Upload
esther-jenkins
View
218
Download
3
Embed Size (px)
Citation preview
Study of Malformed Message Attacks and their Prevention
By Shailesh Yadav & Nikhil Mohod
TEL 500 PROJECT
OUTLINE
Introduction The importance of Networking
monitoring Last Hop Tracking: Framework The Project The CNM Packet Tracer Demo Real time Demo Conclusion
INTRODUCTION – MALFORMED MESSAGE ATTACKS
Devised to achieve unauthorized access into the service provider’s secure domain
In this type of attacks the attacker modifies the headers in such a way that it does not comply with the grammar standards of the Signaling protocol
EXAMPLE
THE PROJECT
Focus of this project is to help design network breach detection and tracing system, a suggestive system with important parameters
This design is going to aid the prevention on malformed message attacks and also ensure that these type and attacks and their origin is easily figured out
THE IMPORTANCE OF NETWORKING MONITORING
If the network is monitored, quite once in a while the assault is followed straightforwardly back to the perpetrator
This is done by last hop tracing with the help of the foundation built by IDS and IPS
Hence there is great demand for design, deployment and maintaining frameworks that aid towards the goal of monitoring networks
LAST HOP TRACKING: FRAMEWORK
REAL TIME DEMO
Wireshark V 1.10.2 Bittwist V
THE CNM
This CNM system is recognized as the solution This design is a variation of inbuilt IDS IPS system that
could be established with the existing network infrastructure
The aspects of the CNM are as follows: Route Isolation Hassle free routing for all other networking protocols running An algorithm to recognize the malformed message attacks
and distinguish them from other types of attacks Also be able to detect and prevent network based attacks Reduce the cost of deploying a separate infrastructure for
CNM Last hop tracing to allow easy detecting of the attack’s origin
KEY ELEMENTS OF THE CNM DESIGN: The CNM should be kept isolated
from the rest of the network All other routing components
should be able to flow freely without hassle
The above two issues are explored in detail in this project the other aforementioned components are a part of the CNM documentation (Future Research)
THE CNM – CENTRALIZED NETWORK MONITOR
PACKET TRACER DEMO
Packet Tracer Screenshot
CONCLUSION
SIP being a text based protocol is very easy to exploit. Most security threats could be condensed by the use of TCP/IP instead of UDP for signaling purposes. As previously mentioned, firewalls can also be used in addition to TCP/IP used, to block unauthorized access.
Also access lists could be used
THANK YOU
Questions ?