Documente Academic
Documente Profesional
Documente Cultură
Internet Security:
How the Internet works and
some basic vulnerabilities
Dan Boneh
Internet Infrastructure
Backbone ISP
ISP
Application protocol
Application Application
TCP protocol
Transport Transport
IP protocol IP protocol
Network IP Network
TCP Header
Application message - data
Application message
Transport (TCP, UDP) segment TCP data TCP data TCP data
Internet Protocol
Version Header Length
Connectionless Type of Service
Unreliable Total Length
Identification
Best effort Flags Fragment Offset
Time to Live
Protocol
Notes: Header Checksum
src and dest ports Source Address of Originating Host
not parts of IP hdr
Destination Address of Target Host
Options
Padding
IP Data
IP Routing
Meg Office gateway
Packet
Source 121.42.33.12
Destination 132.14.11.51
Tom
121.42.33.12
132.14.11.1
ISP 132.14.11.51
121.42.33.1
Error reporting
ICMP packet to source if packet is dropped
19
1 5 1
TCP Header (protocol=6)
Other stuff
Review: TCP Handshake
C S
SNC⟵randC
SYN: Listening
ANC⟵0
Wait
SN⟵SNC+1
ACK: AN⟵SN
S
Established
BGP
earthlink.net
(AS#4355)
Autonomous
System
group yang terkoneksi dari
OSPF 1 atau lebih awalan
Protokol Internet dibawah
kebijakan routing tunggal
(aka domain)
Routing Protocols
ARP (addr resolution protocol): IP addr ⟶ eth addr
Masalah keamanan: (serangan local network)
Node A dapat membingungkan gateway agar mengirimkan traffic
untuk Node B
Dengan mem-proxy traffic, node A can membaca/menginject
327
1 27 3 4
265 265 3265 5
27
8 2 65
7265 7 27
7 627
265 5
7 6
5
Security Issues
Pengesahan jalur BGP tidak diautentikasi
Siapapun dapat menginject iklan untuk arbitrary routes
Iklan akan merambat ke mana-mana
Digunakan untuk DoS, spam, dan eavesdropping (detailnya dalam
DDoS materi)
Seringkali akibat kesalahan manusia
Solutions:
• RPKI: AS memperoleh sertifikat (ROA) otoritas regional
(RIR) dan melampirkan ROA ke jalur iklan.
Iklan tanpa ROA yang valid diabaikan.
Defends against a malicious AS (but not a network
attacker)
Example path hijack (source: Renesys 2013)
route
in effect
for several
hours
cs ee
www
DNS Root Name Servers
Hierarchical service
Root name servers for
top-level domains
Authoritative name
servers for subdomains
Local name resolvers
contact authoritative
servers when they do
not know a name
DNS Lookup Example
u
root & edu
for d.ed DNS server
www.cs.stanford.edu s . s tan
. c
www rd. edu
s tanfo
NS
stanford.edu
Local DNS NS cs.stanfor DNS server
d.edu
Client
resolver Aw
ww
=IP
ad cs.stanford.edu
dr
DNS server
Query ID:
16 bit random value
Links response to query
Response contains IP
addr of next NS server
(called “glue”)
Response ignored if
unrecognized QueryID
Authoritative response to resolver
bailiwick checking:
response is cached if
it is within the same
domain of query
(i.e. a.com cannot
set NS for b.com)
final answer
Basic DNS Vulnerabilities
Users/hosts trust the host-address mapping
provided by DNS:
Used as basis for many security policies:
Browser same origin policy, URL address bar
Obvious problems
Interception of requests or compromise of DNS servers can
result in incorrect or malicious responses
e.g.: malicious access point in a Cafe
Solution – authenticated requests/responses
Provided by DNSsec … but few use DNSsec
DNS cache poisoning (a la Kaminsky’08)
Query: a.bank.com
user a.bank.com local QID=x1
.com
browser DNS
resolver response
256 responses:
Random QID y1, y2, …
NS bank.com=ns.bank.com
A ns.bank.com=attackerIP
attacker wins if ∃j: x1 = yj attacker
Query: b.bank.com
user local QID=x2
.com
browser b.bank.com DNS
resolver response
256 responses:
Random QID y1, y2, …
NS bank.com=ns.bank.com
A ns.bank.com=attackerIP
attacker wins if ∃j: x2 = yj attacker
www.evil.com
corporate web server
web server 171.64.7.115
192.168.0.100
Read permitted: it’s the “same origin”
DNS Rebinding Defenses
Browser mitigation: DNS Pinning
Refuse to switch to a new IP
Interacts poorly with proxies, VPN, dynamic DNS, …
Not consistently implemented in any browser
Server-side defenses
Check Host header for unrecognized domains
Authenticate users with something other than IP
Firewall defenses
External names can’t resolve to internal addresses
Protects browsers inside the organization
Summary
Core protocols not designed for security
Eavesdropping, Packet injection, Route stealing,
DNS poisoning
Patched over time to prevent basic attacks
(e.g. random TCP SN)