
close connection Results in DoSndash Naively success prob is 1232 (32-bit seq rsquos)ndash Most systems allow for a large window of
acceptable seq rsquosbull Much higher success probability
bull Attack is most effective against long lived connections eg BGP
Based on slides from CS155 at Stanford
Random initial TCP SNs
bull Unpredictable SNs prevent basic packet injectionndash hellip but attacker can inject packets after
eavesdropping to obtain current SN
bull Most TCP stacks now generate random SNs
ndash Random generator should be unpredictable
ndash GPRrsquo06 Linux RNG for generating SNs is predictable
bull Attacker repeatedly connects to serverbull Obtains sequence of SNsbull Can predict next SNbull Attacker can now do TCP spoofing
(create TCP session with forged source IP)
Based on slides from CS155 at Stanford
Securing the IPTCP stack
TCP
IPIPSEC
HTTP FTP SMTP
TCP
IP
HTTP FTP SMTP
SSLTLS
TCP
IP
SMIME PGP
UDP
Kerberos SMTP
SET
HTTP
At the Network LevelAt the Transport Level
At the Application Level
Who uses IPsec From Stallings 5th edition
Mode 1 Transport
Mode 2 Tunnel
ESP Tunnel mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing) between the tunnels (DoS attacks too)
Source and dest address INSIDE the tunnel is protected
ESP without authentication (From Steve Friedl)
BAD IDEA
Now we can encrypt or encrypt and authenticateThe padding allows us to reduce traffic analysis attacks but people almost never use it
AH Tunnel mode (From Steve Friedl)
Authenticated connection for VPN Packet encapsulated source and dest address protectedCanrsquot work with NATs
AH Transport mode (From Steve Friedl)
Authenticated connection between two hosts (HMAC)Doesnrsquot work with NAT (network address translation)
ESP Transport mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing)
P0
P1
P2
bull If a received packet falls in the windowndash if authenticated and unmarked mark itndash if marked then replay
bull If a received packet is gt Nndash if authenticated advance the window so that this packet is at the
rightmost edge and mark it
bull If a received packet is lt= N-Wndash packet is discarded
window size W (default is 64)
AH ndash Anti-replay Service in Ipsec
From Stallings 5th edition
N highest seq number for a valid paket recevied so far
Other considerations
bull Traffic analysis ndash packet lengths ndash Timingndash Source and destination addressesndash ToS fields
bull Dealing with NATsbull Replay attacksbull Key management
From CAIDA
TLS Handshake
TLS packet format
As opposed to unsecured HTTP URLs which begin with http and use port 80 by default secure HTTPS URLs begin with https and use port 443 by default
IPSEC VS TLS
bull People are still talking about this httpwwwmetzdowdcompipermailcryptography2014-April020674html
[Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)
Nico Williams nico at cryptonectorcom Wed Apr 2 115952 EDT 2014bullPrevious message [Cryptography] TLSDTLS Use CasesbullNext message [Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)bullMessages sorted by [ date ] [ thread ] [ subject ] [ author ]
On Tue Apr 01 2014 at 103154PM -0400 Jerry Leichter wrote gt IPSec has many faults - so many as to render it unusable - but it did gt get one thing right To most code an IPSec socket looks just like a gt plain TCP socket Anything that talks TCP can talk TCP securely gt over IPSec with essentially no changes (Securely in quotes because gt its a rather specialized notion of securely)
What is ARPbull Address Resolution Protocol (ARP) is how network devices associate
MAC addresses with IP Addresses so that devices on the local network can find each other ARP is basically a form of networking roll call
bull ARP a very simple protocol consists of merely four basic message types
bull An ARP Request Computer A asks the network Who has this IP address
bull An ARP Reply Computer B tells Computer A I have that IP My MAC address is [whatever it is]
bull A Reverse ARP Request (RARP) Same concept as ARP Request but Computer A asks Who has this MAC address
bull A RARP Reply Computer B tells Computer A I have that MAC My IP address is [whatever it is]ldquo
FROM httpwwwwatchguardcominfocentereditorial135324asp
ARP poisoning
ARP poisoning
ARP poisoning
What is the threat model for arp poisoning
bull FROM httpcodeidolcomimgcsharp-networkf0209_0jpg
Review TCP HandshakeC S
SYN
SYNACK
ACK
Listening
Store SNC SNS
Wait
Established
SNCrandC
ANC0
SNSrandS
ANSSNC
SNSNC+1ANSNS
Received packets with SN too far out of window are dropped
Based on slides from CS155 at Stanford
Basic Security Problems
1 Network packets pass by untrusted hostsndash Eavesdropping packet sniffingndash Especially easy when attacker controls a
machine close to victim
2 TCP state can be easy to guessndash Enables spoofing and session hijackingndash Depending on how sequence number is chosen
3 Denial of Service (DoS) vulnerabilitiesndash Syn connection state attacks
Based on slides from CS155 at Stanford
1 Packet Sniffing
Promiscuous NIC reads all packetsbull Read all unencrypted data (eg ldquowiresharkrdquo)bull ftp telnet (and POP IMAP) may send passwords in
clear
Alice Bob
Eve
NetworkNetwork
Prevention Encryption (next lecture IPSEC)
Based on slides from CS155 at Stanford
2 TCP Connection Spoofing
bull Why random initial sequence numbers (SNC SNS )
bull Suppose init sequence numbers are predictablendash Attacker can create TCP session on behalf of forged
source IP
Victim
Server
SYNACKdstIP=victimSN=server SNS
ACKsrcIP=victimAN=predicted SNS
commandserver thinks command is from victim IP addr
attacker
TCP SYNsrcIP=victim
Based on slides from CS155 at Stanford
Example DoS vulnerability [Watsonrsquo04]
bull Suppose attacker can guess seq number for an existing connectionndash Attacker can send Reset packet to
close connection Results in DoSndash Naively success prob is 1232 (32-bit seq rsquos)ndash Most systems allow for a large window of
acceptable seq rsquosbull Much higher success probability
bull Attack is most effective against long lived connections eg BGP
Based on slides from CS155 at Stanford
Random initial TCP SNs
bull Unpredictable SNs prevent basic packet injectionndash hellip but attacker can inject packets after
eavesdropping to obtain current SN
bull Most TCP stacks now generate random SNs
ndash Random generator should be unpredictable
ndash GPRrsquo06 Linux RNG for generating SNs is predictable
bull Attacker repeatedly connects to serverbull Obtains sequence of SNsbull Can predict next SNbull Attacker can now do TCP spoofing
(create TCP session with forged source IP)
Based on slides from CS155 at Stanford
Securing the IPTCP stack
TCP
IPIPSEC
HTTP FTP SMTP
TCP
IP
HTTP FTP SMTP
SSLTLS
TCP
IP
SMIME PGP
UDP
Kerberos SMTP
SET
HTTP
At the Network LevelAt the Transport Level
At the Application Level
Who uses IPsec From Stallings 5th edition
Mode 1 Transport
Mode 2 Tunnel
ESP Tunnel mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing) between the tunnels (DoS attacks too)
Source and dest address INSIDE the tunnel is protected
ESP without authentication (From Steve Friedl)
BAD IDEA
Now we can encrypt or encrypt and authenticateThe padding allows us to reduce traffic analysis attacks but people almost never use it
AH Tunnel mode (From Steve Friedl)
Authenticated connection for VPN Packet encapsulated source and dest address protectedCanrsquot work with NATs
AH Transport mode (From Steve Friedl)
Authenticated connection between two hosts (HMAC)Doesnrsquot work with NAT (network address translation)
ESP Transport mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing)
P0
P1
P2
bull If a received packet falls in the windowndash if authenticated and unmarked mark itndash if marked then replay
bull If a received packet is gt Nndash if authenticated advance the window so that this packet is at the
rightmost edge and mark it
bull If a received packet is lt= N-Wndash packet is discarded
window size W (default is 64)
AH ndash Anti-replay Service in Ipsec
From Stallings 5th edition
N highest seq number for a valid paket recevied so far
Other considerations
bull Traffic analysis ndash packet lengths ndash Timingndash Source and destination addressesndash ToS fields
bull Dealing with NATsbull Replay attacksbull Key management
From CAIDA
TLS Handshake
TLS packet format
As opposed to unsecured HTTP URLs which begin with http and use port 80 by default secure HTTPS URLs begin with https and use port 443 by default
IPSEC VS TLS
bull People are still talking about this httpwwwmetzdowdcompipermailcryptography2014-April020674html
[Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)
Nico Williams nico at cryptonectorcom Wed Apr 2 115952 EDT 2014bullPrevious message [Cryptography] TLSDTLS Use CasesbullNext message [Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)bullMessages sorted by [ date ] [ thread ] [ subject ] [ author ]
On Tue Apr 01 2014 at 103154PM -0400 Jerry Leichter wrote gt IPSec has many faults - so many as to render it unusable - but it did gt get one thing right To most code an IPSec socket looks just like a gt plain TCP socket Anything that talks TCP can talk TCP securely gt over IPSec with essentially no changes (Securely in quotes because gt its a rather specialized notion of securely)
What is ARPbull Address Resolution Protocol (ARP) is how network devices associate
MAC addresses with IP Addresses so that devices on the local network can find each other ARP is basically a form of networking roll call
bull ARP a very simple protocol consists of merely four basic message types
bull An ARP Request Computer A asks the network Who has this IP address
bull An ARP Reply Computer B tells Computer A I have that IP My MAC address is [whatever it is]
bull A Reverse ARP Request (RARP) Same concept as ARP Request but Computer A asks Who has this MAC address
bull A RARP Reply Computer B tells Computer A I have that MAC My IP address is [whatever it is]ldquo
FROM httpwwwwatchguardcominfocentereditorial135324asp
ARP poisoning
ARP poisoning
ARP poisoning
What is the threat model for arp poisoning
Review TCP HandshakeC S
SYN
SYNACK
ACK
Listening
Store SNC SNS
Wait
Established
SNCrandC
ANC0
SNSrandS
ANSSNC
SNSNC+1ANSNS
Received packets with SN too far out of window are dropped
Based on slides from CS155 at Stanford
Basic Security Problems
1 Network packets pass by untrusted hostsndash Eavesdropping packet sniffingndash Especially easy when attacker controls a
machine close to victim
2 TCP state can be easy to guessndash Enables spoofing and session hijackingndash Depending on how sequence number is chosen
3 Denial of Service (DoS) vulnerabilitiesndash Syn connection state attacks
Based on slides from CS155 at Stanford
1 Packet Sniffing
Promiscuous NIC reads all packetsbull Read all unencrypted data (eg ldquowiresharkrdquo)bull ftp telnet (and POP IMAP) may send passwords in
clear
Alice Bob
Eve
NetworkNetwork
Prevention Encryption (next lecture IPSEC)
Based on slides from CS155 at Stanford
2 TCP Connection Spoofing
bull Why random initial sequence numbers (SNC SNS )
bull Suppose init sequence numbers are predictablendash Attacker can create TCP session on behalf of forged
source IP
Victim
Server
SYNACKdstIP=victimSN=server SNS
ACKsrcIP=victimAN=predicted SNS
commandserver thinks command is from victim IP addr
attacker
TCP SYNsrcIP=victim
Based on slides from CS155 at Stanford
Example DoS vulnerability [Watsonrsquo04]
bull Suppose attacker can guess seq number for an existing connectionndash Attacker can send Reset packet to
close connection Results in DoSndash Naively success prob is 1232 (32-bit seq rsquos)ndash Most systems allow for a large window of
acceptable seq rsquosbull Much higher success probability
bull Attack is most effective against long lived connections eg BGP
Based on slides from CS155 at Stanford
Random initial TCP SNs
bull Unpredictable SNs prevent basic packet injectionndash hellip but attacker can inject packets after
eavesdropping to obtain current SN
bull Most TCP stacks now generate random SNs
ndash Random generator should be unpredictable
ndash GPRrsquo06 Linux RNG for generating SNs is predictable
bull Attacker repeatedly connects to serverbull Obtains sequence of SNsbull Can predict next SNbull Attacker can now do TCP spoofing
(create TCP session with forged source IP)
Based on slides from CS155 at Stanford
Securing the IPTCP stack
TCP
IPIPSEC
HTTP FTP SMTP
TCP
IP
HTTP FTP SMTP
SSLTLS
TCP
IP
SMIME PGP
UDP
Kerberos SMTP
SET
HTTP
At the Network LevelAt the Transport Level
At the Application Level
Who uses IPsec From Stallings 5th edition
Mode 1 Transport
Mode 2 Tunnel
ESP Tunnel mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing) between the tunnels (DoS attacks too)
Source and dest address INSIDE the tunnel is protected
ESP without authentication (From Steve Friedl)
BAD IDEA
Now we can encrypt or encrypt and authenticateThe padding allows us to reduce traffic analysis attacks but people almost never use it
AH Tunnel mode (From Steve Friedl)
Authenticated connection for VPN Packet encapsulated source and dest address protectedCanrsquot work with NATs
AH Transport mode (From Steve Friedl)
Authenticated connection between two hosts (HMAC)Doesnrsquot work with NAT (network address translation)
ESP Transport mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing)
P0
P1
P2
bull If a received packet falls in the windowndash if authenticated and unmarked mark itndash if marked then replay
bull If a received packet is gt Nndash if authenticated advance the window so that this packet is at the
rightmost edge and mark it
bull If a received packet is lt= N-Wndash packet is discarded
window size W (default is 64)
AH ndash Anti-replay Service in Ipsec
From Stallings 5th edition
N highest seq number for a valid paket recevied so far
Other considerations
bull Traffic analysis ndash packet lengths ndash Timingndash Source and destination addressesndash ToS fields
bull Dealing with NATsbull Replay attacksbull Key management
From CAIDA
TLS Handshake
TLS packet format
As opposed to unsecured HTTP URLs which begin with http and use port 80 by default secure HTTPS URLs begin with https and use port 443 by default
IPSEC VS TLS
bull People are still talking about this httpwwwmetzdowdcompipermailcryptography2014-April020674html
[Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)
Nico Williams nico at cryptonectorcom Wed Apr 2 115952 EDT 2014bullPrevious message [Cryptography] TLSDTLS Use CasesbullNext message [Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)bullMessages sorted by [ date ] [ thread ] [ subject ] [ author ]
On Tue Apr 01 2014 at 103154PM -0400 Jerry Leichter wrote gt IPSec has many faults - so many as to render it unusable - but it did gt get one thing right To most code an IPSec socket looks just like a gt plain TCP socket Anything that talks TCP can talk TCP securely gt over IPSec with essentially no changes (Securely in quotes because gt its a rather specialized notion of securely)
What is ARPbull Address Resolution Protocol (ARP) is how network devices associate
MAC addresses with IP Addresses so that devices on the local network can find each other ARP is basically a form of networking roll call
bull ARP a very simple protocol consists of merely four basic message types
bull An ARP Request Computer A asks the network Who has this IP address
bull An ARP Reply Computer B tells Computer A I have that IP My MAC address is [whatever it is]
bull A Reverse ARP Request (RARP) Same concept as ARP Request but Computer A asks Who has this MAC address
bull A RARP Reply Computer B tells Computer A I have that MAC My IP address is [whatever it is]ldquo
FROM httpwwwwatchguardcominfocentereditorial135324asp
ARP poisoning
ARP poisoning
ARP poisoning
What is the threat model for arp poisoning
Basic Security Problems
1 Network packets pass by untrusted hostsndash Eavesdropping packet sniffingndash Especially easy when attacker controls a
machine close to victim
2 TCP state can be easy to guessndash Enables spoofing and session hijackingndash Depending on how sequence number is chosen
3 Denial of Service (DoS) vulnerabilitiesndash Syn connection state attacks
Based on slides from CS155 at Stanford
1 Packet Sniffing
Promiscuous NIC reads all packetsbull Read all unencrypted data (eg ldquowiresharkrdquo)bull ftp telnet (and POP IMAP) may send passwords in
clear
Alice Bob
Eve
NetworkNetwork
Prevention Encryption (next lecture IPSEC)
Based on slides from CS155 at Stanford
2 TCP Connection Spoofing
bull Why random initial sequence numbers (SNC SNS )
bull Suppose init sequence numbers are predictablendash Attacker can create TCP session on behalf of forged
source IP
Victim
Server
SYNACKdstIP=victimSN=server SNS
ACKsrcIP=victimAN=predicted SNS
commandserver thinks command is from victim IP addr
attacker
TCP SYNsrcIP=victim
Based on slides from CS155 at Stanford
Example DoS vulnerability [Watsonrsquo04]
bull Suppose attacker can guess seq number for an existing connectionndash Attacker can send Reset packet to
close connection Results in DoSndash Naively success prob is 1232 (32-bit seq rsquos)ndash Most systems allow for a large window of
acceptable seq rsquosbull Much higher success probability
bull Attack is most effective against long lived connections eg BGP
Based on slides from CS155 at Stanford
Random initial TCP SNs
bull Unpredictable SNs prevent basic packet injectionndash hellip but attacker can inject packets after
eavesdropping to obtain current SN
bull Most TCP stacks now generate random SNs
ndash Random generator should be unpredictable
ndash GPRrsquo06 Linux RNG for generating SNs is predictable
bull Attacker repeatedly connects to serverbull Obtains sequence of SNsbull Can predict next SNbull Attacker can now do TCP spoofing
(create TCP session with forged source IP)
Based on slides from CS155 at Stanford
Securing the IPTCP stack
TCP
IPIPSEC
HTTP FTP SMTP
TCP
IP
HTTP FTP SMTP
SSLTLS
TCP
IP
SMIME PGP
UDP
Kerberos SMTP
SET
HTTP
At the Network LevelAt the Transport Level
At the Application Level
Who uses IPsec From Stallings 5th edition
Mode 1 Transport
Mode 2 Tunnel
ESP Tunnel mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing) between the tunnels (DoS attacks too)
Source and dest address INSIDE the tunnel is protected
ESP without authentication (From Steve Friedl)
BAD IDEA
Now we can encrypt or encrypt and authenticateThe padding allows us to reduce traffic analysis attacks but people almost never use it
AH Tunnel mode (From Steve Friedl)
Authenticated connection for VPN Packet encapsulated source and dest address protectedCanrsquot work with NATs
AH Transport mode (From Steve Friedl)
Authenticated connection between two hosts (HMAC)Doesnrsquot work with NAT (network address translation)
ESP Transport mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing)
P0
P1
P2
bull If a received packet falls in the windowndash if authenticated and unmarked mark itndash if marked then replay
bull If a received packet is gt Nndash if authenticated advance the window so that this packet is at the
rightmost edge and mark it
bull If a received packet is lt= N-Wndash packet is discarded
window size W (default is 64)
AH ndash Anti-replay Service in Ipsec
From Stallings 5th edition
N highest seq number for a valid paket recevied so far
Other considerations
bull Traffic analysis ndash packet lengths ndash Timingndash Source and destination addressesndash ToS fields
bull Dealing with NATsbull Replay attacksbull Key management
From CAIDA
TLS Handshake
TLS packet format
As opposed to unsecured HTTP URLs which begin with http and use port 80 by default secure HTTPS URLs begin with https and use port 443 by default
IPSEC VS TLS
bull People are still talking about this httpwwwmetzdowdcompipermailcryptography2014-April020674html
[Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)
Nico Williams nico at cryptonectorcom Wed Apr 2 115952 EDT 2014bullPrevious message [Cryptography] TLSDTLS Use CasesbullNext message [Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)bullMessages sorted by [ date ] [ thread ] [ subject ] [ author ]
On Tue Apr 01 2014 at 103154PM -0400 Jerry Leichter wrote gt IPSec has many faults - so many as to render it unusable - but it did gt get one thing right To most code an IPSec socket looks just like a gt plain TCP socket Anything that talks TCP can talk TCP securely gt over IPSec with essentially no changes (Securely in quotes because gt its a rather specialized notion of securely)
What is ARPbull Address Resolution Protocol (ARP) is how network devices associate
MAC addresses with IP Addresses so that devices on the local network can find each other ARP is basically a form of networking roll call
bull ARP a very simple protocol consists of merely four basic message types
bull An ARP Request Computer A asks the network Who has this IP address
bull An ARP Reply Computer B tells Computer A I have that IP My MAC address is [whatever it is]
bull A Reverse ARP Request (RARP) Same concept as ARP Request but Computer A asks Who has this MAC address
bull A RARP Reply Computer B tells Computer A I have that MAC My IP address is [whatever it is]ldquo
FROM httpwwwwatchguardcominfocentereditorial135324asp
ARP poisoning
ARP poisoning
ARP poisoning
What is the threat model for arp poisoning
1 Packet Sniffing
Promiscuous NIC reads all packetsbull Read all unencrypted data (eg ldquowiresharkrdquo)bull ftp telnet (and POP IMAP) may send passwords in
clear
Alice Bob
Eve
NetworkNetwork
Prevention Encryption (next lecture IPSEC)
Based on slides from CS155 at Stanford
2 TCP Connection Spoofing
bull Why random initial sequence numbers (SNC SNS )
bull Suppose init sequence numbers are predictablendash Attacker can create TCP session on behalf of forged
source IP
Victim
Server
SYNACKdstIP=victimSN=server SNS
ACKsrcIP=victimAN=predicted SNS
commandserver thinks command is from victim IP addr
attacker
TCP SYNsrcIP=victim
Based on slides from CS155 at Stanford
Example DoS vulnerability [Watsonrsquo04]
bull Suppose attacker can guess seq number for an existing connectionndash Attacker can send Reset packet to
close connection Results in DoSndash Naively success prob is 1232 (32-bit seq rsquos)ndash Most systems allow for a large window of
acceptable seq rsquosbull Much higher success probability
bull Attack is most effective against long lived connections eg BGP
Based on slides from CS155 at Stanford
Random initial TCP SNs
bull Unpredictable SNs prevent basic packet injectionndash hellip but attacker can inject packets after
eavesdropping to obtain current SN
bull Most TCP stacks now generate random SNs
ndash Random generator should be unpredictable
ndash GPRrsquo06 Linux RNG for generating SNs is predictable
bull Attacker repeatedly connects to serverbull Obtains sequence of SNsbull Can predict next SNbull Attacker can now do TCP spoofing
(create TCP session with forged source IP)
Based on slides from CS155 at Stanford
Securing the IPTCP stack
TCP
IPIPSEC
HTTP FTP SMTP
TCP
IP
HTTP FTP SMTP
SSLTLS
TCP
IP
SMIME PGP
UDP
Kerberos SMTP
SET
HTTP
At the Network LevelAt the Transport Level
At the Application Level
Who uses IPsec From Stallings 5th edition
Mode 1 Transport
Mode 2 Tunnel
ESP Tunnel mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing) between the tunnels (DoS attacks too)
Source and dest address INSIDE the tunnel is protected
ESP without authentication (From Steve Friedl)
BAD IDEA
Now we can encrypt or encrypt and authenticateThe padding allows us to reduce traffic analysis attacks but people almost never use it
AH Tunnel mode (From Steve Friedl)
Authenticated connection for VPN Packet encapsulated source and dest address protectedCanrsquot work with NATs
AH Transport mode (From Steve Friedl)
Authenticated connection between two hosts (HMAC)Doesnrsquot work with NAT (network address translation)
ESP Transport mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing)
P0
P1
P2
bull If a received packet falls in the windowndash if authenticated and unmarked mark itndash if marked then replay
bull If a received packet is gt Nndash if authenticated advance the window so that this packet is at the
rightmost edge and mark it
bull If a received packet is lt= N-Wndash packet is discarded
window size W (default is 64)
AH ndash Anti-replay Service in Ipsec
From Stallings 5th edition
N highest seq number for a valid paket recevied so far
Other considerations
bull Traffic analysis ndash packet lengths ndash Timingndash Source and destination addressesndash ToS fields
bull Dealing with NATsbull Replay attacksbull Key management
From CAIDA
TLS Handshake
TLS packet format
As opposed to unsecured HTTP URLs which begin with http and use port 80 by default secure HTTPS URLs begin with https and use port 443 by default
IPSEC VS TLS
bull People are still talking about this httpwwwmetzdowdcompipermailcryptography2014-April020674html
[Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)
Nico Williams nico at cryptonectorcom Wed Apr 2 115952 EDT 2014bullPrevious message [Cryptography] TLSDTLS Use CasesbullNext message [Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)bullMessages sorted by [ date ] [ thread ] [ subject ] [ author ]
On Tue Apr 01 2014 at 103154PM -0400 Jerry Leichter wrote gt IPSec has many faults - so many as to render it unusable - but it did gt get one thing right To most code an IPSec socket looks just like a gt plain TCP socket Anything that talks TCP can talk TCP securely gt over IPSec with essentially no changes (Securely in quotes because gt its a rather specialized notion of securely)
What is ARPbull Address Resolution Protocol (ARP) is how network devices associate
MAC addresses with IP Addresses so that devices on the local network can find each other ARP is basically a form of networking roll call
bull ARP a very simple protocol consists of merely four basic message types
bull An ARP Request Computer A asks the network Who has this IP address
bull An ARP Reply Computer B tells Computer A I have that IP My MAC address is [whatever it is]
bull A Reverse ARP Request (RARP) Same concept as ARP Request but Computer A asks Who has this MAC address
bull A RARP Reply Computer B tells Computer A I have that MAC My IP address is [whatever it is]ldquo
FROM httpwwwwatchguardcominfocentereditorial135324asp
ARP poisoning
ARP poisoning
ARP poisoning
What is the threat model for arp poisoning
2 TCP Connection Spoofing
bull Why random initial sequence numbers (SNC SNS )
bull Suppose init sequence numbers are predictablendash Attacker can create TCP session on behalf of forged
source IP
Victim
Server
SYNACKdstIP=victimSN=server SNS
ACKsrcIP=victimAN=predicted SNS
commandserver thinks command is from victim IP addr
attacker
TCP SYNsrcIP=victim
Based on slides from CS155 at Stanford
Example DoS vulnerability [Watsonrsquo04]
bull Suppose attacker can guess seq number for an existing connectionndash Attacker can send Reset packet to
close connection Results in DoSndash Naively success prob is 1232 (32-bit seq rsquos)ndash Most systems allow for a large window of
acceptable seq rsquosbull Much higher success probability
bull Attack is most effective against long lived connections eg BGP
Based on slides from CS155 at Stanford
Random initial TCP SNs
bull Unpredictable SNs prevent basic packet injectionndash hellip but attacker can inject packets after
eavesdropping to obtain current SN
bull Most TCP stacks now generate random SNs
ndash Random generator should be unpredictable
ndash GPRrsquo06 Linux RNG for generating SNs is predictable
bull Attacker repeatedly connects to serverbull Obtains sequence of SNsbull Can predict next SNbull Attacker can now do TCP spoofing
(create TCP session with forged source IP)
Based on slides from CS155 at Stanford
Securing the IPTCP stack
TCP
IPIPSEC
HTTP FTP SMTP
TCP
IP
HTTP FTP SMTP
SSLTLS
TCP
IP
SMIME PGP
UDP
Kerberos SMTP
SET
HTTP
At the Network LevelAt the Transport Level
At the Application Level
Who uses IPsec From Stallings 5th edition
Mode 1 Transport
Mode 2 Tunnel
ESP Tunnel mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing) between the tunnels (DoS attacks too)
Source and dest address INSIDE the tunnel is protected
ESP without authentication (From Steve Friedl)
BAD IDEA
Now we can encrypt or encrypt and authenticateThe padding allows us to reduce traffic analysis attacks but people almost never use it
AH Tunnel mode (From Steve Friedl)
Authenticated connection for VPN Packet encapsulated source and dest address protectedCanrsquot work with NATs
AH Transport mode (From Steve Friedl)
Authenticated connection between two hosts (HMAC)Doesnrsquot work with NAT (network address translation)
ESP Transport mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing)
P0
P1
P2
bull If a received packet falls in the windowndash if authenticated and unmarked mark itndash if marked then replay
bull If a received packet is gt Nndash if authenticated advance the window so that this packet is at the
rightmost edge and mark it
bull If a received packet is lt= N-Wndash packet is discarded
window size W (default is 64)
AH ndash Anti-replay Service in Ipsec
From Stallings 5th edition
N highest seq number for a valid paket recevied so far
Other considerations
bull Traffic analysis ndash packet lengths ndash Timingndash Source and destination addressesndash ToS fields
bull Dealing with NATsbull Replay attacksbull Key management
From CAIDA
TLS Handshake
TLS packet format
As opposed to unsecured HTTP URLs which begin with http and use port 80 by default secure HTTPS URLs begin with https and use port 443 by default
IPSEC VS TLS
bull People are still talking about this httpwwwmetzdowdcompipermailcryptography2014-April020674html
[Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)
Nico Williams nico at cryptonectorcom Wed Apr 2 115952 EDT 2014bullPrevious message [Cryptography] TLSDTLS Use CasesbullNext message [Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)bullMessages sorted by [ date ] [ thread ] [ subject ] [ author ]
On Tue Apr 01 2014 at 103154PM -0400 Jerry Leichter wrote gt IPSec has many faults - so many as to render it unusable - but it did gt get one thing right To most code an IPSec socket looks just like a gt plain TCP socket Anything that talks TCP can talk TCP securely gt over IPSec with essentially no changes (Securely in quotes because gt its a rather specialized notion of securely)
What is ARPbull Address Resolution Protocol (ARP) is how network devices associate
MAC addresses with IP Addresses so that devices on the local network can find each other ARP is basically a form of networking roll call
bull ARP a very simple protocol consists of merely four basic message types
bull An ARP Request Computer A asks the network Who has this IP address
bull An ARP Reply Computer B tells Computer A I have that IP My MAC address is [whatever it is]
bull A Reverse ARP Request (RARP) Same concept as ARP Request but Computer A asks Who has this MAC address
bull A RARP Reply Computer B tells Computer A I have that MAC My IP address is [whatever it is]ldquo
FROM httpwwwwatchguardcominfocentereditorial135324asp
ARP poisoning
ARP poisoning
ARP poisoning
What is the threat model for arp poisoning
Example DoS vulnerability [Watsonrsquo04]
bull Suppose attacker can guess seq number for an existing connectionndash Attacker can send Reset packet to
close connection Results in DoSndash Naively success prob is 1232 (32-bit seq rsquos)ndash Most systems allow for a large window of
acceptable seq rsquosbull Much higher success probability
bull Attack is most effective against long lived connections eg BGP
Based on slides from CS155 at Stanford
Random initial TCP SNs
bull Unpredictable SNs prevent basic packet injectionndash hellip but attacker can inject packets after
eavesdropping to obtain current SN
bull Most TCP stacks now generate random SNs
ndash Random generator should be unpredictable
ndash GPRrsquo06 Linux RNG for generating SNs is predictable
bull Attacker repeatedly connects to serverbull Obtains sequence of SNsbull Can predict next SNbull Attacker can now do TCP spoofing
(create TCP session with forged source IP)
Based on slides from CS155 at Stanford
Securing the IPTCP stack
TCP
IPIPSEC
HTTP FTP SMTP
TCP
IP
HTTP FTP SMTP
SSLTLS
TCP
IP
SMIME PGP
UDP
Kerberos SMTP
SET
HTTP
At the Network LevelAt the Transport Level
At the Application Level
Who uses IPsec From Stallings 5th edition
Mode 1 Transport
Mode 2 Tunnel
ESP Tunnel mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing) between the tunnels (DoS attacks too)
Source and dest address INSIDE the tunnel is protected
ESP without authentication (From Steve Friedl)
BAD IDEA
Now we can encrypt or encrypt and authenticateThe padding allows us to reduce traffic analysis attacks but people almost never use it
AH Tunnel mode (From Steve Friedl)
Authenticated connection for VPN Packet encapsulated source and dest address protectedCanrsquot work with NATs
AH Transport mode (From Steve Friedl)
Authenticated connection between two hosts (HMAC)Doesnrsquot work with NAT (network address translation)
ESP Transport mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing)
P0
P1
P2
bull If a received packet falls in the windowndash if authenticated and unmarked mark itndash if marked then replay
bull If a received packet is gt Nndash if authenticated advance the window so that this packet is at the
rightmost edge and mark it
bull If a received packet is lt= N-Wndash packet is discarded
window size W (default is 64)
AH ndash Anti-replay Service in Ipsec
From Stallings 5th edition
N highest seq number for a valid paket recevied so far
Other considerations
bull Traffic analysis ndash packet lengths ndash Timingndash Source and destination addressesndash ToS fields
bull Dealing with NATsbull Replay attacksbull Key management
From CAIDA
TLS Handshake
TLS packet format
As opposed to unsecured HTTP URLs which begin with http and use port 80 by default secure HTTPS URLs begin with https and use port 443 by default
IPSEC VS TLS
bull People are still talking about this httpwwwmetzdowdcompipermailcryptography2014-April020674html
[Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)
Nico Williams nico at cryptonectorcom Wed Apr 2 115952 EDT 2014bullPrevious message [Cryptography] TLSDTLS Use CasesbullNext message [Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)bullMessages sorted by [ date ] [ thread ] [ subject ] [ author ]
On Tue Apr 01 2014 at 103154PM -0400 Jerry Leichter wrote gt IPSec has many faults - so many as to render it unusable - but it did gt get one thing right To most code an IPSec socket looks just like a gt plain TCP socket Anything that talks TCP can talk TCP securely gt over IPSec with essentially no changes (Securely in quotes because gt its a rather specialized notion of securely)
What is ARPbull Address Resolution Protocol (ARP) is how network devices associate
MAC addresses with IP Addresses so that devices on the local network can find each other ARP is basically a form of networking roll call
bull ARP a very simple protocol consists of merely four basic message types
bull An ARP Request Computer A asks the network Who has this IP address
bull An ARP Reply Computer B tells Computer A I have that IP My MAC address is [whatever it is]
bull A Reverse ARP Request (RARP) Same concept as ARP Request but Computer A asks Who has this MAC address
bull A RARP Reply Computer B tells Computer A I have that MAC My IP address is [whatever it is]ldquo
FROM httpwwwwatchguardcominfocentereditorial135324asp
ARP poisoning
ARP poisoning
ARP poisoning
What is the threat model for arp poisoning
Random initial TCP SNs
bull Unpredictable SNs prevent basic packet injectionndash hellip but attacker can inject packets after
eavesdropping to obtain current SN
bull Most TCP stacks now generate random SNs
ndash Random generator should be unpredictable
ndash GPRrsquo06 Linux RNG for generating SNs is predictable
bull Attacker repeatedly connects to serverbull Obtains sequence of SNsbull Can predict next SNbull Attacker can now do TCP spoofing
(create TCP session with forged source IP)
Based on slides from CS155 at Stanford
Securing the IPTCP stack
TCP
IPIPSEC
HTTP FTP SMTP
TCP
IP
HTTP FTP SMTP
SSLTLS
TCP
IP
SMIME PGP
UDP
Kerberos SMTP
SET
HTTP
At the Network LevelAt the Transport Level
At the Application Level
Who uses IPsec From Stallings 5th edition
Mode 1 Transport
Mode 2 Tunnel
ESP Tunnel mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing) between the tunnels (DoS attacks too)
Source and dest address INSIDE the tunnel is protected
ESP without authentication (From Steve Friedl)
BAD IDEA
Now we can encrypt or encrypt and authenticateThe padding allows us to reduce traffic analysis attacks but people almost never use it
AH Tunnel mode (From Steve Friedl)
Authenticated connection for VPN Packet encapsulated source and dest address protectedCanrsquot work with NATs
AH Transport mode (From Steve Friedl)
Authenticated connection between two hosts (HMAC)Doesnrsquot work with NAT (network address translation)
ESP Transport mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing)
P0
P1
P2
bull If a received packet falls in the windowndash if authenticated and unmarked mark itndash if marked then replay
bull If a received packet is gt Nndash if authenticated advance the window so that this packet is at the
rightmost edge and mark it
bull If a received packet is lt= N-Wndash packet is discarded
window size W (default is 64)
AH ndash Anti-replay Service in Ipsec
From Stallings 5th edition
N highest seq number for a valid paket recevied so far
Other considerations
bull Traffic analysis ndash packet lengths ndash Timingndash Source and destination addressesndash ToS fields
bull Dealing with NATsbull Replay attacksbull Key management
From CAIDA
TLS Handshake
TLS packet format
As opposed to unsecured HTTP URLs which begin with http and use port 80 by default secure HTTPS URLs begin with https and use port 443 by default
IPSEC VS TLS
bull People are still talking about this httpwwwmetzdowdcompipermailcryptography2014-April020674html
[Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)
Nico Williams nico at cryptonectorcom Wed Apr 2 115952 EDT 2014bullPrevious message [Cryptography] TLSDTLS Use CasesbullNext message [Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)bullMessages sorted by [ date ] [ thread ] [ subject ] [ author ]
On Tue Apr 01 2014 at 103154PM -0400 Jerry Leichter wrote gt IPSec has many faults - so many as to render it unusable - but it did gt get one thing right To most code an IPSec socket looks just like a gt plain TCP socket Anything that talks TCP can talk TCP securely gt over IPSec with essentially no changes (Securely in quotes because gt its a rather specialized notion of securely)
What is ARPbull Address Resolution Protocol (ARP) is how network devices associate
MAC addresses with IP Addresses so that devices on the local network can find each other ARP is basically a form of networking roll call
bull ARP a very simple protocol consists of merely four basic message types
bull An ARP Request Computer A asks the network Who has this IP address
bull An ARP Reply Computer B tells Computer A I have that IP My MAC address is [whatever it is]
bull A Reverse ARP Request (RARP) Same concept as ARP Request but Computer A asks Who has this MAC address
bull A RARP Reply Computer B tells Computer A I have that MAC My IP address is [whatever it is]ldquo
FROM httpwwwwatchguardcominfocentereditorial135324asp
ARP poisoning
ARP poisoning
ARP poisoning
What is the threat model for arp poisoning
Securing the IPTCP stack
TCP
IPIPSEC
HTTP FTP SMTP
TCP
IP
HTTP FTP SMTP
SSLTLS
TCP
IP
SMIME PGP
UDP
Kerberos SMTP
SET
HTTP
At the Network LevelAt the Transport Level
At the Application Level
Who uses IPsec From Stallings 5th edition
Mode 1 Transport
Mode 2 Tunnel
ESP Tunnel mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing) between the tunnels (DoS attacks too)
Source and dest address INSIDE the tunnel is protected
ESP without authentication (From Steve Friedl)
BAD IDEA
Now we can encrypt or encrypt and authenticateThe padding allows us to reduce traffic analysis attacks but people almost never use it
AH Tunnel mode (From Steve Friedl)
Authenticated connection for VPN Packet encapsulated source and dest address protectedCanrsquot work with NATs
AH Transport mode (From Steve Friedl)
Authenticated connection between two hosts (HMAC)Doesnrsquot work with NAT (network address translation)
ESP Transport mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing)
P0
P1
P2
bull If a received packet falls in the windowndash if authenticated and unmarked mark itndash if marked then replay
bull If a received packet is gt Nndash if authenticated advance the window so that this packet is at the
rightmost edge and mark it
bull If a received packet is lt= N-Wndash packet is discarded
window size W (default is 64)
AH ndash Anti-replay Service in Ipsec
From Stallings 5th edition
N highest seq number for a valid paket recevied so far
Other considerations
bull Traffic analysis ndash packet lengths ndash Timingndash Source and destination addressesndash ToS fields
bull Dealing with NATsbull Replay attacksbull Key management
From CAIDA
TLS Handshake
TLS packet format
As opposed to unsecured HTTP URLs which begin with http and use port 80 by default secure HTTPS URLs begin with https and use port 443 by default
IPSEC VS TLS
bull People are still talking about this httpwwwmetzdowdcompipermailcryptography2014-April020674html
[Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)
Nico Williams nico at cryptonectorcom Wed Apr 2 115952 EDT 2014bullPrevious message [Cryptography] TLSDTLS Use CasesbullNext message [Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)bullMessages sorted by [ date ] [ thread ] [ subject ] [ author ]
On Tue Apr 01 2014 at 103154PM -0400 Jerry Leichter wrote gt IPSec has many faults - so many as to render it unusable - but it did gt get one thing right To most code an IPSec socket looks just like a gt plain TCP socket Anything that talks TCP can talk TCP securely gt over IPSec with essentially no changes (Securely in quotes because gt its a rather specialized notion of securely)
What is ARPbull Address Resolution Protocol (ARP) is how network devices associate
MAC addresses with IP Addresses so that devices on the local network can find each other ARP is basically a form of networking roll call
bull ARP a very simple protocol consists of merely four basic message types
bull An ARP Request Computer A asks the network Who has this IP address
bull An ARP Reply Computer B tells Computer A I have that IP My MAC address is [whatever it is]
bull A Reverse ARP Request (RARP) Same concept as ARP Request but Computer A asks Who has this MAC address
bull A RARP Reply Computer B tells Computer A I have that MAC My IP address is [whatever it is]ldquo
FROM httpwwwwatchguardcominfocentereditorial135324asp
ARP poisoning
ARP poisoning
ARP poisoning
What is the threat model for arp poisoning
Who uses IPsec From Stallings 5th edition
Mode 1 Transport
Mode 2 Tunnel
ESP Tunnel mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing) between the tunnels (DoS attacks too)
Source and dest address INSIDE the tunnel is protected
ESP without authentication (From Steve Friedl)
BAD IDEA
Now we can encrypt or encrypt and authenticateThe padding allows us to reduce traffic analysis attacks but people almost never use it
AH Tunnel mode (From Steve Friedl)
Authenticated connection for VPN Packet encapsulated source and dest address protectedCanrsquot work with NATs
AH Transport mode (From Steve Friedl)
Authenticated connection between two hosts (HMAC)Doesnrsquot work with NAT (network address translation)
ESP Transport mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing)
P0
P1
P2
bull If a received packet falls in the windowndash if authenticated and unmarked mark itndash if marked then replay
bull If a received packet is gt Nndash if authenticated advance the window so that this packet is at the
rightmost edge and mark it
bull If a received packet is lt= N-Wndash packet is discarded
window size W (default is 64)
AH ndash Anti-replay Service in Ipsec
From Stallings 5th edition
N highest seq number for a valid paket recevied so far
Other considerations
bull Traffic analysis ndash packet lengths ndash Timingndash Source and destination addressesndash ToS fields
bull Dealing with NATsbull Replay attacksbull Key management
From CAIDA
TLS Handshake
TLS packet format
As opposed to unsecured HTTP URLs which begin with http and use port 80 by default secure HTTPS URLs begin with https and use port 443 by default
IPSEC VS TLS
bull People are still talking about this httpwwwmetzdowdcompipermailcryptography2014-April020674html
[Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)
Nico Williams nico at cryptonectorcom Wed Apr 2 115952 EDT 2014bullPrevious message [Cryptography] TLSDTLS Use CasesbullNext message [Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)bullMessages sorted by [ date ] [ thread ] [ subject ] [ author ]
On Tue Apr 01 2014 at 103154PM -0400 Jerry Leichter wrote gt IPSec has many faults - so many as to render it unusable - but it did gt get one thing right To most code an IPSec socket looks just like a gt plain TCP socket Anything that talks TCP can talk TCP securely gt over IPSec with essentially no changes (Securely in quotes because gt its a rather specialized notion of securely)
What is ARPbull Address Resolution Protocol (ARP) is how network devices associate
MAC addresses with IP Addresses so that devices on the local network can find each other ARP is basically a form of networking roll call
bull ARP a very simple protocol consists of merely four basic message types
bull An ARP Request Computer A asks the network Who has this IP address
bull An ARP Reply Computer B tells Computer A I have that IP My MAC address is [whatever it is]
bull A Reverse ARP Request (RARP) Same concept as ARP Request but Computer A asks Who has this MAC address
bull A RARP Reply Computer B tells Computer A I have that MAC My IP address is [whatever it is]ldquo
FROM httpwwwwatchguardcominfocentereditorial135324asp
ARP poisoning
ARP poisoning
ARP poisoning
What is the threat model for arp poisoning
Mode 1 Transport
Mode 2 Tunnel
ESP Tunnel mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing) between the tunnels (DoS attacks too)
Source and dest address INSIDE the tunnel is protected
ESP without authentication (From Steve Friedl)
BAD IDEA
Now we can encrypt or encrypt and authenticateThe padding allows us to reduce traffic analysis attacks but people almost never use it
AH Tunnel mode (From Steve Friedl)
Authenticated connection for VPN Packet encapsulated source and dest address protectedCanrsquot work with NATs
AH Transport mode (From Steve Friedl)
Authenticated connection between two hosts (HMAC)Doesnrsquot work with NAT (network address translation)
ESP Transport mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing)
P0
P1
P2
bull If a received packet falls in the windowndash if authenticated and unmarked mark itndash if marked then replay
bull If a received packet is gt Nndash if authenticated advance the window so that this packet is at the
rightmost edge and mark it
bull If a received packet is lt= N-Wndash packet is discarded
window size W (default is 64)
AH ndash Anti-replay Service in Ipsec
From Stallings 5th edition
N highest seq number for a valid paket recevied so far
Other considerations
bull Traffic analysis ndash packet lengths ndash Timingndash Source and destination addressesndash ToS fields
bull Dealing with NATsbull Replay attacksbull Key management
From CAIDA
TLS Handshake
TLS packet format
As opposed to unsecured HTTP URLs which begin with http and use port 80 by default secure HTTPS URLs begin with https and use port 443 by default
IPSEC VS TLS
bull People are still talking about this httpwwwmetzdowdcompipermailcryptography2014-April020674html
[Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)
Nico Williams nico at cryptonectorcom Wed Apr 2 115952 EDT 2014bullPrevious message [Cryptography] TLSDTLS Use CasesbullNext message [Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)bullMessages sorted by [ date ] [ thread ] [ subject ] [ author ]
On Tue Apr 01 2014 at 103154PM -0400 Jerry Leichter wrote gt IPSec has many faults - so many as to render it unusable - but it did gt get one thing right To most code an IPSec socket looks just like a gt plain TCP socket Anything that talks TCP can talk TCP securely gt over IPSec with essentially no changes (Securely in quotes because gt its a rather specialized notion of securely)
What is ARPbull Address Resolution Protocol (ARP) is how network devices associate
MAC addresses with IP Addresses so that devices on the local network can find each other ARP is basically a form of networking roll call
bull ARP a very simple protocol consists of merely four basic message types
bull An ARP Request Computer A asks the network Who has this IP address
bull An ARP Reply Computer B tells Computer A I have that IP My MAC address is [whatever it is]
bull A Reverse ARP Request (RARP) Same concept as ARP Request but Computer A asks Who has this MAC address
bull A RARP Reply Computer B tells Computer A I have that MAC My IP address is [whatever it is]ldquo
FROM httpwwwwatchguardcominfocentereditorial135324asp
ARP poisoning
ARP poisoning
ARP poisoning
What is the threat model for arp poisoning
Mode 2 Tunnel
ESP Tunnel mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing) between the tunnels (DoS attacks too)
Source and dest address INSIDE the tunnel is protected
ESP without authentication (From Steve Friedl)
BAD IDEA
Now we can encrypt or encrypt and authenticateThe padding allows us to reduce traffic analysis attacks but people almost never use it
AH Tunnel mode (From Steve Friedl)
Authenticated connection for VPN Packet encapsulated source and dest address protectedCanrsquot work with NATs
AH Transport mode (From Steve Friedl)
Authenticated connection between two hosts (HMAC)Doesnrsquot work with NAT (network address translation)
ESP Transport mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing)
P0
P1
P2
bull If a received packet falls in the windowndash if authenticated and unmarked mark itndash if marked then replay
bull If a received packet is gt Nndash if authenticated advance the window so that this packet is at the
rightmost edge and mark it
bull If a received packet is lt= N-Wndash packet is discarded
window size W (default is 64)
AH ndash Anti-replay Service in Ipsec
From Stallings 5th edition
N highest seq number for a valid paket recevied so far
Other considerations
bull Traffic analysis ndash packet lengths ndash Timingndash Source and destination addressesndash ToS fields
bull Dealing with NATsbull Replay attacksbull Key management
From CAIDA
TLS Handshake
TLS packet format
As opposed to unsecured HTTP URLs which begin with http and use port 80 by default secure HTTPS URLs begin with https and use port 443 by default
IPSEC VS TLS
bull People are still talking about this httpwwwmetzdowdcompipermailcryptography2014-April020674html
[Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)
Nico Williams nico at cryptonectorcom Wed Apr 2 115952 EDT 2014bullPrevious message [Cryptography] TLSDTLS Use CasesbullNext message [Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)bullMessages sorted by [ date ] [ thread ] [ subject ] [ author ]
On Tue Apr 01 2014 at 103154PM -0400 Jerry Leichter wrote gt IPSec has many faults - so many as to render it unusable - but it did gt get one thing right To most code an IPSec socket looks just like a gt plain TCP socket Anything that talks TCP can talk TCP securely gt over IPSec with essentially no changes (Securely in quotes because gt its a rather specialized notion of securely)
What is ARPbull Address Resolution Protocol (ARP) is how network devices associate
MAC addresses with IP Addresses so that devices on the local network can find each other ARP is basically a form of networking roll call
bull ARP a very simple protocol consists of merely four basic message types
bull An ARP Request Computer A asks the network Who has this IP address
bull An ARP Reply Computer B tells Computer A I have that IP My MAC address is [whatever it is]
bull A Reverse ARP Request (RARP) Same concept as ARP Request but Computer A asks Who has this MAC address
bull A RARP Reply Computer B tells Computer A I have that MAC My IP address is [whatever it is]ldquo
FROM httpwwwwatchguardcominfocentereditorial135324asp
ARP poisoning
ARP poisoning
ARP poisoning
What is the threat model for arp poisoning
ESP Tunnel mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing) between the tunnels (DoS attacks too)
Source and dest address INSIDE the tunnel is protected
ESP without authentication (From Steve Friedl)
BAD IDEA
Now we can encrypt or encrypt and authenticateThe padding allows us to reduce traffic analysis attacks but people almost never use it
AH Tunnel mode (From Steve Friedl)
Authenticated connection for VPN Packet encapsulated source and dest address protectedCanrsquot work with NATs
AH Transport mode (From Steve Friedl)
Authenticated connection between two hosts (HMAC)Doesnrsquot work with NAT (network address translation)
ESP Transport mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing)
P0
P1
P2
bull If a received packet falls in the windowndash if authenticated and unmarked mark itndash if marked then replay
bull If a received packet is gt Nndash if authenticated advance the window so that this packet is at the
rightmost edge and mark it
bull If a received packet is lt= N-Wndash packet is discarded
window size W (default is 64)
AH ndash Anti-replay Service in Ipsec
From Stallings 5th edition
N highest seq number for a valid paket recevied so far
Other considerations
bull Traffic analysis ndash packet lengths ndash Timingndash Source and destination addressesndash ToS fields
bull Dealing with NATsbull Replay attacksbull Key management
From CAIDA
TLS Handshake
TLS packet format
As opposed to unsecured HTTP URLs which begin with http and use port 80 by default secure HTTPS URLs begin with https and use port 443 by default
IPSEC VS TLS
bull People are still talking about this httpwwwmetzdowdcompipermailcryptography2014-April020674html
[Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)
Nico Williams nico at cryptonectorcom Wed Apr 2 115952 EDT 2014bullPrevious message [Cryptography] TLSDTLS Use CasesbullNext message [Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)bullMessages sorted by [ date ] [ thread ] [ subject ] [ author ]
On Tue Apr 01 2014 at 103154PM -0400 Jerry Leichter wrote gt IPSec has many faults - so many as to render it unusable - but it did gt get one thing right To most code an IPSec socket looks just like a gt plain TCP socket Anything that talks TCP can talk TCP securely gt over IPSec with essentially no changes (Securely in quotes because gt its a rather specialized notion of securely)
What is ARPbull Address Resolution Protocol (ARP) is how network devices associate
MAC addresses with IP Addresses so that devices on the local network can find each other ARP is basically a form of networking roll call
bull ARP a very simple protocol consists of merely four basic message types
bull An ARP Request Computer A asks the network Who has this IP address
bull An ARP Reply Computer B tells Computer A I have that IP My MAC address is [whatever it is]
bull A Reverse ARP Request (RARP) Same concept as ARP Request but Computer A asks Who has this MAC address
bull A RARP Reply Computer B tells Computer A I have that MAC My IP address is [whatever it is]ldquo
FROM httpwwwwatchguardcominfocentereditorial135324asp
ARP poisoning
ARP poisoning
ARP poisoning
What is the threat model for arp poisoning
ESP without authentication (From Steve Friedl)
BAD IDEA
Now we can encrypt or encrypt and authenticateThe padding allows us to reduce traffic analysis attacks but people almost never use it
AH Tunnel mode (From Steve Friedl)
Authenticated connection for VPN Packet encapsulated source and dest address protectedCanrsquot work with NATs
AH Transport mode (From Steve Friedl)
Authenticated connection between two hosts (HMAC)Doesnrsquot work with NAT (network address translation)
ESP Transport mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing)
P0
P1
P2
bull If a received packet falls in the windowndash if authenticated and unmarked mark itndash if marked then replay
bull If a received packet is gt Nndash if authenticated advance the window so that this packet is at the
rightmost edge and mark it
bull If a received packet is lt= N-Wndash packet is discarded
window size W (default is 64)
AH ndash Anti-replay Service in Ipsec
From Stallings 5th edition
N highest seq number for a valid paket recevied so far
Other considerations
bull Traffic analysis ndash packet lengths ndash Timingndash Source and destination addressesndash ToS fields
bull Dealing with NATsbull Replay attacksbull Key management
From CAIDA
TLS Handshake
TLS packet format
As opposed to unsecured HTTP URLs which begin with http and use port 80 by default secure HTTPS URLs begin with https and use port 443 by default
IPSEC VS TLS
bull People are still talking about this httpwwwmetzdowdcompipermailcryptography2014-April020674html
[Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)
Nico Williams nico at cryptonectorcom Wed Apr 2 115952 EDT 2014bullPrevious message [Cryptography] TLSDTLS Use CasesbullNext message [Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)bullMessages sorted by [ date ] [ thread ] [ subject ] [ author ]
On Tue Apr 01 2014 at 103154PM -0400 Jerry Leichter wrote gt IPSec has many faults - so many as to render it unusable - but it did gt get one thing right To most code an IPSec socket looks just like a gt plain TCP socket Anything that talks TCP can talk TCP securely gt over IPSec with essentially no changes (Securely in quotes because gt its a rather specialized notion of securely)
What is ARPbull Address Resolution Protocol (ARP) is how network devices associate
MAC addresses with IP Addresses so that devices on the local network can find each other ARP is basically a form of networking roll call
bull ARP a very simple protocol consists of merely four basic message types
bull An ARP Request Computer A asks the network Who has this IP address
bull An ARP Reply Computer B tells Computer A I have that IP My MAC address is [whatever it is]
bull A Reverse ARP Request (RARP) Same concept as ARP Request but Computer A asks Who has this MAC address
bull A RARP Reply Computer B tells Computer A I have that MAC My IP address is [whatever it is]ldquo
FROM httpwwwwatchguardcominfocentereditorial135324asp
ARP poisoning
ARP poisoning
ARP poisoning
What is the threat model for arp poisoning
AH Tunnel mode (From Steve Friedl)
Authenticated connection for VPN Packet encapsulated source and dest address protectedCanrsquot work with NATs
AH Transport mode (From Steve Friedl)
Authenticated connection between two hosts (HMAC)Doesnrsquot work with NAT (network address translation)
ESP Transport mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing)
P0
P1
P2
bull If a received packet falls in the windowndash if authenticated and unmarked mark itndash if marked then replay
bull If a received packet is gt Nndash if authenticated advance the window so that this packet is at the
rightmost edge and mark it
bull If a received packet is lt= N-Wndash packet is discarded
window size W (default is 64)
AH ndash Anti-replay Service in Ipsec
From Stallings 5th edition
N highest seq number for a valid paket recevied so far
Other considerations
bull Traffic analysis ndash packet lengths ndash Timingndash Source and destination addressesndash ToS fields
bull Dealing with NATsbull Replay attacksbull Key management
From CAIDA
TLS Handshake
TLS packet format
As opposed to unsecured HTTP URLs which begin with http and use port 80 by default secure HTTPS URLs begin with https and use port 443 by default
IPSEC VS TLS
bull People are still talking about this httpwwwmetzdowdcompipermailcryptography2014-April020674html
[Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)
Nico Williams nico at cryptonectorcom Wed Apr 2 115952 EDT 2014bullPrevious message [Cryptography] TLSDTLS Use CasesbullNext message [Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)bullMessages sorted by [ date ] [ thread ] [ subject ] [ author ]
On Tue Apr 01 2014 at 103154PM -0400 Jerry Leichter wrote gt IPSec has many faults - so many as to render it unusable - but it did gt get one thing right To most code an IPSec socket looks just like a gt plain TCP socket Anything that talks TCP can talk TCP securely gt over IPSec with essentially no changes (Securely in quotes because gt its a rather specialized notion of securely)
What is ARPbull Address Resolution Protocol (ARP) is how network devices associate
MAC addresses with IP Addresses so that devices on the local network can find each other ARP is basically a form of networking roll call
bull ARP a very simple protocol consists of merely four basic message types
bull An ARP Request Computer A asks the network Who has this IP address
bull An ARP Reply Computer B tells Computer A I have that IP My MAC address is [whatever it is]
bull A Reverse ARP Request (RARP) Same concept as ARP Request but Computer A asks Who has this MAC address
bull A RARP Reply Computer B tells Computer A I have that MAC My IP address is [whatever it is]ldquo
FROM httpwwwwatchguardcominfocentereditorial135324asp
ARP poisoning
ARP poisoning
ARP poisoning
What is the threat model for arp poisoning
AH Transport mode (From Steve Friedl)
Authenticated connection between two hosts (HMAC)Doesnrsquot work with NAT (network address translation)
ESP Transport mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing)
P0
P1
P2
bull If a received packet falls in the windowndash if authenticated and unmarked mark itndash if marked then replay
bull If a received packet is gt Nndash if authenticated advance the window so that this packet is at the
rightmost edge and mark it
bull If a received packet is lt= N-Wndash packet is discarded
window size W (default is 64)
AH ndash Anti-replay Service in Ipsec
From Stallings 5th edition
N highest seq number for a valid paket recevied so far
Other considerations
bull Traffic analysis ndash packet lengths ndash Timingndash Source and destination addressesndash ToS fields
bull Dealing with NATsbull Replay attacksbull Key management
From CAIDA
TLS Handshake
TLS packet format
As opposed to unsecured HTTP URLs which begin with http and use port 80 by default secure HTTPS URLs begin with https and use port 443 by default
IPSEC VS TLS
bull People are still talking about this httpwwwmetzdowdcompipermailcryptography2014-April020674html
[Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)
Nico Williams nico at cryptonectorcom Wed Apr 2 115952 EDT 2014bullPrevious message [Cryptography] TLSDTLS Use CasesbullNext message [Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)bullMessages sorted by [ date ] [ thread ] [ subject ] [ author ]
On Tue Apr 01 2014 at 103154PM -0400 Jerry Leichter wrote gt IPSec has many faults - so many as to render it unusable - but it did gt get one thing right To most code an IPSec socket looks just like a gt plain TCP socket Anything that talks TCP can talk TCP securely gt over IPSec with essentially no changes (Securely in quotes because gt its a rather specialized notion of securely)
What is ARPbull Address Resolution Protocol (ARP) is how network devices associate
MAC addresses with IP Addresses so that devices on the local network can find each other ARP is basically a form of networking roll call
bull ARP a very simple protocol consists of merely four basic message types
bull An ARP Request Computer A asks the network Who has this IP address
bull An ARP Reply Computer B tells Computer A I have that IP My MAC address is [whatever it is]
bull A Reverse ARP Request (RARP) Same concept as ARP Request but Computer A asks Who has this MAC address
bull A RARP Reply Computer B tells Computer A I have that MAC My IP address is [whatever it is]ldquo
FROM httpwwwwatchguardcominfocentereditorial135324asp
ARP poisoning
ARP poisoning
ARP poisoning
What is the threat model for arp poisoning
ESP Transport mode (From Steve Friedl)
Note ToS leaks info
Source and dest address are not authenticated (vulnerable to IP address spoofing)
P0
P1
P2
bull If a received packet falls in the windowndash if authenticated and unmarked mark itndash if marked then replay
bull If a received packet is gt Nndash if authenticated advance the window so that this packet is at the
rightmost edge and mark it
bull If a received packet is lt= N-Wndash packet is discarded
window size W (default is 64)
AH ndash Anti-replay Service in Ipsec
From Stallings 5th edition
N highest seq number for a valid paket recevied so far
Other considerations
bull Traffic analysis ndash packet lengths ndash Timingndash Source and destination addressesndash ToS fields
bull Dealing with NATsbull Replay attacksbull Key management
From CAIDA
TLS Handshake
TLS packet format
As opposed to unsecured HTTP URLs which begin with http and use port 80 by default secure HTTPS URLs begin with https and use port 443 by default
IPSEC VS TLS
bull People are still talking about this httpwwwmetzdowdcompipermailcryptography2014-April020674html
[Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)
Nico Williams nico at cryptonectorcom Wed Apr 2 115952 EDT 2014bullPrevious message [Cryptography] TLSDTLS Use CasesbullNext message [Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)bullMessages sorted by [ date ] [ thread ] [ subject ] [ author ]
On Tue Apr 01 2014 at 103154PM -0400 Jerry Leichter wrote gt IPSec has many faults - so many as to render it unusable - but it did gt get one thing right To most code an IPSec socket looks just like a gt plain TCP socket Anything that talks TCP can talk TCP securely gt over IPSec with essentially no changes (Securely in quotes because gt its a rather specialized notion of securely)
What is ARPbull Address Resolution Protocol (ARP) is how network devices associate
MAC addresses with IP Addresses so that devices on the local network can find each other ARP is basically a form of networking roll call
bull ARP a very simple protocol consists of merely four basic message types
bull An ARP Request Computer A asks the network Who has this IP address
bull An ARP Reply Computer B tells Computer A I have that IP My MAC address is [whatever it is]
bull A Reverse ARP Request (RARP) Same concept as ARP Request but Computer A asks Who has this MAC address
bull A RARP Reply Computer B tells Computer A I have that MAC My IP address is [whatever it is]ldquo
FROM httpwwwwatchguardcominfocentereditorial135324asp
ARP poisoning
ARP poisoning
ARP poisoning
What is the threat model for arp poisoning
bull If a received packet falls in the windowndash if authenticated and unmarked mark itndash if marked then replay
bull If a received packet is gt Nndash if authenticated advance the window so that this packet is at the
rightmost edge and mark it
bull If a received packet is lt= N-Wndash packet is discarded
window size W (default is 64)
AH ndash Anti-replay Service in Ipsec
From Stallings 5th edition
N highest seq number for a valid paket recevied so far
Other considerations
bull Traffic analysis ndash packet lengths ndash Timingndash Source and destination addressesndash ToS fields
bull Dealing with NATsbull Replay attacksbull Key management
From CAIDA
TLS Handshake
TLS packet format
As opposed to unsecured HTTP URLs which begin with http and use port 80 by default secure HTTPS URLs begin with https and use port 443 by default
IPSEC VS TLS
bull People are still talking about this httpwwwmetzdowdcompipermailcryptography2014-April020674html
[Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)
Nico Williams nico at cryptonectorcom Wed Apr 2 115952 EDT 2014bullPrevious message [Cryptography] TLSDTLS Use CasesbullNext message [Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)bullMessages sorted by [ date ] [ thread ] [ subject ] [ author ]
On Tue Apr 01 2014 at 103154PM -0400 Jerry Leichter wrote gt IPSec has many faults - so many as to render it unusable - but it did gt get one thing right To most code an IPSec socket looks just like a gt plain TCP socket Anything that talks TCP can talk TCP securely gt over IPSec with essentially no changes (Securely in quotes because gt its a rather specialized notion of securely)
What is ARPbull Address Resolution Protocol (ARP) is how network devices associate
MAC addresses with IP Addresses so that devices on the local network can find each other ARP is basically a form of networking roll call
bull ARP a very simple protocol consists of merely four basic message types
bull An ARP Request Computer A asks the network Who has this IP address
bull An ARP Reply Computer B tells Computer A I have that IP My MAC address is [whatever it is]
bull A Reverse ARP Request (RARP) Same concept as ARP Request but Computer A asks Who has this MAC address
bull A RARP Reply Computer B tells Computer A I have that MAC My IP address is [whatever it is]ldquo
FROM httpwwwwatchguardcominfocentereditorial135324asp
ARP poisoning
ARP poisoning
ARP poisoning
What is the threat model for arp poisoning
Other considerations
bull Traffic analysis ndash packet lengths ndash Timingndash Source and destination addressesndash ToS fields
bull Dealing with NATsbull Replay attacksbull Key management
From CAIDA
TLS Handshake
TLS packet format
As opposed to unsecured HTTP URLs which begin with http and use port 80 by default secure HTTPS URLs begin with https and use port 443 by default
IPSEC VS TLS
bull People are still talking about this httpwwwmetzdowdcompipermailcryptography2014-April020674html
[Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)
Nico Williams nico at cryptonectorcom Wed Apr 2 115952 EDT 2014bullPrevious message [Cryptography] TLSDTLS Use CasesbullNext message [Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)bullMessages sorted by [ date ] [ thread ] [ subject ] [ author ]
On Tue Apr 01 2014 at 103154PM -0400 Jerry Leichter wrote gt IPSec has many faults - so many as to render it unusable - but it did gt get one thing right To most code an IPSec socket looks just like a gt plain TCP socket Anything that talks TCP can talk TCP securely gt over IPSec with essentially no changes (Securely in quotes because gt its a rather specialized notion of securely)
What is ARPbull Address Resolution Protocol (ARP) is how network devices associate
MAC addresses with IP Addresses so that devices on the local network can find each other ARP is basically a form of networking roll call
bull ARP a very simple protocol consists of merely four basic message types
bull An ARP Request Computer A asks the network Who has this IP address
bull An ARP Reply Computer B tells Computer A I have that IP My MAC address is [whatever it is]
bull A Reverse ARP Request (RARP) Same concept as ARP Request but Computer A asks Who has this MAC address
bull A RARP Reply Computer B tells Computer A I have that MAC My IP address is [whatever it is]ldquo
FROM httpwwwwatchguardcominfocentereditorial135324asp
ARP poisoning
ARP poisoning
ARP poisoning
What is the threat model for arp poisoning
From CAIDA
TLS Handshake
TLS packet format
As opposed to unsecured HTTP URLs which begin with http and use port 80 by default secure HTTPS URLs begin with https and use port 443 by default
IPSEC VS TLS
bull People are still talking about this httpwwwmetzdowdcompipermailcryptography2014-April020674html
[Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)
Nico Williams nico at cryptonectorcom Wed Apr 2 115952 EDT 2014bullPrevious message [Cryptography] TLSDTLS Use CasesbullNext message [Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)bullMessages sorted by [ date ] [ thread ] [ subject ] [ author ]
On Tue Apr 01 2014 at 103154PM -0400 Jerry Leichter wrote gt IPSec has many faults - so many as to render it unusable - but it did gt get one thing right To most code an IPSec socket looks just like a gt plain TCP socket Anything that talks TCP can talk TCP securely gt over IPSec with essentially no changes (Securely in quotes because gt its a rather specialized notion of securely)
What is ARPbull Address Resolution Protocol (ARP) is how network devices associate
MAC addresses with IP Addresses so that devices on the local network can find each other ARP is basically a form of networking roll call
bull ARP a very simple protocol consists of merely four basic message types
bull An ARP Request Computer A asks the network Who has this IP address
bull An ARP Reply Computer B tells Computer A I have that IP My MAC address is [whatever it is]
bull A Reverse ARP Request (RARP) Same concept as ARP Request but Computer A asks Who has this MAC address
bull A RARP Reply Computer B tells Computer A I have that MAC My IP address is [whatever it is]ldquo
FROM httpwwwwatchguardcominfocentereditorial135324asp
ARP poisoning
ARP poisoning
ARP poisoning
What is the threat model for arp poisoning
TLS Handshake
TLS packet format
As opposed to unsecured HTTP URLs which begin with http and use port 80 by default secure HTTPS URLs begin with https and use port 443 by default
IPSEC VS TLS
bull People are still talking about this httpwwwmetzdowdcompipermailcryptography2014-April020674html
[Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)
Nico Williams nico at cryptonectorcom Wed Apr 2 115952 EDT 2014bullPrevious message [Cryptography] TLSDTLS Use CasesbullNext message [Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)bullMessages sorted by [ date ] [ thread ] [ subject ] [ author ]
On Tue Apr 01 2014 at 103154PM -0400 Jerry Leichter wrote gt IPSec has many faults - so many as to render it unusable - but it did gt get one thing right To most code an IPSec socket looks just like a gt plain TCP socket Anything that talks TCP can talk TCP securely gt over IPSec with essentially no changes (Securely in quotes because gt its a rather specialized notion of securely)
What is ARPbull Address Resolution Protocol (ARP) is how network devices associate
MAC addresses with IP Addresses so that devices on the local network can find each other ARP is basically a form of networking roll call
bull ARP a very simple protocol consists of merely four basic message types
bull An ARP Request Computer A asks the network Who has this IP address
bull An ARP Reply Computer B tells Computer A I have that IP My MAC address is [whatever it is]
bull A Reverse ARP Request (RARP) Same concept as ARP Request but Computer A asks Who has this MAC address
bull A RARP Reply Computer B tells Computer A I have that MAC My IP address is [whatever it is]ldquo
FROM httpwwwwatchguardcominfocentereditorial135324asp
ARP poisoning
ARP poisoning
ARP poisoning
What is the threat model for arp poisoning
TLS packet format
As opposed to unsecured HTTP URLs which begin with http and use port 80 by default secure HTTPS URLs begin with https and use port 443 by default
IPSEC VS TLS
bull People are still talking about this httpwwwmetzdowdcompipermailcryptography2014-April020674html
[Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)
Nico Williams nico at cryptonectorcom Wed Apr 2 115952 EDT 2014bullPrevious message [Cryptography] TLSDTLS Use CasesbullNext message [Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)bullMessages sorted by [ date ] [ thread ] [ subject ] [ author ]
On Tue Apr 01 2014 at 103154PM -0400 Jerry Leichter wrote gt IPSec has many faults - so many as to render it unusable - but it did gt get one thing right To most code an IPSec socket looks just like a gt plain TCP socket Anything that talks TCP can talk TCP securely gt over IPSec with essentially no changes (Securely in quotes because gt its a rather specialized notion of securely)
What is ARPbull Address Resolution Protocol (ARP) is how network devices associate
MAC addresses with IP Addresses so that devices on the local network can find each other ARP is basically a form of networking roll call
bull ARP a very simple protocol consists of merely four basic message types
bull An ARP Request Computer A asks the network Who has this IP address
bull An ARP Reply Computer B tells Computer A I have that IP My MAC address is [whatever it is]
bull A Reverse ARP Request (RARP) Same concept as ARP Request but Computer A asks Who has this MAC address
bull A RARP Reply Computer B tells Computer A I have that MAC My IP address is [whatever it is]ldquo
FROM httpwwwwatchguardcominfocentereditorial135324asp
ARP poisoning
ARP poisoning
ARP poisoning
What is the threat model for arp poisoning
IPSEC VS TLS
bull People are still talking about this httpwwwmetzdowdcompipermailcryptography2014-April020674html
[Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)
Nico Williams nico at cryptonectorcom Wed Apr 2 115952 EDT 2014bullPrevious message [Cryptography] TLSDTLS Use CasesbullNext message [Cryptography] IPsec is worse than unusable (Re TLSDTLS Use Cases)bullMessages sorted by [ date ] [ thread ] [ subject ] [ author ]
On Tue Apr 01 2014 at 103154PM -0400 Jerry Leichter wrote gt IPSec has many faults - so many as to render it unusable - but it did gt get one thing right To most code an IPSec socket looks just like a gt plain TCP socket Anything that talks TCP can talk TCP securely gt over IPSec with essentially no changes (Securely in quotes because gt its a rather specialized notion of securely)
What is ARPbull Address Resolution Protocol (ARP) is how network devices associate
MAC addresses with IP Addresses so that devices on the local network can find each other ARP is basically a form of networking roll call
bull ARP a very simple protocol consists of merely four basic message types
bull An ARP Request Computer A asks the network Who has this IP address
bull An ARP Reply Computer B tells Computer A I have that IP My MAC address is [whatever it is]
bull A Reverse ARP Request (RARP) Same concept as ARP Request but Computer A asks Who has this MAC address
bull A RARP Reply Computer B tells Computer A I have that MAC My IP address is [whatever it is]ldquo
FROM httpwwwwatchguardcominfocentereditorial135324asp
ARP poisoning
ARP poisoning
ARP poisoning
What is the threat model for arp poisoning
What is ARPbull Address Resolution Protocol (ARP) is how network devices associate
MAC addresses with IP Addresses so that devices on the local network can find each other ARP is basically a form of networking roll call
bull ARP a very simple protocol consists of merely four basic message types
bull An ARP Request Computer A asks the network Who has this IP address
bull An ARP Reply Computer B tells Computer A I have that IP My MAC address is [whatever it is]
bull A Reverse ARP Request (RARP) Same concept as ARP Request but Computer A asks Who has this MAC address
bull A RARP Reply Computer B tells Computer A I have that MAC My IP address is [whatever it is]ldquo
FROM httpwwwwatchguardcominfocentereditorial135324asp
ARP poisoning
ARP poisoning
ARP poisoning
What is the threat model for arp poisoning
ARP poisoning
ARP poisoning
ARP poisoning
What is the threat model for arp poisoning
ARP poisoning
ARP poisoning
What is the threat model for arp poisoning
ARP poisoning
What is the threat model for arp poisoning
