Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Security: DoS Attacks, Smurf Attack, & Worms

Similar presentations

Presentation on theme: "Network Security: DoS Attacks, Smurf Attack, & Worms"— Presentation transcript:

1 Network Security: DoS Attacks, Smurf Attack, & Worms
Team 4 Jessica Waleski, Nicolas Keeton, Griffith Knoop, Richard Luthringshauser, & Samuel Rodriguez

2 DoS Attack What is a DoS Attack? DoS stands for Denial of Service.
DoS attack is when an attacker prevents a user or computer from accessing a site or service by flooding the network with traffic. Common Tools for DoS Attacks: TFN & TFN2K Stacheldraht Popular & Common Attacks: SYN flood ICMP flood Smurf attack UDP flood Ping flood Ping of death (PoD)

3 DDoS Attack What is a DDoS Attack?
DDoS stands for Distributed Denial of Service. It is a subclass of the DoS. DDoS attack is when a botnet (multiple connected devices that are usually connected through illicit means) is used to overwhelm a target host with fake traffic. Main Difference Between DoS and DDoS: DoS Attack - a single internet connection. DDoS Attack - multiple connected devices.

4 DoS & DDoS Attack - Weakness
From the Attacker’s Point of View: Flood of packets must be sustained. When packets stop sending, the target system is backed up. Often used with another form of attack, such as: Disabling a connection in TCP hijacking Preventing authentication Administrators/owners realize their machine is infected, remove the issue, and stop the attack. Must be aware that each packet can be traced back to its source. For this reason, DDoS is the most common type of DoS attack.

5 Common Tools for DoS Attacks - TFN & TFN2K
TFN stands for Tribal Flood Network and TFN2K stands for Tribal Flood Network 2000. Can not be used to perform a DDoS attack. TFN2K is a Newer Version of TFN: More difficult to detect than its predecessor. Can use a number of agents (other hosts) to coordinate an attack against one or more targets. TFN & TFN2K - Perform Various Attacks: UDP flood attacks ICMP flood attacks TCP SYN flood attacks

6 TFN2K - How It Works & Advantages
TFN2K Works on Two Fronts: Command-driven client on the attacker’s system. A daemon process (runs as a background process and the user has no direct control) operating on an agent system. How It Works: Attacker instructs its agents to attack a list of designated targets. Agents respond by flooding the targets with a large amount of packets. Advantages: Attacker-to-agent communications are encrypted and can be mixed with decoy packets. The attack and attacker-to-agent communications can be be randomly sent via TCP, UDP, and ICMP packets. Attacker can falsify (spoof) its IP address.

7 Common Tools for DoS Attacks - Stacheldraht
German for “barbed wire.” Combines features of the Trinoo DDoS tool with the source code from the TFN DoS attack tool. Advantages: Adds encryption of communication, like TFN2K. It also adds an automatic updating of the agents. Detects and automatically enables source address forgery. Performs Various Attacks: UDP flood ICMP flood TCP SYN flood Smurf attacks.

8 DoS Attack - SYN Flood What is SYN Flood Attack?
SYN is short for synchronize. This attack is dependent on the knowledge of the attacker on how connections are made to a server. The Three-Way Handshake: Client sends a packet with the SYN flag set. Server gives resources for the client and then responds with the SYN and ACK flags set. Client responds with the ACK flag set.

9 DoS Attack - ICMP Flood: Smurf Attack
A specific type of DDoS attack. How It Works: Attacker sends an ICMP echo request packet to the IP broadcast addresses of the targeted network. The protocol echoes the packet out to all hosts on that network. Each of the hosts receives a packet and send back an ICMP echo reply packet.

10 DoS Attack - ICMP Flood: UDP Flood
UDP Flood Attack: An attacker will use the UDP (User Datagram Protocol) packets to overwhelm the targeted host. The targeted host: Determine what application is at that port. Finds no application waiting at that port. Reply back with an ICMP Destination Unreachable packet.

11 DoS Attack - ICMP Flood: Ping Flood
Three Categories Based on the Target’s IP Address: Targeted local disclosed ping flood: targets a known IP address of the host. Router disclosed ping flood: targets a known internal IP address of a local router. Blind ping flood: targets a chosen IP address of the host from an external program. How It Works: Attacker sends continuous ICMP echo request packets Does not wait for replies Host attempts to reply back with the ICMP echo reply packets.

12 DoS Attack - Ping of Death (PoD)
What is Ping of Death? An attacker sends an oversized ICMP packet to a targeted host, in order to shut it down. How It Works: Attacker sends ICMP packet (IPv4) of a size greater than 65,535 bytes. Internet Protocol RFC 791: maximum packet size of 65,535 bytes. The targeted host is overloaded and is shut down.

13 The First Computer Worm
The Morris Internet Worm: Written by Robert Tappan Morris Jr, a student at Cornell University in 1988 from an MIT system. Intended for the worm to reveal bugs in programs The worm was used in order to spread, not to cause actual harm. However, due to bugs in the worm’s code, it allowed a machine to be infected many times over. Each additional infection created a new process in the infected system. At least 6,000 UNIX machines were infected. Led to the creation of the Computer Emergency Response Team (CERT).

14 Worms - Propagation Worms do not require direct human interaction to propagate, unlike a virus. Propagation (Two primary ways): Spreads through the network of the infected host. Copying itself onto any other hosts that the infected host has access to. Most efficient, but harder to program. Example: The ILOVEYOU worm Scan your address book and s a copy of itself to everyone in your address book. Easier to program, much more common.

15 Worms - Harmful Effects
Negative Effects: Worms could: Potentially delete/modify files. Degrade your Internet connection and overall system performance. Open a backdoor for a malicious attacker to use Used to send spam or performing DoS attacks. Least harm: consume bandwidth via its growth.

16 Any Questions? ?

17 Works Cited McAfee. “What is a Computer Worm?” McAfee Blogs, McAfee, 17 Nov 2014, “Denial of Service Attacks.” Computer Security Fundamentals, by Chuck Easttom, 2nd ed., Pearson, 2012, pp. 72–84. “Distributed Denial of Service Attacks.”, Imperva, “In Unix, What Is a Daemon?” Knowledge Base, Indiana University, 16 May 2017, Kabachinski, Jeff. "Viruses, Worms, and Trojans." Biomedical Instrumentation & Technology, vol. 39, no. 1, Jan. 2005, pp EBSCOhost,

18 Works Cited Cont’d “Malware.” Computer Security Fundamentals, by Chuck Easttom, 2nd ed., Pearson, 2012, pp. 92–106. “Ping Flood (ICMP Flood).”, Imperva, Ping of Death (PoD).”, Imperva, “Smurf DDoS Attack.”, Imperva, “TCP SYN Flood.”, Imperva,

Download ppt "Network Security: DoS Attacks, Smurf Attack, & Worms"

Similar presentations

Ads by Google