Using Multiple Gateways to Foil DDOS Attack by David Wilkinson.

Slides:



Advertisements
Similar presentations
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Advertisements

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 4 Installing and Configuring the Dynamic Host Configuration Protocol.
Information Networking Security and Assurance Lab National Chung Cheng University Network Security (I) 授課老師 : 鄭伯炤 Office: Dept. of Communication Rm #112.
Security (Continued) V.T. Raja, Ph.D., Oregon State University.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Enhanced Secure DNS: A Defense Against DDOS Attacks by David B. Wilkinson University of Colorado at Colorado Springs November 26, 2003.
Firewalls and Intrusion Detection Systems
Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
Outline Definition Point-to-point network denial of service
Design and Implementation of Alternative Route Against DDOS Jing Yang and Su Li.
Explore the use of multiple gateways for intrusion detection defense Sunil Bhave & Sonali Patankar CS526 Fall 2002.
CSE 190: Internet E-Commerce Lecture 16: Performance.
The Internet Useful Definitions and Concepts About the Internet.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Enhanced Secure Dynamic DNS Update with Indirect Route David Wilkinson, C. Edward Chow, Yu Cai 06/11/2004 University of Colorado at Colorado Springs IEEE.
Investigations into BIND Dynamic Update with OpenSSL by David Wilkinson.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 7: Denial-of-Service Attacks.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Spring 2006.
IIS and PWS. What is IIS and PWS? Microsoft Internet Information Server (IIS) and Peer Web Services (PWS) enable Windows NT servers with the ability to.
Lecture 15 Denial of Service Attacks
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
Denial of Service attacks. Types of DoS attacks Bandwidth consumption attackers have more bandwidth than victim, e.g T3 (45Mpbs) attacks T1 (1.544 Mbps).
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.
Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.
FIREWALL Mạng máy tính nâng cao-V1.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
Name Resolution Domain Name System.
Being an Intermediary for Another Attack Prepared By : Muhammad Majali Supervised By : Dr. Lo’ai Tawalbeh New York Institute of Technology (winter 2007)
October 15, 2002Serguei A. Mokhov, 1 Intro to DNS SOEN321 - Information Systems Security.
Denial of Service Bryan Oemler Web Enhanced Information Management March 22 nd, 2011.
Examining TCP/IP.
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
Denial-of-Service Attacks Justin Steele Definition “A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate.
--Harish Reddy Vemula Distributed Denial of Service.
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Security News Source Courtesy:
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
DISTRIBUTED tcpdump CAPABILITY FOR LINUX Research Paper EJAZ AHMED SYED Dr. JIM MARTIN Internet Research Group. Department Of Computer Science – Clemson.
Lecture 18 Page 1 Advanced Network Security Distributed Denial of Service Attacks Advanced Network Security Peter Reiher August, 2014.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
CHAPTER 3 Classes of Attack. INTRODUCTION Network attacks come from both inside and outside firewall. Kinds of attacks: 1. Denial-of-service 2. Information.
Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.
Data Communications and Networks Chapter 5 – Network Services DNS, DHCP, FTP and SMTP ICT-BVF8.1- Data Communications and Network Trainer: Dr. Abbes Sebihi.
Distributed Denial of Service Attacks
Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.
Denial of Service Datakom Ht08 Jesper Christensen, Patrick Johansson, Robert Kajic A short introduction to DoS.
Denial of Service Attacks
Denial of Service Attack 발표자 : 전지훈. What is Denial of Service Attack?  Denial of Service Attack = DoS Attack  Service attacks on a Web server floods.
Chapter 7 Denial-of-Service Attacks Denial-of-Service (DoS) Attack The NIST Computer Security Incident Handling Guide defines a DoS attack as: “An action.
Advanced Packet Analysis and Troubleshooting Using Wireshark 23AF
Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:
DoS/DDoS attack and defense
Firewalls. Intro to Firewalls Basically a firewall is a barrier to keep destructive forces away from your computer network.
Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Covert Channels.
COSC513 Final Project Firewall in Internet Security Student Name: Jinqi Zhang Student ID: Instructor Name: Dr.Anvari.
ID NO : 1070 S. VARALAKSHMI Sethu Institute Of Tech IV year -ECE department CEC Batch : AUG 2012.
Denial of Service A comparison of DoS schemes Kevin LaMantia COSC 316.
Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Introduction to Networking Technologies Dynamic Host Configuration Protocol (DHCP)
Comparison of Network Attacks COSC 356 Kyler Rhoades.
Intro to Denial of Serice Attacks
A Distributed DoS in Action
DDoS Attack and Its Defense
Session 20 INST 346 Technologies, Infrastructure and Architecture
Presentation transcript:

Using Multiple Gateways to Foil DDOS Attack by David Wilkinson

DDOS - Distributed Denial of Service DDOS attack - host is flooded with packets that consume network bandwidth. Site becomes unavailable to legitimate users. February 2000: DDOS attacks shut down Yahoo, Ebay, Amazon.com, et al. October 2002: 13 root DNS servers attacked (not successful)

Intrusion and attack phases Client Handler A Systems Compromised AAA... AA Victim... A = Agent Messages to broadcast addresses ( Intruder )... Replies to Victim

Detail of attack DNS... Victim A = Agent R = Router AAAAAAAA net-a.comnet-b.comnet-c.com DNS... R R reflecting networks R R R R R R R

Solution: reroute traffic through multiple gateways Idea: expand capability of DNS software, BIND, to handle ‘reroute’ command (opcode = 3) reroute is sent to the authority DNS name server for each IP address in victim database; DNS message contains {victim host name, victim IP address, proxy server IP address} named in each DNS server stores threetuple resolver gets IP addresses of victim & proxy server from named and returns them to requesting application (ftp, telnet, http, etc.) application stores IP address of victim in IP header (‘options’ field), and sends message to proxy server proxy server forwards message to victim

Traffic rerouted; attack foiled DNS... Victim A = Agent R = Router AAAAAAAA net-a.comnet-b.comnet-c.com DNS... R R reflecting networks R R RR R R proxy blocked blocked by IDS blocked reroute “Help!”

Results thus far Installed BIND9 on experimental machine, set up as primary DNS name server client.c dispatches DNS message based on opcode. Added new branch for opcode = 3. Compiled in new file, reroute.c, in the named directory to handle reroute msgs (not imp.) Compiled in new file, detour.c, in the dig directory that will send the reroute command (not implemented) Still three days left to accomplish something more impressive

References DNS and BIND. Paul Albitz and Cricket Liu, O’Reilly, TCP/IP Illustrated, Volume 1: The Protocols. W. Richard Stevens, Addison Wesley, Counter Hack. Ed Skoudis, Prentice-Hall, Inc., “The ‘stacheldraht’ distributed denial of service attack tool.” David Dittrich, Univ. of Wash., Dec. 31, “DRDoS: Distributed Reflection Denial of Service.” Steve Gibson, grc.com, Feb. 22, “Consensus Roadmap for Defeating Distributed Denial of Service Attacks.” SANS Institute, sans.org, Feb. 23, “Attacks Exposed Internet’s Vulnerabilities.” Brian Krebs and David McGuire, washingtonpost.com, Oct. 31, 2002.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com Inc. All rights reserved.