Presentation is loading. Please wait.

Presentation is loading. Please wait.

Distributed Denial of Service Attacks

Published byElina Mikkonen Modified over 5 years ago

Similar presentations

Presentation on theme: "Distributed Denial of Service Attacks"— Presentation transcript:

1 Distributed Denial of Service Attacks

2 Potential Damage of DDoS Attacks
The Problem: Massive distributed DoS attacks have the potential to severely decrease backbone availability and can virtually detach a network from the Internet.

3 Motives for DDoS Attacks
Cyber warfare: Prevent information exchange A means to blackmail a company or even country and cause image and money loss Youthful mischief and desire to feel the power “to rule the world“ Proof of technical excellence to “the world“ and oneself Outbreak of worms from Internet security research ;-) ??

4 What Are DDoS Tools? Clog victim’s network. Use many sources (“daemons”) for attacking traffic. Use “master” machines to control the daemon attackers. At least 4 different versions in use: TFN, TFN2K, Trinoo, Stacheldraht.

5 How They Work Daemon Master Daemon Daemon Daemon Daemon Real Attacker
Victim

6 How They Talk Trinoo: attacker uses TCP; masters and daemons use UDP; password authentication TFN(Tribe Flood Network): attacker uses shell to invoke master; masters and daemons use ICMP ECHOREPLY, TCP SYN flood, ICMP Broadcast (smurf) Stacheldraht(barbed wire): attacker uses encrypted TCP connection to master; masters and daemons use TCP and ICMP ECHO REPLY; rcp used for auto-update and generation

7 Deploying DDOS Attackers seem to use standard, well-known holes (i.e., rpc.ttdbserver, amd, rpc.cmsd, rpc.mountd, rpc.statd). attacks on flaws of remote buffer overflows They appear to have “auto-hack” tools – point, click, and invade. Lesson: practice good computer hygiene.

8 Detecting DDOS Tools Most current IDS’s detect the current generation of tools. They work by looking for DDoS control messages. Naturally, these will change over time; in particular, more such messages will be properly encrypted.

9 What Can ISPs Do? Deploy source address anti-spoof filters (very important!). Turn off directed broadcasts. no ip directed-broadcast (A Cisco interface) Develop security relationships with neighbor ISPs. Set up mechanism for handling customer security complaints. Develop traffic volume monitoring techniques.

10 Traffic Volume Monitoring – an example
Look for too much traffic to a particular destination. Learn to look for traffic to that destination at your border routers (access routers, peers, exchange points, etc.). Can we automate the tools – too many queue drops on an access router will trigger source detection?

11 References http://www.cert.org/reports/dsit_workshop.pdf
Dave Dittrich’s analyses: Scanning tool:

Download ppt "Distributed Denial of Service Attacks"

Similar presentations

Module VIII Denial Of Service

Module VIII Denial Of Service
A Brief History of Distributed Denial of Service Attacks Uniforum Chicago August 22, 2000 Viki Navratilova Security Architect, BlueMeteor, Inc.

A Brief History of Distributed Denial of Service Attacks Uniforum Chicago August 22, 2000 Viki Navratilova Security Architect, BlueMeteor, Inc.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Internet Threats Denial Of Service Attacks “The wonderful thing about the Internet is that you’re connected to everyone else. The terrible thing about.

Internet Threats Denial Of Service Attacks “The wonderful thing about the Internet is that you’re connected to everyone else. The terrible thing about.
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
The Latest In Denial Of Service Attacks: “Smurfing” Description and Information to Minimize Effects Craig A. Huegen Cisco Systems, Inc. NANOG 11 Interprovider.

The Latest In Denial Of Service Attacks: “Smurfing” Description and Information to Minimize Effects Craig A. Huegen Cisco Systems, Inc. NANOG 11 Interprovider.
Distributed Denial-of-Services (DDoS) Ho Jeong AN CSE 525 – Adv. Networking Reading Group #8.

Distributed Denial-of-Services (DDoS) Ho Jeong AN CSE 525 – Adv. Networking Reading Group #8.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Network-Based Denial of Service Attacks Trends, Descriptions, and How to Protect Your Network Craig A. Huegen Cisco Systems, Inc. NANOG 12 Interprovider.

Network-Based Denial of Service Attacks Trends, Descriptions, and How to Protect Your Network Craig A. Huegen Cisco Systems, Inc. NANOG 12 Interprovider.
Network-Based Denial of Service Attacks Trends, Descriptions, and How to Protect Your Network Craig A. Huegen Cisco Systems, Inc. NANOG 13 -- Dearborn,

Network-Based Denial of Service Attacks Trends, Descriptions, and How to Protect Your Network Craig A. Huegen Cisco Systems, Inc. NANOG Dearborn,
Computer Security and Penetration Testing

Computer Security and Penetration Testing
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Characterizing and Defending Against DDoS Attacks Christos Papadopoulos..and many others.

Characterizing and Defending Against DDoS Attacks Christos Papadopoulos..and many others.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Defending Against Flooding Based DoS Attacks : A tutorial - Rocky K.C. Chang, The Hong Kong Polytechnic University Presented by – Ashish Samant.

Defending Against Flooding Based DoS Attacks : A tutorial - Rocky K.C. Chang, The Hong Kong Polytechnic University Presented by – Ashish Samant.
DDos Distributed Denial of Service Attacks by Mark Schuchter.

DDos Distributed Denial of Service Attacks by Mark Schuchter.
Chapter 9 Phase 3: Denial-of-Service Attacks. Fig 9.1 Denial-of-Service attack categories.

Chapter 9 Phase 3: Denial-of-Service Attacks. Fig 9.1 Denial-of-Service attack categories.
Denial of Service attacks. Types of DoS attacks Bandwidth consumption attackers have more bandwidth than victim, e.g T3 (45Mpbs) attacks T1 (1.544 Mbps).

Denial of Service attacks. Types of DoS attacks Bandwidth consumption attackers have more bandwidth than victim, e.g T3 (45Mpbs) attacks T1 (1.544 Mbps).
Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,

Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,
Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.

Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.

Similar presentations

Ads by Google