Kandula_SOSP2003

Document Sample
Kandula_SOSP2003 Powered By Docstoc
					 Protecting Web Servers from
   Content Request Floods


Srikanth Kandula ▪ Shantanu Sinha ▪ Dina Katabi ▪
                   Matthias Jacob


                 CSAIL –MIT
              The Attack
     GET LargeFile.zip



     DO LongDBQuery




                 www.foo.com

Want to protect DB and disk bandwidth,
      socket buffers, processes, …
  Hard to detect or counter because
   malicious requests look normal!
       A Fairness Problem – Filters

        Humans



       Machines

      User Filter

Server Resources                           ●●●


       Problem – Each machine gets equal share

 Solution – Ensure that each human gets equal share
Establishing Fairness      Use Reverse
                           Turing Test




 Suspected attack! To access www.foo.com
 enter the above letters:
Establishing Fairness          Use Reverse
                               Turing Test




 Suspected attack! To access www.foo.com
 enter the above letters:


          Give Me
        www.foo.com             Our Solution
                                Existing Sols


         Under attack. Come
             back later.
            Under attack.
          Come back later.
         BTW, can solve test
           to access now.
         2 Modes

           Common case:
           Server behavior unchanged
Normal




Under
Attack
                  Solution Overview
Unchanged           Server
  Client
            SYN                     Other Characteristics:
                                     One test per session
                       SYN Cookie
                                     Tests generated offline
        SYN Cookie
                                     Test expires
        SYNACKACK
                                      Replay attacks are
                       Ignore!        harmless
     HTTP Request
                       Verify SYN
                                     Each answer grants up
     Send Test         Cookie       to 4 TCPs
                                        Can’t attack by
            TCP RST
                                      duplicating answers

   No connection until test answered
                                   Solution Overview
         SYN


                         SYN RECV State
         SYNACK


         SYNACKACK


                         Establish Connection
         HTTP Request




         HTTP Response


                     N/W Stack  App Server
Client                     Server

         Vulnerable to SYN Floods
                              Solution Overview
         SYN                                              SYN


                          Create Cookie                                    Create Cookie
         SYN Cookie                                       SYN Cookie


         SYNACKACK                                        SYNACKACK


                          Establish Connection                             Ignore
         HTTP Request                                     HTTP Request
                                                                           Verify Cookie

                                                          Send Test


                                                          RST
         HTTP Response


                      N/W Stack  App Server                            N/W Stack  App Server
Client                      Server               Client
                                                                             Server


               Common Case                          Send out a test from memory
                              Solution Overview
         SYN                                                SYN


                          Create Cookie                                       Create Cookie
         SYN Cookie                                         SYN Cookie


         SYNACKACK                                          SYNACKACK


                          Establish Connection                                Ignore
         HTTP Request                                       Test Answer
                                                                              Verify Cookie & Answer




         HTTP Response
                                                            HTTP Response

                      N/W Stack  App Server                               N/W Stack  App Server
Client                      Server                 Client                       Server

               Common Case                            Grant access if answer is correct

                             Tests are generated offline
                                     Solution Overview
         SYN
                                              Server behavior unchanged
                                              (Common case)
                          Create Cookie
         SYN Cookie


         SYNACKACK                             Create session after a correct answer
                          Ignore
                                               Up to 4 TCP connections per answer
         HTTP Request
                          Verify Cookie

         Send Test
                                               One test per browsing session
                                               Tests generated offline
         RST




                      N/W Stack  App Server
Client                      Server
                                     Solution Overview
         SYN
                                                Server behavior unchanged
                                                (Common case)
                           Create Cookie
         SYN Cookie


         SYNACKACK                                   Create session after a correct answer
                           Ignore                    Up to 4 TCP connections per answer
         Test Answer
                           Verify Cookie & Answer
                                                     One test per browsing session
                                                     Tests generated offline


         HTTP Response

                       N/W Stack  App Server
Client                       Server
             Extra – What If?
User doesn’t want to solve the test?
                       Give Me
                     www.foo.com




                      Under attack.
                      Under attack.
                    Come back later.
                    Come back later.
                   BTW, solve the test
                     to access now.


Attacker distributes a few answers to all worms?
      Each test allows access to limited resources
Establishing Fairness                 Use Reverse
                                      Turing Test



  Suspected attack! To access www.foo.com
  enter the above letters:


Different from Prior Work
 Crypto puzzles are easy since computation power is cheap
 Yahoo! only protects disk space during account creation
 We want to receive requests, deliver puzzles, validate
answers before establishing a TCP connection
  Establishing Fairness                         Use Reverse
                                                Turing Test


          Suspected attack! To access www.foo.com
          enter the above letters:



               Give Me www.foo.com
                                               Yahoo uses RTT to protect
                                                  disk space

                Under attack. Come back
                                                We receive requests, serve
                later. Undersolve the test
                       BTW, attack.                tests, validate answers
                      to access later.
                     Come backnow.
                                                 before establishing a TCP
                                                                connection
Users who Solve a Test can access the server

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:4
posted:2/20/2011
language:English
pages:15