Presentation is loading. Please wait.

Presentation is loading. Please wait.

Evaluate the Merits of Using Honeypots to Defend against Distributed Denial- of-Service Attacks on Web Servers By Cheow Lip Goh.

Published byFrederick Spencer Modified over 8 years ago

Similar presentations

Presentation on theme: "Evaluate the Merits of Using Honeypots to Defend against Distributed Denial- of-Service Attacks on Web Servers By Cheow Lip Goh."— Presentation transcript:

1 Evaluate the Merits of Using Honeypots to Defend against Distributed Denial- of-Service Attacks on Web Servers By Cheow Lip Goh

2 Content Motivations Motivations DDoS attacks DDoS attacks Honeypots & Honeynets Honeypots & Honeynets Evaluation Evaluation Conclusion Conclusion

3 Motivations “Paying an extortionist a few thousand dollars to leave your network alone might make bottom-line business sense if the alternative is enduring a distributed denial-of-service attack that could cost your company millions in lost revenue and public relations damage.” 'Net Buzz By Paul McNamara, Network World, 05/23/05 “Paying an extortionist a few thousand dollars to leave your network alone might make bottom-line business sense if the alternative is enduring a distributed denial-of-service attack that could cost your company millions in lost revenue and public relations damage.” 'Net Buzz By Paul McNamara, Network World, 05/23/05 'Net BuzzPaul McNamara 'Net BuzzPaul McNamara

4 DDoS Direct Attack

5 DDoS Reflector Attack

6 Successful Defense against DDoS? Normal Packet Survival Rate (NPSR) - denotes the percentage of normal packets that could make their way to the victim in the midst of a DDoS attack Unfortunately, all current proposed solution to defend against a fully distributed DDoS attacks does not solve the issue completely. Unfortunately, all current proposed solution to defend against a fully distributed DDoS attacks does not solve the issue completely.

7 Honeypots & Honeynets “A honeypot is a resource whose value is being in attacked or compromised. This means, that a honeypot is expected to get probed, attacked and potentially exploited. Honeypots do not fix anything. They provide us with additional, valuable information.” Lance Spitzner A honeynet is a group of honeypots configured to be exactly like the production servers in the organizations deploying them.

8 Actual Deployment of the honeynet

9 View of the Honeynet to the Attacker

10 Purpose of the Honeynet in a DDoS Attack Lure DDoS attackers to compromise the honeypots in the honeynet and learn of the tools, tactics and motives of the attacker. This knowledge will be used to strengthen the networks and servers running in the organization. Serve as a decoy during a real DDoS attack to deceive that attacker that the DDoS attack is going on very well.

11 Evaluation: Issues with using the Honeynet to Defend against DDoS A Honeynet is very complicated and costly to setup. 24x7 monitoring required. A Honeynet is very complicated and costly to setup. 24x7 monitoring required. Compromised honeynet could lead to legal issues. Compromised honeynet could lead to legal issues. DDoS detection and filtering mechanism might not work properly. DDoS detection and filtering mechanism might not work properly. Traffic forwarder is a big bottleneck. Traffic forwarder is a big bottleneck.

12 Conclusion The cost of deploying and maintaining a honeynet to defend against a DDoS attack is very significant. Extra prudence should be exercised to evaluate the benefits of such a complex system as a mistake could lead to costly lawsuits or compromise of machines within the intranet. The cost of deploying and maintaining a honeynet to defend against a DDoS attack is very significant. Extra prudence should be exercised to evaluate the benefits of such a complex system as a mistake could lead to costly lawsuits or compromise of machines within the intranet.

Download ppt "Evaluate the Merits of Using Honeypots to Defend against Distributed Denial- of-Service Attacks on Web Servers By Cheow Lip Goh."

Similar presentations

Honeynet Introduction Tang Chin Hooi APAN Secretariat.

Honeynet Introduction Tang Chin Hooi APAN Secretariat.
Uzair Masood 100111089 MASYU001.  What is a honey Pot ? “ A honey pot is an information system resource whose value lies in unauthorized or illicit use.

Uzair Masood MASYU001.  What is a honey Pot ? “ A honey pot is an information system resource whose value lies in unauthorized or illicit use.
HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.

HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.
Detecting Spam Zombies by Monitoring Outgoing Messages Zhenhai Duan Department of Computer Science Florida State University.

Detecting Spam Zombies by Monitoring Outgoing Messages Zhenhai Duan Department of Computer Science Florida State University.
Why Is DDoS Hard to Solve? 1.A simple form of attack 2.Designed to prey on the Internet’s strengths 3.Easy availability of attack machines 4.Attack can.

Why Is DDoS Hard to Solve? 1.A simple form of attack 2.Designed to prey on the Internet’s strengths 3.Easy availability of attack machines 4.Attack can.
Akamai DNS Offerings RSA © Conference 2013. ©2013 AKAMAI | FASTER FORWARD TM Akamai DNS Solutions Enhanced DNS (eDNS) Scalable, outsourced, DNS solution.

Akamai DNS Offerings RSA © Conference ©2013 AKAMAI | FASTER FORWARD TM Akamai DNS Solutions Enhanced DNS (eDNS) Scalable, outsourced, DNS solution.
 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.

 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
NETWORK SECURITY EE122 Section 12. QUESTION 1 SYN SYN ACK ACK Data RST ACK time A B Data RST ABRUPT TERMINATION  A sends a RESET (RST) to B  E.g.,

NETWORK SECURITY EE122 Section 12. QUESTION 1 SYN SYN ACK ACK Data RST ACK time A B Data RST ABRUPT TERMINATION  A sends a RESET (RST) to B  E.g.,
Guide to Computer Forensics and Investigations1 Network Forensics Overview Network forensics –Systematic tracking of incoming and outgoing traffic To ascertain.

Guide to Computer Forensics and Investigations1 Network Forensics Overview Network forensics –Systematic tracking of incoming and outgoing traffic To ascertain.
Honeypot 서울과학기술대학교 Jeilyn Molina 121336101. Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.

Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.
1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.

1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.
Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.

Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.
Defensive Measures for DDoS By Farhan Mirza. Contents Survey Topics Survey Topics Introduction Introduction Common Target of DoS Attacks Common Target.

Defensive Measures for DDoS By Farhan Mirza. Contents Survey Topics Survey Topics Introduction Introduction Common Target of DoS Attacks Common Target.
Michael Walfish, Mythili Vutukuru, Hari Balakrishanan, David Karger, Scott Shankar DDos Defense by Offense.

Michael Walfish, Mythili Vutukuru, Hari Balakrishanan, David Karger, Scott Shankar DDos Defense by Offense.
Student : Wilson Hidalgo Ramirez Supervisor: Udaya Tupakula Filtering Techniques for Counteracting DDoS Attacks.

Student : Wilson Hidalgo Ramirez Supervisor: Udaya Tupakula Filtering Techniques for Counteracting DDoS Attacks.
Distributed Denial of Service Attacks CMPT 471 1 Distributed Denial of Service Attacks Darius Law.

Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
Worm and Botnet Trapper System Using Honeypots Yan Gao & Usman Jafarey.

Worm and Botnet Trapper System Using Honeypots Yan Gao & Usman Jafarey.
DDoS Defense by Offense Presented by: Matthew C.H. Ma Damon Chan.

DDoS Defense by Offense Presented by: Matthew C.H. Ma Damon Chan.
Intrusion Detection using Honeypots Patrick Brannan Honeyd with virtual machines.

Intrusion Detection using Honeypots Patrick Brannan Honeyd with virtual machines.
John Kristoff DePaul Security Forum 2003 1 Network Defenses to Denial of Service Attacks John Kristoff +01 312 362-5878.

John Kristoff DePaul Security Forum Network Defenses to Denial of Service Attacks John Kristoff

Similar presentations

Ads by Google