Lesson 9 - Internet Security Flashcards
What are the properties of secure communication?
- Confidentiality
- Integrity
- Authentication
- Availability
How does Round Robin DNS (RRDNS) work?
a method to distribute the load of incoming requests to several servers at a single physical location. Servers respond to a DNS request with a list of DNS A records, which it then cycles through in a round robin manner.
How does DNS-based content delivery work?
When accessing the name of the service using DNS, the CDN computes the ‘nearest edge server’ and returns its IP address to the DNS client.
How does Fast-Flux Service Networks work?
A fucking complicated attack. Suggest answer.
having multiple IP addresses associated with a domain name, and then constantly changing them in quick succession.
What are the main data sources to identify hosts that likely belong to rogue networks, used by FIRE (FInding Rogue nEtworks system)?
- Botnet command and control providers
- Drive-by-download hosting providers
- Phish housing providers
The design of ASwatch is based on monitoring global BGP routing activity to learn the control plane behavior of a network. What are the 2 phases of this system.
- Training phase
2. Operational phase
ASwatch computes statistical models using which three features of each AS.
- Rewiring activity - frequent changes and less popular providers are suspicious.
- IP Space Fragmentation and Churn - small BGP prefixes are suspicious
- BGP Routing Dynamics - annoucing for short periods is suspicious.
BGP hijacking. What is the classification by AS-Path announcement?
an illegitimate AS announces the AS-path for a prefix for which it doesn’t have ownership rights.
Type-0, Type-N, & Type-U are all AS-Path hijacking.
BGP hijacking. What is the classification by Data-Plane traffic manipulation?
In Data-Plane traffic manipulation, the intention of the attacker is to hijack the network traffic and manipulate the redirected network traffic on its way to the receiving AS.
What are the causes or motivations behind BGP attacks?
Human Error
Targeted Attack
High Impact Attack
What is prefix hijacking?
When a hijacker announces that it owns some or part of the prefixes owned by another AS.
Explain the scenario of hijacking a path
hijacker modifies the path, so that AS’s are more likely to route traffic through the hijacker.
What are the key ideas behind ARTEMIS?
- configuration file: where all the prefixes owned by the network are listed here for reference. This configuration file is populated by the network operator.
- mechanism for receiving BGP updates: this allows receiving updates from local routers and monitoring services. This is built into the system
For a system that protects against BGP hijacking attacks with less manual intervention, we need automated ways of mitigation from BGP hijacking attacks. The ARTEMIS system uses two automated techniques in mitigating these attacks. What are these techniques?
- Prefix deaggregation: announce more specific prefixes of a certain prefix. (instead of 10.10.10.0/24, announce 10.10.10.128/25 and 10.10.10.0/25)
- Mitigation with Multiple Origin AS (MOAS) - external third party announces the hijacked address and routes traffic to the correct location. (hijack the hijacker)
Explain the structure of a DDoS attack
A Distributed Denial of Service (DDoS) attack is an attempt to compromise a server or network resources with a flood of traffic. To achieve this, the attacker first compromises and deploys flooding servers (slaves).