By Steve Shenfield COSC 480
Definition Incidents Damages Defense Mechanisms Firewalls/Switches/Routers Routing Techniques (Blackholing/Sinkholing) Clean Pipes Intrusion Prevention Systems(IPS) Conclusion
Denial-of-Service A malicious attempt by a single person or a group of people to cause the victim, site, or node to deny service to its customers. ex) inability to login to an account or access a website Targeted resources: bandwidth, CPU, memory, disk capacity, or any combination
September the very first DoS attack occurred against Panix(New York ISP) using SYN flood January first major attack involving DNS servers against Register.com February over 10,000 online game servers attacked by group RUS December a group called “Anonymous” successfully attacked Mastercard.com, PayPal, and Visa.com but failed against Amazon.com
185 Respondents2009 CSI Computer Crime and Security Survey
How much does a successful DoS attack cost? Estimated at $122,000 per attack in 2004 Up to 32 hours for security personal to counteract damages done Interruption to services may negatively impact customer satisfaction and trust
Total Losses ≈45.6 million 194 Respondents Year = 2007 CSI 2007 Computer Crime and Security Survey
For Users Install system security mechanisms Protect yourself from being a zombie For Businesses Security companies can guard a client’s network ex) Prolexis Technologies
Firewalls Pros Will prevent simple flood attacks ex) SYN flood Able to allow or deny protocols, ports, or IP addresses Cons Unable to prevent more complex attacks
Switches & Routers Pros Both have the ability to limit data rate Both have network Access Control Lists ACLs are custom router filters Able to filter both inbound and outbound traffic Cons Most can be easily overwhelmed
Blackholing Attempts to mitigate the impact of an attack Redirects traffic from attacked DNS or IP address to a “black hole” Then all traffic will be dropped Must know IP address of attacker or else legitimate traffic will be dropped as well
Sinkholing Routes suspicious traffic to a valid IP address where it can be analyzed Capturing traffic and analyzing it can be done with a sniffer Traffic found to be malicious is rejected Cons Unable to react to severe attacks as effectively as blackholing
Clean Pipes Best used when deployed inside ISP When an attack occurs, traffic is diverted to a cleaning center in the ISP Here the traffic is “cleaned” by specialized filtering devices and malicious activity is removed Only legitimate traffic is passed to the destination
Intrusion Prevention System(IPS) Monitors network traffic for malicious activity Scans both inbound and outbound Searches for suspicious patterns known as signatures or rules System logs malicious activity and will attempt to stop it
What have we learned? DoS Definition Brief History of Notable Attacks Damages/Losses for a Business Protect yourself from becoming a Zombie Defense Mechanisms
4/dos_attacks.html 4/dos_attacks.html athmaker.biz/whitepapers/CSISurvey2009.pdf athmaker.biz/whitepapers/CSISurvey2009.pdf it-security it-security 0.pdf 0.pdf