This document discusses using HTTP cache headers to create covert timing channels. It describes how information can be encoded in the Last-Modified and ETag response headers and decoded using the If-Modified-Since, If-Unmodified-Since, If-Match, and If-None-Match request headers. The document outlines an implementation of these covert channels using C that achieves transmission speeds of 1-2 bits per second with over 99% accuracy. Issues in synchronization, timing, and CPU load are also addressed.
Covert Timing Channels using HTTP Cache HeadersDenis Kolegov
In this presentation covert timing channels using HTTP cache headers are described. Peculiarities of programming implementation of the covert channels depending on HTTP cache headers, threat model, programming language (C, JavaScript, Python, Ruby) and environment (web-browser, malicious software) are considered. The basic characteristics of the implemented covert channels are provided. Module and extension implementing ETag-based covert timing channels that were implemented in BeEF framework are discussed.
Covert timing channels using HTTP cache headersyalegko
This document discusses using HTTP cache headers to create covert timing channels for transmitting information between hosts without detection. It provides examples of encoding data in the Accept-Language header and describes how headers like Last-Modified and ETag can be used to transmit bits by checking if the page has changed. Issues in implementation are addressed, like needing synchronization. Evaluation shows channels can transmit over 1 bit/second over local networks and around 5 bits/second over the internet. Browser-based channels in JavaScript are also proposed.
This document provides an overview of a presentation on HTTP latency and DNS lookups in Alaska. It includes the results of tests measuring HTTP response times for various resources on Alaska's website using Chrome and IE browsers. It also demonstrates DNS queries and lookups using nslookup and Wireshark. The results show latency variations between browsers and differences in TCP retransmissions between IE and Chrome. Round-trip times are also measured for traceroutes between New York and Alaska.
The document discusses the TCP/IP protocol suite and transport layer services. Some key points:
- TCP/IP was originally developed by DARPA and later included in UNIX. It maps to the OSI layers and supports various physical/data link protocols.
- The transport layer provides logical communication between application processes on different hosts. TCP and UDP are the main transport protocols.
- TCP provides reliable, in-order byte streams using connection establishment and acknowledgments. UDP is a simpler connectionless protocol.
- Port numbers and IP addresses are used to multiplex/demultiplex segments between sockets at hosts for processes to communicate.
- TCP uses a three-way handshake to establish reliable connections between
The document discusses various topics related to sharing resources and internet applications. It begins by covering medium access control protocols like ALOHA, CSMA, and CSMA/CD. It then discusses congestion control, including max-min fairness, router queuing strategies, and window-based congestion control. Finally, it summarizes several internet applications - DNS, email protocols like SMTP, and the basic web client-server architecture.
Dan Kaminsky introduces the concept of DNS tunneling, which involves encoding and transmitting data within DNS queries and responses. He describes early implementations of DNS tunneling used to establish remote networking connections. Kaminsky then explores ways to increase bandwidth for DNS tunneling, such as encoding audio streams within DNS TXT records or distributing large files across many caching DNS servers in a technique called "DomainCast". Finally, he discusses modifying scanning tools to map the DNS landscape at large scales through stateless queries and analysis of responses.
Covert Timing Channels using HTTP Cache HeadersDenis Kolegov
In this presentation covert timing channels using HTTP cache headers are described. Peculiarities of programming implementation of the covert channels depending on HTTP cache headers, threat model, programming language (C, JavaScript, Python, Ruby) and environment (web-browser, malicious software) are considered. The basic characteristics of the implemented covert channels are provided. Module and extension implementing ETag-based covert timing channels that were implemented in BeEF framework are discussed.
Covert timing channels using HTTP cache headersyalegko
This document discusses using HTTP cache headers to create covert timing channels for transmitting information between hosts without detection. It provides examples of encoding data in the Accept-Language header and describes how headers like Last-Modified and ETag can be used to transmit bits by checking if the page has changed. Issues in implementation are addressed, like needing synchronization. Evaluation shows channels can transmit over 1 bit/second over local networks and around 5 bits/second over the internet. Browser-based channels in JavaScript are also proposed.
This document provides an overview of a presentation on HTTP latency and DNS lookups in Alaska. It includes the results of tests measuring HTTP response times for various resources on Alaska's website using Chrome and IE browsers. It also demonstrates DNS queries and lookups using nslookup and Wireshark. The results show latency variations between browsers and differences in TCP retransmissions between IE and Chrome. Round-trip times are also measured for traceroutes between New York and Alaska.
The document discusses the TCP/IP protocol suite and transport layer services. Some key points:
- TCP/IP was originally developed by DARPA and later included in UNIX. It maps to the OSI layers and supports various physical/data link protocols.
- The transport layer provides logical communication between application processes on different hosts. TCP and UDP are the main transport protocols.
- TCP provides reliable, in-order byte streams using connection establishment and acknowledgments. UDP is a simpler connectionless protocol.
- Port numbers and IP addresses are used to multiplex/demultiplex segments between sockets at hosts for processes to communicate.
- TCP uses a three-way handshake to establish reliable connections between
The document discusses various topics related to sharing resources and internet applications. It begins by covering medium access control protocols like ALOHA, CSMA, and CSMA/CD. It then discusses congestion control, including max-min fairness, router queuing strategies, and window-based congestion control. Finally, it summarizes several internet applications - DNS, email protocols like SMTP, and the basic web client-server architecture.
Dan Kaminsky introduces the concept of DNS tunneling, which involves encoding and transmitting data within DNS queries and responses. He describes early implementations of DNS tunneling used to establish remote networking connections. Kaminsky then explores ways to increase bandwidth for DNS tunneling, such as encoding audio streams within DNS TXT records or distributing large files across many caching DNS servers in a technique called "DomainCast". Finally, he discusses modifying scanning tools to map the DNS landscape at large scales through stateless queries and analysis of responses.
Part 5 : Sharing resources, security principles and protocolsOlivier Bonaventure
Slides supporting the "Computer Networking: Principles, Protocols and Practice" ebook. The slides can be freely reused to teach an undergraduate computer networking class using the open-source ebook.
Fourth lesson of the Computer Networking class. Covers reliable transport principles and the introduction for sharing resources (MAC and congestion control)
How to Troubleshoot OpenStack Without Losing SleepSadique Puthen
The complex architecture, design, and difficulties while troubleshooting amplifies the effort in debugging a problem with an OpenStack environment. This can give administrators and support associates sleepless nights if OpenStack native and supporting components are not configured properly and tuned for optimum performance, especially with large deployments that involve high availability and load balancing.
This presentation, DEFEATING THE NETWORK SECURITY INFRASTRUCTURE v1.0.pdf, was made after some brainstorming
with some friends. The techniques used are not new and the tools readily available for download. The purpose of the discussion however
is to debate how internal enterprise resources might be (in)adversely exposed to the internet by in an insider using a combination of common techniques such as SSH and SSL.
Title: Gemtalk Systems Product Roadmap
Speaker: Norm Green
Thu, August 21, 9:00am – 9:45am
Video Part1: https://www.youtube.com/watch?v=PTLzyjrml7g
Video Part2: https://www.youtube.com/watch?v=w9ya2-xRopM
Description
Norm Green started his career in 1989 at IBM in Toronto, Canada as a quality assurance engineer. In 1993, he moved to the DACS (Data Acquisition and Control System) team where he helped design and build site-wide data collection system in VisualWorks and GemStone/S .
In 1996, he joined GemStone Systems as a Senior Consultant and traveled the world helping GemStone/S customers be more successful.
Within GemStone Systems, Norm held several positions including Director of Professional Services and Director of Engineering.
The document discusses Linux networking architecture and covers several key topics in 3 paragraphs or less:
It first describes the basic structure and layers of the Linux networking stack including the network device interface, network layer protocols like IP, transport layer, and sockets. It then discusses how network packets are managed in Linux through the use of socket buffers and associated functions. The document also provides an overview of the data link layer and protocols like Ethernet, PPP, and how they are implemented in Linux.
The document discusses Kubernetes networking concepts including pods, services, and ingress. It provides examples of how containers within pods communicate via Docker networking. It also explains how Kubernetes networking solves the problems of pod-to-pod, service-to-pod, and external-to-service communications using services, iptables, and kube-proxy. The document demonstrates creating a deployment, service, and ingress to expose an application externally via a load balancer.
A small presentation about the concepts behind real-time multiplayer games and a glimpse on how to implement them with Godot Engine.
See working demo and source code: https://github.com/Faless/godotcon-multiplayer
This document discusses ways to improve TCP performance for web applications. It proposes TCP Fast Open to eliminate the TCP handshake, increasing initial congestion window (IW10) to speed bulk transfers, and Tail Loss Probe to quickly recover from losses. It also discusses the need for new mobile congestion control given fluctuating wireless rates. The author provides status on implementations for Fast Open, IW10 and plans to open source a Tail Loss Probe and mobile congestion control protocol in 2013 after further research. The overall goal is to optimize TCP for the low-latency, short transfers common on the modern web.
Multi tier-app-network-topology-neutron-finalSadique Puthen
This document discusses how Neutron builds network topology for multi-tier applications. It explains that Neutron uses network namespaces to isolate tenant resources and correlate application topology to Neutron components. It provides details on how Neutron creates networks, routers, load balancers, firewalls, and VPN connections to build the necessary infrastructure for a sample multi-tier application topology across two OpenStack sites.
Openstack on Fedora, Fedora on Openstack: An Introduction to cloud IaaSSadique Puthen
Openstack is an open source cloud operating system that provides infrastructure as a service capabilities. It includes components for compute (Nova), storage (Cinder, Swift, Manila), networking (Neutron), orchestration (Heat), metering (Ceilometer), and dashboard (Horizon). The document discusses these components in depth and how they provide infrastructure services. It also covers deployment options like Packstack, TripleO, and Ironic as well as other Openstack projects. The presentation introduces Openstack and its capabilities and components.
Type of DDoS attacks with hping3 exampleHimani Singh
This document summarizes common DDoS attack types and how to execute them using hping3 or other tools. It describes application layer attacks like HTTP floods, protocol attacks like SYN floods, volumetric attacks like ICMP floods, and reflection attacks. It then provides commands to execute various TCP, UDP, ICMP floods and other DDoS attacks using hping3 by spoofing addresses, modifying flags, and targeting ports. Layer 7 attacks exploiting HTTP requests are also summarized.
Troubleshooting containerized triple o deploymentSadique Puthen
This document discusses troubleshooting containerized TripleO deployments. It provides an overview of traditional versus containerized TripleO deployments. Key aspects covered include building container images, registering images, deployment flow, and troubleshooting. It also discusses containerized components in the overcloud including HA pacemaker containers, standalone containers, containerized compute and Ceph nodes, and Neutron containers. Specific troubleshooting steps and files are outlined.
This document discusses using NGINX to deliver high performance applications through efficient caching. It explains that NGINX can be used as a web server, load balancer, and high availability content cache to provide low latency, scalability, availability and reduced costs. Specific NGINX caching configurations like proxy_cache, proxy_cache_valid and proxy_cache_background_update are described. Microcaching optimizations with NGINX are also covered, showing significant performance improvements over Apache+WordPress and a reverse proxy only setup.
QUIC is a new transport protocol developed by Google that aims to solve issues with TCP and TLS by multiplexing streams over UDP. It includes features like stream multiplexing, connection migration, 0-RTT connection establishment, and forward error correction. The document provides technical details on QUIC including its version history, wire format specifications, frame types, cryptographic handshake process, and examples of 0-RTT, 1-RTT, and 2-RTT connection establishment.
Anatomy of neutron from the eagle eyes of troubelshoortersSadique Puthen
This document summarizes the anatomy of OpenStack Neutron through examples of real-life troubleshooting scenarios. It explores four examples: security group rules not being effective, instances not getting IP addresses from DHCP, floating IP connections randomly failing, and slow provider network communications. For each example, it explains the root cause found by understanding Neutron's architecture and packet flows, and describes the troubleshooting steps taken such as examining logs, monitoring processes, and using tools like tcpdump. The goal is to demonstrate Neutron anatomy and troubleshooting methods rather than just state the problems and solutions.
This document summarizes key topics related to IPv6 and routing in IP networks. It discusses IPv6 addressing architecture, including unicast addresses, link-local addresses, and multicast addresses. It also covers IPv6 packet format, extension headers, fragmentation, and ICMPv6. The document then discusses routing within IP networks, including IPv6 subnets, routing organization with autonomous systems, and interdomain routing protocols.
Troubleshooting Tips from a Docker Support EngineerJeff Anderson
The document discusses various troubleshooting techniques for Docker including using tools like socat and curl to characterize networking and TLS issues, checking container processes and permissions, using volumes to store persistent data, and resolving issues with incorrect localhost references between containers. It also provides examples of troubleshooting issues with a Minecraft server, Ruby application, and Nginx proxy configuration.
How to Avoid Common Mistakes When Using Reactor NettyVMware Tanzu
The document discusses common mistakes when using Reactor Netty including logging, memory leaks, timeouts, connection closed issues, and connection pools. It provides examples of logging output that show a request-response lifecycle and handling of multiple concurrent connections. The presentation covers configuring logging, avoiding object retention, setting response timeouts, handling closed connections, and sizing connection pools properly.
Covert Timing Channels based on HTTP Cache Headers (Special Edition for Top 1...Denis Kolegov
The document describes research into new covert timing channels based on HTTP cache headers. The researchers discovered previously unknown techniques and implemented most efficient channels using the ETag header in the Browser Exploitation Framework and Google Drive environment. They classified channels as client-server or server-client, and explored channels using headers like Last-Modified, ETag, If-Modified-Since and If-None-Match. The software implementation addressed issues like server-client synchronization, varying request times, and high CPU load during sleep cycles.
This document summarizes the key aspects of a public cloud archive storage solution. It offers affordable and unlimited storage using standard transfer protocols. Data is stored using erasure coding for redundancy and fault tolerance. Accessing archived data takes 10 minutes to 12 hours depending on previous access patterns, with faster access for inactive archives. The solution uses middleware to handle sealing and unsealing archives along with tracking access patterns to regulate retrieval times.
Part 5 : Sharing resources, security principles and protocolsOlivier Bonaventure
Slides supporting the "Computer Networking: Principles, Protocols and Practice" ebook. The slides can be freely reused to teach an undergraduate computer networking class using the open-source ebook.
Fourth lesson of the Computer Networking class. Covers reliable transport principles and the introduction for sharing resources (MAC and congestion control)
How to Troubleshoot OpenStack Without Losing SleepSadique Puthen
The complex architecture, design, and difficulties while troubleshooting amplifies the effort in debugging a problem with an OpenStack environment. This can give administrators and support associates sleepless nights if OpenStack native and supporting components are not configured properly and tuned for optimum performance, especially with large deployments that involve high availability and load balancing.
This presentation, DEFEATING THE NETWORK SECURITY INFRASTRUCTURE v1.0.pdf, was made after some brainstorming
with some friends. The techniques used are not new and the tools readily available for download. The purpose of the discussion however
is to debate how internal enterprise resources might be (in)adversely exposed to the internet by in an insider using a combination of common techniques such as SSH and SSL.
Title: Gemtalk Systems Product Roadmap
Speaker: Norm Green
Thu, August 21, 9:00am – 9:45am
Video Part1: https://www.youtube.com/watch?v=PTLzyjrml7g
Video Part2: https://www.youtube.com/watch?v=w9ya2-xRopM
Description
Norm Green started his career in 1989 at IBM in Toronto, Canada as a quality assurance engineer. In 1993, he moved to the DACS (Data Acquisition and Control System) team where he helped design and build site-wide data collection system in VisualWorks and GemStone/S .
In 1996, he joined GemStone Systems as a Senior Consultant and traveled the world helping GemStone/S customers be more successful.
Within GemStone Systems, Norm held several positions including Director of Professional Services and Director of Engineering.
The document discusses Linux networking architecture and covers several key topics in 3 paragraphs or less:
It first describes the basic structure and layers of the Linux networking stack including the network device interface, network layer protocols like IP, transport layer, and sockets. It then discusses how network packets are managed in Linux through the use of socket buffers and associated functions. The document also provides an overview of the data link layer and protocols like Ethernet, PPP, and how they are implemented in Linux.
The document discusses Kubernetes networking concepts including pods, services, and ingress. It provides examples of how containers within pods communicate via Docker networking. It also explains how Kubernetes networking solves the problems of pod-to-pod, service-to-pod, and external-to-service communications using services, iptables, and kube-proxy. The document demonstrates creating a deployment, service, and ingress to expose an application externally via a load balancer.
A small presentation about the concepts behind real-time multiplayer games and a glimpse on how to implement them with Godot Engine.
See working demo and source code: https://github.com/Faless/godotcon-multiplayer
This document discusses ways to improve TCP performance for web applications. It proposes TCP Fast Open to eliminate the TCP handshake, increasing initial congestion window (IW10) to speed bulk transfers, and Tail Loss Probe to quickly recover from losses. It also discusses the need for new mobile congestion control given fluctuating wireless rates. The author provides status on implementations for Fast Open, IW10 and plans to open source a Tail Loss Probe and mobile congestion control protocol in 2013 after further research. The overall goal is to optimize TCP for the low-latency, short transfers common on the modern web.
Multi tier-app-network-topology-neutron-finalSadique Puthen
This document discusses how Neutron builds network topology for multi-tier applications. It explains that Neutron uses network namespaces to isolate tenant resources and correlate application topology to Neutron components. It provides details on how Neutron creates networks, routers, load balancers, firewalls, and VPN connections to build the necessary infrastructure for a sample multi-tier application topology across two OpenStack sites.
Openstack on Fedora, Fedora on Openstack: An Introduction to cloud IaaSSadique Puthen
Openstack is an open source cloud operating system that provides infrastructure as a service capabilities. It includes components for compute (Nova), storage (Cinder, Swift, Manila), networking (Neutron), orchestration (Heat), metering (Ceilometer), and dashboard (Horizon). The document discusses these components in depth and how they provide infrastructure services. It also covers deployment options like Packstack, TripleO, and Ironic as well as other Openstack projects. The presentation introduces Openstack and its capabilities and components.
Type of DDoS attacks with hping3 exampleHimani Singh
This document summarizes common DDoS attack types and how to execute them using hping3 or other tools. It describes application layer attacks like HTTP floods, protocol attacks like SYN floods, volumetric attacks like ICMP floods, and reflection attacks. It then provides commands to execute various TCP, UDP, ICMP floods and other DDoS attacks using hping3 by spoofing addresses, modifying flags, and targeting ports. Layer 7 attacks exploiting HTTP requests are also summarized.
Troubleshooting containerized triple o deploymentSadique Puthen
This document discusses troubleshooting containerized TripleO deployments. It provides an overview of traditional versus containerized TripleO deployments. Key aspects covered include building container images, registering images, deployment flow, and troubleshooting. It also discusses containerized components in the overcloud including HA pacemaker containers, standalone containers, containerized compute and Ceph nodes, and Neutron containers. Specific troubleshooting steps and files are outlined.
This document discusses using NGINX to deliver high performance applications through efficient caching. It explains that NGINX can be used as a web server, load balancer, and high availability content cache to provide low latency, scalability, availability and reduced costs. Specific NGINX caching configurations like proxy_cache, proxy_cache_valid and proxy_cache_background_update are described. Microcaching optimizations with NGINX are also covered, showing significant performance improvements over Apache+WordPress and a reverse proxy only setup.
QUIC is a new transport protocol developed by Google that aims to solve issues with TCP and TLS by multiplexing streams over UDP. It includes features like stream multiplexing, connection migration, 0-RTT connection establishment, and forward error correction. The document provides technical details on QUIC including its version history, wire format specifications, frame types, cryptographic handshake process, and examples of 0-RTT, 1-RTT, and 2-RTT connection establishment.
Anatomy of neutron from the eagle eyes of troubelshoortersSadique Puthen
This document summarizes the anatomy of OpenStack Neutron through examples of real-life troubleshooting scenarios. It explores four examples: security group rules not being effective, instances not getting IP addresses from DHCP, floating IP connections randomly failing, and slow provider network communications. For each example, it explains the root cause found by understanding Neutron's architecture and packet flows, and describes the troubleshooting steps taken such as examining logs, monitoring processes, and using tools like tcpdump. The goal is to demonstrate Neutron anatomy and troubleshooting methods rather than just state the problems and solutions.
This document summarizes key topics related to IPv6 and routing in IP networks. It discusses IPv6 addressing architecture, including unicast addresses, link-local addresses, and multicast addresses. It also covers IPv6 packet format, extension headers, fragmentation, and ICMPv6. The document then discusses routing within IP networks, including IPv6 subnets, routing organization with autonomous systems, and interdomain routing protocols.
Troubleshooting Tips from a Docker Support EngineerJeff Anderson
The document discusses various troubleshooting techniques for Docker including using tools like socat and curl to characterize networking and TLS issues, checking container processes and permissions, using volumes to store persistent data, and resolving issues with incorrect localhost references between containers. It also provides examples of troubleshooting issues with a Minecraft server, Ruby application, and Nginx proxy configuration.
How to Avoid Common Mistakes When Using Reactor NettyVMware Tanzu
The document discusses common mistakes when using Reactor Netty including logging, memory leaks, timeouts, connection closed issues, and connection pools. It provides examples of logging output that show a request-response lifecycle and handling of multiple concurrent connections. The presentation covers configuring logging, avoiding object retention, setting response timeouts, handling closed connections, and sizing connection pools properly.
Covert Timing Channels based on HTTP Cache Headers (Special Edition for Top 1...Denis Kolegov
The document describes research into new covert timing channels based on HTTP cache headers. The researchers discovered previously unknown techniques and implemented most efficient channels using the ETag header in the Browser Exploitation Framework and Google Drive environment. They classified channels as client-server or server-client, and explored channels using headers like Last-Modified, ETag, If-Modified-Since and If-None-Match. The software implementation addressed issues like server-client synchronization, varying request times, and high CPU load during sleep cycles.
This document summarizes the key aspects of a public cloud archive storage solution. It offers affordable and unlimited storage using standard transfer protocols. Data is stored using erasure coding for redundancy and fault tolerance. Accessing archived data takes 10 minutes to 12 hours depending on previous access patterns, with faster access for inactive archives. The solution uses middleware to handle sealing and unsealing archives along with tracking access patterns to regulate retrieval times.
(WEB401) Optimizing Your Web Server on AWS | AWS re:Invent 2014Amazon Web Services
Tuning your EC2 web server will help you to improve application server throughput and cost-efficiency as well as reduce request latency. In this session we will walk through tactics to identify bottlenecks using tools such as CloudWatch in order to drive the appropriate allocation of EC2 and EBS resources. In addition, we will also be reviewing some performance optimizations and best practices for popular web servers such as Nginx and Apache in order to take advantage of the latest EC2 capabilities.
This document provides an overview of HTTP caching and content distribution networks. It begins with a review of HTTP and persistent connections. It then discusses how caching works in HTTP, including cache validation via If-Modified-Since headers and ETags. It describes how web proxies and content delivery networks can be used for caching. Finally, it explains how content distribution networks like Akamai replicate and distribute content to edge servers close to users for improved performance.
Проксирование HTTP-запросов web-акселератором / Александр Крижановский (Tempe...Ontico
РИТ++ 2017, HighLoad Junior
Зал Сингапур, 6 июня, 11:00
Тезисы:
http://junior.highload.ru/2017/abstracts/2545.html
Вы поставили HTTP-акселератор перед вашим web-сервером для ускорения отдачи контента, но запросы пользователей по-прежнему отдаются с большой задержкой, а ресурсы сервера кажутся незагруженными. А, может, после того, как поставили
web-акселератор, web-приложение сломалось, да еще и так, что проблема воспроизводится редко, хуже того, о ней могут знать ваши пользователи, но не вы.
...
An overview of the HTTP protocol showing the protocol basics such as protocol versions, messages, headers, status codes, connection management, cookies and more.
But it still remains an overview without in-depth information. Also some key aspects are left out (because of limited time) such as authentication, content negotiation, robots, web architecture etc..
This document provides a primer on browser networking. It begins with an introduction and overview of the target audience. The content includes an explanation of the TCP/IP network model and layers. Key aspects of TCP such as the three-way handshake, flow control, slow start, and head of line blocking are described. The history of web protocols like HTTP 0.9, HTTP 1.0, HTTP 1.1, and developments like HTTP 2.0, SPDY, and QUIC are summarized. Examples and diagrams are provided to illustrate concepts. Resources for further reading are included.
This document discusses network tunneling protocols and tools. It describes how protocols like SSH, GRE, and ICMP can be used to encapsulate other protocols and bypass network restrictions. Examples of network tunneling tools that operate over HTTP, DNS, and ICMP are provided. The document notes both legitimate and malicious uses of tunneling, and outlines challenges in detecting tunneling traffic and payloads.
We present Service-Flow map (SFMap) framework that statistically estimates the hostname of an HTTPS server, given a pair of client and server IP addresses. We evaluate the performance of SFMap through extensive analysis using real packet traces collected from two locations with different scales. We demonstrate that SFMap establishes good estimation accuracies and outperforms a state-of-the-art approach.
This document discusses network application performance and ways to improve it. It covers topics like delay, throughput, jitter, quality of service (QoS), and performance measurement tools. Key points include identifying various sources of delay like processing, retransmissions, queueing, and propagation. It also discusses transport protocols TCP and UDP, and ways to optimize TCP performance through techniques like jumbo frames, path MTU discovery, window scaling, and selective acknowledgements. The roles of different network stakeholders in ensuring good performance are also mentioned.
HTTP is one of the most widely used protocols in the world.
The version of HTTP 1.1, used to this day, was developed and described 18 years ago - 1999.
With the increasing complexity of web applications, the capabilities of HTTP 1.1 are already insufficient to provide increased demands on performance and responsiveness.
So in order to meet new requirements, HTTP must evolve. HTTP 2.0 is designed to make web applications faster, simple and reliable.
In this report I will tell about
- drawbacks of HTTP 1.1 and why we need a new version of HTTP.
- which advantages HTTP/2 offers in comparison with the previous version?
- how the new protocol affected the new version of SERVLET 4.0 and how we can use it.
Kafka Multi-Tenancy—160 Billion Daily Messages on One Shared Cluster at LINE confluent
(Yuto Kawamura, LINE Corporation) Kafka Summit SF 2018
LINE is a messaging service with 160+ million active users. Last year I talked about how we operate our Kafka cluster that receives more than 160 billion messages daily, dealing with performance problems to meet our tight requirement. Since last year we have deployed three more new clusters each for different purposes, such as one in different datacenter, one for security sensitive usages and so on, still keeping the fundamental concept: one cluster for everyone to use. While letting many projects using few multi-tenancy clusters greatly saves our operational cost and enables us to concentrate our engineering resources for maximizing their reliability, hosting multiple topics of different kinds of workload led us through a lot of challenges, too.
In this talk I will introduce how we operate Kafka clusters shared among different services, solving troubles we met to maximize its reliability. Especially, one of the most critical issues we’ve solved—delayed consumer Fetch request causing a broker’s network threads to be blocked—should be very interesting because it could have worse overall performance of brokers in a very common situation, and we have managed to solve it leveraging advanced technique such as dynamic tracing and tricky patch to control in-kernel behavior from Java code.
Kafka Multi-Tenancy - 160 Billion Daily Messages on One Shared Cluster at LINEkawamuray
This document summarizes a presentation about Kafka multi-tenancy at LINE Corporation. The presentation discusses how LINE runs a single shared Kafka cluster to handle over 100 billion messages per day from many independent services. It describes the hardware used, requirements for multi-tenancy like protecting against abusive workloads and providing isolation. It then discusses specific issues identified like slow response times caused by disk reads, and the solutions implemented like request quotas, metrics, and pre-loading data into memory to avoid blocking. The presentation concludes that after addressing these issues, their shared Kafka hosting model works efficiently while maintaining a single data hub.
The document introduces HTTP/2 and discusses limitations of HTTP 1.1 including head of line blocking, TCP slow start, and latency issues. It describes key features of HTTP/2 such as multiplexing requests over a single TCP connection, header compression, and server push to reduce page load times. The presentation includes demos of HTTP/2 in Chrome dev tools and Wireshark to troubleshoot HTTP/2 connections.
This document discusses TCP over wireless networks. It explains that TCP was designed for fixed networks with low delay and errors, but wireless networks have high delay, errors and variable bandwidth. This causes TCP to perform poorly over wireless. The document outlines various techniques to improve TCP performance over wireless like Fast Retransmit and Recovery, Slow Start proposals with larger initial windows, ACK counting and ACK-every-segment. It also discusses protocols like HTTP, RLP that operate between TCP and the wireless transmission layers.
HTTP/2 Comes to Java: Servlet 4.0 and what it means for the Java/Jakarta EE e...Edward Burns
Servlet is very easily the most important standard in server-side Java. The much awaited HTTP/2 standard is now complete, was fifteen years in the making and promises to radically speed up the entire web through a series of fundamental protocol optimizations.
In this session we will take a detailed look at the changes in HTTP/2 and discuss how it may change the Java ecosystem including the foundational Servlet 4 specification included in Java/Jakarta EE 8.
- HTTP/2 aims to reduce HTTP response times by improving bandwidth efficiency and reducing the number of connections and messages needed. It allows requests to be multiplexed over a single connection.
- While it can't reduce latency at the packet level, it aims to reduce overall response times through features like header compression, server push, and priority hints.
- HTTP/2 is currently supported by major browsers and servers. Implementations so far show response time reductions of 5-60% compared to HTTP/1.1.
Accelerating and Securing your Applications in AWS. In-depth look at Solving ...Amazon Web Services
Through Real AWS Customer Case Studies we will explain how Brocade Virtual Application Delivery Controller (vADC) can: - Simplify complex architectures in AWS - Significantly accelerate application performance and user experience - Provide additional application security over and above AWS ELB – with and without Web Application Firewalls (WAF) - Enable hybrid cloud architectures and cloud bursting - Fix application-level compatibility problems without the need to re-write the apps.
Speaker: Ron Masson System Engineer - Software Networking, Australia/New Zealand, Brocade
Similar to Covert timing channels using HTTP cache headers (20)
Slides from our talk on ZeroNights 2018 about scaning Internet for the SD-WAN solutions. It answers how many SD-WAN nodes are in the Internet and how can you find it and not to lost yourself.
This document summarizes a presentation on SD-WAN security given by Denis Kolegov and Oleg Broslavsky. It discusses the results of an SD-WAN internet census that found thousands of exposed SD-WAN devices, many with known vulnerabilities. Common vulnerabilities found in SD-WAN products include XSS, CSRF, insecure authentication, and the use of hardcoded cryptographic keys. Exploits are demonstrated against several commercial SD-WAN products to highlight real-world risks. The presenters advocate for improving SD-WAN security and responsible vulnerability disclosure.
White-Box HMAC. Make your cipher secure to white-box attacks.yalegko
Some slides from my talk on Positive Hack Days VI about white box implementation of HMAC algorithm.
It contains brief explanation of attack context, common use cases for white box cryptography, idea of white box AES implementation and details of white box HMAC implementation.
Some overview of "box" paradigms, such as black, gray and white boxes. Notes about white-box cryptography and its use cases. Simpliest white-box AES implementation sketch.
This document provides instructions for various tasks related to networking and system administration on Linux systems, including:
1) Configuring network interfaces using dhclient or manually assigning an IP address and route.
2) Installing and configuring OpenSSH for remote access and using SSH, SCP for secure file transfers.
3) Using common Linux commands like tcpdump, tshark, ps, kill, service to monitor network traffic, view processes, kill processes, and control services.
4) Additional instructions are provided for using shell commands like head, tail, awk, sed, grep to view logs and parse output from other commands. Guidance is given for capturing network traffic to PCAP files using tcp
A review of the growth of the Israel Genealogy Research Association Database Collection for the last 12 months. Our collection is now passed the 3 million mark and still growing. See which archives have contributed the most. See the different types of records we have, and which years have had records added. You can also see what we have for the future.
This presentation includes basic of PCOS their pathology and treatment and also Ayurveda correlation of PCOS and Ayurvedic line of treatment mentioned in classics.
This slide is special for master students (MIBS & MIFB) in UUM. Also useful for readers who are interested in the topic of contemporary Islamic banking.
it describes the bony anatomy including the femoral head , acetabulum, labrum . also discusses the capsule , ligaments . muscle that act on the hip joint and the range of motion are outlined. factors affecting hip joint stability and weight transmission through the joint are summarized.
A workshop hosted by the South African Journal of Science aimed at postgraduate students and early career researchers with little or no experience in writing and publishing journal articles.
Executive Directors Chat Leveraging AI for Diversity, Equity, and InclusionTechSoup
Let’s explore the intersection of technology and equity in the final session of our DEI series. Discover how AI tools, like ChatGPT, can be used to support and enhance your nonprofit's DEI initiatives. Participants will gain insights into practical AI applications and get tips for leveraging technology to advance their DEI goals.
Main Java[All of the Base Concepts}.docxadhitya5119
This is part 1 of my Java Learning Journey. This Contains Custom methods, classes, constructors, packages, multithreading , try- catch block, finally block and more.
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Dr. Vinod Kumar Kanvaria
Exploiting Artificial Intelligence for Empowering Researchers and Faculty,
International FDP on Fundamentals of Research in Social Sciences
at Integral University, Lucknow, 06.06.2024
By Dr. Vinod Kumar Kanvaria
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...PECB
Denis is a dynamic and results-driven Chief Information Officer (CIO) with a distinguished career spanning information systems analysis and technical project management. With a proven track record of spearheading the design and delivery of cutting-edge Information Management solutions, he has consistently elevated business operations, streamlined reporting functions, and maximized process efficiency.
Certified as an ISO/IEC 27001: Information Security Management Systems (ISMS) Lead Implementer, Data Protection Officer, and Cyber Risks Analyst, Denis brings a heightened focus on data security, privacy, and cyber resilience to every endeavor.
His expertise extends across a diverse spectrum of reporting, database, and web development applications, underpinned by an exceptional grasp of data storage and virtualization technologies. His proficiency in application testing, database administration, and data cleansing ensures seamless execution of complex projects.
What sets Denis apart is his comprehensive understanding of Business and Systems Analysis technologies, honed through involvement in all phases of the Software Development Lifecycle (SDLC). From meticulous requirements gathering to precise analysis, innovative design, rigorous development, thorough testing, and successful implementation, he has consistently delivered exceptional results.
Throughout his career, he has taken on multifaceted roles, from leading technical project management teams to owning solutions that drive operational excellence. His conscientious and proactive approach is unwavering, whether he is working independently or collaboratively within a team. His ability to connect with colleagues on a personal level underscores his commitment to fostering a harmonious and productive workplace environment.
Date: May 29, 2024
Tags: Information Security, ISO/IEC 27001, ISO/IEC 42001, Artificial Intelligence, GDPR
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: ISO/IEC 27001 Information Security Management System - EN | PECB
ISO/IEC 42001 Artificial Intelligence Management System - EN | PECB
General Data Protection Regulation (GDPR) - Training Courses - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
Assessment and Planning in Educational technology.pptxKavitha Krishnan
In an education system, it is understood that assessment is only for the students, but on the other hand, the Assessment of teachers is also an important aspect of the education system that ensures teachers are providing high-quality instruction to students. The assessment process can be used to provide feedback and support for professional development, to inform decisions about teacher retention or promotion, or to evaluate teacher effectiveness for accountability purposes.
Macroeconomics- Movie Location
This will be used as part of your Personal Professional Portfolio once graded.
Objective:
Prepare a presentation or a paper using research, basic comparative analysis, data organization and application of economic information. You will make an informed assessment of an economic climate outside of the United States to accomplish an entertainment industry objective.
1. COVERT TIMING CHANNELS
USING HTTP CACHE HEADERS
Denis Kolegov, Oleg Broslavsky, Nikita Oleksov
Tomsk State University
Information Security and Cryptography Department
SEPTEMBER 8 - 13
EKATERINBURG
2014
2. Introduction
A covert channel is a mechanism for sending and
receiving information between hosts without alerting any
firewalls and IDSs
HTTP is one of the most used Internet protocol so
detections of the covert channels over the HTTP is an
important research area
2
3. Example – HTTP Headers
3
Using steganography methods in header values
Suppose that
Then
“en” 0
“fr” 1
Accept-Language: en,fr 01
Accept-Language: fr,en 10
Accept-Language: en,fr,en,fr,en,en,en,en 0x50
4. Covert Channels’ Usage
4
• Transfer illegal content
• Stealing information from “secure”
environments
• Controlling botnets
5. Types Of Covert Channels
5
TIME DEPENDENCE
• Storage channels – a storage location is written to and
read from
• Timing channels – transmitting information through time
values
DIRECTION
• Client – server
• Server – client
6. Client-Server Covert Channels
6
Client-server covert channels are easier to implement, e.g.
covert storage channel via If-Range request header
GET / HTTP/1.1
Host: 162.71.12.43
If-Range: 120c7bL-32bL-4f86d4105ac62L
…
Hex-encoded data
9. Last-Modified Response Header
9
Last-Modified HTTP header stores a date of the last web
entity’s modification
HTTP/1.1 200 OK
Server: nginx/1.1.19
Date: Wed, 02 Apr 2014 14:33:39 GMT
Content-Type: text/html
Content-Length: 124
Last-Modified: Wed, 02 Apr 2014 14:33:39 GMT
Connection: keep-alive
(data)
Page
request
Response
GET / HTTP/1.1
Host: 162.71.12.43
(other headers)
10. ETag Response Header
10
The ETag value is formed from the hex values of
HTTP/1.1 200 OK
Server: Apache/2.2.22 (Ubuntu)
Date: Wed, 02 Apr 2014 14:33:39 GMT
Content-Type: text/html
Content-Length: 124
ETag: 120c7bL-32bL-4f86d4105ac62L
Connection: keep-alive
(data)
Page
request
Response
GET / HTTP/1.1
Host: 162.71.12.43
(other headers)
120c7bL-32bL-4f86d4105ac62L
file's inode size last-modified time (mtime)
11. Common Usage of Cache Request Headers
11
HTTP cache headers allows web-client not to download a
page if it hasn’t been changed since the certain time
Page
request
Page has been
changed
HTTP/1.1 200 OK
(page data)
Page has not been
changed
HTTP/1.1 304 OK
(only headers)
GET / HTTP/1.1
Host: 162.71.12.43
If-Modified-Since:
Wed, 02 Apr 2014 14:33:39 GMT
(other headers)
GET / HTTP/1.1
Host: 162.71.12.43
If-None-Match:
120c7bL-32bL-4f86d4105ac62L
(other headers)
12. Common Usage of Cache Request Headers
12
Second pair of headers does the same as previous but
with logically inverse condition
Page
request
Page has been
changed
HTTP/1.1 412 OK
(page data)
Page has not been
changed
HTTP/1.1 200 OK
(only headers)
GET / HTTP/1.1
Host: 162.71.12.43
If-Unmodified-Since:
Wed, 02 Apr 2014 14:33:39 GMT
(other headers)
GET / HTTP/1.1
Host: 162.71.12.43
If-Match:
120c7bL-32bL-4f86d4105ac62L
(other headers)
13. Covert Timing Channel Model
13
read writet
writet
p1 p2
read writet read write
Internet
2 different threat models:
Web server is under
intruders’ control
message.txt -- read-only
some_page.html -- write-only
14. General Covert Channels Scheme
14
Page has not been
changed
HTTP
request
Received
‘0’
Page has been changed
Received
‘1’
Store new
header value
15. Covert Channels Using HTTP Cache
Headers
15
• Last-Modified header value
• Using If-Modified-Since header
• Using If-Unmodified-Since header
• ETag header value
• Using If-Match header
• Using If-None-Match header
Last-Modified based
ETag based
16. Last-Modified Based Channels
16
HTTP
request
Get new header value
Received ‘1’
If header value
changed
Store header value
Received ‘0’
Wait
n
seconds
then else
Last-Modified header value covert channel
Last-Modified:
Wed, 02 Apr 2014
14:33:39 GMT
17. Last-Modified Based Channels
17
Covert channel using If-Modified
If-Modified-Since:
Wed, 02 Apr 2014
14:33:39 GMT
If-Modified
request
Received ‘1’
If HTTP code
is “200”
Store header value
Received ‘0’
Wait
n
secondsthen else
19. ETag Based Channels
19
ETag header value covert channel
ETag:
120c7bL-32bL-
4f86d4105ac62L
HTTP
request
Get new header value
Received ‘1’
If header value
changed
Store header value
Received ‘0’
Wait
n
seconds
then else
20. ETag Based Channels
20
Covert channel using If-None-Match
If-None-Match:
120c7bL-32bL-
4f86d4105ac62L
If-None-Match
request
Received ‘1’
If HTTP code
is “200”
Store header value
Received ‘0’
Wait
n
secondsthen else
21. ETag Based Channels
21
Covert channel using If-Match
If-Match:
120c7bL-32bL-
4f86d4105ac62L
If-Match
request
Received ‘1’
If HTTP code
is “412”
Store header value
Received ‘0’
Wait
n
secondsthen else
22. Ways to Implement
In tons of possible ways we focus on
• Python – Socket library
• C++ – Boost ASIO library
• С – simple C socket library
We choose C due to its highest performance (among
these ways) and decent stability
First threat model is chosen because of minimal
requirements
22
24. Issues
24
Issue Solution
Server-client synchronization Special synchronizing function
Different time of requests Dynamic sleep time
Lateness after sleep “Active” sleep
High CPU load with “active sleep” “Dynamic” and “active” sleep
combination
Some problems we solved during implementation
25. Issue 1
25
Necessity of synchronization “read” (web client) and “write”
(host) services
Solution:
Synchronizing function that does requests at a maximum
speed (without sleep)
Send HTTP
request
Get host response
If page has
been changed
then else
26. Issue 2
26
Different time of requests can break services
synchronization
Solution:
Dynamic sleep time equals to
(sleep_time – time took for request)
Calculate time
took for request
diff_time
Sleep
(sleep_time – diff_time) µs
27. Issue 3
27
Inaccurate sleep - after sleep (func usleep() is used) the
program can awake with 10-200μs lateness
Solution:
Use “active sleep” - calculation time difference between last
request and current moment while it is less than
sleep_time
Calc diff_time
If diff_time <
sleep_time
thenelse
28. Issue 4
28
High CPU load with “active sleep”
Solution:
Combine “active” and “dynamic” sleep
Calculate diff_time
If diff_time < CONST
thenelse
Sleep
(sleep_time – CONST – request_time)
where CONST is constant about 1000 µs (or less depending on PC
performance)
29. Advantages
29
ADVANTAGES OF COVERT TIMING CHANNELS WITH
FIRST INTRUDER MODEL
• Does not modify common HTTP request structure
• Does not require web-server modifications
• Any read-only activity on web page that is used by the
channel do not break its work
• Information flow looks like something refreshes a web
page every n seconds
30. Specification – Last-Modified
1st threat model
30
Sleep
time
Min start
sequence
Avg
sequence
Max
sequence
Speed Accuracy
1 second 3200 bits 8848 bits 19712 bits 1bit/s 99,82%
2 seconds 3400 bits 10145 bits 22143 bits 0.5 bit/s 99,87%
• Min start sequence – minimum number of bits passed
from the beginning of a conversation till the first mistake
• Avg and Max sequence – number of bits passed without
any mistakes in a row in average and at best
• Accuracy – percent of correctly transmitted bits
31. Specification – ETag
1st threat model
31
Sleep
time
Min start
sequence
Avg
sequence
Max
sequence
Speed Accuracy
1 second 3200 bits 8848 bits 19712 bits 1bit/s 99,82%
0.5
seconds
2400 bits 8142 bits 18123 bits 2 bit/s 99,5%
ETag contains mtime (last modified time with microsecond
accuracy), so theoretical channel capacity is bigger than
its practically possible one.
Maximum practical speed of the covert channels is about 1
bit per (2L+T) seconds, where L is HTTP latency between
u2 and s1 and T is a time that is needed for auxiliary
operations
32. Covert Channels in Browsers
Kenton Born “Browser-based covert data exfiltration”
DOMAIN NAME SYSTEM (DNS)
Query: “Where is some.domain.example.com?”
Response: “It is at 88.0.13.37!”
IT’S CLIENT-SERVER CHANNEL 32
some.domain.example.com
Subdomain Domain
bigbrother.watchingme.evil.com
Information Domain
33. Covert Channels in Browsers
DNS TUNNEL
IT’S SERVER-CLIENT CHANNEL
33
first.bit.evil.com
Information Domain
It is 66.45.234.2 NXdomain
Received 1 Received 0
35. Timing Channels in Browsers
Problems:
• Lack of any “sleep” function
• Low accuracy of existing time management
functions
• Difficulties with synchronization of covert channel’s
server and client
So implementation of the used model is pointless, but it is
possible to implement covert channels in these restrictions
using second threat model (controlled web server)
35
36. Timing Channels in Browsers
Use the same client-side model but in JavaScript
3636
Send HTTP
request
Get host response
Write ‘1’ to output
If page
has been
modified
Store new header
Write ‘0’ to output
Sleep
N
seconds
then else
setInterval
37. Timing Channels in Browsers
Some refactoring of server-side model
3737
Send new header value
If current
message bit
is ‘1’
Store header value
Send old header value
then else
WAIT for HTTP request
38. Issues
38
Issue Solution
Server-client synchronization Client visit special page to begin
conversation
End of message determination Client receive some special HTTP
code in response, e.g. 404 – Not
Found or 403 - Forbidden
Single client only communication Opening session that stores
transferring bit number for each
client
39. Specification
2nd threat model – controlled server
Browser based implementation of channels (client in
JavaScript)
39
Header
Server
version
Average
HTTP
ping
Max HTTP
ping
Speed
Max
sequence
Last-
Modified
Python 560.3 ms 1621.8 ms 0.53 bit/s
unlimited
PHP 508 ms 532.2 ms 0.58 bit/s
ETag
Python 560.3 ms 1621.8 ms 1.02 bit/s
unlimited
PHP 508 ms 532.2 ms 1.18 bit/s
40. Specification
2nd threat model – controlled server
Testing channels implementation in C with PHP server
Purpose: to make estimation of maximum speed
40
Header Network
Average
HTTP ping
Speed
ETag
Local host 0.55 ms 986 bit/s
Data center local
network
1.63 ms 845.65 bit/s
Local network 6.9 ms 295.69 bit/s
Internet 383.2 ms 4.89 bit/s
42. 42
https://github.com/beefproject/beef
“BeEF allows the professional penetration tester to
assess the actual security posture of a target
environment by using client-side attack vectors.”
The Browser Exploitation Framework