L. Heberlein, M. Bishop, Attack Class: Address Spoofing, in: Proceedings of the 19th National Information Systems Security Conference, 1996, pp. 371--377.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....through the use of nonces and a short validity period for the certificate. The use of snonce also permits the Server to reuse Y over a limited period[GS95] reducing the computational overhead on the server during high activity periods. The potential for a TCPSYN like denial of service attack[HB96] is mitigated in the same manner by the authentication certificate. The authorization certificate also prevents clients from masquerading as a server because of the client server capability tag. This is 41 Client Y=g mod p Client ( k = Y mod p hash = H(M) hash = H(M) ....

L.T. Heberlein and M. Bishop. Attack Class: Address Spoofing. In Proceedings of the 19th National Information Systems Security Conference, pages 371--377, October 1996.

....since the Phase I SA information is exchanged at that point. This allows for a DoS attack on the responder s memory, using random source IP addresses to send a flood of requests. To counter this, the responder could employ mechanisms similar to those employed in countering TCP SYN attacks[17, 9, 40]. JFK maintains no state at all after receiving the first message. An initiator who is willing to go through the first message round trip (and thus identify her address) can cause the responder to do a Diffie Hellman exponential generation as well as the secret key computation on reception of ....

L. Heberlein and M. Bishop. Attack Class: Address Spoofing. In Proceedings of the 19th National Information Systems Security Conference, pages 371--377, October 1996.

....inside the core of the network simple, pushing as much mechanism as possible to the network end points. This principle, commonly referred to as the end to end principle [22, 5] has been the basic premise behind protocol design. However, as has been demonstrated in the past few years [25, 10], such mechanisms are inadequate in addressing the problem of DoS attacks. It is trivial to abuse[23] or simply ignore congestion control mechanisms, and there are plenty of protocols that have no provision for congestion control. Furthermore, no great technical sophistication is required to ....

L. Heberlein and M. Bishop. Attack Class: Address Spoofing. In Proceedings of the 19th National Information Systems Security Conference, pages 371--377, October 1996.

....properties that must hold end to end should be provided by mechanisms at the end points. This principle, commonly referred to as the end to end principle [SRC84, Cla88] has been the basic premise behind protocol design. However, as has been demonstrated in the past few years [Tea96, SKK 97, HB96] such mechanisms are inadequate in addressing the problem of DoS attacks: attacks that attempt to overwhelm the processing or link capacity of the target site (or routers that are topologically close) by saturating it with bogus packets. It is trivial to abuse[SCWA99] or simply ignore ....

L.T. Heberlein and M. Bishop. Attack Class: Address Spoofing. In Proceedings of the 19th National Information Systems Security Conference, pages 371--377, October 1996.

....Stop through the use of nonces and a short validity period for the certificate. The use of snonce also permits the Server to reuse Y over a limited period. This reduces the computational overhead on the server during high activity periods. The potential for a TCPSYN like denial of service attack[24] is mitigated in the same manner by the authentication certificate. The authorization certificate also prevents clients from masquerading as a server because of the client server capability tag. This is a benefit not possible with basic X.509 certificates. 3.9 Subsequent Message Authentication ....

L. Heberlein and M. Bishop. Attack Class: Address Spoofing. In Proceedings of the 19th National Information Systems Security Conference, pages 371--377, October 1996.

....fills in the IP source host id, and there is no provision in . TCP IP to discover the true origin of a packet. 31] In addition to denial of service attacks, IP spoofing can be used in conjunction with other vulnerabilities to implement anonymous one way TCP channels and covert port scanning [31, 3, 24, 44]. There have been several efforts to reduce the anonymity afforded by IP spoofing. Table 1 provides a subjective characterization of each of these approaches in terms of management cost, additional network load, overhead on the router, the ability to trace multiple simultaneous attacks, the ....

L. T. Heberlein and M. Bishop. Attack Class: Address Spoofing. In

....host id, and there is no provision in . TCP IP to discover the true origin of a packet. Mor85] In addition to denial of service attacks, IP spoofing can be used in conjunction with other vulnerabilities to implement anonymous one way TCP channels and covert port scanning [Mor85, Bel89, HB96, VCIV99] There have been several efforts to reduce the anonymity afforded by IP spoofing. Table 1 provides a subjective characterization of each of these approaches in terms of management cost, Management Network Router Distributed Post mortem overhead overhead overhead capability capability ....

L. Todd Heberlein and Matt Bishop. Attack Class: Address Spoofing. In 1996 National Information Systems Security Conference, pages 371--378, Baltimore, MD, October 1996.

....Stop through the use of nonces and a short validity period for the certificate. The use of snonce also permits the Server to reuse Y over a limited period. This reduces the computational overhead on the server during high activity periods. The potential for a TCPSYN like denial of service attack[HB96] is mitigated in the same manner by the authentication certificate. The authorization certificate also prevents clients from masquerading as a server because of the client server capability tag. This is a benefit not possible with X.509 based certificates. 3.8 Subsequent Message Authentication ....

L.T. Heberlein and M. Bishop. Attack Class: Address Spoofing. In Proceedings of the 19th National Information Systems Security Conference, pages 371--377, October 1996.

....Stop through the use of nonces and a short validity period for the certificate. The use of snonce also permits the Server to reuse Y over a limited period. This reduces the computational overhead on the server during high activity periods. The potential for a TCPSYN like denial of service attack[HB96] is mitigated in the same manner by the authentication certificate. The authorization certificate also prevents clients from masquerading as a server because of the client server capability tag. This is a benefit not possible with basic X.509 certificates. 3.9 Subsequent Message Authentication ....

L.T. Heberlein and M. Bishop. Attack Class: Address Spoofing. In Proceedings of the 19th National Information Systems Security Conference, pages 371--377, October 1996.

....of minimal resource accountability, as well as a variety of other attacks such as traffic analysis. We note that since the resource model in the routers is so simple, sophisticated threats are posed by attacks on services implemented at the endpoints, e.g. the notorious Syn Ack attack [11] on TCP IP and the Ping of Death [12] Active Networks, being more flexible, considerably expand the threat possibilities. The security threats faced by such elements are considerable. For example, when a packet containing code to execute arrives, the system typically must: ffl Identify the ....

L.T. Heberlein and M. Bishop, "Attack Class: Address Spoofing," in Proceedings of the 19th National Information Systems Security Conference, October 1996, pp. 371--377.

....as well as a variety of other attacks such as traffic analysis. We note that since the resource model in the routers is so simple, sophisticated threats are posed by attacks on services implemented at the endpoints, e.g. the notorious Syn Ack (also known as Synflooding ) attack [21] on TCP IP and the Ping of Death [22] Active Networks, being more flexible, considerably expands the threat possibilities. The security threats faced by such elements are considerable. For example, when a packet containing code to execute arrives, the system typically must: ffl Identify the ....

L.T. Heberlein and M. Bishop, "Attack Class: Address Spoofing," in Proceedings of the 19th National Information Systems Security Conference, October 1996, pp. 371--377.

No context found.

Heberlein, T. and M. Bishop. Attack Class: Address Spoofing. in Nineteenth National Information Systems Security Conference. 1996. Baltimore, MD.

....overflows, the race condition is not exploitable if either characteristic does not hold. See Bishop and Dilger s paper [BiDi96] for a detailed discussion of race conditions arising from file accesses. 6.3. Internet address spoofing Initiating a TCP connection has three steps, as illustrated [HeBi96]. Host A sends a SYN to host B; the SYN contains a sequence number X. Host B responds with SYN ACK, supplying its own sequence number Y and incrementing A s sequence number. Host A ends the handshake with an ACK containing the sequence number Y 1. IP spoofing refers to a host N sending B ....

Heberlein, T. and Bishop, M., "Attack Class: Address Spoofing," Proceedings of the Nineteenth National Information Systems Security Conference pp. 371--377 (Oct. 1996).

No context found.

L. Heberlein, M. Bishop, Attack Class: Address Spoofing, in: Proceedings of the 19th National Information Systems Security Conference, 1996, pp. 371--377.

No context found.

L. Heberlein, M. Bishop, Attack Class: Address Spoofing, in: Proceedings of the 19th National Information Systems Security Conference, 1996, pp. 371--377.

No context found.

L. Heberlein and M. Bishop. Attack Class: Address Spoofing. In Proceedings of the 19th National Information Systems Security Conference, pages 371--377, October 1996.

No context found.

L. Heberlein and M. Bishop. Attack Class: Address Spoofing. In Proceedings of the 19th National Information Systems Security Conference, pages 371--377, October 1996.

No context found.

L. Heberlein and M. Bishop, "Attack Class: Address Spoofing," in Proceedings of the 19th National Information Systems Security Conference, October 1996, pp. 371--377.

No context found.

L. Heberlein and M. Bishop. Attack Class: Address Spoofing. In Proceedings of the 19th National Information Systems Security Conference, pages 371--377, October 1996.

No context found.

L. Heberlein and M. Bishop, "Attack Class: Address Spoofing," in Proceedings of the 19th National Information Systems Security Conference, October 1996, pp. 371--377.

No context found.

L. Heberlein and M. Bishop. Attack Class: Address Spoofing. In Proceedings of the 19th National Information Systems Security Conference, pages 371--377, October 1996.

No context found.

L. Heberlein and M. Bishop, "Attack Class: Address Spoofing," in Proceedings of the 19th National Information Systems Security Conference, pp. 371--377, October 1996.

No context found.

L. Heberlein and M. Bishop. Attack Class: Address Spoofing. In Proceedings of the 19th National Information Systems Security Conference, pages 371--377, October 1996.

No context found.

L. Heberlein and M. Bishop, "Attack Class: Address Spoofing," in Proceedings of the 19th National Information Systems Security Conference, pp. 371-377, October 1996.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC