Presentation is loading. Please wait.

Presentation is loading. Please wait.

Defending Against DDoS

Published byWidya Sugiarto Modified over 5 years ago

Similar presentations

Presentation on theme: "Defending Against DDoS"— Presentation transcript:

1 Defending Against DDoS
CSE4471: Information Security

2 Outline What is a DDOS attack? - review How to defend a DDoS attack?

3 What is a DDos Attack? DoS attacks: Examples of DoS include:
Attempt to prevent legitimate users of a service from using it Examples of DoS include: Flooding a network Disrupting connections between machines Disrupting a service Distributed Denial-of-Service Attacks Many machines are involved in the attack against one or more victim(s)

4 Defending against DDoS attack Strategies
Ingress Filtering - P. Ferguson and D. Senie, RFC 2267, Jan 1998 - Block packets that has illegitimate source addresses - Disadvantage : Overhead makes routing slow Identification of the origins (Traceback problem) - IP spoofing enables attackers to hide their identity - Many IP traceback techniques are suggested Mitigating the effect during the attack - Pushback

5 IP Traceback - Several approaches
- Allows victim to identify the origin (and path) of attackers - Several approaches ICMP trace messages, Probabilistic Packet Marking, Hash-based IP Traceback, etc.

6 PPM Probabilistic Packet Marking scheme
- Probabilistically inscribe local path info - Use constant space in the packet header - Reconstruct the attack path with high probability Making at router R For each packet w Generate a random number x from [0,1) If x < p then Write IP address of R into w.head Write 0 into w.distance else if w.distance == 0 then wirte IP address of R into w.tail if w.distance != -1 then Increase w.distance endif

7 PPM (Cont.) legitimate user attacker Victim

8 PPM (Cont.) legitimate user attacker Victim

9 PPM (Cont.) legitimate user attacker Victim

10 PPM (Cont.) legitimate user attacker V R Victim

11 PPM: An Example

12 PPM: Computation

13 PPM Extensions What if P is not the same among routers?
PPM needs 9 bytes of marking information in a packet (w.head+w.tail+w.distance). Is it possible to have a new PPM with less marking bytes? PPM assumes all routers are cooperative and run PPM. What would happen if some routers do not run PPM or are even malicious?

14 What is Pushback? A mechanism that allows a router to request adjacent upstream routers to limit the rate of traffic

15 How Does it Work? A congested router request other adjacent routers to limit the rate of traffic for that particular aggregate. Router sends pushback message Received routers propagates pushback

16 Conclusion What is a DDoS attack? Defending a DDoS attack
Ingress filtering Trace-back: PPM Push-back

Download ppt "Defending Against DDoS"

Similar presentations

COMP 7320 Internet Security: Prevention of DDoS Attacks By Dack Phillips.

COMP 7320 Internet Security: Prevention of DDoS Attacks By Dack Phillips.
Defending Against Denial of Service Attacks Presented By: Jordan Deveroux 1.

Defending Against Denial of Service Attacks Presented By: Jordan Deveroux 1.
Random Flow Network Modeling and Simulations for DDoS Attack Mitigation Jiejun Kong, Mansoor Mirza, James Shu, Christian Yoedhana, Mario Gerla, Songwu.

Random Flow Network Modeling and Simulations for DDoS Attack Mitigation Jiejun Kong, Mansoor Mirza, James Shu, Christian Yoedhana, Mario Gerla, Songwu.
Are you secured in the network ?: a quick look at the TCP/IP protocols Based on: A look back at “Security Problems in the TCP/IP Protocol Suite” by Steven.

Are you secured in the network ?: a quick look at the TCP/IP protocols Based on: A look back at “Security Problems in the TCP/IP Protocol Suite” by Steven.
Stefan Savage, David Wetherall, Anna Karlin and Tom Anderson University of Washington- Seattle, WA Presented by Mohammad Hajjat- Purdue University Slides.

Stefan Savage, David Wetherall, Anna Karlin and Tom Anderson University of Washington- Seattle, WA Presented by Mohammad Hajjat- Purdue University Slides.
Defending against Large-Scale Distributed Denial-of-Service Attacks Department of Electrical and Computer Engineering Advanced Research in Information.

Defending against Large-Scale Distributed Denial-of-Service Attacks Department of Electrical and Computer Engineering Advanced Research in Information.
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.

IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
Overview of Distributed Denial of Service (DDoS) Wei Zhou.

Overview of Distributed Denial of Service (DDoS) Wei Zhou.
Intrusion Detection and Hackers Exploits IP Spoofing Attack Yousef Yahya & Ahmed Alkhamaisa Prepared for Arab Academy for Banking and Financial Sciences.

Intrusion Detection and Hackers Exploits IP Spoofing Attack Yousef Yahya & Ahmed Alkhamaisa Prepared for Arab Academy for Banking and Financial Sciences.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.

Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.
Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.

Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.
IP Traceback With Deterministic Packet Marking Andrey Belenky and Nirwan Ansari IEEE communication letters, VOL. 7, NO. 4 April 2003 林怡彣.

IP Traceback With Deterministic Packet Marking Andrey Belenky and Nirwan Ansari IEEE communication letters, VOL. 7, NO. 4 April 2003 林怡彣.
Flash Crowds And Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites Aaron Beach Cs395 network security.

Flash Crowds And Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites Aaron Beach Cs395 network security.
On the Effectiveness of Route- Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets Kihong Park and Heejo Lee Network Systems.

On the Effectiveness of Route- Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets Kihong Park and Heejo Lee Network Systems.
John Kristoff DePaul Security Forum 2003 1 Network Defenses to Denial of Service Attacks John Kristoff +01 312 362-5878.

John Kristoff DePaul Security Forum Network Defenses to Denial of Service Attacks John Kristoff
SUNY at Buffalo; Computer Science; CSE620 – Advanced Networking Concepts; Fall 2005; Instructor: Hung Q. Ngo 1 Agenda Last time: finished brief overview.

SUNY at Buffalo; Computer Science; CSE620 – Advanced Networking Concepts; Fall 2005; Instructor: Hung Q. Ngo 1 Agenda Last time: finished brief overview.
04/12/2001ecs289k, spring 20011 ecs298k Distributed Denial of Services lecture #5 Dr. S. Felix Wu Computer Science Department University of California,

04/12/2001ecs289k, spring ecs298k Distributed Denial of Services lecture #5 Dr. S. Felix Wu Computer Science Department University of California,
Practical Network Support for IP Traceback Internet Systems and Technologies - Monitoring.

Practical Network Support for IP Traceback Internet Systems and Technologies - Monitoring.

Similar presentations

Ads by Google