Presentation is loading. Please wait.

Presentation is loading. Please wait.

Denail of Service(Dos) Attacks & Distributed Denial of Service(DDos) Attacks Chun-Chung Chen.

Published byElijah Heath Modified over 8 years ago

Similar presentations

Presentation on theme: "Denail of Service(Dos) Attacks & Distributed Denial of Service(DDos) Attacks Chun-Chung Chen."— Presentation transcript:

1 Denail of Service(Dos) Attacks & Distributed Denial of Service(DDos) Attacks Chun-Chung Chen

2 Introduction Dos : DoS 泛指駭客試圖妨礙正常使用者使用網路上的 服務。當駭客產生大量的 message flow 使得設備處理不及, 即可讓正常的使用者無法正常使用該服務。 Dos : DoS 泛指駭客試圖妨礙正常使用者使用網路上的 服務。當駭客產生大量的 message flow 使得設備處理不及, 即可讓正常的使用者無法正常使用該服務。 DDos : DDoS 則是 DoS 的特例,駭客利用多台機器同 時攻擊來達到妨礙正常使用者使用服務的目的。 DDos : DDoS 則是 DoS 的特例,駭客利用多台機器同 時攻擊來達到妨礙正常使用者使用服務的目的。

3 Classical Dos Malformed Packet Attack: Malformed Packet Attack: Ping of Death Attack. Ping of Death Attack. TearDrop Attack. TearDrop Attack. Land Attack. Land Attack.

4 Ping of Death Attacks An attacker sends an ICMP ECHO request packet that is much larger than the maximum IP packet size to victim. Since the received ICMP echo request packet is bigger than the normal IP packet size, the victim cannot reassemble the packets. The OS may be crashed or rebooted as a result. An attacker sends an ICMP ECHO request packet that is much larger than the maximum IP packet size to victim. Since the received ICMP echo request packet is bigger than the normal IP packet size, the victim cannot reassemble the packets. The OS may be crashed or rebooted as a result. Example : ping –l 65510 192.168.2.3 Example : ping –l 65510 192.168.2.3

5 TearDrop Attacks An attacker sends two fragments that cannot be reassembled properly by manipulating the offset value of packet and cause reboot or halt of victim system. An attacker sends two fragments that cannot be reassembled properly by manipulating the offset value of packet and cause reboot or halt of victim system.

6 Land Attacks An attacker sends a forged packet with the same source and destination IP address. The victim system will be confused and crashed or rebooted. An attacker sends a forged packet with the same source and destination IP address. The victim system will be confused and crashed or rebooted.

7 Modern DoS attack method Capacity Depletion Capacity Depletion Flood Attack: Flood Attack: TCP SYN Flood Attack. TCP SYN Flood Attack. Smurf Flood Attack. Smurf Flood Attack. UDP Flood Attack. UDP Flood Attack. ICMP Flood Attack. ICMP Flood Attack.

8 TCP SYN Flood Attacks Taking advantage of the flaw of TCP three – way handshaking behavior, an attacker makes connection requests aimed at the victim server with packets with unreachable source addresses. Taking advantage of the flaw of TCP three – way handshaking behavior, an attacker makes connection requests aimed at the victim server with packets with unreachable source addresses. 保持在 SYN_RECT

9 Smurf Flood Attacks An attacker sends forged ICMP echo packets to broadcast addresses of vulnerable networks. All the systems on these networks reply to the victim with ICMP echo replies. An attacker sends forged ICMP echo packets to broadcast addresses of vulnerable networks. All the systems on these networks reply to the victim with ICMP echo replies. This attack rapidly exhausts the bandwidth available to the target, effectively denying its services to legitimate users. This attack rapidly exhausts the bandwidth available to the target, effectively denying its services to legitimate users.

10 UDP Flood Attacks UDP is a connectionless protocol and it does not require any connection setup procedure to transfer data. UDP is a connectionless protocol and it does not require any connection setup procedure to transfer data. A UDP Flood Attack is possible when an attacker sends a lot of UDP packet to a random port on the victim system. A UDP Flood Attack is possible when an attacker sends a lot of UDP packet to a random port on the victim system. If enough UDP packets are delivered to ports on victim, the system will go down. If enough UDP packets are delivered to ports on victim, the system will go down.

11 ICMP Flood Attacks An attacker sends a huge number of ICMP echo request packets to victim and, as a result, the victim cannot respond promptly since the volume of request packets is high and have difficulty in processing all requests and responses rapidly. The attack will cause the performance degradation or system down. An attacker sends a huge number of ICMP echo request packets to victim and, as a result, the victim cannot respond promptly since the volume of request packets is high and have difficulty in processing all requests and responses rapidly. The attack will cause the performance degradation or system down.

12 DDos Attack

13 Zombie Network Zombie Network Ex: 一個中型的 zombie network 具 3000 台系統,若每台 產生 25Kbps ,產生 600,000,000 bps 的流量,大約就是 600Mbps 。 Ex: 一個中型的 zombie network 具 3000 台系統,若每台 產生 25Kbps ,產生 600,000,000 bps 的流量,大約就是 600Mbps 。

14 抵禦 Dos 反 Dos 的產品 反 Dos 的產品 容量規劃 容量規劃 考慮能容忍的 Dos 最大流量 考慮能容忍的 Dos 最大流量 與 ISP 合作 與 ISP 合作 強化網路邊緣 強化網路邊緣 阻擋 ICMP 與 UDP 封包 阻擋 ICMP 與 UDP 封包 停用 Direct IP Broadcast 停用 Direct IP Broadcast 流量限制 流量限制 強化伺服器 強化伺服器 停用 echo 、 chargen 服務 停用 echo 、 chargen 服務 SYN protection at system level SYN protection at system level

15 偵測阻斷服務 密切注意惡意軟體 密切注意惡意軟體 大部份由 virus 、 worm 發動 大部份由 virus 、 worm 發動 偵測阻斷服務攻擊的技巧與技術 偵測阻斷服務攻擊的技巧與技術 流量偵測 流量偵測 檢查 SYN_RECV 狀態 (netstat -na) 檢查 SYN_RECV 狀態 (netstat -na) 掃瞄網路裡的阻斷服務攻擊程式 掃瞄網路裡的阻斷服務攻擊程式 整個網路架構防毒軟體 整個網路架構防毒軟體

16 The End~~

Download ppt "Denail of Service(Dos) Attacks & Distributed Denial of Service(DDos) Attacks Chun-Chung Chen."

Similar presentations

NETWORK SECURITY ADD ON NOTES MMD © Oct2012. IMPLEMENTATION Enable Passwords On Cisco Routers Via Enable Password And Enable Secret Access Control Lists.

NETWORK SECURITY ADD ON NOTES MMD © Oct2012. IMPLEMENTATION Enable Passwords On Cisco Routers Via Enable Password And Enable Secret Access Control Lists.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Denial of Service, Firewalls, and Intrusion Detection

Denial of Service, Firewalls, and Intrusion Detection
Review For Exam 2 March 9, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Review For Exam 2 March 9, 2010 MIS 4600 – MBA © Abdou Illia.
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Network-Based Denial of Service Attacks Trends, Descriptions, and How to Protect Your Network Craig A. Huegen Cisco Systems, Inc. NANOG 12 Interprovider.

Network-Based Denial of Service Attacks Trends, Descriptions, and How to Protect Your Network Craig A. Huegen Cisco Systems, Inc. NANOG 12 Interprovider.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
1/42 Arab Academy for Banking &Financial Sciences Faculty of Information Systems & Technology - Department of CIS Information System Security Ph.D Prepared.

1/42 Arab Academy for Banking &Financial Sciences Faculty of Information Systems & Technology - Department of CIS Information System Security Ph.D Prepared.
1 Network Security Derived from original slides by Henric Johnson Blekinge Institute of Technology, Sweden From the book by William Stallings.

1 Network Security Derived from original slides by Henric Johnson Blekinge Institute of Technology, Sweden From the book by William Stallings.
Slide 1 Attacks on TCP/IP. slide 2 Security Issues in TCP/IP uNetwork packets pass by untrusted hosts Eavesdropping (packet sniffing) uIP addresses are.

Slide 1 Attacks on TCP/IP. slide 2 Security Issues in TCP/IP uNetwork packets pass by untrusted hosts Eavesdropping (packet sniffing) uIP addresses are.
TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.

TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.
Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA © Abdou Illia.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
1 CCNA 2 v3.1 Module 10. 2 Intermediate TCP/IP CCNA 2 Module 10.

1 CCNA 2 v3.1 Module Intermediate TCP/IP CCNA 2 Module 10.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 7: Denial-of-Service Attacks.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 7: Denial-of-Service Attacks.
Defending Against Flooding Based DoS Attacks : A tutorial - Rocky K.C. Chang, The Hong Kong Polytechnic University Presented by – Ashish Samant.

Defending Against Flooding Based DoS Attacks : A tutorial - Rocky K.C. Chang, The Hong Kong Polytechnic University Presented by – Ashish Samant.

Similar presentations

Ads by Google