CS4622 Team 4 Worms, DoS, and Smurf Attacks DeShawn Dortch, Hunter Layton, Alaina Hammonds, Michael Hewitt, Oliver Harper, Ben Nunnelley
What Is a Worm? Worm vs Virus Self Propagating Host What Does it Do? Spread Delivery of Payload
How Does it Spread? System vulnerabilities Taking over specific ports Backdoors Social Engineering E-Mail IRC Human Ignorance
Examples SQL Slammer Vigilante Worm ILOVEYOU Worm WannaCry
Damages caused by worms No direct damage caused by worms Network and Bandwidth Hampering Malicious payloads
Recovering from and Preventing Worm Attacks Containment Inoculation Quarantining Treating Preventing Antivirus Software Patches General email best practices
DoS Attacks What is a DoS attack? How do DoS attacks affect you? How is a DoS attack executed? Examples of DoS attacks: Flood attacks Application Layer attacks APDoS attacks “Ping of Death” “UDP Storm” What are the effects of a DoS attack? How can a DoS attack be prevented?
What is a DoS Attack? Denial of Service Attack Usually targeted at larger servers or businesses Can involve other innocent users via “Distributed” DoS
How do DoS Attacks Affect You? Prevents users from accessing services hosted by the victim Consumes large amounts of the victim’s bandwidth Consumes victim’s processing power; slows computer Decreases strength of victim’s security, making them vulnerable to other attacks
How is a DDoS Attack Executed? Zombie Spreading control LOIC & HOIC Botnet
Examples of DoS Attacks Flood attacks - Flood victim with too much traffic for the victim to buffer Application Layer attacks - HTTP GET and HTTP POST APDoS attacks - Advanced Persistent Denial of Service “Ping of Death” - Oversized packets using “ping” command “UDP Storm” - Random ports on the targeted host with IP packets containing UDP datagrams
How Can a DoS Attack Be Prevented? Preventative vs Reactive Patching security software Regular monitoring of systems Increase effective resources Detect known signatures Compare traffic on network
Smurf Attack What is a Smurf Attack? How a Smurf Attack works Effects of Smurf Attack How can Smurf Attacks be prevented?
What is a Smurf Attack? A variation of DDoS Utilizes ICMP Echo request packets to flood a network with requests and responses IP broadcasting allows for this type of attack to be amplified
How a Smurf attack works: An ICMP Ping request is created with a spoofed IP address of the target computer This request is distributed across the host network The replies are sent back to the target and this creates a flood of pings that disrupts the network
Effects of Smurf Attack Victim network gets flooded with replies Smurf attack can cripple a company’s servers for extended periods of time, sometimes used as a cover for other attacks on the network Smurf program downloaded as a trojan Sits dormant til activated by remote user Usually combined with other ways to access systems such as rootkits
Prevention of Smurf Attacks Put filters on routers and firewalls to prevent address spoofing Turn off IP broadcasting on network routers Filter out directed broadcast traffic that is coming into the network
Sources “Computer Worms Explained.” Norton Security Online, www.nortonsecurityonline.com/security-center/computer-worms.html. “Computer Worm.” Veracode, 15 Aug. 2017, www.veracode.com/security/computer-worm. “CCNA Security: Worm, Virus and Trojan Horse Attacks.” CertificationKits.com, www.certificationkits.com/cisco- certification/ccna-security-certification-topics/ccna-security-describe- security-threats/ccna-security-worm-virus-and-trojan-horse-attacks/.
Sources cont. Cisco. “What Is the Difference: Viruses, Worms, Trojans, and Bots?” Cisco, Cisco, 20 Nov. 2017, www.cisco.com/c/en/us/about/security- center/virus-differences.html. Gibson, Steve, and Leo Laporte. “Breaches & Vigilante Worms.” Security Now! Transcript of Episode #528, 6 Oct. 2015, www.grc.com/sn/sn- 528.htm. “Distributed Denial of Service Attacks - The Internet Protocol Journal - Volume 7, Number 4.” Cisco, 15 Sept. 2015, www.cisco.com/c/en/us/about/press/internet-protocol-journal/back- issues/table-contents-30/dos-attacks.html.
Sources cont. “Understanding Denial of Service (DoS) Attacks.” NCSC Site, 31 Jan. 2018, www.ncsc.gov.uk/guidance/understanding-denial-service-dos- attacks. Incapsula.com, www.incapsula.com/ddos/attack-glossary/smurf-attack- ddos.html. “ICMP Attacks.” InfoSec Resources, 2 Sept. 2015, resources.infosecinstitute.com/icmp-attacks/#gref. “What Is a Smurf Attack?” Usa.kaspersky.com, usa.kaspersky.com/resource-center/definitions/smurf-attack.
Sources cont. “ Smurf DDoS Attack Type.” Corero, www.corero.com/resources/ddos- attack-types/smurf-ddos-attack.html. “What Is a Computer Worm and How Does It Spread?” Emsisoft Security Blog, 28 Feb. 2018, blog.emsisoft.com/en/28154/computer-worms/.