Presentation is loading. Please wait.

Presentation is loading. Please wait.

Overview of Distributed Denial of Service (DDoS) Wei Zhou.

Published byMadeline Brooks Modified over 9 years ago

Similar presentations

Presentation on theme: "Overview of Distributed Denial of Service (DDoS) Wei Zhou."— Presentation transcript:

1

2 Overview of Distributed Denial of Service (DDoS) Wei Zhou

3 Outline of the presentation ● DDoS definition and its attacking architectures ● DDoS classification ● Defense mechanism classification – Reactive VS. Proactive – Classification by defending front-line ● SOS – a case study

4 What is it? – Two major attacking architecture ● Direct attack ● Reflector attack – Characteristics ● Multiple attackers vs. single victim ● To cause denial of service to legitimate users on the victim – No ready-to-go definition available

5 Hacker's attacking network Attacking Architecture - Direct Attack Masters (handlers) Zombies

6 Attacking Architecture – Reflector Attack Reflector Attack Hacker's DDoS attacking network TCP SYN, ICMP, UDP... (with victim's addr. as the src IP addr.) Reflectors

7 Classification of DDoS Attacks ● Classification by exploited vulnerability – Protocol Attacks ● TCP SYN attacks ● CGI request attacks ● Authentication server attacks ●...... – Flooding-based Attacks ● Filterable ● Non-filterable

8 Defense Mechanisms ● Classification by activity level – Reactive mechanisms ● Easy to be deployed ● Hard to tell good guys from bad guys ● Inflexible to adapt new attacks – Proactive mechanisms ● Motivations to deploy ● Accuracy on differentiating packets

9 Defense Mechanisms (cont.) ● Classification by defending front-line – Victim network – Intermediate network – Source network

10 At the victim side ● IDS plus Firewall – Detect bogus packets based on well-known attack signatures – Flexibility ● Puzzle solving by clients – Client must solve a puzzle (small scripts, cookies etc.) in order to access server's resources – Efficiency ● Duplicate server resources – Distribute server resources into more places – Synchronization, costs etc. Victim network can't do NOTHING if its link(s) to the ISP is jammed

11 In the intermediate network ● IP traceback – Can be used to collect forensic evidence – (Need further exploration on this topic) ● Push-back mechanism ● Route-Based packet filtering ● Overlay network

12 Push-back – the idea R2R2 R0R0 R1R1 R3R3 R7R7 R6R6 R5R5 R4R4 Heavy traffic flow Push-back messages ● Reactive mechanism ● Accuracy of telling 'poor' packets from bad packets

13 Route-based packet filtering – the idea R2R2 R0R0 R1R1 R3R3 R7R7 R6 R5R5 R4R4 R9R9 R8R8 Routes from node 2 Attack from node 7 with node 2 addresses ● Proactive mechanism ● Overheads ● Need to change routers

14 At the source side ● Ingress/egress filtering – Ingress filtering ● To prevent packets with faked source IP addresses from entering the network – Egress filtering ● To prevent packets with faked source IP addresses from leaving the network 10.0.0.1 Egress filtering Ingress filtering 9.0.0.0/8 10.0.0.2

15 At the source side (cont.) ● D-WARD (DDoS netWork Attack Recognition and Defense) – Balance of inbound and outbound traffic

16 D-WARD (cont.) ● Motivation of deployment ● Asymmetric problems Source network

17 SOS – Security Overlay Service ● To protect a dedicated server from DDoS attacks ● Use high-performance filters to drop all the packets not from secret servlets ● Path redundancy in overlay network is used to hide the identities of secret servlets ● Legitimate users enter the overlay network at the point of SOAP (secure overlay access point)

18 SOS (cont.) Big time delay Overlay network SOAP(s) Secret servlet(s) Server Filter

19 References ● R. K. C. Chang, “Defending against Flooding-Based Distributed Denial- of-Sevice Attacks: A Tutorial” ● P. Ferguson and D. Senie, “Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing”, RFC 2827 ● J. Ioannidis and S. M. Bellovin, “Implementing Pushback: Router-Based Defense Against DDoS Attacks” ● A. D. Keromytis, V. Misra and D. Rubenstein, “SOS: Secure Overlay Services” ● R. Mahajan, S. M. Bellovin, S. Floyd, J. Ioannidis, V. Paxson and S. Shenker, “Controlling High Bandwidth Aggregates in the Network” ● J. Mirkovic, J. Martin and P. Reiher, “A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms” ● J. Mirkovic, G. Prier and P. Reiher, “Attacking DDoS at the Source” ● K. Park and H. Lee, “A Proactive Approach to Distributed DoS Attack Prevention using Route-Based Packet Filtering”

20 Thank you!

Download ppt "Overview of Distributed Denial of Service (DDoS) Wei Zhou."

Similar presentations

Quiz 1 Posted on DEN 8 multiple-choice questions

Quiz 1 Posted on DEN 8 multiple-choice questions
Denial of Service, Firewalls, and Intrusion Detection

Denial of Service, Firewalls, and Intrusion Detection
CIS 459/659 – Introduction to Network Security – Spring 2005 – Class 13 – 4/5/05 1 D-WARD 1  Goal: detect attacks, reduce the attack traffic, recognize.

CIS 459/659 – Introduction to Network Security – Spring 2005 – Class 13 – 4/5/05 1 D-WARD 1  Goal: detect attacks, reduce the attack traffic, recognize.
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.

Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
Defending against Large-Scale Distributed Denial-of-Service Attacks Department of Electrical and Computer Engineering Advanced Research in Information.

Defending against Large-Scale Distributed Denial-of-Service Attacks Department of Electrical and Computer Engineering Advanced Research in Information.
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.

IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.

Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Defensive Measures for DDoS By Farhan Mirza. Contents Survey Topics Survey Topics Introduction Introduction Common Target of DoS Attacks Common Target.

Defensive Measures for DDoS By Farhan Mirza. Contents Survey Topics Survey Topics Introduction Introduction Common Target of DoS Attacks Common Target.
You should worry if you are below this point.  Your projected and optimistically projected grades should be in the grade center soon o Projected:  Your.

You should worry if you are below this point.  Your projected and optimistically projected grades should be in the grade center soon o Projected:  Your.
2005 Stanford Computer Systems Lab Flow Cookies Bandwidth Amplification as Flooding Defense Martin Casado, Pei Cao Niels Provos.

2005 Stanford Computer Systems Lab Flow Cookies Bandwidth Amplification as Flooding Defense Martin Casado, Pei Cao Niels Provos.
15-441: Computer Networking Lecture 26: Networking Future.

15-441: Computer Networking Lecture 26: Networking Future.
1 SOS: Secure Overlay Services Angelos Keromytis, Dept. of Computer Science Vishal Misra, Dept. of Computer Science Dan Rubenstein, Dept. of Electrical.

1 SOS: Secure Overlay Services Angelos Keromytis, Dept. of Computer Science Vishal Misra, Dept. of Computer Science Dan Rubenstein, Dept. of Electrical.
Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.

Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.
1 Controlling High Bandwidth Aggregates in the Network.

1 Controlling High Bandwidth Aggregates in the Network.
PSMC Proxy Server-based Multipath Connection CS 526 Advanced Networking - Richard White.

PSMC Proxy Server-based Multipath Connection CS 526 Advanced Networking - Richard White.
DFence: Transparent Network-based Denial of Service Mitigation CSC7221 Advanced Topics in Internet Technology Presented by To Siu Sang Eric (07016080)

DFence: Transparent Network-based Denial of Service Mitigation CSC7221 Advanced Topics in Internet Technology Presented by To Siu Sang Eric ( )
“A Taxonomy of DDoS Attack and DDoS Defense Mechanisms”

“A Taxonomy of DDoS Attack and DDoS Defense Mechanisms”

Similar presentations

Ads by Google