CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 The CERT Coordination Center is part of.

Slides:



Advertisements
Similar presentations
High Performance Research Network. Development Lab. / Supercomputing Center 1 Design of the Detection and Response System against DDoS attacks Yoonjoo.
Advertisements

(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.
Trends in Denial of Service Attack Technology -or – Oh, please, they arent smart enough to do that… Presentation to CERT-Polska November 2001 Rob Thomas,
© 2011 Infoblox Inc. All Rights Reserved. Infoblox – control, secure & automate Mike Carroll.
Net security - budi rahardjo Overview of Network Security Budi Rahardjo CISCO seminar 13 March 2002.
Internet Threats Denial Of Service Attacks “The wonderful thing about the Internet is that you’re connected to everyone else. The terrible thing about.
Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.
1  Carnegie Mellon University System Security and U. Rich Pethia Software Engineering Institute Carnegie Mellon University Pittsburgh, PA
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Network-Based Denial of Service Attacks Trends, Descriptions, and How to Protect Your Network Craig A. Huegen Cisco Systems, Inc. NANOG 12 Interprovider.
CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA The CERT Coordination Center is part of.
Introduction to Security Computer Networks Computer Networks Term B10.
Computer Security and Penetration Testing
Outline Definition Point-to-point network denial of service
Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.
DDos Distributed Denial of Service Attacks by Mark Schuchter.
COEN 252: Computer Forensics Router Investigation.
Dos (Denial of Services) Aamir Wahid September 23 rd 2004.
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.
Internet Relay Chat Chandrea Dungy Derek Garrett #29.
Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.
BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.
Norman SecureSurf Protect your users when surfing the Internet.
APA of Isfahan University of Technology In the name of God.
1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.
FIREWALL Mạng máy tính nâng cao-V1.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
Being an Intermediary for Another Attack Prepared By : Muhammad Majali Supervised By : Dr. Lo’ai Tawalbeh New York Institute of Technology (winter 2007)
Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.
1  Carnegie Mellon University Protecting Information Infrastructures Rich Pethia Software Engineering Institute Carnegie Mellon University Pittsburgh,
Honeypot and Intrusion Detection System
Denial of Service Bryan Oemler Web Enhanced Information Management March 22 nd, 2011.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.
Topics to be covered 1. What are bots,botnet ? 2.How does it work? 4.Prevention of botnet. 3.Types of botnets.
--Harish Reddy Vemula Distributed Denial of Service.
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Security News Source Courtesy:
1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Lesson 4 Networked Computer Security Attacks on Internet Computers.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
Lecture 18 Page 1 Advanced Network Security Distributed Denial of Service Attacks Advanced Network Security Peter Reiher August, 2014.
Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.
Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.
NETWORK ATTACKS Dr. Andy Wu BCIS 4630 Fundamentals of IT Security.
Denial of Service Datakom Ht08 Jesper Christensen, Patrick Johansson, Robert Kajic A short introduction to DoS.
Chapter 7 Denial-of-Service Attacks Denial-of-Service (DoS) Attack The NIST Computer Security Incident Handling Guide defines a DoS attack as: “An action.
An Analysis of IPv6 Security CmpE-209: Team Research Paper Presentation CmpE-209 / Spring Presented by: Dedicated Instructor: Hiteshkumar Thakker.
4061 Session 26 (4/19). Today Network security Sockets: building a server.
Denial of Service Attacks: Methods, Tools, and Defenses Prof. Mort Anvari Strayer University at Arlington.
Microsoft ISA Server 2000 Presented by Ricardo Diaz Ryan Fansa.
DoS/DDoS attack and defense
High Performance Research Network Dept. / Supercomputing Center 1 DDoS Detection and Response System NetWRAP : Running on KREONET Yoonjoo Kwon
Slammer Worm By : Varsha Gupta.P 08QR1A1216.
Network-Based Denial of Service Attacks Trends, Descriptions, and How to Protect Your Network Craig A. Huegen Cisco Systems, Inc. SANS ‘98 Conference -
DOS Attacks Lyle YapDiangco COEN 150 5/21/04. Background DOS attacks have been around for decades Usually intentional and malicious Can cost a target.
Denial of Service A comparison of DoS schemes Kevin LaMantia COSC 316.
1 Network Security By Alan S H Lam 2003/7/29. 2 Outlines Threat and Attack trends Attackers’ Activities (live demo) Forensic Tools (live demo) IT-Related.
1  Carnegie Mellon University Overview of the CERT/CC and the Survivable Systems Initiative Andrew P. Moore CERT Coordination Center.
Internet Vulnerabilities & Criminal Activity Internet Forensics 12.1 April 26, 2010 Internet Forensics 12.1 April 26, 2010.
Threats to computers Andrew Cormack UKERNA.
CS4622 Team 4 Worms, DoS, and Smurf Attacks
A Distributed DoS in Action
Intrusion Detection system
Presentation transcript:

CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA The CERT Coordination Center is part of the Software Engineering Institute. The Software Engineering Institute is sponsored by the U.S. Department of Defense. © 2001 by Carnegie Mellon University some images copyright 1 Trends in Denial of Service Attack Technology Kevin J. Houle NANOG23 – October 2001

© 2001 by Carnegie Mellon University 2 Background: Pre-1999 DoS Tools: -Single-source, single target tools -IP source address spoofing -Packet amplification (e.g., smurf) Deployment: -Widespread scanning and exploitation via scripted tools -Hand-installed tools and toolkits on compromised hosts (unix) Use: -Hand executed on source host

© 2001 by Carnegie Mellon University 3 Background: 1999 DoS Tools: -Multiple-source, single target tools -Distributed attack networks (handler/agent) -DDoS attacks Deployment: -Hand-selected, hard-coded handlers -Scripted agent installation (unix) Use: -Custom, obfuscated control channels ›intruder  handlers ›handlers  agents

© 2001 by Carnegie Mellon University 4 Background: : Infamous DDoS attacks : DNS amplification attacks, mstream DDoS tool : VBS/Loveletter, t0rnkit : Hybris : Trinity IRC-based DDoS tool (unix) :Multiple IRC-based DDoS tools (Windows)

© 2001 by Carnegie Mellon University 5 Background: :Ramen worm :VBS/OnTheFly (Anna Kournikova), erkms worm, 1i0n worm :Adore/Red worm, carko DDoS tool :cheese worm, w0rmkit worm, sadmind/IIS worm :Maniac worm, Code Red worm :W32/Sircam, Leaves, Code Red II, various telnetd worms, various IRC-based DDoS tools (knight, kaiten) : Nimda worm

© 2001 by Carnegie Mellon University 6 Trends – Deployment Greater degree of automation Self-propagating worms -Central source propagation -Back channel propagation -Autonomous propagation

© 2001 by Carnegie Mellon University 7 Central Source Propagation central-source attackervictims next-victims 1 - exploit 2 – copy code 3 - repeat Example: 1i0n worm

© 2001 by Carnegie Mellon University 8 Back Channel Propagation attackervictims next-victims 1 - exploit 2 – copy code 3 - repeat Example: Ramen worm

© 2001 by Carnegie Mellon University 9 Autonomous Propagation attackervictims next-victims 1 – exploit & copy code2 - repeat Examples: Code Red, Code Red II

© 2001 by Carnegie Mellon University 10 Trends – Deployment (cont.) Degree of Blind Targeting Selective Targeting AutomationVery highLow  high Vulnerability- specificity Very highLow  high Other criteriaLowVery high Targeting Systems: Blind vs. Selective Targeting

© 2001 by Carnegie Mellon University 11 Blind Targeting Social Engineering -W32/Sircam Specific vulnerabilities -sadmind/IIS worm unix/Microsoft IIS -Code Red, Code Red II Microsoft IIS -Nimda Windows/IIS -Various telnetd worms unix Activity tends to follow vulnerability lifecycles

© 2001 by Carnegie Mellon University 12 Selective Targeting Windows end-users increasingly targeted -less technically sophisticated -less protected -difficult to contact en mass -slow response to security alerts/events -well-known netblocks -widespread broadband connectivity -increase in home networking -exploit technology base is maturing CERT® Tech Tip - Home Network Security

© 2001 by Carnegie Mellon University 13 Selective Targeting (3) Routers increasingly targeted -source for recon/scanning -proxy to IRC networks -source for packet flooding attacks -Compromise via weak/default passwords -Routers sometimes reconfigured ›public guides are available -Increased threat of routing protocol attacks ›discussions at DefCon and Black Hat Briefings

© 2001 by Carnegie Mellon University 14 Trends: Use Control Infrastructure – The classic DDoS model intruder handler agent victim

© 2001 by Carnegie Mellon University 15 Control Infrastructure Increased use of IRC networks and protocols -IRC server replaces the handler ›common, ‘legit’ service ports (e.g., 6667/tcp) ›commands are buried in ‘legit’ traffic ›no agent listeners; outbound connections only -More ‘survivable’ infrastructure ›reduction in address lists maintained ›disposable, easy to obtain agents ›makes use of public IRC networks ›private servers are also used

© 2001 by Carnegie Mellon University 16 Control Infrastructure (2) Increased use of IRC networks and protocols (cont.) -Agent redirection / update is easier ›everyone change to a new channel ›everyone change to a new IRC server ›everyone download this updated module -“floating” domains used to direct agents ›bogus WHOIS data, stolen credit cards ›‘A’ record modification redirects hard-wired agents

© 2001 by Carnegie Mellon University 17 Trends: Use Less emphasis on forged packet characteristics -size and distribution of DDoS makes response difficult ›overwhelming number of sources in DDoS attack ›sources often cross multiple AS boundaries ›high bandwidth consumption is easy; no need for fancy packets -increase in attacks using legitimate traffic ›mixes with other traffic ›harder to filter/limit

© 2001 by Carnegie Mellon University 18 Trends: Impact Increase in collateral damage (e.g., blast radius) -backup systems impacted by sharp increases in log volumes -financial impact at sites with measured usage circuits -multiple sites impacted in shared data centers -arp storms impacting locally infected networks Highly automated deployments are themselves causing denial of service conditions

© 2001 by Carnegie Mellon University 19 What We Are Not Seeing Changes in fundamental conditions that enable denial of service attacks Consumption of limited resources -Processing cycles -Memory resources -Network bandwidth Interdependency of security on the Internet -The exposure to DoS attack of SiteA depends on the security of SiteB -There are huge numbers of SiteB’s

© 2001 by Carnegie Mellon University 20 What We Are Not Seeing (2) Advances in DoS attack payload Seeing the same common packet stream types Known attacks work, there is little incentive to improve -TCP (SYN|ACK|FIN|RST) flood -UDP flood -ICMP echo request/reply flood -Amplification attacks -Source IP address spoofing

© 2001 by Carnegie Mellon University 21 What We Are Not Seeing (3) Reductions in launch-point availability Vendors are still producing insecure products Administrators/users are still deploying and operating systems insecurely Vulnerability life cycle is still lengthy (2-3 years)

© 2001 by Carnegie Mellon University 22 Credits Paper:Trends in Denial of Service Attack Technology Authors: Kevin Houle Neil Long Rob Thomas George Weaver

© 2001 by Carnegie Mellon University 23 CERT Coordination Center Software Engineering Institute Carnegie Mellon University 4500 Fifth Avenue Pittsburgh PA USA Hotline: CERT personnel answer 8:00 a.m. — 8:00 p.m. EST(GMT-5) / EDT(GMT-4), and are on call for emergencies during other hours. Fax: Web: CERT ® Contact Information

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.