Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Attacking DDoS at the Source Jelena Mirković, Gregory Prier, Peter Reiher University of California Los Angeles Presentation by: David Allen.

Published byRolf Tate Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Attacking DDoS at the Source Jelena Mirković, Gregory Prier, Peter Reiher University of California Los Angeles Presentation by: David Allen."— Presentation transcript:

1 1 Attacking DDoS at the Source Jelena Mirković, Gregory Prier, Peter Reiher University of California Los Angeles Presentation by: David Allen

2 2 Overview Denial-of-Service (DoS) attack: –Packet streams from disparate sources converge on victim. –Consume key resource rendering it unavailable to legitimate clients. Traceback and mitigation are difficult. Some system attempt to block at victim: –Can be difficult to determine attack packets from valid ones. –Attack volume may overwhelm defenses.

3 3 Overview Ideally stop attacks as close to source as possible. –Facilitates traceback. –Easier to separate from legitimate traffic. –Less traffic to manage. System described in paper: D-WARD

4 4 D-WARD Implemented within a router in cooperation with a router. Traffic is monitored and flow statistics are gathered. These are compared to a normal flow model. Attack flows are throttled exponentially based on rate.

5 5 D-WARD Flows that return to normal are allowed to recover. Speed of recovery is slow at first, then fast.

6 6 D-WARD Model TCP ratio of packets sent and received. Flow considered an attack if TCP ratio is above a threshold. Certain ICMP packets must be paired with a reply. Flow considered attack if ICMP ratio is above a threshold. Limits on the number of UDP connections per destination and sending rate. Flow considered attack if limits on UDP are exceeded.

7 7 D-WARD Implementation Linux based software router. Limited size connection hash-table is used to store stats. Connections are purged if they are considered transient and are old, or If table is full, bad connections are deleted. Good connection records are never deleted.

8 8 Results

9 9

Download ppt "1 Attacking DDoS at the Source Jelena Mirković, Gregory Prier, Peter Reiher University of California Los Angeles Presentation by: David Allen."

Similar presentations

On the Necessity of Handling DDoS Traffic in the Middle of the Network Peter Reiher UCLA Computer Communications Workshop October 22, 2008.

On the Necessity of Handling DDoS Traffic in the Middle of the Network Peter Reiher UCLA Computer Communications Workshop October 22, 2008.
Shutup An E2E Approach to DoS Defense Paul Francis Saikat Guha Cornell.

Shutup An E2E Approach to DoS Defense Paul Francis Saikat Guha Cornell.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.

Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.
Overview of Distributed Denial of Service (DDoS) Wei Zhou.

Overview of Distributed Denial of Service (DDoS) Wei Zhou.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
2005 Stanford Computer Systems Lab Flow Cookies Bandwidth Amplification as Flooding Defense Martin Casado, Pei Cao Niels Provos.

2005 Stanford Computer Systems Lab Flow Cookies Bandwidth Amplification as Flooding Defense Martin Casado, Pei Cao Niels Provos.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
CS155: Computer and Network Security Programming Project 3 – Spring 2008 Craig Gentry, Naef Imam, Arnab Roy {cgentry, nimam, Thanks.

CS155: Computer and Network Security Programming Project 3 – Spring 2008 Craig Gentry, Naef Imam, Arnab Roy {cgentry, nimam, Thanks.
DDoS Attack Prevention by Rate Limiting and Filtering d’Artagnan de Anda CS239 Network Security 26 Apr 04.

DDoS Attack Prevention by Rate Limiting and Filtering d’Artagnan de Anda CS239 Network Security 26 Apr 04.
Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.

Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.
John Kristoff DePaul Security Forum 2003 1 Network Defenses to Denial of Service Attacks John Kristoff +01 312 362-5878.

John Kristoff DePaul Security Forum Network Defenses to Denial of Service Attacks John Kristoff
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 7: Denial-of-Service Attacks.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 7: Denial-of-Service Attacks.
Max Robinson Jelena Mirković DR. Peter Reiher DefCOM Motivation Distributed denial-of-service attacks require a distributed solution. Detection is more.

Max Robinson Jelena Mirković DR. Peter Reiher DefCOM Motivation Distributed denial-of-service attacks require a distributed solution. Detection is more.
Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.

Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.
DoS/DDoS Attack Forbes Henderson. What is a DoS Attack  DoS Attack (Denial of Service Attack)  A Denial of Service Attack is Often used by hackers to.

DoS/DDoS Attack Forbes Henderson. What is a DoS Attack  DoS Attack (Denial of Service Attack)  A Denial of Service Attack is Often used by hackers to.

Similar presentations

Ads by Google