Presentation is loading. Please wait.

Presentation is loading. Please wait.

(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.

Published byAmia Caldwell Modified over 10 years ago

Similar presentations

Presentation on theme: "(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008."— Presentation transcript:

1 (Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008

2 Distributed Denial of Service (DDoS) Victim Daemon Master Real Attacker Asymmetry comes in the form of a large farm of machines. IP addresses no longer need to be spoofed

3 February 2000: DDoS Traditional protection techniques no longer applicable.

4 DDoS Attack: Yahoo! February 2000 Intermittent outages for nearly three hours Estimated to have cost Yahoo $500,000 due to fewer page hits during the attack Attacker caught and successfully prosecuted Other companies (eBay, CNN) attacked in the same way the following days

5 DDoS Attack: Microsoft Target of multiple DDoS attacks Some successful, some not Successful one in January 2001 Attacked router in front of Microsofts DNS servers During attack, as few as 2% of web page requests were being fulfilled

6 DDoS Attack: DNS Root Servers October 2002 for 1 hour Ping flood to all 13 of the DNS root servers Successfully halted operations on 9 Did not cause major impact on Internet DNS NS record caching at local resolvers helped Several root servers are very well-provisioned

7 DDoS: Setting up the Infrastructure Zombies –Slow-spreading installations can be difficult to detect –Can be spread quickly with worms Indirection makes attacker harder to locate –No need to spoof IP addresses

8 What is a Worm? Code that replicates and propagates across the network –Often carries a payload Usually spread via exploiting flaws in open services –Viruses require user action to spread First worm: Robert Morris, November 1988 –6-10% of all Internet hosts infected (!) Many more since, but none on that scale until July 2001

9 Example Worm: Code Red Initial version: July 13, 2001 Exploited known ISAPI vulnerability in Microsoft IIS Web servers 1 st through 20 th of each month: spread 20 th through end of each month: attack Payload: Web site defacement Scanning: Random IP addresses Bug: failure to seed random number generator

10 Why Denial-of-Service Works Asymmetry: generating a request is cheaper than formulating a response One attack machine can generate a lot of requests, and effectively multiply its power Not always possible to achieve this asymmetry

Download ppt "(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008."

Similar presentations

© Ravi Sandhu www.list.gmu.edu Introduction to Information Security Ravi Sandhu.

© Ravi Sandhu Introduction to Information Security Ravi Sandhu.
Nick Feamster Research Interest: Networked Systems Arriving January 2006 Likely teaching CS 7260 in Spring 2005 Here off-and-on until then. Email works.

Nick Feamster Research Interest: Networked Systems Arriving January 2006 Likely teaching CS 7260 in Spring 2005 Here off-and-on until then. works.
Cross-Disciplinary Thinking Nick Feamster and Alex Gray CS 7001.

Cross-Disciplinary Thinking Nick Feamster and Alex Gray CS 7001.
Attacks and Defenses Nick Feamster CS 4251 Spring 2008.

Attacks and Defenses Nick Feamster CS 4251 Spring 2008.
Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)

Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)
Denial of Service By: Samarth Shah and Navin Soni.

Denial of Service By: Samarth Shah and Navin Soni.
Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 3. Program Security -- Part I.

Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 3. Program Security -- Part I.
DoS Attacks ..by Aleksei Zaitsenkov.

DoS Attacks ..by Aleksei Zaitsenkov.
Defending Against Denial of Service Attacks Presented By: Jordan Deveroux 1.

Defending Against Denial of Service Attacks Presented By: Jordan Deveroux 1.
Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.

Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.

Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
 Unlike other forms of computer attacks, goal isn’t access or theft of information or services  The goal is to stop the service from operating o.

 Unlike other forms of computer attacks, goal isn’t access or theft of information or services  The goal is to stop the service from operating o.
 Population: N=100,000  Scan rate  = 4000/sec, Initially infected: I 0 =10  Monitored IP space 2 20, Monitoring interval:  = 1 second Infected hosts.

 Population: N=100,000  Scan rate  = 4000/sec, Initially infected: I 0 =10  Monitored IP space 2 20, Monitoring interval:  = 1 second Infected hosts.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
CIS 659 – Introduction to Network Security – Fall 2003 – Class 10 – 10/9/03 1 What is Distributed Denial of Service?

CIS 659 – Introduction to Network Security – Fall 2003 – Class 10 – 10/9/03 1 What is Distributed Denial of Service?
Security Robert Grimm New York University. Introduction  Traditionally, security focuses on  Protection (authentication, authorization)  Privacy (encryption)

Security Robert Grimm New York University. Introduction  Traditionally, security focuses on  Protection (authentication, authorization)  Privacy (encryption)
How to Own the Internet in your spare time Ashish Gupta Network Security April 2004.

How to Own the Internet in your spare time Ashish Gupta Network Security April 2004.
100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.

100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.

Similar presentations

Ads by Google