New User Special Price Expires in

Let's log you in.

Sign in with Facebook


Don't have a StudySoup account? Create one here!


Create a StudySoup account

Be part of our community, it's free to join!

Sign up with Facebook


Create your account
By creating an account you agree to StudySoup's terms and conditions and privacy policy

Already have a StudySoup account? Login here

Network Security

by: Alayna Veum

Network Security CS 6262

Alayna Veum

GPA 3.81


Almost Ready


These notes were just uploaded, and will be ready to view shortly.

Purchase these notes here, or revisit this page.

Either way, we'll remind you when they're ready :)

Preview These Notes for FREE

Get a free preview of these Notes, just enter your email below.

Unlock Preview
Unlock Preview

Preview these materials now for free

Why put in your email? Get access to more of this material and other relevant free materials for your school

View Preview

About this Document

Class Notes
25 ?




Popular in Course

Popular in ComputerScienence

This 0 page Class Notes was uploaded by Alayna Veum on Monday November 2, 2015. The Class Notes belongs to CS 6262 at Georgia Institute of Technology - Main Campus taught by Staff in Fall. Since its upload, it has received 6 views. For similar materials see /class/234154/cs-6262-georgia-institute-of-technology-main-campus in ComputerScienence at Georgia Institute of Technology - Main Campus.

Similar to CS 6262 at

Popular in ComputerScienence


Reviews for Network Security


Report this Material


What is Karma?


Karma is the currency of StudySoup.

You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!

Date Created: 11/02/15
DDoS and Traceback CS 6262 Spring 02 Lecture 4 Thursday 1172002 Denialof Service DOS Attacks Via Resourcebandwidth consumption malicious Q P 1e gitimate TCP Handshake client sewer SYN seqX SYN seqy ACK xl ACK yl 39 connection established IP Spoofing amp SYN Flood l X establishes a TCP connection with B assuming A s IP address l SYN Flood 0 predict B s TCP seq beha 39 icmp echo request 0 icmp echo reply ping icmp echo request to a broadcast address from victim O attacker O victim icmp echo request from all hosts to victim smurf Distributed DOS DDOS Attacks zomb1es DDoS Common Steps l Initiate a scan phase in which a large number of computers 100000 on the internet are probed for known vulnerabilities l Exploit the vulnerabilities to compromised the computers to gain access I Install attack tools on each compromised host and use the compromised hosts for further scanningcompromises l A subset of the compromised hosts with desired architecturetopology are chosen to form the attack network I Install attack and communication tools I Tell the masters to attack DDoS At Least 4 Versions l Trinoo O Attacker uses TCP Masters and zombies use UDP password authentication I TFN O Attacker uses shell to invoke master Masters and zombies use ICMP echo reply I TFNZK O A Combination of UDP ICMP and TCP l Stacheldraht O Attacker uses encrypted TCP Masters and zombies use TCP and ICMP echo reply rcp used for autoupdate DDOS Example Trinoo l Scanning O Buffer over ow bus in Solaris and Linux eg wuftpd statd amd etc 9 A compromised node has a shell running as root and sends back con rmation l Installing attack program 9 Use netcat no to pipe a shell script to the shell running as root on the compromised host I Attacker to master 9 TCP Must provide password commands dos 1P etc I Master to zombie O UDP Command line includes password commands aaa pass IP rsz N etc DDoS What to Do About It I Not a whole lot I Prevention l Detection l Traceback DDoS Prevention l Authentication 0 Not feasible in practice I Ingress ltering on the routers l Traf c volume monitoring 0 Rate limit certain traffics e g ICMP packets SYN packets Measure normal rates rst DDoS Detection l Surge in traf c volume 0 Too much traffic to a particular destination I Speci c to current DDoS tools 0 Control messages between attacker masters and zombies 0 Footprints of attack programs running on masters and zombies I What is after detection 0 Stop the ood Traceback l Why 0 Stop the attacks 0 Gather evidence for law enforcement I Only to machines that directly generate the attack traf cs 0 For the real mastersattackers more forensic analysis necessary I Dif culty 0 Spoofed lP source addresses Traceback Several Proposals l Link Testing l ICMP Traceback l Probabilistic Marking Link Testing Input Debugging l Victim reports to upstream router which installs debugging filter that reveals which upstream router originated the traffic I Repeat recursively until the the ISP s border is reached 9 The upstream ISP is contacted and repeats the process I Considerable management overhead 9 Relying on the availability and willingness of the network operators Link Testing Controlled Flooding l Victim coerces selected hosts along the upstream route to iterative ood each incoming link of the router closest to the victim I Infer which link the attack comes from by observing the attack packet rate changes 9 Router buffers are shared I Repeat recursively l A form of DoS itself I Need to have a good network topology map ICMP Traceback I For a very few packets about 1 in 20000 each router will send the destination a new ICMP packet that includes the contents of that packet and information about previous hop for that packet l The ood Victim can use these ICMP packets to reconstruct the path back to the attacker l Net traffic increase at end point is about 01 probably acceptable l Issues authentication attacker can falsify the ICMP packets loss of traceback packets load and cooperation on routers Probabilistic Marking I Basic idea 0 Probabilistically mark packets with partial path information as they arrive at routers 0 Each marked packet represents a sample of its path 0 But ooding attacks comprise a large number of packets 0 By combing a modest number of these marked packets the entire path can be reconstructed


Buy Material

Are you sure you want to buy this material for

25 Karma

Buy Material

BOOM! Enjoy Your Free Notes!

We've added these Notes to your profile, click here to view them now.


You're already Subscribed!

Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'

Why people love StudySoup

Steve Martinelli UC Los Angeles

"There's no way I would have passed my Organic Chemistry class this semester without the notes and study guides I got from StudySoup."

Kyle Maynard Purdue

"When you're taking detailed notes and trying to help everyone else out in the class, it really helps you learn and understand the I made $280 on my first study guide!"

Bentley McCaw University of Florida

"I was shooting for a perfect 4.0 GPA this semester. Having StudySoup as a study aid was critical to helping me achieve my goal...and I nailed it!"

Parker Thompson 500 Startups

"It's a great way for students to improve their educational experience and it seemed like a product that everybody wants, so all the people participating are winning."

Become an Elite Notetaker and start selling your notes online!

Refund Policy


All subscriptions to StudySoup are paid in full at the time of subscribing. To change your credit card information or to cancel your subscription, go to "Edit Settings". All credit card information will be available there. If you should decide to cancel your subscription, it will continue to be valid until the next payment period, as all payments for the current period were made in advance. For special circumstances, please email


StudySoup has more than 1 million course-specific study resources to help students study smarter. If you’re having trouble finding what you’re looking for, our customer support team can help you find what you need! Feel free to contact them here:

Recurring Subscriptions: If you have canceled your recurring subscription on the day of renewal and have not downloaded any documents, you may request a refund by submitting an email to

Satisfaction Guarantee: If you’re not satisfied with your subscription, you can contact us for further help. Contact must be made within 3 business days of your subscription purchase and your refund request will be subject for review.

Please Note: Refunds can never be provided more than 30 days after the initial purchase date regardless of your activity on the site.