Presentation on theme: "(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008."— Presentation transcript:
(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008
Distributed Denial of Service (DDoS) Victim Daemon Master Real Attacker Asymmetry comes in the form of a large farm of machines. IP addresses no longer need to be spoofed
February 2000: DDoS Traditional protection techniques no longer applicable.
DDoS Attack: Yahoo! February 2000 Intermittent outages for nearly three hours Estimated to have cost Yahoo $500,000 due to fewer page hits during the attack Attacker caught and successfully prosecuted Other companies (eBay, CNN) attacked in the same way the following days
DDoS Attack: Microsoft Target of multiple DDoS attacks Some successful, some not Successful one in January 2001 Attacked router in front of Microsofts DNS servers During attack, as few as 2% of web page requests were being fulfilled
DDoS Attack: DNS Root Servers October 2002 for 1 hour Ping flood to all 13 of the DNS root servers Successfully halted operations on 9 Did not cause major impact on Internet DNS NS record caching at local resolvers helped Several root servers are very well-provisioned
DDoS: Setting up the Infrastructure Zombies –Slow-spreading installations can be difficult to detect –Can be spread quickly with worms Indirection makes attacker harder to locate –No need to spoof IP addresses
What is a Worm? Code that replicates and propagates across the network –Often carries a payload Usually spread via exploiting flaws in open services –Viruses require user action to spread First worm: Robert Morris, November 1988 –6-10% of all Internet hosts infected (!) Many more since, but none on that scale until July 2001
Example Worm: Code Red Initial version: July 13, 2001 Exploited known ISAPI vulnerability in Microsoft IIS Web servers 1 st through 20 th of each month: spread 20 th through end of each month: attack Payload: Web site defacement Scanning: Random IP addresses Bug: failure to seed random number generator
Why Denial-of-Service Works Asymmetry: generating a request is cheaper than formulating a response One attack machine can generate a lot of requests, and effectively multiply its power Not always possible to achieve this asymmetry
Your consent to our cookies if you continue to use this website.