586 research outputs found

    Detecting and Mitigating Denial-of-Service Attacks on Voice over IP Networks

    Get PDF
    Voice over IP (VoIP) is more susceptible to Denial of Service attacks than traditional data traffic, due to the former's low tolerance to delay and jitter. We describe the design of our VoIP Vulnerability Assessment Tool (VVAT) with which we demonstrate vulnerabilities to DoS attacks inherent in many of the popular VoIP applications available today. In our threat model we assume an adversary who is not a network administrator, nor has direct control of the channel and key VoIP elements. His aim is to degrade his victim's QoS without giving away his presence by making his attack look like a normal network degradation. Even black-boxed, applications like Skype that use proprietary protocols show poor performance under specially crafted DoS attacks to its media stream. Finally we show how securing Skype relays not only preserves many of its useful features such as seamless traversal of firewalls but also protects its users from DoS attacks such as recording of conversations and disruption of voice quality. We also present our experiences using virtualization to protect VoIP applications from 'insider attacks'. Our contribution is two fold we: 1) Outline a threat model for VoIP, incorporating our attack models in an open-source network simulator/emulator allowing VoIP vendors to check their software for vulnerabilities in a controlled environment before releasing it. 2) We present two promising approaches for protecting the confidentiality, availability and authentication of VoIP Services

    Performance evaluation of an open distributed platform for realistic traffic generation

    Get PDF
    Network researchers have dedicated a notable part of their efforts to the area of modeling traffic and to the implementation of efficient traffic generators. We feel that there is a strong demand for traffic generators capable to reproduce realistic traffic patterns according to theoretical models and at the same time with high performance. This work presents an open distributed platform for traffic generation that we called distributed internet traffic generator (D-ITG), capable of producing traffic (network, transport and application layer) at packet level and of accurately replicating appropriate stochastic processes for both inter departure time (IDT) and packet size (PS) random variables. We implemented two different versions of our distributed generator. In the first one, a log server is in charge of recording the information transmitted by senders and receivers and these communications are based either on TCP or UDP. In the other one, senders and receivers make use of the MPI library. In this work a complete performance comparison among the centralized version and the two distributed versions of D-ITG is presented

    Silicon firewall prototype

    Get PDF
    The Internet is a technological advance that provides access to information, and the ability to publish information, in revolutionary ways. There is also a major danger that provides the ability to corrupt and destroy information as well. When a computer is connected to the Internet, three things are put at risk: the data storage, the computing resources and the user’s reputation. In order to balance the advantages and risks, the contact between a computer and the Internet or the contact between different networks should be controlled carefully. A firewall is a form of protection that allows a network to connect to the Internet or to another network while maintaining a degree of security. The firewall is an effective type of network security, and in most situations, it is the most effective tool for doing that. With the availability of larger bandwidth, it is becoming more and more difficult for traditional software firewalls to function over a high-speed connection. In addition, the advances in network hardware technology, such as routers, and new applications of firewalls have caused the software firewall to be an impediment to high throughput. This network bottleneck leads to the requirement for new solutions to balance performance and security. Replacing software with hardware could lead to improved performance, enabling the firewalls to handle significantly larger amounts of data. The goal of this project is to investigate if and how existing desktop computer firewall technology could be improved by replacing software functionality with hardware (i.e., silicon). A hardware-based Silicon Firewall system has been designed by choosing the appropriate architecture and implemented using Altera FPGA (Field Programmable Gate Array) on a SOPC (System On a Programmable Chip) Board. The performance of the Silicon Firewall is tested and compared with the software firewall

    Dynamic silicon firewall

    Get PDF
    Computers are networked together in order to share the information they store and process. The internet connects many of these networks together, offering a multitude of options for communication, productivity and entertainment. It also offers the opportunity for unscrupulous individuals to contact these networked computers and attempt to appropriate or destroy the data on them, the computing resources they provide, and the identity or reputation of the computer user. Measures to secure networks need to be implemented by network administrators and users to protect their computing assets. Firewalls filter information as it flows through a network. This filter can be implemented in hardware or software and can be used to protect computers from unwanted access. While software firewalls are considered easier to set up and use, hardware firewalls are often considered faster and more secure. Absent from the marketplace is an embedded hardware solution applicable to desktop systems. Traditional software firewalls use the processor of the computer to filter packets; this is disadvantageous because the computer can become unusable during a network attack when the processor is swamped by the firewall process. Traditional hardware firewalls are usually implemented in a single location, between a private network and the internet. Depending on the size of the private network, a hardware firewall may be responsible for filtering the network traffic of hundreds of clients. This not only makes the required hardware firewall quite expensive, but dedicates those financial resources to a single point that may fail. The dynamic silicon firewall project implements a hardware firewall using a soft-core processor with a custom peripheral designed using a hardware description language. Embedding this hardware firewall on each network interface card in a network would offer many benefits. It would avoid the aforementioned denial of service problem that software firewalls are susceptible to since the custom peripheral handles the filtering of packets. It could also reduce the complexity required to secure a large private network, and eliminate the problem of a single point of failure. Also, the dynamic silicon firewall requires little to no administration since the filtering rules change with the users network activity. The design of the dynamic silicon firewall incorporates the best features from traditional hardware and software firewalls, while minimizing or avoiding the negative aspects of each

    Determining the effectiveness of deceptive honeynets

    Get PDF
    Over the last few years, incidents of network based intrusions have rapidly increased, due to the increase and popularity of various attack tools easily available for download from the Internet. Due to this increase in intrusions, the concept of a network defence known as Honeypots developed. These honeypots are designed to ensnare attackers and monitor their activities. Honeypots use the principles of deception such as masking, mimicry, decoying, inventing, repackaging and dazzling to deceive attackers. Deception exists in various forms. It is a tactic to survive and defeat the motives of attackers. Due to its presence in the nature, deception has been widely used during wars and now in Information Systems. This thesis considers the current state of honeypot technology as well as describes the framework of how to improve the effectiveness of honeypots through the effective use of deception. In this research, a legitimate corporate deceptive network is created using Honeyd (a type of honeypot) which is attacked and improved using empirical learning approach. The data collected during the attacking exercise were analysed, using various measures, to determine the effectiveness of the deception in the honeypot network created using honeyd. The results indicate that the attackers were deceived into believing the honeynet was a real network which instead was a deceptive network

    IPv6 Network Monitoring Tool

    Get PDF
    IPv6 is a new version of the internetworking protocol designed to address the scalability and service shortcomings of the current standard, IPv4.Unfortunately, IPv4 and IPv6 are not directly compatible, so programs and systems designed to one standard can not communicate with those designed to the other. Consequently, it is necessary to develop smooth transition mechanisms that enable applications to continue working while the network is being upgraded. In this paper the author presents the design and implementation of a network monitoring tool for the latest Internet Protocol; IPv6 which is designed for Microsoft Windows platform. The development of network has increased the need to monitor the nodes that is operating across the same network. The network monitoring tool aims to capture and analyze IP related packets (IPv6 packets) before executing report on the results found
    • …
    corecore