DDos Distributed Denial of Service Attacks by Mark Schuchter.

Slides:



Advertisements
Similar presentations
High Performance Research Network. Development Lab. / Supercomputing Center 1 Design of the Detection and Response System against DDoS attacks Yoonjoo.
Advertisements

DDoS A look back from 2003 Dave Dittrich The Information School / Computing & Communications University of Washington I2 DDoS Workshop - August 6/
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Lesson 3-Hacker Techniques
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
DDoS: Distributed Denial of Service Cs5090: Advanced Computer Networks, fall 2004 Department of Computer Science Michigan Tech University Rock K. C. Chang.
Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.
Hacking Linux Based on Hacking Linux Exposed Hatch, Lee, and Kurtz ISBN
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Defensive Measures for DDoS By Farhan Mirza. Contents Survey Topics Survey Topics Introduction Introduction Common Target of DoS Attacks Common Target.
Computer Security and Penetration Testing
Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
Outline Definition Point-to-point network denial of service
Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.
Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.
Outline Definition Point-to-point network denial of service –Smurf Distributed denial of service attacks –Trin00, TFN, Stacheldraht, TFN2K TCP SYN Flooding.
Computer Security and Penetration Testing
100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.
COEN 252: Computer Forensics Router Investigation.
Denial of Service attacks. Types of DoS attacks Bandwidth consumption attackers have more bandwidth than victim, e.g T3 (45Mpbs) attacks T1 (1.544 Mbps).
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.
Internet Relay Chat Chandrea Dungy Derek Garrett #29.
Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.
1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
Computer Science and Engineering 1 Csilla Farkas Associate Professor Center for Information Assurance Engineering Dept. of Computer Science and Engineering.
Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.
Topics to be covered 1. What are bots,botnet ? 2.How does it work? 4.Prevention of botnet. 3.Types of botnets.
Targeted Break-in, DoS, & Malware attacks (II) (February ) © Abdou Illia – Spring 2015.
--Harish Reddy Vemula Distributed Denial of Service.
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Security News Source Courtesy:
CHAPTER 10 Session Hijacking. INTRODUCTION The act of taking over a connection of some sort, for examples, network connection, a modem connection or other.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Lecture 18 Page 1 Advanced Network Security Distributed Denial of Service Attacks Advanced Network Security Peter Reiher August, 2014.
Linux Networking and Security
CHAPTER 3 Classes of Attack. INTRODUCTION Network attacks come from both inside and outside firewall. Kinds of attacks: 1. Denial-of-service 2. Information.
Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.
1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.
Distributed Denial of Service Attacks
Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.
DoS Suite and Raw Socket Programming Group 16 Thomas Losier Paul Obame Group 16 Thomas Losier Paul Obame.
Denial of Service Attacks
BY SYDNEY FERNANDES T.E COMP ROLL NO: INTRODUCTION Networks are used as a medium inorder to exchange data packets between the server and clients.
4061 Session 26 (4/19). Today Network security Sockets: building a server.
Denial of Service Attacks: Methods, Tools, and Defenses Prof. Mort Anvari Strayer University at Arlington.
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 25 November 16, 2004.
1 Distributed Denial of Service Attacks. Potential Damage of DDoS Attacks l The Problem: Massive distributed DoS attacks have the potential to severely.
DoS/DDoS attack and defense
Hands-On Ethical Hacking and Network Defense
High Performance Research Network Dept. / Supercomputing Center 1 DDoS Detection and Response System NetWRAP : Running on KREONET Yoonjoo Kwon
Security in network Outline Threats in network Network security controls Firewalls Intrusion detection system Secure Networks and Cryptography Example.
DOS Attacks Lyle YapDiangco COEN 150 5/21/04. Background DOS attacks have been around for decades Usually intentional and malicious Can cost a target.
Denial of Service A comparison of DoS schemes Kevin LaMantia COSC 316.
© SYBEX Inc All Rights Reserved. CompTIA Security+ Study Guide (SY0-201) “Chapter 2: Identifying Potential Risks”
Distributed Denial of Service Attacks
Network Security: DoS Attacks, Smurf Attack, & Worms
A Distributed DoS in Action
Distributed Denial of Service Attacks
Distributed Denial of Service Attacks
Presentation transcript:

DDos Distributed Denial of Service Attacks by Mark Schuchter

Overview Introduction Introduction Why? Why? Timeline Timeline How? How? Typical attack (UNIX) Typical attack (UNIX) Typical attack (Windows) Typical attack (Windows)

Introduction DDos-Attack prevent and impair computer use limited and consumable resources (memory, processor cycles, bandwidth,...) inet security highly interdependent IntroductionWhy?TimelineHow?Typ. UNIX atkTyp. Windows atk

Why? sub-cultural status to gain access political reasons economic reasons revenge nastiness IntroductionWhy?TimelineHow?Typ. UNIX atkTyp. Windows atk

Timeline 1999: more robust tools (trinoo, TFN, Stacheldraht), auto-update, added encryption 2000: bundled with rootkits, controlled with talk or ÍRC 2002: DrDos (reflected) attack tools, (179/TCP; BGP=Border Gateway Protocol) 2001: worms include DDos-features (i.e. Code Red), include time synchro., <1999: Point2Point (SYN flood, Ping of death,...), first distributed attack tools (‘fapi’) 2003: Mydoom infects thousands of victims to attack SCO and Microsoft IntroductionWhy?TimelineHow?Typ. UNIX atkTyp. Windows atk

How? TCP floods (various flags) ICMP echo requests (i.e.. Ping floods) UDP floods IntroductionWhy?TimelineHow?Typ. UNIX atkTyp. Windows atk

SYN-Attack SYN-ACK SYN ACK Client Server SYN-ACK SYN Attacker (spoofed IP) Server SYN SYN-ACK IntroductionWhy?TimelineHow?Typ. UNIX atkTyp. Windows atk HandshakeAttack

Typical attack 1. prepare attack 2. set up network3. communication IntroductionWhy?TimelineHow?Typ. UNIX atkTyp. Windows atk

UNIX (‘trin00’) – preparation I use stolen account (high bandwidth) for repository of: use stolen account (high bandwidth) for repository of: scanners scanners attack tools (i.e. buffer overrun exploit) attack tools (i.e. buffer overrun exploit) root kits root kits sniffers sniffers trin00 master and daemon program trin00 master and daemon program list of vulnerable host, previously compromised hosts... list of vulnerable host, previously compromised hosts... IntroductionWhy?TimelineHow?Typ. UNIX atkTyp. Windows atk

UNIX (‘trin00’) – preparation II scan large range of network blocks to identify potential targets (running exploitable service) scan large range of network blocks to identify potential targets (running exploitable service) list used to create script that: list used to create script that: performs exploit performs exploit sets up cmd-shell running under root that listens on a TCP port (1524/tcp) sets up cmd-shell running under root that listens on a TCP port (1524/tcp) connects to this port to confirm exploit connects to this port to confirm exploit  list of owned systems IntroductionWhy?TimelineHow?Typ. UNIX atkTyp. Windows atk

UNIX (‘trin00’) – network I store pre-compiled binary of trin00 daemon on some stolen account on inet store pre-compiled binary of trin00 daemon on some stolen account on inet script takes ‘owned-list’ to automate installation process of daemon script takes ‘owned-list’ to automate installation process of daemon same goes for trin00 master same goes for trin00 master IntroductionWhy?TimelineHow?Typ. UNIX atkTyp. Windows atk

UNIX (‘trin00’) – network II attacker master daemon IntroductionWhy?TimelineHow?Typ. UNIX atkTyp. Windows atk

UNIX (‘trin00’) – communication attacker controls master via telnet and a pw (port 27665/tcp) attacker controls master via telnet and a pw (port 27665/tcp) trin00 master to daemon via 27444/udp (arg1 pwd arg2) trin00 master to daemon via 27444/udp (arg1 pwd arg2) daemon to master via 31335/udp daemon to master via 31335/udp ‘dos ’ triggers attack ‘dos ’ triggers attack IntroductionWhy?TimelineHow?Typ. UNIX atkTyp. Windows atk

Windows (‘Sub7’) – preparation I set up the following things on your home pc: set up the following things on your home pc: fre fre kazaa kazaa trojan-toolkit trojan-toolkit IRC-client IRC-client IRC-bot IRC-bot IntroductionWhy?TimelineHow?Typ. UNIX atkTyp. Windows atk

Windows (‘Sub7’) – preparation II assemble different trojans (GUI) assemble different trojans (GUI) define ways of communication define ways of communication name name file file IntroductionWhy?TimelineHow?Typ. UNIX atkTyp. Windows atk

Windows (‘Sub7’) – network I start spreading via start spreading via /news lists /news lists IRC IRC P2P-Software P2P-Software IntroductionWhy?TimelineHow?Typ. UNIX atkTyp. Windows atk

Windows (‘Sub7’) – network II attacker client IntroductionWhy?TimelineHow?Typ. UNIX atkTyp. Windows atk

Windows (‘Sub7’) – communication sub7client sub7client IRC channel IRC channel 1 click to launch attack 1 click to launch attack IntroductionWhy?TimelineHow?Typ. UNIX atkTyp. Windows atk

Development IntroductionWhy?TimelineHow?Typ. UNIX atkTyp. Windows atk High Low password guessing password cracking exploiting known vulnerabilities disabling audits back doors hijacking sessions sniffers packet spoofing GUI automated probes/scans denial of service www attacks Tools Attackers Intruder Knowledge Attack Sophistication “stealth” / advanced scanning techniques burglaries network mgmt. diagnostics distributed attack tools binary encryption Source : CERT/CC

Solutions statistical analyses (i.e. D-ward) at core routers - not ready yet statistical analyses (i.e. D-ward) at core routers - not ready yet change awareness of people (firewalls, attachments, V-scanners,...) change awareness of people (firewalls, attachments, V-scanners,...)

Thanks for your attention!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.