Study of Malformed Message Attacks and their Prevention

By Shailesh Yadav & Nikhil Mohod

TEL 500 PROJECT

OUTLINE

Introduction The importance of Networking

monitoring Last Hop Tracking: Framework The Project The CNM Packet Tracer Demo Real time Demo Conclusion

INTRODUCTION – MALFORMED MESSAGE ATTACKS

Devised to achieve unauthorized access into the service provider’s secure domain

In this type of attacks the attacker modifies the headers in such a way that it does not comply with the grammar standards of the Signaling protocol

EXAMPLE

THE PROJECT

Focus of this project is to help design network breach detection and tracing system, a suggestive system with important parameters

This design is going to aid the prevention on malformed message attacks and also ensure that these type and attacks and their origin is easily figured out

THE IMPORTANCE OF NETWORKING MONITORING

If the network is monitored, quite once in a while the assault is followed straightforwardly back to the perpetrator

This is done by last hop tracing with the help of the foundation built by IDS and IPS

Hence there is great demand for design, deployment and maintaining frameworks that aid towards the goal of monitoring networks

LAST HOP TRACKING: FRAMEWORK

REAL TIME DEMO

Wireshark V 1.10.2 Bittwist V

THE CNM

This CNM system is recognized as the solution This design is a variation of inbuilt IDS IPS system that

could be established with the existing network infrastructure

The aspects of the CNM are as follows: Route Isolation Hassle free routing for all other networking protocols running An algorithm to recognize the malformed message attacks

and distinguish them from other types of attacks Also be able to detect and prevent network based attacks Reduce the cost of deploying a separate infrastructure for

CNM Last hop tracing to allow easy detecting of the attack’s origin

KEY ELEMENTS OF THE CNM DESIGN: The CNM should be kept isolated

from the rest of the network All other routing components

should be able to flow freely without hassle

The above two issues are explored in detail in this project the other aforementioned components are a part of the CNM documentation (Future Research)

THE CNM – CENTRALIZED NETWORK MONITOR

PACKET TRACER DEMO

Packet Tracer Screenshot

CONCLUSION

SIP being a text based protocol is very easy to exploit. Most security threats could be condensed by the use of TCP/IP instead of UDP for signaling purposes. As previously mentioned, firewalls can also be used in addition to TCP/IP used, to block unauthorized access.

Also access lists could be used

THANK YOU

Questions ?