3. LISP B EID RLOC ETR B 4. ETR B ITR A 1: LISP 5. ITR A B EID RLOC 6. A SYN 7. ITR A ITR A B EID RLOC SYN ITR A RLOC ETR B RLOC 8. ETR B SYN ETR B B

Similar documents
ヤマハ ルーター ファイアウォール機能~説明資料~

ヤマハ ルーター ファイアウォール機能~説明資料~

2004 SYN/ACK SYN Flood G01P014-6

2 1: OSI OSI,,,,,,,,, 4 TCP/IP TCP/IP, TCP, IP 2,, IP, IP. IP, ICMP, TCP, UDP, TELNET, FTP, HTTP TCP IP

橡c03tcp詳説(3/24修正版).PDF

IETF RAMの動向

All Rights Reserved. Copyright(c)1997 Internet Initiative Japan Inc. 1

JANOG30会場ネットワーク こんな感じで作ってみた

2/11 ANNEX HATS HATS

IPv6 トラブルシューティング ホームネットワーク/SOHO編

2011 NTT Information Sharing Platform Laboratories

図解でわかるVoIPのすべて - IP電話の技術から構築まで -

Contents Part1: TCP Part2: TCP Part3: TCP Part4: Part5: TCP Part6:

I TCP 1/2 1

TCP T ransmission Control Protocol TCP TCP TCP TCP TCP TCP TCP TCP c /(18)

¥¤¥ó¥¿¡¼¥Í¥Ã¥È·×¬¤È¥Ç¡¼¥¿²òÀÏ Âè1²ó

IP IPv4-IPv6

Si-R30取扱説明書

untitled

wide95.dvi

Microsoft PowerPoint ppt [互換モード]

PPPoE HATS LAN


2/ PPPoE... 9 AC(Access Concentrator) PPPoE PPPoE Ping FTP PPPoE

橡C14.PDF

1 IPv6 WG OS SWG PCOSIPv6 Windows Vista 2 3 KAMEUSAGIMacOSX IPv6 2

2/ PPPoE AC(Access Concentrator) PPPoE PPPoE Ping FTP PP

untitled

IPv6 リンクローカル アドレスについて

第1回 ネットワークとは

untitled


tutorial.dvi

Microsoft PowerPoint - ykashimu_dslite_JANOG26_rev

IIJ Technical WEEK SEILシリーズ開発動向:IPv6対応の現状と未来

VoIPルーター ネットボランチ RTA55i ~導入資料~

IIJ Technical WEEK IIJのバックボーンネットワーク運用

TCP/IP再認識〜忘れちゃいけないUDP、ICMP~

情報通信ネットワーク特論 TCP/IP (3)

ict2-.key

Mac OS X Server QuickTime Streaming Server 5.0 の管理(バージョン 10.3 以降用)

$ ifconfig lo Link encap: inet : : inet6 : ::1/128 : UP LOOPBACK RUNNING MTU:65536 :1 RX :8 :0 :0 :0 :0 TX :8 :0 :0 :0 :0 (Collision

AirMac ネットワーク構成の手引き

LAN

総セク報告書(印刷発出版_.PDF

NATディスクリプタ機能

IPv6 IPv6 IPv4/IPv6 WG IPv6 SWG

IPv4aaSを実現する技術の紹介

TCP/IP Internet Week 2002 [2002/12/17] Japan Registry Service Co., Ltd. No.3 Internet Week 2002 [2002/12/17] Japan Registry Service Co., Ltd. No.4 2

Cisco Configuration Professional(CCP)Express 3.3 による Cisco 841M J シリーズ初期設定ガイド

2 PC [1], [2], [3] 2.1 OS 2.1 ifconfig 2.1 lo ifconfig -a 2.1 enp1s0, enx0090cce7c734, lo 3 enp1s0 enx0090cce7c734 PC 2.1 (eth0, eth1) PC 14

設定例集

Managed UTM NG例

tcp/ip.key

28 NTMobile Java Proposal and Implementation of Java Wrapper for NTMobile ( : ) :

Dell SonicWALL NSA NSA & Reassembly-Free Deep Packet & Inspection RFDPI 1 Network Security Appliance 3600 Network Security Appliance 4600 USB 2 x 10Gb

1 Linux UNIX-PC LAN. UNIX. LAN. UNIX. 1.1 UNIX LAN. 1.2 Linux PC Linux. 1.3 studenta odd kumabari studentb even kumabari studentc odd kumabari student

集中講義 インターネットテクノロジー 第5回

一般的に使用される IP ACL の設定

橡3-MPLS-VPN.PDF

PowerPoint プレゼンテーション

IPv6 トラブルシューティング~ ISP編~

$ ifconfig lo Link encap: inet : : inet6 : ::1/128 : UP LOOPBACK RUNNING MTU:65536 :1 RX :8 :0 :0 :0 :0 TX :8 :0 :0 :0 :0 (Collision

橡sirahasi.PDF

VoIPルーター ネットボランチ RT56v ~導入資料~

内閣官房情報セキュリティセンター(NISC)

Transcription:

L-020 SYN Cookies Locator/ID Separation Protocol Locator/ID Separation Protocol implementation considering SYN Cookies Watanabe Takaya Takashi Imaizumi 1. AS Autonomous System ISP IETF Locator/ID Separation Protocol LISP AS AS IP LISP AS AS IP AS SYN Cookies DoS 1 TCP SYN Flood SYN Cookies TCP TCP LISP TCP SYN Flood SYN Cookies SYN Cookies LISP LISP TCP SYN Flood 2.LISP SYN Cookies LISP SYN Cookies LISP SYN Cookies 2.1.LISP LISP IP AS AS AS IP RLOC Routing LOCator AS IP EID Endpoint IDentifer RLOC EID LISP RLOC EID AS RLOC AS EID AS AS ISP Internet AS AS AS LISP AS LISP LISP First Packet Drop 2.1.1.LISP LISP RLOC EID LISP AS EID AS RLOC EID RLOC RLOC ITR ETR ITR Ingress Tunnel Router EID AS ETR AS RLOC LISP ETR Egress Tunnel Router RLOC LISP ITR RLOC ITR ETR LISP xtr LISP ITR ETR LISP LISP ISP 155

3. LISP B EID RLOC ETR B 4. ETR B ITR A 1: LISP 5. ITR A B EID RLOC 6. A SYN 7. ITR A ITR A B EID RLOC SYN ITR A RLOC ETR B RLOC 8. ETR B SYN ETR B B SYN 9. TCP B SYN SYN/ACK 1 8 2: LISP TCP LISP AS EID AS RLOC ITR EID RLOC LISP 2.1.2.LISP TCP LISP 1 LISP 2 LISP A B TCP ITR A B EID RLOC 1. A B SYN 2. SYN ITR A ITR A EID RLOC LISP SYN 10. A SYN/ACK ACK ITR A RLOC B ACK B TCP RLOC RLOC ITR ETR 2.1.3.First Packet Drop RLOC ITR First Packet Drop EID RLOC RLOC ITR ITR TCP SYN Flood RLOC First Packet Drop LISP 156

2.2.SYN Cookies SYN Cookies DoS TCP SYN Flood TCP SYN Flood TCP SYN SYN Cookies TCP SYN Cookies 2.2.1. TCP SYN Cookies TCP ACK SYN Cookies SYN/ACK SYN/ACK 32 5 t mod 32 t 64 3 MSS 24 / IP TCP t SYN/ACK 1 ACK ACK TCP 3 2.2.2. ACK SYN Cookies SSH FTP SMTP ACK SSH TCP SYN/ACK SYN Cookies TCP 3: SYN Cookies SYN Cookies TCP SYN Flood 2.3.LISP SYN Cookies LISP TCP SYN Flood SYN Cookies 1 SYN Cookies TCP 4 2.1.2 SYN Cookies RLOC 2 SYN/ACK SYN RLOC 3 SYN 2 SYN Cookies SYN SYN/ACK 2 2 TCP Truncated Binary Exponential Backoff LISP SYN Cookies RLOC RLOC RLOC RLOC LISP LISPmon LISP monitoring platform 157

2.1: RLOC Round-Trip-Time (RTT) Map-Server EIDs RLOC RTT (ms) iij-xtr 153.16.64.0/24 202.214.86.252 493 (IIJ Internet Initiative Japan Inc.) fnsc-xtr 153.16.66.176/28 61.123.132.140 428 (ODN SOFTBANK TELECOM Corp.) cisco-it-xtr-1 153.16.5.0/24 128.107.81.169 303 (CISCO-EU-109 Cisco Systems Global) google-xtr 153.16.30.0/28 64.9.224.225 299 (GOOGLEWIFI - Google Inc.) unknown 85.184.3.32/28 92.254.28.189 55 (INTERNLNET InterNLnet Autonomous System) 3.SYN Cookies LISP LISP RLOC First Packet Drop LISP RLOC RLOC SYN Cookies RLOC RLOC RLOC SYN Cookies RLOC IETF piggybacked 4: LISP SYN Cookies TCP 2.1 2012 2 2 RLOC Round-Trip-Time RTT ITR RLOC ITR RLOC EIDs EID RLOC RTT iij-xtr RTT 493ms 1s SYN 75s SYN Cookies AS TCP 3.1.piggybacked piggybacked RLOC LISP LISP xtr piggybacked ITR ETR LISP TCP SYN Flood SYN Cookies RLOC 3.2. RLOC 5 Source EID Address EID 158

6: RLOC 5: ITR-RLOC Address ITR RLOC LISP Source EID Address ITR-RLOC Address RLOC RLOC RLOC RLOC EID LISP AS RLOC 4 LISP RLOC ITR A RLOC LISP ETR B ETR B ITR A 4 B AS RLOC ITR B A RLOC ITR B RLOC RLOC ITR B B A RLOC ITR B ETR B A ICMP Echo Reply 7: LISP TCP ITR B 6 (3) ICMP Echo Reply (1) (4) (2) (5) LISP TCP 7 7 ICMP Echo Reply RLOC LISP RLOC 4. RLOC LISP ETR ICMP Echo Reply ICMP Echo Reply piggybacked 159

4.1. ICMP Echo Reply ITR ETR ICMP Echo Reply ICMP Echo Reply 6 6 (3) ICMP Echo Reply A EID AS AS ITR B AS B ITR B A RLOC ICMP Echo Reply RLOC ICMP Echo Reply ITR B ICMP Echo Reply First Packet Drop RLOC ICMP Echo Reply ETR RLOC RLOC ITR ICMP Echo Reply RLOC ICMP Echo Reply RLOC ICMP Echo Reply ICMP Echo Request ICMP Echo Reply ICMP Echo Request ICMP Echo Reply ICMP Echo Reply 4.2.piggybacked piggybacked ITR RLOC RLOC Internet piggybacked RLOC RLOC SYN Cookies RLOC piggybacked LISP ITR ETR xtr LISP AS LISP 5. SYN Cookies LISP LISP SYN Cookies TCP SYN LISP RLOC RLOC First Packet Drop RLOC ITR RLOC RLOC SYN Cookies LISP TCP SYN Flood SYN Cookies LISP [1] LISP monitoring platform http://lispmon.net/ [2] Locator/ID Separation Protocol http://tools.ietf.org/html/draft-ietf-lisp-22 [3] RFC 4987 : TCP SYN Flooding Attacks and Common Mitigations http://tools.ietf.org/html/rfc4987 [4] Motoyuki OHMORI, Koji Okamura, Kohei HAYAKAWA, and Fuminori TANIZAKI Analyses on First Packet Drops of LISP in End-to- End Bidirectional Communications Internet Conference 2011 160

2026 © docsplayer.net プライバシー | 利用規約 | フィードバック