L-020 SYN Cookies Locator/ID Separation Protocol Locator/ID Separation Protocol implementation considering SYN Cookies Watanabe Takaya Takashi Imaizumi 1. AS Autonomous System ISP IETF Locator/ID Separation Protocol LISP AS AS IP LISP AS AS IP AS SYN Cookies DoS 1 TCP SYN Flood SYN Cookies TCP TCP LISP TCP SYN Flood SYN Cookies SYN Cookies LISP LISP TCP SYN Flood 2.LISP SYN Cookies LISP SYN Cookies LISP SYN Cookies 2.1.LISP LISP IP AS AS AS IP RLOC Routing LOCator AS IP EID Endpoint IDentifer RLOC EID LISP RLOC EID AS RLOC AS EID AS AS ISP Internet AS AS AS LISP AS LISP LISP First Packet Drop 2.1.1.LISP LISP RLOC EID LISP AS EID AS RLOC EID RLOC RLOC ITR ETR ITR Ingress Tunnel Router EID AS ETR AS RLOC LISP ETR Egress Tunnel Router RLOC LISP ITR RLOC ITR ETR LISP xtr LISP ITR ETR LISP LISP ISP 155
3. LISP B EID RLOC ETR B 4. ETR B ITR A 1: LISP 5. ITR A B EID RLOC 6. A SYN 7. ITR A ITR A B EID RLOC SYN ITR A RLOC ETR B RLOC 8. ETR B SYN ETR B B SYN 9. TCP B SYN SYN/ACK 1 8 2: LISP TCP LISP AS EID AS RLOC ITR EID RLOC LISP 2.1.2.LISP TCP LISP 1 LISP 2 LISP A B TCP ITR A B EID RLOC 1. A B SYN 2. SYN ITR A ITR A EID RLOC LISP SYN 10. A SYN/ACK ACK ITR A RLOC B ACK B TCP RLOC RLOC ITR ETR 2.1.3.First Packet Drop RLOC ITR First Packet Drop EID RLOC RLOC ITR ITR TCP SYN Flood RLOC First Packet Drop LISP 156
2.2.SYN Cookies SYN Cookies DoS TCP SYN Flood TCP SYN Flood TCP SYN SYN Cookies TCP SYN Cookies 2.2.1. TCP SYN Cookies TCP ACK SYN Cookies SYN/ACK SYN/ACK 32 5 t mod 32 t 64 3 MSS 24 / IP TCP t SYN/ACK 1 ACK ACK TCP 3 2.2.2. ACK SYN Cookies SSH FTP SMTP ACK SSH TCP SYN/ACK SYN Cookies TCP 3: SYN Cookies SYN Cookies TCP SYN Flood 2.3.LISP SYN Cookies LISP TCP SYN Flood SYN Cookies 1 SYN Cookies TCP 4 2.1.2 SYN Cookies RLOC 2 SYN/ACK SYN RLOC 3 SYN 2 SYN Cookies SYN SYN/ACK 2 2 TCP Truncated Binary Exponential Backoff LISP SYN Cookies RLOC RLOC RLOC RLOC LISP LISPmon LISP monitoring platform 157
2.1: RLOC Round-Trip-Time (RTT) Map-Server EIDs RLOC RTT (ms) iij-xtr 153.16.64.0/24 202.214.86.252 493 (IIJ Internet Initiative Japan Inc.) fnsc-xtr 153.16.66.176/28 61.123.132.140 428 (ODN SOFTBANK TELECOM Corp.) cisco-it-xtr-1 153.16.5.0/24 128.107.81.169 303 (CISCO-EU-109 Cisco Systems Global) google-xtr 153.16.30.0/28 64.9.224.225 299 (GOOGLEWIFI - Google Inc.) unknown 85.184.3.32/28 92.254.28.189 55 (INTERNLNET InterNLnet Autonomous System) 3.SYN Cookies LISP LISP RLOC First Packet Drop LISP RLOC RLOC SYN Cookies RLOC RLOC RLOC SYN Cookies RLOC IETF piggybacked 4: LISP SYN Cookies TCP 2.1 2012 2 2 RLOC Round-Trip-Time RTT ITR RLOC ITR RLOC EIDs EID RLOC RTT iij-xtr RTT 493ms 1s SYN 75s SYN Cookies AS TCP 3.1.piggybacked piggybacked RLOC LISP LISP xtr piggybacked ITR ETR LISP TCP SYN Flood SYN Cookies RLOC 3.2. RLOC 5 Source EID Address EID 158
6: RLOC 5: ITR-RLOC Address ITR RLOC LISP Source EID Address ITR-RLOC Address RLOC RLOC RLOC RLOC EID LISP AS RLOC 4 LISP RLOC ITR A RLOC LISP ETR B ETR B ITR A 4 B AS RLOC ITR B A RLOC ITR B RLOC RLOC ITR B B A RLOC ITR B ETR B A ICMP Echo Reply 7: LISP TCP ITR B 6 (3) ICMP Echo Reply (1) (4) (2) (5) LISP TCP 7 7 ICMP Echo Reply RLOC LISP RLOC 4. RLOC LISP ETR ICMP Echo Reply ICMP Echo Reply piggybacked 159
4.1. ICMP Echo Reply ITR ETR ICMP Echo Reply ICMP Echo Reply 6 6 (3) ICMP Echo Reply A EID AS AS ITR B AS B ITR B A RLOC ICMP Echo Reply RLOC ICMP Echo Reply ITR B ICMP Echo Reply First Packet Drop RLOC ICMP Echo Reply ETR RLOC RLOC ITR ICMP Echo Reply RLOC ICMP Echo Reply RLOC ICMP Echo Reply ICMP Echo Request ICMP Echo Reply ICMP Echo Request ICMP Echo Reply ICMP Echo Reply 4.2.piggybacked piggybacked ITR RLOC RLOC Internet piggybacked RLOC RLOC SYN Cookies RLOC piggybacked LISP ITR ETR xtr LISP AS LISP 5. SYN Cookies LISP LISP SYN Cookies TCP SYN LISP RLOC RLOC First Packet Drop RLOC ITR RLOC RLOC SYN Cookies LISP TCP SYN Flood SYN Cookies LISP [1] LISP monitoring platform http://lispmon.net/ [2] Locator/ID Separation Protocol http://tools.ietf.org/html/draft-ietf-lisp-22 [3] RFC 4987 : TCP SYN Flooding Attacks and Common Mitigations http://tools.ietf.org/html/rfc4987 [4] Motoyuki OHMORI, Koji Okamura, Kohei HAYAKAWA, and Fuminori TANIZAKI Analyses on First Packet Drops of LISP in End-to- End Bidirectional Communications Internet Conference 2011 160