Term
|
Definition
| “Get me from src to dst but avoid country C” |
|
|
Term
|
Definition
| Collection of compromised machines (bots) under unified control of an attacker (botmaster) |
|
|
Term
|
Definition
Authentication: users have to log in, sites have public keys.
Confidentiality & Integrity: perform key exchange and encrypt all traffic from user to VPN server. |
|
|
Term
| VPN (Virtual Private Network): |
|
Definition
| Provides secure remote access to a network protected by a firewall through tunneling |
|
|
Term
|
Definition
| 1) Use port allocated to another service 2) “Tunneling”: Encapsulate one protocol inside another |
|
|
Term
|
Definition
| 1) Functionality loss 2) Malicious Insider problem |
|
|
Term
|
Definition
| 1) central control 2) easy to deploy 3) easier to use firewall then secure code |
|
|
Term
Exercise: Create allow/disallow for firewall
•Inbound mail connections to our mail server (1.1.1.1:25)
•All outbound connections from our network, 1.1.1.0/24
-1.1.1.0/24 = “any address for which the first 24 bits are “1.1.1”
-i.e., IP addresses 1.1.1.0 - 1.1.1.255
•Nothing else |
|
Definition
allow tcp *:* -> 1.1.1.1:25
allow tcp 1.1.1.0/24:* -> *:*
allow tcp *:* -> 1.1.1.0/24:* if ACK bit set
drop * *:* -> *:* |
|
|
Term
drop tcp 1.1.1.1:* -> 2.2.2.2:80
allow tcp 1.1.1.1:556 -> 2.2.2.2:80 |
|
Definition
| In this order, the rules won’t allow any TCP packets from 1.1.1.1 to port 80 of 2.2.2.2 |
|
|
Term
allow tcp 1.1.1.1:556 -> 2.2.2.2:80
drop tcp 1.1.1.1:* -> 2.2.2.2:80 |
|
Definition
| TCP packets from 1.1.1.1 to port 80 of 2.2.2.2 only if they come from source port 556. |
|
|
Term
| allow tcp 1.1.1.1:556 -> 2.2.2.2:80: |
|
Definition
| permits any packet from 1.1.1.1 using source port 556 to 2.2.2.2 destination port 80 |
|
|
Term
| drop tcp 1.1.1.1:* -> 2.2.2.2:80: |
|
Definition
| will drop any packet rom 1.1.1.1 regardless of source port |
|
|
Term
|
Definition
| Public Key Encryption for DNS and is signed by the Authoritative DNS server. |
|
|
Term
|
Definition
1. Bad guy makes request to local name server gets query ID.
2. He can assume that the next query ID will be incremented so the bad guy sets a record so that domain name of a website is connected to bad guy’s IP |
|
|
Term
|
Definition
|
|
Term
|
Definition
| since there’s a small space of query ID’s just issue a lot |
|
|
Term
| DNS query ID’s increment presents Vulnerability: |
|
Definition
|
|
Term
|
Definition
| requesting host, recursive local main server contacts ROOT DNS server “.” then TLD DNS server “.edu” then Authoritative DNS server “umd.edu” |
|
|
Term
|
Definition
a name server which will do the heavy lifting, issuing queries on behalf of the client
resolver until an authoritative answer returns. |
|
|
Term
|
Definition
| Mapping between hostname and IP address |
|
|
Term
|
Definition
| While name server’s answer queries, resolvers ask queries |
|
|
Term
|
Definition
| A piece of code that answers queries of the form “What is the IP address for foo.bar.com?” |
|
|
Term
| Dynamic Host Configuration Protocol |
|
Definition
1. New Host -> DHCP discover -> DHCP server
2. New Host <- New Offer <- DHCP server (offer includes: IP address, DNS server, gateway router, and duration of this offer)
3. New Host -> Request -> DHCP request (Accepts offer)
4. New Host <- DHCP ACK <- DHCP server |
|
|
Term
| DHCP Attacks (for attackers on the same subnet) |
|
Definition
1. DNS server - redirect hosts lookups of website to a website of attackers choosing
2. Gateway - Modify gateway to intercept user’s traffic |
|
|
Term
| Opt-ack attack (DoSing their network) |
|
Definition
1. Must be able to predict when A will send bytes (1000-1500) and the last Seq No
2. The moment after A sends those bytes, but before B receives it, B will ACK A for bytes 1501-2001 and onward
3. Eventually A’s packets will start being dropped (DoS’d) |
|
|
Term
|
Definition
1. A floods C
2. A spoofs IP of B
3. C too busy to reset B’s (really A’s) syn+ack
4. Ack with guessed Seq No
5. Access granted to all sources
6. C resets B (clean up) |
|
|
Term
|
Definition
| Seq No must be hard to guess |
|
|
Term
|
Definition
If you are between the path and destination: Easy to inject packets with correct Seq No
If NOT between the path and destination: Need to guess correct Seq No
What can injection attacks do? 1. Send resets 2. TCP veto attacks, 3. Initiate connection w/o hearing other end |
|
|
Term
|
Definition
A ->SYN-> B
A <-SYN + ACK< - B
A ->ACK->B |
|
|
Term
|
Definition
| A exhausts memory of B by sending multiple Syn’s. B stores (incl. IP, port, maximum, segment size) for each syn) |
|
|
Term
|
Definition
| Easy to detect incomplete handshakes, A will have B stores the SYN information |
|
|
Term
| SYN flooding override defense |
|
Definition
| Spoof source IP (just a header, can be set to whatever you want) - ideally spoof host you know won’t respond |
|
|
Term
|
Definition
are the interior nodes that •“Route”: determine how to get to B
•“Forward”: actually forward traffic from A to B |
|
|
Term
| OSI Model - Physical Layer |
|
Definition
Physical - Encoding of bits to send over a single physical link
Examples:•Voltage levels •RF modulation•Photon intensities |
|
|
Term
|
Definition
Link - Framing and transmission of a collection of bits into individual messages sent across a single subnetwork (one physical topology)
Examples: •Modern Ethernet •WiFi (802.11a/b/g/n/etc) |
|
|
Term
| OSI Model - (inter)network |
|
Definition
| Bridges multiple “subnets” to provide end-to-end internet connectivity between nodes “best effort” |
|
|
Term
|
Definition
| Transport - End-to-end communication between processes Ex: TCP, and UDP |
|
|
Term
|
Definition
Application - Communication of whatever you want
Examples:•Skype (UDP)•SMTP = email (TCP)•HTTP = web (TCP)•Online games (TCP and/or UDP) |
|
|
Term
| Max bytes sent by victim per ACK: |
|
Definition
maxwindowsize/payload * 14+40+payload
14 = bytes for Ethernet
40 = bytes for TCP/IP |
|
|
Term
| Max ACKs attacker can send per second: |
|
Definition
attackerbandwidth/14+40
14 = bytes for Ethernet
40 = bytes for TCP/IP |
|
|
