Network Protocols and Vulnerabilities [PDF]

machine close to victim. 2. TCP state can be easy to guess. ▫ Enables spoofing and session hijacking. 3. Denial of Ser

3 downloads 9 Views 2MB Size

Recommend Stories


public telephone network vulnerabilities
If your life's work can be accomplished in your lifetime, you're not thinking big enough. Wes Jacks

OSI Model and Network Protocols
Kindness, like a boomerang, always returns. Unknown

536 Computer Network Protocols Syllabus
The only limits you see are the ones you impose on yourself. Dr. Wayne Dyer

vulnerabilities
Live as if you were to die tomorrow. Learn as if you were to live forever. Mahatma Gandhi

Vulnerabilities
Forget safety. Live where you fear to live. Destroy your reputation. Be notorious. Rumi

ePub Download Attacking Network Protocols Full Edition
If you are irritated by every rub, how will your mirror be polished? Rumi

IP Protocols Map (PDF)
Just as there is no loss of basic energy in the universe, so no thought or action is without its effects,

A Survey Of Wireless Network Security Protocols
Every block of stone has a statue inside it and it is the task of the sculptor to discover it. Mich

and Major Cloud Security Vulnerabilities
Don’t grieve. Anything you lose comes round in another form. Rumi

PORT SECURITY-Threats and Vulnerabilities
What we think, what we become. Buddha

Idea Transcript


Spring 2010

CS 155

Network Protocols and Vulnerabilities Dan Boneh

Outline !   Basic Networking:  

How things work now plus some problems

!   Some network attacks  

Attacking host-to-host >

DNS-SEC cannot stop this attack

www.evil.com? 171.64.7.115 TTL = 0

Firewall

corporate web server 192.168.0.100

ns.evil.com DNS server

192.168.0.100 www.evil.com web server 171.64.7.115

Read permitted: it’s the “same origin”

DNS Rebinding Defenses !   Browser mitigation: DNS Pinning      

Refuse to switch to a new IP Interacts poorly with proxies, VPN, dynamic DNS, … Not consistently implemented in any browser

!   Server-side defenses    

Check Host header for unrecognized domains Authenticate users with something other than IP

!   Firewall defenses    

External names can’t resolve to internal addresses Protects browsers inside the organization

Summary !   Core protocols not designed for security  

 

Eavesdropping, Packet injection, Route stealing, DNS poisoning

Patched over time to prevent basic attacks (e.g. random TCP SN)

!   More secure variants exist IP -> IPsec DNS -> DNSsec BGP -> SBGP

(next lecture) :

Smile Life

When life gives you a hundred reasons to cry, show life that you have a thousand reasons to smile

Get in touch

© Copyright 2015 - 2024 PDFFOX.COM - All rights reserved.