Internet Infrastructure Security: A Taxonomy

1
Internet Infrastructure Security A Taxonomy

• Anirban Chakrabarti
• G. Manimaran
• (Iowa State University)
• Network, IEEE , Volume 16 Issue 6 ,
• Nov.-Dec. 2002 Page(s) 13 -21

2
Outline

• Introduction
• Taxonomy of Internet Infrastructure Attacks
• DNS Hacking Attacks
• Routing Table Poisoning Attacks
• Packet Mistreatment Attacks
• Denial of Service Attacks
• Conclusions and Future Work

3
Introduction

• The objectives of this article are to
• Categorize possible Internet infrastructure
  attacks
• Identify the attacks within each category
• Identify existing solutions that deal with the
  attacks
• Present guidelines for important and less
  researched areas

4
An example of a router attack and its consequences
5
Taxonomy of Internet Infrastructure Attacks
6
DNS Hacking Attacks

• The Impact of Hacking
• Denial of Service
• Send back negative responses indicating that the
  DNS name does not exist.
• Redirect the clients request to a server that
  does not contain the service the client is
  requesting.
• Masquerading
• Information Leakage
• Domain Hijacking

7
DNS Hacking Attacks(cont.)

• Types of Hacking
• Cache Poisoning
• Server Compromising
• Spoofing
• In order to address DNS attacks, the IETF added
  security extensions to DNS, collectively known as
  DNSSEC (RFC2535).

8
Outline of DNSSEC

• DNSSEC provides authentication and integrity to
  the DNS updates.
• The authentications are provided through the use
  of digital signature technology.
• To make the DNSSEC proposals viable, secure
  server and secure client environments must be
  created.
• DNSSEC is unable to provide security against
  information leakage since it is mainly concerned
  with authentication.

9
Routing Table Poisoning Attacks

• The Impact of Poisoning
• Suboptimal Routing
• Congestion
• Partition
• Overwhelmed Host
• Looping
• Access to Data

10
Routing Table Poisoning Attacks(cont.)

• Types of Poisoning
• Link Attacks
• Interruption
• Modification/Fabrication
• Replication
• Router Attacks
• Link State Router Attacks
• Distance Vector Router Attacks

11
Solutions for Link Attacks

• Interruption Most routing protocols employ
  robust updates between neighbors , by using
  acknowledgements.
• Modification/Fabrication Digital signatures are
  used for the integrity and authenticity of
  messages.
• Replication Sequence information is used to
  prevent this attack.

12
Link State Router Attacks

• A router attack can be proactive or inactive in
  nature.

13
Solutions for Link State Router Attacks

• The solutions proposed for router attacks in link
  state protocols can be categorized into two types
• intrusion detection
• JiNaO
• protocol-driven
• Secure Link State Protocol (SLIP)

14
Distance Vector Router Attacks

• If a malicious router creates a wrong distance
  vector and sends it to all its neighbors, the
  neighbors accept the update since there is no way
  to validate it.
• Since the router itself is malicious, standard
  techniques like digital signatures do not work.
• Inconsistency Detection
• Consistency Check algorithm

15
Consistency Check algorithm
16
Packet Mistreatment Attacks

• Packet mistreating attacks have limited
  effectiveness compared to the routing table
  poisoning and DoS attacks
• The Impact of Mistreatment
• Congestion
• Lowering Throughput
• Denial-of-Service
• Types of Mistreatment
• Link Attacks
• Router Attacks

17
Link Attacks

• Interruption
• WATCHERS (principle of conservation)
• packet dropping profiles and intrusion detection
• Modification/Fabrication
• IPSec
• Replication
• IPSec (anti-replay window protocol)

18
Router Attacks

• Malicious routers can cause all the link attacks.
• Malicious misrouting of packets may result in
  congestion, or can even be used as a DoS attack.
• Packets sent and received by the same interface
  of a router are discarded.
• However, a malicious router can create triangle
  routing or looping, which remains an open problem

19
Denial-of-Service Attacks

• DoS attacks can be categorized into two main
  types ordinary and distributed.
• Types of Attacks
• UDP Flood
• TCP/SYN Flood
• ICMP/Smurf

20
Denial-of-Service Attacks(cont.)

• Types of Solutions
• Preventiive
• Filtering
• Reactive
• Link Testing
• Logging
• ICMP Traceback
• IP Traceback

21
Conclusions and Future Work

• Scalability and deployment issues in DNSSEC.
• Robust routing protocols to prevent routing table
  poisoning attacks.
• No work has been carried out to solve the packet
  mistreatment attacks when a router is responsible
  for triangle routing.
• Detection, location, and recovery from DDoS
  attacks.

22
Summary