Transcript Talk
Protecting Web Servers from Content Request Floods Srikanth Kandula ▪ Shantanu Sinha ▪ Dina Katabi ▪ Matthias Jacob CSAIL –MIT The Attack GET LargeFile.zip DO LongDBQuery www.foo.com Want to protect DB and disk bandwidth, socket buffers, processes, … Hard to detect or counter because malicious requests look normal! A Fairness Problem – Filters Humans Machines User Filter Server Resources ●●● Problem – Each machine gets equal share Solution – Ensure that each human gets equal share Establishing Fairness Use Reverse Turing Test Suspected attack! To access www.foo.com enter the above letters: Establishing Fairness Use Reverse Turing Test Suspected attack! To access www.foo.com enter the above letters: Give Me www.foo.com Under attack. Come Under back attack. later. BTW, Come can back solve later. test to access now. Existing Our Solution Sols 2 Modes Common case: Server behavior unchanged Normal Under Attack Solution Overview Unchanged Client Server Other Characteristics: SYN SYN Cookie SYN Cookie SYNACKACK Ignore! HTTP Request Send Test TCP RST Verify SYN Cookie One test per session Tests generated offline Test expires Replay attacks are harmless Each answer grants up to 4 TCPs Can’t attack by duplicating answers No connection until test answered Solution Overview SYN SYN RECV State SYNACK SYNACKACK HTTP Request Establish Connection HTTP Response Client N/W Stack App Server Server Vulnerable to SYN Floods Solution Overview SYN SYN Create Cookie SYN Cookie Create Cookie SYN Cookie SYNACKACK SYNACKACK HTTP Request Establish Connection HTTP Request Ignore Verify Cookie Send Test RST HTTP Response Client N/W Stack App Server Server Common Case Client N/W Stack App Server Server Send out a test from memory Solution Overview SYN SYN Create Cookie SYN Cookie SYNACKACK SYNACKACK HTTP Request Ignore Establish Connection Test Answer HTTP Response Client Create Cookie SYN Cookie Verify Cookie & Answer HTTP Response N/W Stack App Server Server Common Case Client N/W Stack App Server Server Grant access if answer is correct Tests are generated offline Solution Overview SYN Create Cookie SYN Cookie SYNACKACK HTTP Request Ignore Verify Cookie Create session after a correct answer Up to 4 TCP connections per answer One test per browsing session Tests generated offline Send Test RST Client Server behavior unchanged (Common case) N/W Stack App Server Server Solution Overview SYN Create Cookie SYN Cookie Server behavior unchanged (Common case) SYNACKACK Ignore Test Answer Create session after a correct answer Up to 4 TCP connections per answer Verify Cookie & Answer One test per browsing session Tests generated offline HTTP Response Client N/W Stack App Server Server Extra – What If? User doesn’t want to solve the test? Give Me www.foo.com Under attack. Come Under back attack. later. BTW, Come solve backthe later. test to access now. Attacker distributes a few answers to all worms? Each test allows access to limited resources Establishing Fairness Use Reverse Turing Test Suspected attack! To access www.foo.com enter the above letters: Different from Prior Work Crypto puzzles are easy since computation power is cheap Yahoo! only protects disk space during account creation We want to receive requests, deliver puzzles, validate answers before establishing a TCP connection Establishing Fairness Use Reverse Turing Test Suspected attack! To access www.foo.com enter the above letters: Give Me www.foo.com Under attack. Come back attack. later. Under BTW, solve the test Come back later. to access now. Users who Solve a Test can access the server Yahoo uses RTT to protect disk space We receive requests, serve tests, validate answers before establishing a TCP connection