Presentation is loading. Please wait.

Presentation is loading. Please wait.

________________ CS3235, Nov 2002 (Distributed) Denial of Service Relatively new development. –Feb 2000 saw attacks on Yahoo, buy.com, ebay, Amazon, CNN.

Published byCaitlin Dean Modified over 8 years ago

Similar presentations

Presentation on theme: "________________ CS3235, Nov 2002 (Distributed) Denial of Service Relatively new development. –Feb 2000 saw attacks on Yahoo, buy.com, ebay, Amazon, CNN."— Presentation transcript:

1 ________________ CS3235, Nov 2002 (Distributed) Denial of Service Relatively new development. –Feb 2000 saw attacks on Yahoo, buy.com, ebay, Amazon, CNN. One form of DDoS attack simply saturates the network –prevents legitimate use of resources such as Web services. Another form exploits vulnerabilities to crash machines. Results in degradation of services on the network. –Locked up accounts.

2 ________________ CS3235, Nov 2002 A Simple DOS attack Attacker Zombie Victim

3 ________________ CS3235, Nov 2002 DDoS Attack Zombies galore VictimAttacker

4 ________________ CS3235, Nov 2002 DDoS Many more pathways utilized to attack the victim. Can involve hundreds or thousands of machines all over the Internet. –Break into weakly-secured computers using well known bugs. –Conceal the break-in and hide traces of subsequent activity. –Install software to “remote control” the machine. Launch a coordinated attack on the victim.

5 ________________ CS3235, Nov 2002 Flooding Attacks Smurf attack. –Send ICMP ECHO to broadcast address with source address of victim. TCP SYN attack. –Send SYN datagrams to victim with forged, non-existent source addresses. UDP flooding –Send UDP datagrams at high volume to ports on the victim machine.

6 ________________ CS3235, Nov 2002 Logic Attacks Ping of Death –Construct ICMP ECHO datagram as fragments such that the assembled datagram exceeds the 64K limit for IP datagrams. Land –Send a datagram with the same source and destination address.

7 ________________ CS3235, Nov 2002 Defeating DDoS Egress filtering. –Stop spoofed packets from leaving your network. Stop your network from being used as an amplification site. –Disable IP directed broadcast on all systems

8 ________________ CS3235, Nov 2002 Countering DOS Simple cookies –Would need to remember them. TCP SYN cookies (http://cr.yp.to/syncookies.html)http://cr.yp.to/syncookies.html –Particular choices of ISN. –Self verifying: e.g., MD5(secret, time, src ip, src pt, dest ip, dest pt) SYN STATELESS COOKIE C C, REALLY START PROTOCOL START PROTOCOL A B 1 2 3

9 ________________ CS3235, Nov 2002 Countering DOS Require clients to do work in order to connect [Juel99]. –E.g., what 27-bit number has a SHA checksum of x?

10 ________________ CS3235, Nov 2002 References Juel99 Juels, A. and Brainard, J., “Client Puzzles: A Cryptographic Countermeasure against Connection Depletion Attacks”, NDSS Conference, 1999.

Download ppt "________________ CS3235, Nov 2002 (Distributed) Denial of Service Relatively new development. –Feb 2000 saw attacks on Yahoo, buy.com, ebay, Amazon, CNN."

Similar presentations

Syn Flooding Sends TCP connections to a machine faster than it can process themSends TCP connections to a machine faster than it can process them Each.

Syn Flooding Sends TCP connections to a machine faster than it can process themSends TCP connections to a machine faster than it can process them Each.
Module VIII Denial Of Service

Module VIII Denial Of Service
COMP 7320 Internet Security: Prevention of DDoS Attacks By Dack Phillips.

COMP 7320 Internet Security: Prevention of DDoS Attacks By Dack Phillips.
Denial of Service By: Samarth Shah and Navin Soni.

Denial of Service By: Samarth Shah and Navin Soni.
NETWORK SECURITY ADD ON NOTES MMD © Oct2012. IMPLEMENTATION Enable Passwords On Cisco Routers Via Enable Password And Enable Secret Access Control Lists.

NETWORK SECURITY ADD ON NOTES MMD © Oct2012. IMPLEMENTATION Enable Passwords On Cisco Routers Via Enable Password And Enable Secret Access Control Lists.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.

IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.
Security (Continued) V.T. Raja, Ph.D., Oregon State University.

Security (Continued) V.T. Raja, Ph.D., Oregon State University.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Raw Sockets CS-480b Dick Steflik Raw Sockets Raw Sockets let you program at just above the network (IP) layer You could program at the IP level using.

Raw Sockets CS-480b Dick Steflik Raw Sockets Raw Sockets let you program at just above the network (IP) layer You could program at the IP level using.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Slide 1 Attacks on TCP/IP. slide 2 Security Issues in TCP/IP uNetwork packets pass by untrusted hosts Eavesdropping (packet sniffing) uIP addresses are.

Slide 1 Attacks on TCP/IP. slide 2 Security Issues in TCP/IP uNetwork packets pass by untrusted hosts Eavesdropping (packet sniffing) uIP addresses are.
Network Attack and Defense

Network Attack and Defense
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 7: Denial-of-Service Attacks.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 7: Denial-of-Service Attacks.
Defending Against Flooding Based DoS Attacks : A tutorial - Rocky K.C. Chang, The Hong Kong Polytechnic University Presented by – Ashish Samant.

Defending Against Flooding Based DoS Attacks : A tutorial - Rocky K.C. Chang, The Hong Kong Polytechnic University Presented by – Ashish Samant.

Similar presentations

Ads by Google