Download presentation
Presentation is loading. Please wait.
Published byMadeline Brooks Modified over 9 years ago
2
Overview of Distributed Denial of Service (DDoS) Wei Zhou
3
Outline of the presentation ● DDoS definition and its attacking architectures ● DDoS classification ● Defense mechanism classification – Reactive VS. Proactive – Classification by defending front-line ● SOS – a case study
4
What is it? – Two major attacking architecture ● Direct attack ● Reflector attack – Characteristics ● Multiple attackers vs. single victim ● To cause denial of service to legitimate users on the victim – No ready-to-go definition available
5
Hacker's attacking network Attacking Architecture - Direct Attack Masters (handlers) Zombies
6
Attacking Architecture – Reflector Attack Reflector Attack Hacker's DDoS attacking network TCP SYN, ICMP, UDP... (with victim's addr. as the src IP addr.) Reflectors
7
Classification of DDoS Attacks ● Classification by exploited vulnerability – Protocol Attacks ● TCP SYN attacks ● CGI request attacks ● Authentication server attacks ●...... – Flooding-based Attacks ● Filterable ● Non-filterable
8
Defense Mechanisms ● Classification by activity level – Reactive mechanisms ● Easy to be deployed ● Hard to tell good guys from bad guys ● Inflexible to adapt new attacks – Proactive mechanisms ● Motivations to deploy ● Accuracy on differentiating packets
9
Defense Mechanisms (cont.) ● Classification by defending front-line – Victim network – Intermediate network – Source network
10
At the victim side ● IDS plus Firewall – Detect bogus packets based on well-known attack signatures – Flexibility ● Puzzle solving by clients – Client must solve a puzzle (small scripts, cookies etc.) in order to access server's resources – Efficiency ● Duplicate server resources – Distribute server resources into more places – Synchronization, costs etc. Victim network can't do NOTHING if its link(s) to the ISP is jammed
11
In the intermediate network ● IP traceback – Can be used to collect forensic evidence – (Need further exploration on this topic) ● Push-back mechanism ● Route-Based packet filtering ● Overlay network
12
Push-back – the idea R2R2 R0R0 R1R1 R3R3 R7R7 R6R6 R5R5 R4R4 Heavy traffic flow Push-back messages ● Reactive mechanism ● Accuracy of telling 'poor' packets from bad packets
13
Route-based packet filtering – the idea R2R2 R0R0 R1R1 R3R3 R7R7 R6 R5R5 R4R4 R9R9 R8R8 Routes from node 2 Attack from node 7 with node 2 addresses ● Proactive mechanism ● Overheads ● Need to change routers
14
At the source side ● Ingress/egress filtering – Ingress filtering ● To prevent packets with faked source IP addresses from entering the network – Egress filtering ● To prevent packets with faked source IP addresses from leaving the network 10.0.0.1 Egress filtering Ingress filtering 9.0.0.0/8 10.0.0.2
15
At the source side (cont.) ● D-WARD (DDoS netWork Attack Recognition and Defense) – Balance of inbound and outbound traffic
16
D-WARD (cont.) ● Motivation of deployment ● Asymmetric problems Source network
17
SOS – Security Overlay Service ● To protect a dedicated server from DDoS attacks ● Use high-performance filters to drop all the packets not from secret servlets ● Path redundancy in overlay network is used to hide the identities of secret servlets ● Legitimate users enter the overlay network at the point of SOAP (secure overlay access point)
18
SOS (cont.) Big time delay Overlay network SOAP(s) Secret servlet(s) Server Filter
19
References ● R. K. C. Chang, “Defending against Flooding-Based Distributed Denial- of-Sevice Attacks: A Tutorial” ● P. Ferguson and D. Senie, “Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing”, RFC 2827 ● J. Ioannidis and S. M. Bellovin, “Implementing Pushback: Router-Based Defense Against DDoS Attacks” ● A. D. Keromytis, V. Misra and D. Rubenstein, “SOS: Secure Overlay Services” ● R. Mahajan, S. M. Bellovin, S. Floyd, J. Ioannidis, V. Paxson and S. Shenker, “Controlling High Bandwidth Aggregates in the Network” ● J. Mirkovic, J. Martin and P. Reiher, “A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms” ● J. Mirkovic, G. Prier and P. Reiher, “Attacking DDoS at the Source” ● K. Park and H. Lee, “A Proactive Approach to Distributed DoS Attack Prevention using Route-Based Packet Filtering”
20
Thank you!
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.