Denial of Service Attacks and Countermeasures. Extreme Networks, Inc. All rights reserved. ExtremeXOS Implementing Advanced Security (EIAS)



Similar documents
Security Technology White Paper

Acquia Cloud Edge Protect Powered by CloudFlare

Chapter 28 Denial of Service (DoS) Attack Prevention

CloudFlare advanced DDoS protection

CS 356 Lecture 16 Denial of Service. Spring 2013

Strategies to Protect Against Distributed Denial of Service (DD

Firewall Firewall August, 2003

WHITE PAPER. FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems

FIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others

Dos & DDoS Attack Signatures (note supplied by Steve Tonkovich of CAPTUS NETWORKS)

Chapter 7 Protecting Against Denial of Service Attacks

Brocade NetIron Denial of Service Prevention

Internet Firewall CSIS Internet Firewall. Spring 2012 CSIS net13 1. Firewalls. Stateless Packet Filtering

Denial of Service Attacks

Configuring Health Monitoring

Abstract. Introduction. Section I. What is Denial of Service Attack?

SECURING APACHE : DOS & DDOS ATTACKS - I

Best Practices Guide: Vyatta Firewall. SOFTWARE-BASED NETWORKING & SECURITY FROM VYATTA February 2013

Federal Computer Incident Response Center (FedCIRC) Defense Tactics for Distributed Denial of Service Attacks

Configuring TCP Intercept (Preventing Denial-of-Service Attacks)

Chapter 8 Security Pt 2

co Characterizing and Tracing Packet Floods Using Cisco R

Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks

Denial of Service (DoS) attacks and countermeasures. Pier Luigi Rotondo IT Specialist IBM Rome Tivoli Laboratory

Network Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. April 23, 2015

A S B

Defending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial

Outline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg

Denial Of Service. Types of attacks

Frequent Denial of Service Attacks

1. Firewall Configuration

SonicOS 5.9 / / 6.2 Log Events Reference Guide with Enhanced Logging

DDoS Overview and Incident Response Guide. July 2014

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?

Configuring Denial of Service Protection

TECHNICAL NOTE 06/02 RESPONSE TO DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS

Modern Denial of Service Protection

Configuring NetFlow Secure Event Logging (NSEL)

Firewall Defaults and Some Basic Rules

LUCOM GmbH * Ansbacher Str. 2a * Zirndorf * Tel / * Fax / *

Firewalls and Intrusion Detection

Solutions for LAN Protection

ProCurve Secure Router OS Firewall Protecting the Internal, Trusted Network

Secure Network Access System (SNAS) Indigenous Next Generation Network Security Solutions

Chapter 8 Network Security

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)

Securing Networks with PIX and ASA

Using SYN Flood Protection in SonicOS Enhanced

Enterprise Data Center Topology

ACHILLES CERTIFICATION. SIS Module SLS 1508

Configuring NetFlow Secure Event Logging (NSEL)

DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS

Automated Mitigation of the Largest and Smartest DDoS Attacks

Firewalls. Chapter 3

Introduction of Intrusion Detection Systems

How To Prevent DoS and DDoS Attacks using Cyberoam

Firewall Defaults, Public Server Rule, and Secondary WAN IP Address

Distributed Denial of Service(DDoS) Attack Techniques and Prevention on Cloud Environment

Server Iron Hands-on Training

Firewall. User Manual

Multi-layer switch hardware commutation across various layers. Mario Baldi. Politecnico di Torino.

Implementing Secure Converged Wide Area Networks (ISCW)

Configuring Static and Dynamic NAT Translation

Seminar Computer Security

CS5008: Internet Computing

TCP SYN Flood - Denial of Service Seung Jae Won University of Windsor wons@uwindsor.ca

Lecture 6: Network Attacks II. Course Admin

20-CS X Network Security Spring, An Introduction To. Network Security. Week 1. January 7

Network Security 2. Module 2 Configure Network Intrusion Detection and Prevention

Network Security. Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT)

Safeguards Against Denial of Service Attacks for IP Phones

Attack Lab: Attacks on TCP/IP Protocols

Configuring Flexible NetFlow

Automated Mitigation of the Largest and Smartest DDoS Attacks

Firewalls Netasq. Security Management by NETASQ

Project 4: (E)DoS Attacks

How To Protect A Dns Authority Server From A Flood Attack

SY system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

Chapter 3 Using Access Control Lists (ACLs)

TCP/IP Security Problems. History that still teaches

What's New in Cisco ACE Application Control Engine Module for the Cisco Catalyst 6500 and Cisco 7600 Series Software Release 2.1.0

Introduction about DDoS. Security Functional Requirements

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

How To Block On A Network With A Group Control On A Router On A Linux Box On A Pc Or Ip Access Group On A Pnet 2 On A 2G Router On An Ip Access-Group On A Ip Ip-Control On A Net

DDoS Protection Technology White Paper

Network- vs. Host-based Intrusion Detection

Analysis on Some Defences against SYN-Flood Based Denial-of-Service Attacks

SECURITY FLAWS IN INTERNET VOTING SYSTEM

VLAN und MPLS, Firewall und NAT,

This Technical Support Note shows the different options available in the Firewall menu of the ADTRAN OS Web GUI.

Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst

Architecture Overview

Catalyst 6500/6000 Switches NetFlow Configuration and Troubleshooting

Grandstream Networks, Inc. UCM6100 Security Manual

CMS Operational Policy for Firewall Administration

ΕΠΛ 674: Εργαστήριο 5 Firewalls

Cheap and efficient anti-ddos solution

Understanding DoS Protection in PAN- OS Tech Note

Network/Internet Forensic and Intrusion Log Analysis

CSCE 465 Computer & Network Security

Transcription:

Denial of Service Attacks and Countermeasures Extreme Networks, Inc. All rights reserved. ExtremeXOS Implementing Advanced Security (EIAS)

Student Objectives Upon successful completion of this module, the student will be able to: Describe DoS attacks. Describe two common DoS attack modes and five DoS attack types. Describe basic DoS countermeasures. Describe and configure IP broadcast forwarding. Describe, configure, verify, and troubleshoot DoS-Protect. Identify actions to take during a DoS attack. page 2

What are DoS Attacks? Security breach designed to overwhelm systems with bogus or defective network traffic Potential to take network systems offline Can cost companies millions in damages page 3

Two Common DoS Attack Modes Asymmetrical Distributed page 4

DoS Attack Types SYN-ACK Attack or TCP-SYN Flooding Teardrop Attacks Smurf Attacks Martian Attacks Other page 5

TCP SYN Flood Example 10.10.10.1 1 10.10.10.2 20.20.20.1 30.30.30.1 5 2 4 3 6 1. TCP SYN from 10.10.10.1 to 10.10.10.2 2. Change address from 10.10.10.1 to 20.20.20.1 3. TCP SYN, ACK from 10.10.10.2 to 10.10.10.1 No longer there 4. TCP SYN from 20.20.20.1 to 10.10.10.2 5. Change address from 20.20.20.1 to 30.30.30.1 6. TCP SYN, ACK from 10.10.10.2 to 20.20.20.1 No longer there page 6

DoS Attack Countermeasures Ingress Address Filtering Prevent Broadcast Amplification by disabling IP Broadcast forwarding Turn off unused TCP and UDP services ACL entries: Block unwanted traffic DoS-Protect page 7

IP Broadcast Forwarding Control To disable the IP forwarding broadcast (default is off) disable ipforwarding broadcast To disable the generation of ICMP network unreachable (type 3, code 0) and host unreachable (type 3, code 1) messages disable icmp unreachables {vlan <name>} To disable the generation of ICMP port unreachable messages (type 3, code 3) disable icmp port-unreachables {vlan <name>} To disable the modification of route table information when an ICMP redirect message is received (default is off) disable icmp useredirects {vlan <name>} page 8

How DoS-Protect Works DoS protection counts the incoming packets Suspicious packet counts near threshold, packet headers are saved When threshold is reached, headers are analyzed Hardware ACL is created to limit flow of the suspect packets to the CPU ACL will periodically expire, will be re-enabled if attack is still occurring With ACL in place, CPU has cycles to process legitimate traffic page 9

Implementing DoS-Protect Learn your network data-streams enable dos-protect simulated Configure the DoS-Protect parameters configure dos-protect type L3-protect alert-threshold <packets> configure dos-protect type L3-protect notify-threshold <packets> Configure Trusted Ports (optional) configure dos-protect trusted ports <ports> Enable DoS-Protect enable dos-protect page 10

Protecting the Switch CPU DoS-Protect Alerts and ACLs Alerts: Activated when specified threshold reached Interval: default 1 second Alert Threshold: default 4000 packets Notify Threshold: default 3500 packets ACL Expiration Time Default 5 seconds, can be adjusted configure dos-protect acl-expire <seconds> Dynamically creates ACL on the fly page 11

show dos-protect detail Displaying DoS-Protect Settings page 12

show log Troubleshooting DoS-Protect show log 10/07/2003 11:42.15 <DBUG:SYST> DOSprotect notice: this second: raw packets to cpu: 4002 dropped in software: 0 10/07/2003 11:42.15 <DBUG:SYST> DOSprotect: create ACL block from PhysPorts 1:1 to 10.201.30.29 10/07/2003 11:42.15 <WARN:SYST> DOSprotect: possible Denial-of-Service: best guess origin: physport 1:1 mac 00:50:70:50:26:a6 to 10.201.30.29 10/07/2003 11:42.15 <DBUG:SYST> DOSprotect timeout: remove ACL block from PhysPorts 1:1 to 10.201.30.29 page 13

Actions to Take When Under DoS Attack Check the following Verify DoS-Protect is enabled CPU utilization IPARP statistics ICMP statistics Show IPSTAT ACL hit count page 14

Summary Describe DoS attacks. Describe two common DoS attack modes and five DoS attack types. Describe basic DoS countermeasures. Describe and configure IP broadcast forwarding. Describe, configure, verify, and troubleshoot DoS-Protect. Identify actions to take during a DoS attack. page 15

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information