Distributed Denial of Service Attacks

Slides:



Advertisements
Similar presentations
Module VIII Denial Of Service
Advertisements

A Brief History of Distributed Denial of Service Attacks Uniforum Chicago August 22, 2000 Viki Navratilova Security Architect, BlueMeteor, Inc.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Internet Threats Denial Of Service Attacks “The wonderful thing about the Internet is that you’re connected to everyone else. The terrible thing about.
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
The Latest In Denial Of Service Attacks: “Smurfing” Description and Information to Minimize Effects Craig A. Huegen Cisco Systems, Inc. NANOG 11 Interprovider.
Distributed Denial-of-Services (DDoS) Ho Jeong AN CSE 525 – Adv. Networking Reading Group #8.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Network-Based Denial of Service Attacks Trends, Descriptions, and How to Protect Your Network Craig A. Huegen Cisco Systems, Inc. NANOG 12 Interprovider.
Network-Based Denial of Service Attacks Trends, Descriptions, and How to Protect Your Network Craig A. Huegen Cisco Systems, Inc. NANOG Dearborn,
Computer Security and Penetration Testing
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Characterizing and Defending Against DDoS Attacks Christos Papadopoulos..and many others.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Defending Against Flooding Based DoS Attacks : A tutorial - Rocky K.C. Chang, The Hong Kong Polytechnic University Presented by – Ashish Samant.
DDos Distributed Denial of Service Attacks by Mark Schuchter.
Chapter 9 Phase 3: Denial-of-Service Attacks. Fig 9.1 Denial-of-Service attack categories.
Denial of Service attacks. Types of DoS attacks Bandwidth consumption attackers have more bandwidth than victim, e.g T3 (45Mpbs) attacks T1 (1.544 Mbps).
Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,
Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.
1 Figure 5-4: Drivers of Performance Requirements: Traffic Volume and Complexity of Filtering Performance Requirements Traffic Volume (Packets per Second)
1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.
Week 8-1 Week 8: Denial of Service (DoS) What is Denial of Service Attack? –Any attack that causes a system to be unavailability. This is a violation of.
FIREWALL Mạng máy tính nâng cao-V1.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
Being an Intermediary for Another Attack Prepared By : Muhammad Majali Supervised By : Dr. Lo’ai Tawalbeh New York Institute of Technology (winter 2007)
Overview Network communications exposes one to many different types of risks: No protection of the privacy, integrity, or authenticity of messages Traffic.
--Harish Reddy Vemula Distributed Denial of Service.
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Security News Source Courtesy:
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Security Issues in Control, Management and Routing Protocols M.Baltatu, A.Lioy, F.Maino, D.Mazzocchi Computer and Network Security Group Politecnico di.
Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.
Lecture 22 Network Security CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Hesham El-Rewini.
Distributed Denial of Service Attacks
Verify that timestamps for debugging and logging messages has been enabled. Verify the severity level of events that are being captured. Verify that the.
Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.
NETWORK ATTACKS Dr. Andy Wu BCIS 4630 Fundamentals of IT Security.
Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID Module code:CT3P50N BSc Computer Networking London Metropolitan University.
Denial of Service Attacks
Denial of Service DoS attacks try to deny legimate users access to services, networks, systems or to other resources. There are DoS tools available, thus.
________________ CS3235, Nov 2002 (Distributed) Denial of Service Relatively new development. –Feb 2000 saw attacks on Yahoo, buy.com, ebay, Amazon, CNN.
CSE715 Presentation Project Fall 2004 by Michael Alexandrou and Rusty Coleman.
Denial of Service Attacks: Methods, Tools, and Defenses Prof. Mort Anvari Strayer University at Arlington.
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 25 November 16, 2004.
1 Distributed Denial of Service Attacks. Potential Damage of DDoS Attacks l The Problem: Massive distributed DoS attacks have the potential to severely.
DoS/DDoS attack and defense
Filtering Spoofed Packets Network Ingress Filtering (BCP 38) What are spoofed or forged packets? Why are they bad? How to keep them out.
High Performance Research Network Dept. / Supercomputing Center 1 DDoS Detection and Response System NetWRAP : Running on KREONET Yoonjoo Kwon
1 Figure 4-11: Denial-of-Service (DoS) Attacks Introduction  Attack on availability  Act of vandalism Single-Message DoS Attacks  Crash a host with.
Data Security in Local Network Using Distributed Firewall Presented By- Rahul N.Bais Guide Prof. Vinod Nayyar H.O.D Prof.Anup Gade.
Network-Based Denial of Service Attacks Trends, Descriptions, and How to Protect Your Network Craig A. Huegen Cisco Systems, Inc. SANS ‘98 Conference -
Denial of Service Attacks and Countermeasures Analysis Dang Nguyen Duc School of Engineering ( )
Comparison of Network Attacks COSC 356 Kyler Rhoades.
Presentation on ip spoofing BY
Working at a Small-to-Medium Business or ISP – Chapter 8
Attacks and Malicious Code
Distributed Denial of Service Attacks
Error and Control Messages in the Internet Protocol
Defending Against DDoS
Filtering Spoofed Packets
Denial of Service (DoS) and Distributed Denial of Service (DDoS)
Network Security: DoS Attacks, Smurf Attack, & Worms
CS4622 Team 4 Worms, DoS, and Smurf Attacks
Defending Against DDoS
سمینار آموزشی امنیت شبکه
Distributed Denial of Service Attacks
DDoS Attack and Its Defense
Internet Security by Alan S H Lam 2019/4/9.
was not invented by Al Gore…
Session 20 INST 346 Technologies, Infrastructure and Architecture
Presentation transcript:

Distributed Denial of Service Attacks

Potential Damage of DDoS Attacks The Problem: Massive distributed DoS attacks have the potential to severely decrease backbone availability and can virtually detach a network from the Internet.

Motives for DDoS Attacks Cyber warfare: Prevent information exchange A means to blackmail a company or even country and cause image and money loss Youthful mischief and desire to feel the power “to rule the world“ Proof of technical excellence to “the world“ and oneself Outbreak of worms from Internet security research ;-) ??

What Are DDoS Tools? Clog victim’s network. Use many sources (“daemons”) for attacking traffic. Use “master” machines to control the daemon attackers. At least 4 different versions in use: TFN, TFN2K, Trinoo, Stacheldraht.

How They Work Daemon Master Daemon Daemon Daemon Daemon Real Attacker Victim

How They Talk Trinoo: attacker uses TCP; masters and daemons use UDP; password authentication TFN(Tribe Flood Network): attacker uses shell to invoke master; masters and daemons use ICMP ECHOREPLY, TCP SYN flood, ICMP Broadcast (smurf) Stacheldraht(barbed wire): attacker uses encrypted TCP connection to master; masters and daemons use TCP and ICMP ECHO REPLY; rcp used for auto-update and generation

Deploying DDOS Attackers seem to use standard, well-known holes (i.e., rpc.ttdbserver, amd, rpc.cmsd, rpc.mountd, rpc.statd). attacks on flaws of remote buffer overflows They appear to have “auto-hack” tools – point, click, and invade. Lesson: practice good computer hygiene.

Detecting DDOS Tools Most current IDS’s detect the current generation of tools. They work by looking for DDoS control messages. Naturally, these will change over time; in particular, more such messages will be properly encrypted.

What Can ISPs Do? Deploy source address anti-spoof filters (very important!). Turn off directed broadcasts. no ip directed-broadcast (A Cisco interface) Develop security relationships with neighbor ISPs. Set up mechanism for handling customer security complaints. Develop traffic volume monitoring techniques.

Traffic Volume Monitoring – an example Look for too much traffic to a particular destination. Learn to look for traffic to that destination at your border routers (access routers, peers, exchange points, etc.). Can we automate the tools – too many queue drops on an access router will trigger source detection?

References http://www.cert.org/reports/dsit_workshop.pdf Dave Dittrich’s analyses: http://staff.washington.edu/dittrich/misc/trinoo.analysis http://staff.washington.edu/dittrich/misc/tfn.analysis http://staff.washington.edu/dittrich/misc/stacheldraht.analysis Scanning tool: http://www.fbi.gov/nipc/trinoo.htm

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.