Presentation is loading. Please wait.

Presentation is loading. Please wait.

Slides mostly by Sherif Khattab 1 Denial-of-Service [Gligor, 84] ``A group of otherwise-authorized users of a specific service is said to deny service.

Published byAshlynn Sarr Modified over 9 years ago

Similar presentations

Presentation on theme: "Slides mostly by Sherif Khattab 1 Denial-of-Service [Gligor, 84] ``A group of otherwise-authorized users of a specific service is said to deny service."— Presentation transcript:

1 Slides mostly by Sherif Khattab 1 Denial-of-Service [Gligor, 84] ``A group of otherwise-authorized users of a specific service is said to deny service to another group of otherwise-authorized users if the former group makes the specified service unavailable to the latter group for a period of time which exceeds the intended (and advertised) waiting time”

2 Slides mostly by Sherif Khattab 2 DoS Attacks DoS attacks aim at reducing legitimate utilization of network and/or server resources through:  resource destruction (exploit bugs in the OS)  resource exhaustion vulnerability exploitation (e.g., SYN attack) brute-force flooding  Network-level (e.g., lots of packets as in UDP floods)  Service-level (e.g., flash crowds)

3 Slides mostly by Sherif Khattab 3 Service-level DoS A large number of attack hosts request service from the victim server at a high rate. For instance,  download files from an FTP server, or  get web pages from an WWW server

4 Slides mostly by Sherif Khattab 4 Front-ends Front-ends form a tree with the back-ends as its logical root.

5 Slides mostly by Sherif Khattab 5 Front-ends (contd.) Tree level of each front-end depends on its attack tolerance Front-ends can be the bottleneck that gets attacked. It usually can withstand a good amount of attack traffic. To join the network (or reconfigure), a front- end performs:  Parent registration  Address registration

6 Slides mostly by Sherif Khattab 6 DoS Attacks (1/4) They also consume server resources, such as interrupt processing capacity, operating system structures, processing time, etc. Legitimate packets consume network resources, such as router buffers and link capacity Legitimate Client Server Router

7 DoS Attacks (2/4) Network-level DoS attacks flood network resources Service-level DoS attacks exploit vulnerabilities to crash servers Service-level DoS attacks flood server resources, so that legitimate clients’ packets will be dropped… 7 Slides mostly by Sherif Khattab

8 8 Our Focus: Service-level Flooding DoS DoS Attacks Resource Destruction Resource Exhaustion Brute-force Flooding Service- level Network- level Vulnerabilit y Exploitation

9 Slides mostly by Sherif Khattab 9 The DoS Problem Distinguish attack packets/requests from legitimate packets/requests  quickly  accurately (low false positives and false negatives) and  efficiently (small overhead) Primary metrics  Legitimate Response Time  Legitimate Throughput

10 Slides mostly by Sherif Khattab 10 DoS Prevention Puzzles  Attackers forced to exert some ``effort’’  Bandwidth [Walfish et al, 2005]  Crypto [Juels and Brainard, 99]; [Wang and Reiter 03]  Network-level [Feng, 2003]  CAPTCHA [Morein et al, 2003] Ticket-based systems  [Gligor, 2003] But,  not effective against determined attackers  restricted to services with human users DoS Defense PreventionMitigation Detection/ Recovery

11 Slides mostly by Sherif Khattab 11 DDoS Shield  [Ranjan et al, 2006] Recovery  Capability-based systems e.g., [Yang et al, 2005]  Server relocation [Khattab et al, 2003]; [Stavrou et al, 2005] But,  hard to detect service-level DoS  high overhead Detection and Recovery DoS Defense PreventionMitigation Detection/ Recovery

12 Slides mostly by Sherif Khattab 12 Mitigation Sustain service under attack Replication  Anycast Routing Overlay-based  SOS [Keromytis et al, 2002] But,  high overhead  private services DoS Defense PreventionMitigation Detection/ Recovery

13 Slides mostly by Sherif Khattab 13 PreventionDetection/ Recovery Mitigation Network-level Network-level puzzles PacketScore; RED-PD; Heavy-hitter detection; DCAP; Pushback; MOVE; Capabilities; IP Hopping Replication; Overlay-based Service-level Application-level puzzles; Reservation- based Schemes DDoS Shield; Shadow Honeypots; Kill-Bots Replication State-of-the-art

14 Slides mostly by Sherif Khattab 14 Honeypots [Spitzner][Provos] Honeypots are:  decoy resources to trap attackers  useful in detecting worm-infected hosts However, honeypots are  at fixed locations  separate from real servers DoS Attackers can evade honeypots

15 Slides mostly by Sherif Khattab 15 Roaming Honeypots [Khattab] In roaming honeypots, the locations of honeypots are:  continuously changing  unpredictable to non-compliant attackers  disguised within servers

16 Slides mostly by Sherif Khattab 16 Unique, un-spoofable user identifier (dealing with proxy servers is an open problem) Main Assumption Proxy Server

17 Slides mostly by Sherif Khattab 17 Firewall? Packet Filtering in firewalls White-list: allow packets from certain users/Ips. Not Scalable, because list grows with number of users Black list: do not allow certain IPs or users. More Scalable: # attackers << # users

Download ppt "Slides mostly by Sherif Khattab 1 Denial-of-Service [Gligor, 84] ``A group of otherwise-authorized users of a specific service is said to deny service."

Similar presentations

Denial of Service By: Samarth Shah and Navin Soni.

Denial of Service By: Samarth Shah and Navin Soni.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
CIS 459/659 – Introduction to Network Security – Spring 2005 – Class 13 – 4/5/05 1 D-WARD 1  Goal: detect attacks, reduce the attack traffic, recognize.

CIS 459/659 – Introduction to Network Security – Spring 2005 – Class 13 – 4/5/05 1 D-WARD 1  Goal: detect attacks, reduce the attack traffic, recognize.
Defending against Large-Scale Distributed Denial-of-Service Attacks Department of Electrical and Computer Engineering Advanced Research in Information.

Defending against Large-Scale Distributed Denial-of-Service Attacks Department of Electrical and Computer Engineering Advanced Research in Information.
Overview of Distributed Denial of Service (DDoS) Wei Zhou.

Overview of Distributed Denial of Service (DDoS) Wei Zhou.
Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.

Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Defensive Measures for DDoS By Farhan Mirza. Contents Survey Topics Survey Topics Introduction Introduction Common Target of DoS Attacks Common Target.

Defensive Measures for DDoS By Farhan Mirza. Contents Survey Topics Survey Topics Introduction Introduction Common Target of DoS Attacks Common Target.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Distributed Denial of Service Attacks CMPT 471 1 Distributed Denial of Service Attacks Darius Law.

Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
1 Controlling High Bandwidth Aggregates in the Network.

1 Controlling High Bandwidth Aggregates in the Network.
1 Network Security Derived from original slides by Henric Johnson Blekinge Institute of Technology, Sweden From the book by William Stallings.

1 Network Security Derived from original slides by Henric Johnson Blekinge Institute of Technology, Sweden From the book by William Stallings.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
1 CCNA 2 v3.1 Module 10. 2 Intermediate TCP/IP CCNA 2 Module 10.

1 CCNA 2 v3.1 Module Intermediate TCP/IP CCNA 2 Module 10.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 7: Denial-of-Service Attacks.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 7: Denial-of-Service Attacks.

Similar presentations

Ads by Google