Secure Shell Denial of Service Attacks Outline

Secure Shell & Denial of Service Attacks Outline Secure Shell Overview Authentication Practical issues Denial of Service Attacks Definition Examples Quiz #1 Fall, 2001 CS 640 1

Secure Shell (SSH) Overview • SSH is a secure remote virtual terminal application – Provides encrypted communication between untrusted hosts over an insecure network • Assumes eavesdroppers can hear all communications between hosts • Provides different methods of authentication • Encrypts data exchanged between hosts – Intended to replace insecure programs such as rlogin, rsh, etc. – Includes capability to securely transfer file • SCP – Includes ability to forward X 11 connections and TCP ports securely • Very popular and widely used – Not invulnerable! Fall, 2001 CS 640 2

Authentication in SSH 1 • Three means of authenticating supported by SSH – Simple rhosts • User/system names in ~/. rhosts, ~/. shosts • Vulnerable to IP/DNS spoofing • Requires specific compilation for this mode of operation – Host based • Use RSA to verify host keys • Use ~/. rhosts file for user authentication – Host and user based • RSA host key verification • RSA user key verification • If authentication fails, client is prompted for password – All communication is encrypted Fall, 2001 CS 640 3

SSH 1 Key Exchange Protocol • Server has public/private key pair – Client knows server’s public key in advance • Must be sent securely in advance • Server sends public key and random server key to client – Client verifies public key • Client sends random session key encrypted with host and server key – Rest of session is encrypted with session key Fall, 2001 CS 640 4

SSH 2 Key Exchange Protocol • Diffie-Hellman public key exchange algorithm is used – Public key exchange algorithm – very cool – Two users can exchange a secret key over and insecure link without sharing any prior secrets (!) • Digital signature verifies identity of server to client • At the end of the key exchange, a secret key is shared – Used for encrypting the rest of the session • Supports MD 5 checksums for data integrity • Supports a variety of encryption mechanisms – IDEA (default), Blowfish, DES, Triple DES, … Fall, 2001 CS 640 5

SSH in Practice • Host public/private key is generated when SSH is installed – Public key must be in ~/. ssh/known_hosts on remote systems • ssh-keygen command is used to generate users public/private keys – Requires user enter a pass phrase – Public key copied to ~/. ssh/authorized_keys on remote systems • Ssh-agent and ssh-add eliminate the need for repeated typing of pass phrase • Password authentication is vulnerable to guessing attacks • X 11 and port forwarding enable encrypted pipe through the Internet – Can be used to securely access insecure application eg. SMTP – Can be used to circumvent firewalls Fall, 2001 CS 640 6

SSH in Practice contd. • Available as open source software – See Open. SSH • Tricky to get working properly • Standard with many software distributions Fall, 2001 CS 640 7

Denial of Service (Do. S) Attacks • One of the most general forms of attacking inter-networked systems – Based on overloading end systems – Result is sever reduction in performance or complete shutdown of target systems • Focus of attacks can be network components or end hosts • We have heard about a number of these in the past year • Other most general form of attack is a break-in – Port scans – Buffer overflows – Password cracking… Fall, 2001 CS 640 8

Overloading a System • The goal of Do. S is to drown legitimate traffic in a sea of garbage traffic – Lots of traffic that has not been provisioned for pushes real traffic out of the way • Clients experience delays due to congestion – Dropped packets lead to exponential backoff in timeouts • Routers can become overloaded • Servers become overloaded by increased number of connect requests – TCP connection setup requires state and response from server – Server is required to respond to SYN from clients – Clients don’t respond to server’s response Fall, 2001 CS 640 9

IP Spoofing • Alter system to insert a different source IP address in TCP and IP headers – Do. S attackers spoof for two reasons • They don’t want to be discovered • Spoofing can additional load • If you spoof with a legitimate IP address – Reset can be triggered from either attacked host or actual IP host • Frees resources immediately on server – Careful use of sequence numbers can freeze future connections from actual IP host • If you spoof with a random number IP – Server response to client SYN will be lost – Server will not free resources for 75 seconds (typically) Fall, 2001 CS 640 10

Key Elements of Do. S Attack • Expansion in required work – Easy for me, harder for you – Expansion in IP spoofing • Me: generate SYNs as fast as possible (microseconds) • You: Timeout a SYN open every 75 seconds • Best effort protocols – Drop tail queues – No source specificity – Clients can be starved or slowed to crawl Fall, 2001 CS 640 11

Do. S Attack Characteristics • Expansion makes a only a few systems necessary – Typical goal is to attack from as many places as possible • Enables better utilization of network resources • Helps to prevent countermeasures • Helps to obscure attackers • Do. S software is readily available and/or simple to write – Most found in IRC chat rooms • Do. S attacks are frequently preceded by break-ins to install Do. S software – Enables even more anonymity for attacker Fall, 2001 CS 640 12

Facilitating Do. S Attacks • • Lots of systems Large networks Naïve users Savvy bad guys Lots of free software Poor operating and management policies Hugely complex software with lots of well publicized holes • Lack of means for stopping attacks Fall, 2001 CS 640 13

Dealing with Do. S Attacks • Don’t reserve state until receipt of client ACK – DOS attackers using spoofing don’t send these • Otherwise they would have to keep state – Use of crypto to avoid saving state • Send one-use key with server response to SYN • Response ACK must return key • Intrusion detection tools – Cut off an attack at a firewall if you recognize it – Bro, Snort • IP traceback methods • There are lots of companies in this space! Fall, 2001 CS 640 14

Most recent example of Do. S Attack • Code Red Worm – Released and identified on July 19, 2001 • Infected over 250 k systems in 9 hours – Takes advantage of hole in IIS on Win NT or Win 2 k • And the fact that most people don’t know IIS ON is default – Infected systems are completely compromised – Code Red installs itself in OS kernel • Small and efficient • V 1 could be eliminated by reboot – Spends half its time trying to infect other systems, and half its time Do. S’ing the White House and Pentagon Fall, 2001 CS 640 15

Quiz #1 Each question is worth 8 points 1. Show RSA can be used for two way authentication (a simple drawing is fine). 2. Briefly explain (3 or 4 sentences max) the pros and cons of persistent connections in HTTP/1. 1 3. Applications 1. What is a basic difference between SMTP and other application level protocols? 2. What was the motivation for Nagle’s algorithm (hint think about the telnet application)? Fall, 2001 CS 640 16