Presentation is loading. Please wait.

Presentation is loading. Please wait.

Defending Against Denial of Service Attacks Presented By: Jordan Deveroux 1.

Similar presentations


Presentation on theme: "Defending Against Denial of Service Attacks Presented By: Jordan Deveroux 1."— Presentation transcript:

1 Defending Against Denial of Service Attacks Presented By: Jordan Deveroux 1

2 I.What are Denial of Service Attacks and what makes the internet vulnerable to them? II.How do these attacks occur? III.How do we defend against such attacks? IV.What are the ethical implications of Denial of Service Attacks and their effect on our society ? 2 Outline

3  Denial of Service (Dos)- An attack that is trying to deny access by legitimate users to shared resources or services  Distributed Denial of Service (DDoS)- A denial of service attack where the traffic comes from multiple sources 3 Denial of Service Attacks

4 4 Attacker Victim Zombies

5 5 Malicious Payload is Installed Communication takes place on IRC channels Software contains a flooding mechanism Software can be updated by attacker

6  IP Spoofing- creating an IP packet with false information, often a false address.  Multipath routing makes packet tracing difficult  No centralized Internet authority 6 Internet Vulnerabilities

7 I.What are Denial of Service Attacks and what makes the internet vulnerable to them? II.How do these attacks occur? III.How do we defend against such attacks? IV.What are the ethical implications of Denial of Service Attacks and their effect on our society ? 7 Outline

8 1.Consumes a host’s resources  CPU  Memory 2.Consumes network bandwidth  Legitimate traffic is unable to go through Attack Power- level of resources consumed at the victim by the attack 8 What does DoS Attack?

9  Protocol-Based  Application-Based  Distributed Reflector  Infrastructure Attacks 9 Categories of Bandwidth Attacks

10 10 Protocol-Based: SYN Flood

11 Protocol-Based: ICMP Flood 11

12 Application-Based: HTTP Flood 12  Attacking web servers with many http requests  Used in DDoS because it requires a genuine IP  Multiple ways to flood using this method

13 13 Application Based: SIP FLOOD  VOIP Attack  Flood proxy servers with many invite packets  Affects not only proxy servers but legitimate callers

14 14 Distributed Reflector Attacks

15  Disable Critical components of the Internet  Significant Attack power is required to successfully execute an infrastructure attack  These types of attacks are why we need a globally-cooperative defense effort 15 Infrastructure Attacks

16 I.What are Denial of Service Attacks and what makes the internet vulnerable to them? II.How do these attacks occur? III.How do we defend against such attacks? IV.What are the ethical implications of Denial of Service Attacks and their effect on our society ? 16 Outline

17  Attack Prevention  Attack Detection  Attack Source Identification  Attack Reaction 17 Four Categories of Defense

18 18 Attack Prevention: Ingress/Egress Filtering

19  Router Based Packet Filtering  Possible if Tier 1 ISPs are involved  SAVE Protocol  Needs to be universally deployed These Techniques prevent IP spoofing and filter traffic before it reaches the target, but need wide adoption to be effective 19 Other Attack Prevention Techniques

20  Easy to detect  Differentiate between flash crowds and DoS attack  Rely on certain assumptions Attack Detection Techniques:  DoS-attack-specific  Anomaly-based 20 Attack Detection Techniques

21 21 Dos-Specific  MULTOPS  SYN Detection  Kolmogorov Test  Spectral Analysis  Time Series Analysis Anomaly-Based  Need to build a normal profile  Block irregular traffic  Difficult to determine all normal traffic  Lightweight Intrusion Detection System (LISYS) The only way to detect a DDoS effectively and early is to monitor features attackers can’t change or are really difficult to change, (e.g. : Percent of new IP’s)

22  Tracking IP traffic is difficult to do  Active IP traceback technique  Probabilistic traceback technique  Hash-Based IP traceback 22 Attack Source Identification

23 23 Attack Reaction Techniques

24  Bottleneck Resource Management  Fix Software-Based Vulnerabilities  History-Based IP Filtering  Intermediate Network Reaction  Harder to track the greater the distance  Controller-Agent Scheme  Source End Reaction  D-WARD 24 Attack Reaction Techniques

25  Most of these are DoS defense  Limited progress made on DDoS  Attacker resources often surpass victim’s resources  Defenses are limited due to lack of central control of the internet  We need to increase the reliability of global network infrastructure  Most effective is to block attack close to source 25 Conclusion on Defense Techniques

26 I.What are Denial of Service Attacks and what makes the internet vulnerable to them? II.How do these attacks occur? III.How do we defend against such attacks? IV.What are the ethical implications of Denial of Service Attacks and their effect on our society ? 26 Outline

27  Security knowledge of users is decreasing while attacks are becoming more and more sophisticated  In 1988, 6 attacks were reported  In 2003, 137, 529 attacks were reported  CSI/FBI survey shows on average 35% percent who participate suffered DoS attacks  Vulnerabilities have increased to 35x the number reported in 1995  Only 4 out of 1127 customer-based system attacks used spoofed addresses in Growth of DoS and DDoS attacks

28  Implementing defense schemes are expensive  Lack of economic incentive  Personal users  Internet Service Providers  Don’t want to spend money to protect someone else’s network 28 What’s taking so long?

29 29  “Code Red” Worm (2001)  300,000 zombie army to launch DoS against White House website  Distributed Reflector Attack (2002)  Brought down  Internet DNS Root Servers (2002)  SYN Flood and ICMP Flood  All 13 DNS root servers were attacked at the same time  Total Attack Volume: 900 Mb/s  Most queries answered but some parts of internet experienced congestion or were unreachable  Blaster Worm (2003)  Exploited vulnerability in RPC  SYN Flood against windowsupdate.com

30  These attacks can have lasting effects, including monetary damages  Used as a political statement  Wikileaks fiasco (2010)  Operation : Payback  Mastercard, PostFinance, Paypal 30 Ethics

31  Survery of Network Based Defense Mechanisms Countering the DoS and DDoS Problems (Peng, Leckie, Ramamohanarao)   31 References


Download ppt "Defending Against Denial of Service Attacks Presented By: Jordan Deveroux 1."

Similar presentations


Ads by Google