Presentation is loading. Please wait.

Presentation is loading. Please wait.

(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.

Similar presentations

Presentation on theme: "(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008."— Presentation transcript:

1 (Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008

2 Distributed Denial of Service (DDoS) Victim Daemon Master Real Attacker Asymmetry comes in the form of a large farm of machines. IP addresses no longer need to be spoofed

3 February 2000: DDoS Traditional protection techniques no longer applicable.

4 DDoS Attack: Yahoo! February 2000 Intermittent outages for nearly three hours Estimated to have cost Yahoo $500,000 due to fewer page hits during the attack Attacker caught and successfully prosecuted Other companies (eBay, CNN) attacked in the same way the following days

5 DDoS Attack: Microsoft Target of multiple DDoS attacks Some successful, some not Successful one in January 2001 Attacked router in front of Microsofts DNS servers During attack, as few as 2% of web page requests were being fulfilled

6 DDoS Attack: DNS Root Servers October 2002 for 1 hour Ping flood to all 13 of the DNS root servers Successfully halted operations on 9 Did not cause major impact on Internet DNS NS record caching at local resolvers helped Several root servers are very well-provisioned

7 DDoS: Setting up the Infrastructure Zombies –Slow-spreading installations can be difficult to detect –Can be spread quickly with worms Indirection makes attacker harder to locate –No need to spoof IP addresses

8 What is a Worm? Code that replicates and propagates across the network –Often carries a payload Usually spread via exploiting flaws in open services –Viruses require user action to spread First worm: Robert Morris, November 1988 –6-10% of all Internet hosts infected (!) Many more since, but none on that scale until July 2001

9 Example Worm: Code Red Initial version: July 13, 2001 Exploited known ISAPI vulnerability in Microsoft IIS Web servers 1 st through 20 th of each month: spread 20 th through end of each month: attack Payload: Web site defacement Scanning: Random IP addresses Bug: failure to seed random number generator

10 Why Denial-of-Service Works Asymmetry: generating a request is cheaper than formulating a response One attack machine can generate a lot of requests, and effectively multiply its power Not always possible to achieve this asymmetry

Download ppt "(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008."

Similar presentations

Ads by Google