Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dos (Denial of Services) Aamir Wahid September 23 rd 2004.

Published byLawrence Shepherd Modified over 8 years ago

Similar presentations

Presentation on theme: "Dos (Denial of Services) Aamir Wahid September 23 rd 2004."— Presentation transcript:

1 Dos (Denial of Services) Aamir Wahid September 23 rd 2004

2 What is DoS Attack A DoS attack can disrupts or completely denies service to legitimate users, networks, systems, or other resources.” Can last from a few minutes to several days

3 Types of DoS Bandwidth Consumption  Network Flooding T3 vs. 56K  Amplifying Attack Using multiple sites for attack

4 Distributed DoS Attacks More effective than DoS Attacks Multiple sources for attack Tribe Flood Network, Trinoo, TFN2K Zombie: A computer that has been implanted with a daemon that puts it under the control of a malicious hacker without the knowledge of the computer owner.daemonhacker

5 Some History  DoS Tools: Single-source, single target tools IP source address spoofing Packet amplification (e.g., smurf)  Deployment: Widespread scanning and exploitation via scripted tools Hand-installed tools and toolkits on compromised hosts (unix)  Use: Hand executed on source host BP (Before Pain) – Pre - 1990

6 The danger grows - 1999  DoS Tools: Multiple-source, single target tools Distributed attack networks (handler/agent) DDoS attacks  Deployment: Hand-selected, hard-coded handlers Scripted agent installation (unix)

7 DoS Attack in 2000 Example SYN Flood Attack February 5th. 11th, 2000 Yahoo, eBay, CNN, E*Trade, ZDNet, Datek and Buy.com all hit Attacks allegedly perpetrated by teenagers Used compromised systems at UCSB

8 May 4th-20th, 2001 Gibson Research Corporation www.grc.com/dos/intro.htm DDoS attack from 474 machines Completely saturated two T1s 13-year-old claimed responsibility Detailed Account of DDoS

9 DoS Attacks on the Rise Frequency of DoS attacks increased 60% over the last three years…and still rising

10 Common forms of DoS Buffer Overflow Attacks SYN Attack Teardrop Attack Smurf Attack Viruses Physical Infrastructure Attack

11 Buffer Overflow Attacks Buffer overflow is an attempt to stuff to much information into a space in a computers memory. Examples Sending e-mails that have attachments with 256-character file names to Netscape and Microsoft mail programs. Sending large (ICMP) packets (this can be known as the Ping of Death attack)

12 What is a SYN Flood?  Send spoofed SYN packets to system  System responds with SYN/ACK  Never receives final connection  Backlog in connection queue Web servers are particularly vulnerable How to Detect SYN attack netstat -n -p TCP | grep SYN_RECV | grep :23 | wc -l

13 Smurf Attack  Amplification attack  Sends ICMP ECHO to network  Network sends response to victim system  The "smurf" attack's cousin is called "fraggle", which uses UDP echo packets in the same fashion

14 Viruses Computer viruses, which replicate across a network in various ways, can be viewed as denial-of-service attacks where the victim is not usually specifically targetted but simply a host unlucky enough to get the virus. Depending on the particular virus, the denial of service can be hardly noticeable ranging all the way through disastrous.virus Physical Infrastructure Attacks fiber optic cable. This kind of attack is usually mitigated by the fact that traffic can sometimes quickly be rerouted.

15 Impact of DoS Attacks Loss of Revenue cont … Costs of losses from the February 2000 Attacks:$1.2 billion cumulative Estimated lost business from DDoS attacks at Amazon.com: $200-300K/hour Estimated costs of 24-hour outages: Brokerage Firm $156 million Cisco$30 million eBay$4.5 million Airline$2.1 million Estimated cost of lost user access from one medium- grade attack: $23K Sources: Forrester, Yankee Group, IDC

16 Damage to Corporate Image and Brand Cost of Over-engineering Network Resources Cost to diagnose and rebuild systems Forensic cost estimated by University of Washington to be $22,000 per event Violation of service level agreements (SLAs) Risk of litigation Increase in insurance protection Impact of DoS Attacks

17 Why Defense is Difficult SYN packets are part of normal traffic Source IP addresses can be faked SYN packets are small Lengthy timeout period

18 Possible Defenses Increase size of connections table Add more servers Trace attack back to source Deploy firewalls employing SYN flood defense

19 Who Offers a Defense? PIX by Cisco Firewall-1 by Checkpoint Netscreen 100 by Netscreen AppSafe/AppSwitch by Top Layer

20 How Bad Can It Get? Theoretical maximums for attackers using: Analog modem: 87 SYNs/sec ISDN, Cable, DSL: 200 SYNs/sec T1: 2,343 SYNs/sec 474 hacked systems 94,800 SYNs/sec

21 How Much Do You Need? Single firewall for attacker with single ISDN, DSL, or T1 Multiple parallel units for higher bandwidth Transparent. mode permits rapid deployment

22 Conclusion SYN floods are nasty Firewalls with SYN flood defense can successfully counter attacks Multiple or distributed attacks may require multiple parallel firewalls

23 In Summary

24 Thank You

Download ppt "Dos (Denial of Services) Aamir Wahid September 23 rd 2004."

Similar presentations

Module VIII Denial Of Service

Module VIII Denial Of Service
(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.

(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.
NETWORK SECURITY ADD ON NOTES MMD © Oct2012. IMPLEMENTATION Enable Passwords On Cisco Routers Via Enable Password And Enable Secret Access Control Lists.

NETWORK SECURITY ADD ON NOTES MMD © Oct2012. IMPLEMENTATION Enable Passwords On Cisco Routers Via Enable Password And Enable Secret Access Control Lists.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Net security - budi rahardjo Overview of Network Security Budi Rahardjo CISCO seminar 13 March 2002.

Net security - budi rahardjo Overview of Network Security Budi Rahardjo CISCO seminar 13 March 2002.
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.

Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
Security (Continued) V.T. Raja, Ph.D., Oregon State University.

Security (Continued) V.T. Raja, Ph.D., Oregon State University.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Distributed Denial of Service Attacks CMPT 471 1 Distributed Denial of Service Attacks Darius Law.

Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
SYN Flooding: A Denial of Service Attack Shivani Hashia CS265.

SYN Flooding: A Denial of Service Attack Shivani Hashia CS265.
Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA © Abdou Illia.
Network Attack and Defense

Network Attack and Defense
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.

100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.
DDos Distributed Denial of Service Attacks by Mark Schuchter.

DDos Distributed Denial of Service Attacks by Mark Schuchter.
Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.

Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.

Similar presentations

Ads by Google