Evil DDos Attacks and Strong Defenses Group 6: Yisi Lu, YuanTong Lu, Hao Wu, YuChen Liu, Hua Li.

Slides:



Advertisements
Similar presentations
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Advertisements

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
Overview of Distributed Denial of Service (DDoS) Wei Zhou.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World
SYN Flooding: A Denial of Service Attack Shivani Hashia CS265.
Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA © Abdou Illia.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.
Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.
Web server security Dr Jim Briggs WEBP security1.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 7: Denial-of-Service Attacks.
Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.
Lecture 15 Denial of Service Attacks
DENIAL OF SERVICE ATTACK
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.
An Overview Zhang Fu Outline What is DDoS ? How it can be done? Different types of DDoS attacks. Reactive VS Proactive Defence.
Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.
1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
FIREWALL Mạng máy tính nâng cao-V1.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
Chapter 6: Packet Filtering
23 rd Annual Computer Security Application Conference Miami, Florida 12/13/2007 Dongqing Yuan Department of Information Technology Management University.
1 Semester 2 Module 10 Intermediate TCP/IP Yuda college of business James Chen
Denial of Service Bryan Oemler Web Enhanced Information Management March 22 nd, 2011.
Final Introduction ---- Web Security, DDoS, others
Denial-of-Service Attacks Justin Steele Definition “A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate.
--Harish Reddy Vemula Distributed Denial of Service.
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Security News Source Courtesy:
Transmission Control Protocol TCP. Transport layer function.
Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.
Group 8 Distributed Denial of Service. DoS SYN Flood DDoS Proposed Algorithm Group 8 What is Denial of Service? “Attack in which the primary goal is to.
Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.
DoS Suite and Raw Socket Programming Group 16 Thomas Losier Paul Obame Group 16 Thomas Losier Paul Obame.
Denial of Service Attack 발표자 : 전지훈. What is Denial of Service Attack?  Denial of Service Attack = DoS Attack  Service attacks on a Web server floods.
Chapter 7 Denial-of-Service Attacks Denial-of-Service (DoS) Attack The NIST Computer Security Incident Handling Guide defines a DoS attack as: “An action.
McLean HIGHER COMPUTER NETWORKING Lesson 13 Denial of Service Attacks Description of the denial of service attack: effect: disruption or denial of.
Denial of Service DoS attacks try to deny legimate users access to services, networks, systems or to other resources. There are DoS tools available, thus.
________________ CS3235, Nov 2002 (Distributed) Denial of Service Relatively new development. –Feb 2000 saw attacks on Yahoo, buy.com, ebay, Amazon, CNN.
Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking Author : Tommy Chin Jr., Xenia Mountrouidou, Xiangyang Li and Kaiqi.
DoS/DDoS attack and defense
Network Security Threats KAMI VANIEA 18 JANUARY KAMI VANIEA 1.
Lecture 17 Page 1 Advanced Network Security Network Denial of Service Attacks Advanced Network Security Peter Reiher August, 2014.
© 2002, Cisco Systems, Inc. All rights reserved..
DOS Attacks Lyle YapDiangco COEN 150 5/21/04. Background DOS attacks have been around for decades Usually intentional and malicious Can cost a target.
Denial of Service A comparison of DoS schemes Kevin LaMantia COSC 316.
Denail of Service(Dos) Attacks & Distributed Denial of Service(DDos) Attacks Chun-Chung Chen.
KEYNOTE OF THE FUTURE 3: DAVID BECKETT CSIT PhD Student QUEEN’S UNIVERSITY BELFAST.
Denial-of-Service Attacks
AP Waseem Iqbal.  DoS is an attack on computer or network that reduces, restricts or prevents legitimate of its resources  In a DoS attack, attackers.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Comparison of Network Attacks COSC 356 Kyler Rhoades.
DDoS Attacks on Financial Institutions Presentation
Domain 4 – Communication and Network Security
Outline Basics of network security Definitions Sample attacks
Outline Basics of network security Definitions Sample attacks
Red Team Exercise Part 3 Week 4
Outline Basics of network security Definitions Sample attacks
Presentation transcript:

Evil DDos Attacks and Strong Defenses Group 6: Yisi Lu, YuanTong Lu, Hao Wu, YuChen Liu, Hua Li

Distributed Large-scale attacks

Denial of service Deny the victim's access to a particular resource (service).

Volume Based Attacks – The volume-based attack’s goal is to saturate the bandwidth of the attacked site Protocol Based Attacks – Exploit a specific feature or implementation bug of some protocol installed at the victim in order to consume excess amounts of its resources Application Layer Attacks – goal of these attacks is to crash the web server

Volume Based Attacks

-->UDP floods -->ICMP floods -->Other spoofed-packet floods

Published in: · Proceeding LEET'12 Proceedings of the 5th USENIX conference on Large-Scale Exploits and Emergent Threats Pages 7-7 USENIX Association Berkeley, CA, USA ©2012 Classification of UDP traffic for DDoS detection Alexandru G.Bardas Loai Zomlot Sathya Chandran Sundaramurthy Xinming Qu S.Raj Rajagopalan Marc R.Eisenbarth

Basic points of the article (1)Examine the “proportional packet rate ” assumption.Test a large number of production networks (2)Algorithm for UDP traffic that aims at differentiating benign and flooding UDP flows based on the assumption (3)Two operation modes of using the algorithm for thwarting UDP- based DDos flooding.

Background information ->UDP is a stateless, simple protocol ->UDP floods: easy to launch but hard to detect ->Existing DoS sensor and prevention mechanisms are either ineffective or non- applicable

->Assumption: under normal operations, the packet rate in one direction is proportional to the packet rate in the opposite direction ->Algorithm Put into a NACK-queue rather than waiting queue.

Experiments i.Validating the assumption ii.Ratio function for UDP attack traffic Iii.Performance, accuracy, calibration

Summary For this article Since UDP flooding attack is a kind of volume-based attack, we should analyze the flow of the packets to determine whether the flow is benign or is a DDos attack. The paper gives a possible mechanism to detect and evaluate the flow. And it gives the possible protections to the detected DDos attack.

Protocol Based Attacks

Protocol based DDOS Definition: This type of attack consumes actual server resources, or those of intermediate communication equipment, such as firewalls and load balancers, and is measured in Packets per second. 2 popular Protocol based DDOS attacks. Ping of Death, Syn Flood

Ping of Death Definition: A ping of death is a type of attack on a computer that involves sending a malformed or otherwise malicious ping to a computer. Reassemble many computer systems could not handle a ping packet larger than bytes. Larger packets could crash the target computer.

Syn Floods

Attack: 1. Send a large number of TCP open request. 2. OS allocate resources to track the TCP state. 3. Since the sender's IP is forged, the returning ACK will never be back. 4. By continuing sending this request, the attacker could exhaust the resource on the server machine.

Syn Floods Defend: Syn Caches Syn cookies

Application Layer Attacks

Comprised of seemingly legitimate and innocent requests Crash the webserver Delay the response time or even block the service Application layer DDoS attack

Other Layer attackApp-layer attack Target: network bandwidth around Internet subsystems such as routers, Domain Name Servers, or web clusters. High level protocol such as HTTP. Legitimate lower level packets Harder to monitor and mitigate (more complicate and diverse) Difference Application layer DDoS attack

Types Request-flooding - many requests in a http session Session-flooding - many sessions are set up by a client Asymmetric - each request is every time-consuming Application layer DDoS attack

Defense Determine suspicious session/client by previous collected data Least suspicion first served, high suspicion blocked Application layer DDoS attack

Our Opinion Application layer DDoS attack Complex because it mimics legitimate user requests a lot Involve more human decision which is not as normalized as things in lower layer Solutions yield the case that some of the time-consuming or impatient user requests being postponed largely Still not a solution to the case that botnet being employed to perform the attack.

Comparison Volume-basedProtocol-basedApplication Layer RequestBogus Legitimate ProtocolUDP, ICMPTCP, ICMPHTTP, HTTPS ConnectionNot full Full High-bandwidthYes No DetectableYes Stealthy ProtectionEasy Hard

Q&A

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.