Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internet Threats Denial Of Service Attacks “The wonderful thing about the Internet is that you’re connected to everyone else. The terrible thing about.

Published byAlejandro Newlove Modified over 9 years ago

Similar presentations

Presentation on theme: "Internet Threats Denial Of Service Attacks “The wonderful thing about the Internet is that you’re connected to everyone else. The terrible thing about."— Presentation transcript:

1

2 Internet Threats Denial Of Service Attacks

3 “The wonderful thing about the Internet is that you’re connected to everyone else. The terrible thing about the Internet is that you’re connected to everyone else.” Vint Cerf The Internet And Information Security

4 Denial Of Service Attack Specifics

5 Denial Of Service Problems Exploding in popularity –No skill required High juvenile ratio –High availability of menu-driven programs available, on multiple platforms Up and ruining in minutes Unix, NT, Win95, etc Programs available via the Internet within HOURS of the identified exploit –Often requires assistance across multiple ISPs Coordination efforts impossible at best

6 Denial Of Service Problems Tracing –Source is almost always hidden, or forged Need to trace in real time, router by router to find Bad_Guy –High packet rates Sometimes victims can’t use Internet to complain about or trace the attack –Group accounts or throw-away accounts used School Labs, piracy dialup, hacked systems

7 DOS Types “Revenge of the Nerds” SYN Floods Mail Bombs Smurf Attacks Many, many others

8 Syn Floods TCP Handshake required to set up communication –Send- HELLO! (TCP_SYN) –Recv- Yea, What? (TCP_SYN_ACK) –Send- Let’s Talk! (TCP_ACK) SYN Flood exploits Handshake –Bad_Guy sends TCP_SYN from forged source that doesn’t exist –Victim tries to send a TCP_SYN_ACK, but can’t find the source, so it queues the message –Message is queued for ~75 seconds –Bad-Guy fills up SYN Queue –Victim can’t communicate

9 DoS Packet Flow SYN Attack SYN packet from Bad_Guy Where do I send data? Bad_Guy Victim

10 Mail Bombs Large amounts of email to victim –“FROM” address randomly created –Mail trail is often relayed through several relay systems Difficult to track origination One Word: SPAM –Explosion of tools available from Spamming organizations to make this point-and-click, and professionally difficult to trace

11 Smurf Attacks Most Recent Attack, also called a “Broadcast Ping Attack” Broadcast ping –Send a “broadcast_ping_request” to a network/subnet, and everyhost in that network/subnet replies with a “ping_reply” > ping 166.45.1.255 166.45.1.1 is alive 166.45.1.2 is alive 166.45.1.3 is alive …. 166.45.1.255 is alive

12 Smurf Attacks Attack –Bad_Guy sends a “broadcast_ping_request”, that looks like it came from “Victim”, and sends it to “Innocent 3rd Party” –Every host on “Innocent 3rd Party”’s network/subnet sends a “broadcast_ping_reply” to the victim –Victim gets hit with a massive ping attack –Good_guy traces the Attack to the “Innocent 3rd Party” Compensators –Disable Broadcast Ping Replies on your routers “no ip directed broadcasts” –Deploy monitoring software –Call your ISP –Filter ICMP

13 Tools available to initiate attacks How they are being developed so quickly –Hackers are subscribing to “bug lists” used to discuss product bugs –Public Domain Testing software becoming widely available, being used maliciously –Template code to create TCP/IP Packets exist Their availability and dissemination –Ever try YAHOO? –IRC #DOS channel –Available within hours after bug is reported Professionally created, updated, etc

14 Impacts to ISPS –Bandwidth saturation Dos Attacks affect links that belong to ISPS Affects multiple customers –T1 backbone ISPs still exist! Hackers can do much damage on a 28.8 dialup T3 connected shell accounts in high demand –IRC #shells –Resources required to trace are intense Educating customer Tracing attack –Time sensitive issue

15 MCI’S DosTracker Reactive –Victim calls in for assistance –DoSTracker installed on Victim Border router (their connection to our Network) Proactive –DosTracker installed on Victim router, and “waits” for Attack to come in. Alerts when identified Not typically used, due to resource issues

16 MCI’S DoSTracker –DoSTracker watches packets going to Victim, and analyzes them for “DoS Characteristics” Forged source address Smurf Attack Large packet sources –DoSTracker traces identified DoS Packets router by router, interface by interface until it reaches an “edge” (customer or another network).

17 DoS Path Customer NET A NET B NET C

18 Migration of attacks What can we expect for future attacks? –Automation DoS Engines/Clients –Protocol exposures Streaming protocols –CUSeeMe, Multi-Cast, UseNet DNS –Reduction of detection capability Services being deployed much too quickly for security analysis, compensators and monitoring can be deployed and integrated. –We’ll always be one-two steps behind

19 Contact Dale Drew internetMCI Security Engineering 703/715-7058 ddrew@mci.net http://www.security.mci.net http://www.security.mci.net/check.html

Download ppt "Internet Threats Denial Of Service Attacks “The wonderful thing about the Internet is that you’re connected to everyone else. The terrible thing about."

Similar presentations

Syn Flooding Sends TCP connections to a machine faster than it can process themSends TCP connections to a machine faster than it can process them Each.

Syn Flooding Sends TCP connections to a machine faster than it can process themSends TCP connections to a machine faster than it can process them Each.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Cisco 2 - Routers Perrine. J Page 14/30/2015 Chapter 10 TCP/IP Protocol Suite The function of the TCP/IP protocol stack is to transfer information from.

Cisco 2 - Routers Perrine. J Page 14/30/2015 Chapter 10 TCP/IP Protocol Suite The function of the TCP/IP protocol stack is to transfer information from.
Are you secured in the network ?: a quick look at the TCP/IP protocols Based on: A look back at “Security Problems in the TCP/IP Protocol Suite” by Steven.

Are you secured in the network ?: a quick look at the TCP/IP protocols Based on: A look back at “Security Problems in the TCP/IP Protocol Suite” by Steven.
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
Distributed Reflection Denial of Service Networking Talks for the Insufficiently Paranoid Based on:

Distributed Reflection Denial of Service Networking Talks for the Insufficiently Paranoid Based on:
The Latest In Denial Of Service Attacks: “Smurfing” Description and Information to Minimize Effects Craig A. Huegen Cisco Systems, Inc. NANOG 11 Interprovider.

The Latest In Denial Of Service Attacks: “Smurfing” Description and Information to Minimize Effects Craig A. Huegen Cisco Systems, Inc. NANOG 11 Interprovider.
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.

IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.

Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.
Intrusion Detection and Hackers Exploits IP Spoofing Attack Yousef Yahya & Ahmed Alkhamaisa Prepared for Arab Academy for Banking and Financial Sciences.

Intrusion Detection and Hackers Exploits IP Spoofing Attack Yousef Yahya & Ahmed Alkhamaisa Prepared for Arab Academy for Banking and Financial Sciences.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Network-Based Denial of Service Attacks Trends, Descriptions, and How to Protect Your Network Craig A. Huegen Cisco Systems, Inc. NANOG 12 Interprovider.

Network-Based Denial of Service Attacks Trends, Descriptions, and How to Protect Your Network Craig A. Huegen Cisco Systems, Inc. NANOG 12 Interprovider.
Defensive Measures for DDoS By Farhan Mirza. Contents Survey Topics Survey Topics Introduction Introduction Common Target of DoS Attacks Common Target.

Defensive Measures for DDoS By Farhan Mirza. Contents Survey Topics Survey Topics Introduction Introduction Common Target of DoS Attacks Common Target.
Network-Based Denial of Service Attacks Trends, Descriptions, and How to Protect Your Network Craig A. Huegen Cisco Systems, Inc. NANOG 13 -- Dearborn,

Network-Based Denial of Service Attacks Trends, Descriptions, and How to Protect Your Network Craig A. Huegen Cisco Systems, Inc. NANOG Dearborn,
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Lance West.  Just what is a Denial of Service (DoS) attack, and just how can it be used to attack a network.  A DoS attack involves exploiting operating.

Lance West.  Just what is a Denial of Service (DoS) attack, and just how can it be used to attack a network.  A DoS attack involves exploiting operating.
Lecture 15 Denial of Service Attacks

Lecture 15 Denial of Service Attacks

Similar presentations

Ads by Google