Presentation is loading. Please wait.

Presentation is loading. Please wait.

Is Apple’s iMac Operating System Secure under flooding Attacks? by aditya chintala.

Published byClement Sharp Modified over 8 years ago

Similar presentations

Presentation on theme: "Is Apple’s iMac Operating System Secure under flooding Attacks? by aditya chintala."— Presentation transcript:

1 Is Apple’s iMac Operating System Secure under flooding Attacks? by aditya chintala

2 Introduction  How IMac’s Leopard and snow leopard OS vulnerable to the flooding attacks.  Here is an issue, https://discussions.apple.com/thread/3156859  Is Windows more secure than Mac against flooding attacks?

3 Outline  Experimental Setup  Performance Evaluation  Types of DDOs Attacks - ARP Flood Attack - ping flood attack -tcp syn flood attack  conclusion

4 Experimental setup  The experiment simulated a network condition in which multiple computers sent a barrage of DDoS attack traffic to a remote victim computer.  DDoS attack traffic is sent to a remote victim computer at a speed of 10 mbps to 1,000 Mbps.  Victim Computers : Apple OS X 10.6.3 Snow Leopard and Microsoft Windows 7.

5 Experimental Setup:

6 Performance Evaluation 1. Processor utilization : processor exhaustion is CPU utilization of a victim computer under DDoS attack traffic.  Complete processor exhaustion must be avoided to prevent a victim computer from crashing under a DDoS attack. 2. Wired Pages/ Non-paged : These pool allocations in main memory can’t be paged out because they’re required for execution of specific kernel tasks.

7 ARP Flood Attack  What is ARP: Address Resolution Protocol is used in Local Area networks to resolve IP addresses into hardware MAC (medium access control) addresses.  It is a very basic and essential protocol used to communicate in a LAN either by gateway or by any host.  we considered the ARP Flood attack that usually can be launched on computers in a local area network.  In ARP attacks, the victim computer is attacked by storming the host with ARP requests known as Denial of Service (DoS) attack.

8 Message on the screen after a few minutes of ARP storm hitting the snow leopard.

9  After forced reboot of the Leopard based iMAC computer the error log popped up that showed the cause of CPU panic which is due to “zalloc” retry failure in “rtentry”.  Zallocs are the “Zone Allocators” that provides an efficient interface for managing dynamically-sized collections of items of similar size. 1. Wed Sep 2 09:30:53 2011 2. Panic (cpu 1 caller 0x001431A9): "zalloc: \"rtentry\" (2057063 elements) retry fail 3"@/SourceCache/xnu/xnu- 1228.5.20/osfmk/kern/zalloc.c:770 3. Backtrace, Format - Frame : Return Address (4 potential args on stack) 4. 0x3d8e3ac8 : 0x12b0fa (0x4592a4 0x3d8e3afc 0x133243 0x0) 5. 0x3d8e3b18 : 0x1431a9 (0x45aef0 0x471d14 0x1f6367 0x3)

10 Processor utilization (on a logarithmic scale). Our evaluation of how Windows 7 and Snow Leopard can handle an ARP flood attack shows zero processor utilization for Snow Leopard after it crashed. Comparing Windows 7 and Snow Leopard

11 Processor utilization in Snow Leopard. With ARP flood traffic loads at 10 Mbps, 5 Mbps, and 2 Mbps, we see processor utilization become zero after the iMac loaded with Snow Leopard crashed.

12 Non-Page allocation in Windows 7 Wired page allocation in Imac Snow Leopard

13 Ping Flood Attack  Ping is diagnostic ICMP (Internet control message protocol) message used to determine the availability of another computer in a network.  Attackers can exploit this protocol and flood victim computers with ping requests, which ultimately consumes the victim computer’s resources.  Snow Leopard can be bogged down significantly even with a low load of ping flood attack traffic.

14 Windows 7 vs Snow Leopard

15 TCP-SYN Flood Attack  The attacker attempts multiple TCP connections by sending a flood of TCP-SYN packets to the victim computer, forcing it to exhaust its resources.  This attack creates a large number of half-open connections.  Microsoft service packs in particular mitigate this type of TCP-SYN-based DDoS attack by controlling the rate of half-open connections.

16 Windows 7 vs Snow Leopard

17 conclusion  This is quite remarkable, tests performed in an Apple environment (iMac) directly contradicts Apple’s advertised superb security aspects.  Advancement in Firewall protection and Intrusion Prevention systems (IPS) would abate the problem.

18 Is it how it would be after the brutal Flooding attack??

19 References  S. Kumar, Impact of Distributed Denial of Service (DDoS) Attack Due to ARP Storm, Springer-Verlag Berlin Heidelberg, Book Series: Lecture Notes in Computer Science, pages 991- 1002, April-2005.  D.C. Plummer, “Ethernet Address Resolution Protocol,” IETF Network Working Group, RFC-826, November 1982, available online at (http://www.ietf.org/rfc/rfc826.txt) last access on: Feb-06, 2010.  S. Kumar, “PING Att ack: How Bad Is It?” Computers & Security J., vol. 25, July 2006, pp. 332–337.  S. Kumar and E. Petana, “Mitigation of TCP-SYN Att acks with Microsoft ’s Windows XP Service Pack2 (SP2) Soft ware,” Proc. 7th Int’l Conf. Networking, IEEE, 2008, pp. 238–242.

Download ppt "Is Apple’s iMac Operating System Secure under flooding Attacks? by aditya chintala."

Similar presentations

Module X Session Hijacking

Module X Session Hijacking
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Media Access Control (MAC) addresses in the network access layer ▫ Associated w/ network interface card (NIC) ▫ 48 bits or 64 bits IP addresses for the.

Media Access Control (MAC) addresses in the network access layer ▫ Associated w/ network interface card (NIC) ▫ 48 bits or 64 bits IP addresses for the.
Availability Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Aspects of Computer.

Availability Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Aspects of Computer.
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.

Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
Security (Continued) V.T. Raja, Ph.D., Oregon State University.

Security (Continued) V.T. Raja, Ph.D., Oregon State University.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Introduction to Security Computer Networks Computer Networks Term B10.

Introduction to Security Computer Networks Computer Networks Term B10.
Distributed Denial of Service Attacks CMPT 471 1 Distributed Denial of Service Attacks Darius Law.

Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
IP Spoofing, CS2651 IP Spoofing Bao Ho ToanTai Vu CS 265 - Security Engineering Spring 2003 San Jose State University.

IP Spoofing, CS2651 IP Spoofing Bao Ho ToanTai Vu CS Security Engineering Spring 2003 San Jose State University.
Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA © Abdou Illia.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
ITIS 6167/8167: Network and Information Security Weichao Wang.

ITIS 6167/8167: Network and Information Security Weichao Wang.
Network Attacks. Network Trust Issues – TCP Congestion control – IP Src Spoofing – Wireless transmission Denial of Service Attacks – TCP-SYN – Name Servers.

Network Attacks. Network Trust Issues – TCP Congestion control – IP Src Spoofing – Wireless transmission Denial of Service Attacks – TCP-SYN – Name Servers.
DENIAL OF SERVICE ATTACK

DENIAL OF SERVICE ATTACK
Ping and traceroute Lab/Homework exercise Assigned 9/12/2006 Due 9/19/2006 CSIT 220 Fall, 2006 Based on T. Blum Exercises.

Ping and traceroute Lab/Homework exercise Assigned 9/12/2006 Due 9/19/2006 CSIT 220 Fall, 2006 Based on T. Blum Exercises.
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.

DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.

Similar presentations

Ads by Google