1. Denial of Service Bryan Oemler Web Enhanced Information Management March 22 nd, 2011

2. Introduction A Constant threat to the web based providers Resources of servers limited Damaging effect on targets Goal: Drown out all legitimate traffic to server – Consume resources of servers – Monopolize the CPU – Mimic legitimate traffic to server Method: Combine computing power over internet – Distribute the Denial of Service Attack (DDoS)

3. DoS in the news Attacks on WordPress Mar 4 th, 2011 – Largest in History – Multiple Data Centers unable to handle load – Collateral damage for single target Anonymous attacks on MasterCard, Visa Dec 8 th 2010 – Individuals organizing DoS attack – Social Networking – Personal Computers launched DoS Twitter, Facebook attacks Aug 5 th, 2009 – Flood of emails – Target was individual using social networking tools

4. Botnet Network of infected computers – Computers Hijacked with malware – Contacted and controlled by perpetrator of attacks – Target victim with requests Added Obfuscation and Computing Power – Large network of personal and corporate computers – Source looks legitimate to victim

5. IP spoofing Packets are sent out with a forged return IP address – Hides source of attacks Complete TCP Connection cannot be formed – Victim host responds to random IP http://www.techrepublic.com/article/exploring-the-anatomy-of-a-data- packet/1041907

6. SYN Flood Critical Mass of Connection packets – TCP connections started with SYN(Synchronization) packet. – Server responds but never receives acknowledgement – Attacker creates many half open connections – Connections open use up server memory – Attacker monopolizes server with open connections

7. TCP Connection vs Spoofed Packet http://www.understandingcomputers.ca/articles/grc/drd os_copy.html

8. Reflection Attacks “Reflect” requests off innocent servers – Return IP Address forged on to packet intended target of attack – Attacker sends packet to diverse set of hosts – Hosts act as middle man for the attack Tracking packets task more difficult – Indirect path from attacker to victim – Rely on records of intermediate hosts

9. Reflection Attack http://www.understandingcomputers.ca/articles/grc/drd os_copy.html

10. Full HTTP Requests Requests require greater amount of CPU time – Databases queries – Complex calculations – Files access Attacks hidden through Botnet – Infected computers appear to be legitimate users – Botnets sufficiently large

11. Final Observations Extremely Potent – Capable of knocking even largest companies offline Costly to victims – Services denied to e-commerce websites, public safety Increasing risk of attacks – More tools and resources moving online High collateral damage – Information interdependent – Hosts attacked or being used to attack

12. References http://www.computerworld.com/s/article/9200521/Update_MasterCard_ Visa_others_hit_by_DDoS_attacks_over_WikiLeaks http://www.computerworld.com/s/article/9200521/Update_MasterCard_ Visa_others_hit_by_DDoS_attacks_over_WikiLeaks http://www.reuters.com/article/2010/12/10/uk-wikileaks-cyberwarfare- amateur- idUSLNE6B902T20101210?feedType=RSS&feedName=everything&virtualB randChannel=11563 http://www.reuters.com/article/2010/12/10/uk-wikileaks-cyberwarfare- amateur- idUSLNE6B902T20101210?feedType=RSS&feedName=everything&virtualB randChannel=11563 http://staff.washington.edu/dittrich/misc/ddos/ http://www.understandingcomputers.ca/articles/grc/drdos_copy.html http://www.cis.udel.edu/~sunshine/publications/ccr.pdf http://www.sans.org/security-resources/idfaq/trinoo.php http://www.pcmag.com/article2/0,2817,2381486,00.asp http://www.nytimes.com/2009/08/08/technology/internet/08twitter.html ?_r=2&hpw http://www.nytimes.com/2009/08/08/technology/internet/08twitter.html ?_r=2&hpw