DENIAL OF SERVICE MEETING
April 7, 1999
10-11am
3085 ENG II
In attendance:
Matt Bishop (MB), Tuomas Aura (TA), John Hughes (JH), Nick Puketza
(NP) and Steven Templeton (ST)
-
Matt has talked to Russ about an OC3 machine that can be used to try
out the TCP protocol vulnerabilities
-
WATCHERS protocol
-
JH: Nodes won't do conservation analysis on links - can cheat
-
Assumptions:
-
Topology can't be changed.
-
Spoofing can be detected at higher levels.
-
Both A & B have to be crooked
-
One malicious router (A) can pretend to be B
-
NP: Ethernet spoofing - malicious host could send packets, forge ethernet
address, drop bits on the wire.
-
Does WATCHERS consider external nodes?
-
Router does provide an OS for a dumb terminal
-
Remote host - not considered by WATCHERS
-
NP: Routers smart enough to recognize source/destination for external nodes
-
WATCHERS doesn't recognize external sources; doesn't update counters
-
It makes more sense to assume message originates from router
-
Only one path out of an autonomous system
-
Any external connections go through one router
-
Counters are final-destination specific
-
A stupid receiver would be a way to defeat the protocol if counters are
not final-destination specific
-
Source address is part of message, not routing
-
Is there a problem if you don't keep track of sources?
-
Counters needed for 1 hop, 2 hops etc. Need protection from two malicious
routers
-
General statement: Every router must be connected to one good router
-
Might not need to know source and destination for each to detect bad router
-
Separate the counter for each source/destination pair
-
Does every router have to be a WATCHERS router or only where there is a
critical link?
-
Goals and Next Meeting
-
Goal: Apply WATCHERS to DNS and other protocols
-
Determine problems that matter at a higher level
-
Assumptions that WATCHERS works on and how realistic are they?
-
Next Meeting - Present writeups
-
JH - write up address ring and approach to proving/solving it
-
TA - write up splitting one node into two.
-
NP - write up ethernet spoofing