By Steve Shenfield COSC 480

 Definition  Incidents  Damages  Defense Mechanisms Firewalls/Switches/Routers Routing Techniques (Blackholing/Sinkholing) Clean Pipes Intrusion Prevention Systems(IPS)  Conclusion

Denial-of-Service  A malicious attempt by a single person or a group of people to cause the victim, site, or node to deny service to its customers. ex) inability to login to an account or access a website  Targeted resources: bandwidth, CPU, memory, disk capacity, or any combination

 September the very first DoS attack occurred against Panix(New York ISP) using SYN flood  January first major attack involving DNS servers against Register.com  February over 10,000 online game servers attacked by group RUS  December a group called “Anonymous” successfully attacked Mastercard.com, PayPal, and Visa.com but failed against Amazon.com

185 Respondents2009 CSI Computer Crime and Security Survey

 How much does a successful DoS attack cost? Estimated at $122,000 per attack in 2004 Up to 32 hours for security personal to counteract damages done  Interruption to services may negatively impact customer satisfaction and trust

Total Losses ≈45.6 million 194 Respondents Year = 2007 CSI 2007 Computer Crime and Security Survey

 For Users Install system security mechanisms Protect yourself from being a zombie  For Businesses Security companies can guard a client’s network ex) Prolexis Technologies

Firewalls Pros  Will prevent simple flood attacks ex) SYN flood  Able to allow or deny protocols, ports, or IP addresses Cons  Unable to prevent more complex attacks

Switches & Routers Pros  Both have the ability to limit data rate  Both have network Access Control Lists ACLs are custom router filters Able to filter both inbound and outbound traffic Cons  Most can be easily overwhelmed

Blackholing  Attempts to mitigate the impact of an attack  Redirects traffic from attacked DNS or IP address to a “black hole” Then all traffic will be dropped  Must know IP address of attacker or else legitimate traffic will be dropped as well

Sinkholing  Routes suspicious traffic to a valid IP address where it can be analyzed  Capturing traffic and analyzing it can be done with a sniffer Traffic found to be malicious is rejected Cons  Unable to react to severe attacks as effectively as blackholing

Clean Pipes  Best used when deployed inside ISP  When an attack occurs, traffic is diverted to a cleaning center in the ISP Here the traffic is “cleaned” by specialized filtering devices and malicious activity is removed Only legitimate traffic is passed to the destination

Intrusion Prevention System(IPS)  Monitors network traffic for malicious activity Scans both inbound and outbound Searches for suspicious patterns known as signatures or rules  System logs malicious activity and will attempt to stop it

 What have we learned? DoS Definition Brief History of Notable Attacks Damages/Losses for a Business Protect yourself from becoming a Zombie Defense Mechanisms

 4/dos_attacks.html 4/dos_attacks.html  athmaker.biz/whitepapers/CSISurvey2009.pdf athmaker.biz/whitepapers/CSISurvey2009.pdf     it-security it-security   0.pdf 0.pdf