1. Trang chủ
  2. » Lịch sử

IP, BGP, DNS Denial of Service

7 3 0

Đang tải... (xem toàn văn)

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 7
Dung lượng 210,85 KB

Nội dung

application layer transport layer network layer data link layer message segment packet frame.. TCP (Transmission Control Protocol) Sender: break data into packets[r]

(1)(2)

Internet is a Network of Networks

local network

Internet service provider (ISP)

backbone

ISP local network

TCP/IP for packet routing and connections

Border Gateway Protocol (BGP) for route discovery

Autonomous system (AS) is a

(3)

OSI Protocol Stack

application presentation session

transport network data link physical

IP TCP

email, Web, NFS

RPC

(4)

Data Formats

Application data

data TCP

header headerTCP data headerTCP data

data TCP header IP header data TCP header IP header Ethernet

header Ethernettrailer

(5)

TCP (Transmission Control Protocol) Sender: break data into packets

• Sequence number is attached to every packet

Receiver: reassemble packets in correct order

• Acknowledge receipt; lost packets are re-sent Connection state maintained on both sides

book

remember received pages and reassemble

(6)

Solving the DNS Spoofing Problem Long TTL for legitimate responses

• Does it really help?

Randomize port in addition to TXID

• 32 bits of randomness, makes it harder for attacker to guess TXID

DNSSEC

(7)

DNSSEC

Goals: authentication and integrity of DNS requests and responses

PK-DNSSEC (public key)

• DNS server signs its data (can be done in advance)

• How other servers learn the public key? SK-DNSSEC (symmetric key)

• Encryption and MAC: Ek(m, MAC(m))

• Each message contains a nonce to avoid replay

• Each DNS node shares a symmetric key with its parent

Ngày đăng: 09/03/2021, 05:50

TÀI LIỆU CÙNG NGƯỜI DÙNG

  • Đang cập nhật ...

TÀI LIỆU LIÊN QUAN

w