DDoS Attacks Can Take Down Your Online Services

Similar documents
DDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest

How To Protect A Dns Authority Server From A Flood Attack

Availability Digest. Prolexic a DDoS Mitigation Service Provider April 2013

CSE 3482 Introduction to Computer Security. Denial of Service (DoS) Attacks

Availability Digest. History s Largest DDoS Attack? April 2013

Seminar Computer Security

Protect your network: planning for (DDoS), Distributed Denial of Service attacks

Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst

ERT Attack Report. Attacks on Large US Bank During Operation Ababil. March 2013

Acquia Cloud Edge Protect Powered by CloudFlare

WHITE PAPER. FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems

CloudFlare advanced DDoS protection

Denial of Service Attacks

Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望

Man, Machine and DDoS Mitigation

DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS

TLP WHITE. Denial of service attacks: what you need to know

DDoS Basics. internet: unique numbers that identify areas and unique machines on the network.

How To Stop A Ddos Attack On A Website From Being Successful

Stop DDoS Attacks in Minutes

Information Technology Solutions

Stop DDoS Attacks in Minutes

White Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation

DDoS Attacks - Peeling the Onion on One of the Most Sophisticated Ever Seen. Eldad Chai, VP Product

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

This document is licensed for use, redistribution, and derivative works, commercial or otherwise, in accordance with the Creative Commons

IxLoad-Attack: Network Security Testing

HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT

VALIDATING DDoS THREAT PROTECTION

Network attack and defense

Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall

How to launch and defend against a DDoS

Surviving DNS DDoS Attacks. Introducing self-protecting servers

Anthony Minnaar Dept of Criminology & Security Science School of Criminal Justice College of Law University of South Africa

CS5008: Internet Computing

SECURING APACHE : DOS & DDOS ATTACKS - II

Innovations in Network Security

(U) Financial Sector Cyber Security

UNDERSTANDING THE CAUSE AND EFFECT OF DDoS: How to mitigate risk and protect your financial institution

Security workshop Protection against botnets. Belnet Aris Adamantiadis Brussels 18 th April 2013

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka

[Restricted] ONLY for designated groups and individuals Check Point Software Technologies Ltd.

Introduction: 1. Daily 360 Website Scanning for Malware

About Botnet, and the influence that Botnet gives to broadband ISP

Detailed Description about course module wise:

SECURING APACHE : DOS & DDOS ATTACKS - I

First Line of Defense

Secure Pipes with Network Security Technology Showcase

DDoS Threat Report. Chris Beal Chief Security Architect on Twitter

A S B

Emerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA

How To Protect Yourself From A Dos/Ddos Attack

Security A to Z the most important terms

BotNets- Cyber Torrirism

SHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper

EC Council Certified Ethical Hacker V8

Network Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. April 23, 2015

/ Staminus Communications

Prolexic Quarterly Global DDoS Attack Report Q4 2012

Mitigating Denial of Service Attacks. Why Crossing Fingers is Not a Strategy

CEH Version8 Course Outline

Botnets. Botnets and Spam. Joining the IRC Channel. Command and Control. Tadayoshi Kohno

DDoS Overview and Incident Response Guide. July 2014

Abstract. Introduction. Section I. What is Denial of Service Attack?

CS 356 Lecture 16 Denial of Service. Spring 2013

Understanding & Preventing DDoS Attacks (Distributed Denial of Service) A Report For Small Business

How Attackers are Targeting Your Mobile Devices. Wade Williamson

How To Block A Ddos Attack On A Network With A Firewall

A Network Administrator s Guide to Web App Security

Current Threat Scenario and Recent Attack Trends

A Critical Investigation of Botnet

Certified Ethical Hacker Exam Version Comparison. Version Comparison

Introduction to DDoS Attacks. Chris Beal Chief Security Architect on Twitter

SY system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

DDoS Protection on the Security Gateway

DDoS DETECTING. DDoS ATTACKS WITH INFRASTRUCTURE MONITORING. [ Executive Brief ] Your data isn t safe. And neither is your website or your business.

AntiDDoS1000 DDoS Protection Systems

Attack and Defense Techniques

For IT Infrastructure, Mobile and Cloud Computing - Why and how

5 DNS Security Risks That Keep You Up At Night (And How To Get Back To Sleep)

Marble & MobileIron Mobile App Risk Mitigation

Denial Of Service. Types of attacks

How To Stop A Malicious Dns Attack On A Domain Name Server (Dns) From Being Spoofed (Dnt) On A Network (Networking) On An Ip Address (Ip Address) On Your Ip Address On A Pc Or Ip Address

FortiDDos Size isn t everything

White Paper. Copyright 2012, Juniper Networks, Inc. 1

Denial of Service Attacks, What They are and How to Combat Them

Distributed Denial of Service protection

E-BUSINESS THREATS AND SOLUTIONS

Federal Computer Incident Response Center (FedCIRC) Defense Tactics for Distributed Denial of Service Attacks

Denial of Service (DoS)

Denial of Service Attacks. Notes derived from Michael R. Grimaila s originals

How To Mitigate A Ddos Attack

DDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT

Architecture of a new DDoS and Web attack Mitigation System for Data Center

2012 Infrastructure Security Report. 8th Annual Edition Kleber Carriello Consulting Engineer

A Very Incomplete Diagram of Network Attacks

Arbor s Solution for ISP

Four Steps to Defeat a DDoS Attack

Transcription:

DDoS Attacks Can Take Down Your Online Services Dr. Bill Highleyman Managing Editor, Availability Digest Continuity Insights New York 2014 October 8, 2014 editor@availabilitydigest.com

Who Am I? Dr. Bill Highleyman Managing Editor of the Availability Digest: - Monthly publication of computer availability topics. - Free subscription www.availabilitydigest.com Decades of experience building mission-critical systems. Holder of 16 U.S. patents, many on availability techniques. Contributor to Availability Theory: - Many published papers.

Who Am I? Dr. Bill Highleyman Coauthor of three-volume book series Breaking the Availability Barrier. Speaker on topics concerning system availability. Availability consulting. Technical and marketing writing services. One-day, two-day, and three-day seminars on Availability Theory and Practice.

What is a Distributed Denial of Service Attack? Makes an Internet service unavailable to its users. Saturates the victim machine with external traffic. The victim machine can t respond to legitimate traffic. Address of attacker is spoofed: - victim machine can t block traffic from a known source.

What is a Distributed Denial of Service Attack? Malware attacks do not generally pose a threat to availability: - they aim to steal personal information, other data. DDoS attacks are a major threat to availability. - they have been used to take down major sites for days. - they are easy to launch, difficult to defend against.

What is a Distributed Denial of Service Attack? Reasons for DDoS attacks: - revenge - competition - ransom - a cover for another attack

Major DDoS Attacks Some Examples

Major U.S. Banks The online banking web sites of several major U.S. banks were taken down for days by Distributed Denial of Service (DDoS) attacks. The Izz ad-din al-qassam Cyber Warriors attacked major U.S. banks. Vowed to continue the attacks until the video Innocence of Muslims was removed from the Internet. September 2012 - DDoS attacks were launched against Bank of America, JPMorgan Chase, Wells Fargo, U.S. Bank, and PNC Bank.

Major U.S. Banks The online banking web sites of several major U.S. banks were taken down for days by Distributed Denial of Service (DDoS) attacks. The attacks took down their online banking portals for a day. Attacks followed against Capital One, SunTrust Banks, and Regions. The 70 gigabit/second attacks used hundreds of thousands of volunteer computers and infected servers. December 2012 Attacks were repeated for several days.

History s Largest DDoS Attack Spamhaus is a spam-filtering site: - provides a blacklist of IP addresses of email spammers. - used by spam-filtering vendors, ISPs, corporations. Blocked CyberBunker as a spam site: - located in the Netherlands. - will post anything but child pornography, terrorism. In retaliation, CyberBunker launched a 300 gbps DDoS attack against Spamhaus: - lasted for ten days.

History s Largest DDoS Attack Spamhaus enlisted CloudFlare to help it weather the attack: - CloudFare spread the DDoS load across its 23 data centers. - scrubbed the data and fed only legitimate data to Spamhaus. CyberBunker extended its attack to CloudFlare. CloudFare was able to withstand the attack. The CEO of CyberBunker was later arrested by the Dutch: - DDoS attacks are illegal in many countries.

The Anatomy of a DDoS Attack

How Can So Much Traffic Be Generated? By Botnets Typical attacks generate about 10 gbps of malicious traffic: - it takes about 10,000 PCs to generate 10 gbps of traffic. - this is a botnet. A botnet is a collection of infected computers: - control is conceded to a third party, the bot master. The bot master controls the activities of the compromised computers.

How Can So Much Traffic Be Generated? By Botnets A large server can generate a gigabit/sec. of malicious traffic: - one thousand times that of a PC. Ten large servers can generate as much traffic as 10,000 PCs. Recent attacks have generated 300 gbps of malicious data: - combination of infected PCs and servers.

The Anatomy of a DDoS Attack DDoS attackers depend upon infecting thousands of PCs. A typical infection sequence is: - a user succumbs to a phishing attack (opens a malicious email or visits a malicious web site). - a Trojan is injected into the machine, opens a backdoor. - a bot infection is inserted into the PC via the backdoor. - the bot infection establishes a connection with the bot master.

The BYOD Conundrum

The BYOD Conundrum Bring Your Own Devices (BYOD) are the new gateways into corporate networks: - employees using smart phones, tablets, notebooks. - conducting their work at home or on the road. - connecting outside the corporate firewall to servers and databases inside the firewall. Malware can gain access to a company s network by infecting these devices. Mobile malware is becoming a greater threat than direct infections of systems.

Mobile Threats Compromised Wi-Fi hot spots: - coffee shops, airports, hotels. - corporate data is vulnerable whenever an employee logs onto a public Wi-Fi hot spot. - frequently configured so that anyone can see all of the network traffic. - commercially available apps provide network monitoring capability.

Other Mobile Threats Poisoned DNS servers: - user must trust the DNS server used by a Wi-Fi hot spot. - hackers can hijack a public DNS server. - can direct traffic to a malicious web site. - web site can get user s private data passwords, etc. - malware is downloaded to device from the web site.

Android Devices are the Primary Targets Mobile malware most likely is installed via malicious apps. Android is an open operating system modified by each vendor: - security provisions often bypassed. Hundreds of Android app stores not vetted by Google. Google security patches take months to be distributed by vendors.

Android Devices are the Primary Targets Number of malicious apps has grown 800% over the last year. 92% directed at Android devices. Apple has tight control over apps: - tests each one thoroughly. - does not allow unvetted apps to be downloaded from the Apple app store.

DDoS Strategies

DDoS Strategies Attacks Occur at Various Levels Network Level: - network is bombarded with traffic. - consumes available bandwidth. Infrastructure Level: - network devices such as firewalls, routers, maintain state in internal tables. - fill state tables of network devices. Application Level: - invoke application services. - consume processing and disk resources.

DDoS Strategies Attacks Occur at Various Levels ICMP Flood: - Internet Control Message Protocol (ICMP) sends error messages. - messages sent to random ports. - most ports will not be used. - victim system must respond with Port Unreachable. - victim system so busy responding that it can t handle legitimate traffic. Ping Attack: - victim is flooded with pings. - victim must respond to each.

DDoS Strategies Attacks Occur at Various Levels SYN Flood: - attacker initiates a connection. - sends a SYN connection request with a spoofed client address. - server assigns resources, responds with SYN-ACK to spoofed client. - attacker never sends ACK to complete the connection. - spoofed client ignores SYN-ACK since it did not send SYN. - victim holds resources for three minutes awaiting connection completion. - victim runs out of resources, cannot make legitimate connections.

DDoS Strategies Attacks Occur at Various Levels GET/POST Flood: - attacker send commands to retrieve and update data. - uses extensive compute and disk resources of server. - typically needs user names, passwords. - consumes all resources of server.

DDoS Strategies Amplified Attacks The most vicious kind of attack: - generates a great deal of attack data with little effort. Example DNS Reflection: - sends DNS URL request with spoofed IP address of victim. - DNS sends URL response (IP address of URL) to victim. - typical request message is 30 bytes. - typical response message is 3,000 bytes. - 100 times amplification.

DDoS Strategies Amplified Attacks DNS Reflection attacks depend upon DNS Open Resolvers: - they respond to any DNS request, no matter its source. Open DNS Resolvers were supposed to be phased out: - still 27 million Open Resolvers on the Internet. - their IP addresses have all been published. Publicly available toolkit itsoknoproblembro for DNS attacks.

Summary

Botnets Until recently, DDoS attacks were in the 10 gbps range: - infected PC botnets. Islamic hackers 100 gbps: - used tens of thousands of volunteered PCs. - added infected servers. CyberBunker 300 gbps: - used PC/server botnet. - used DNS reflection.

DDoS Attacks are Easy to Launch Botnets can be rented cheaply: 10,000 PCs 100,000 PCs 10 gbps 100 gbps $500 per month $200 per day DDoS malware is available on the Web: - low cost, easy to use. - itsoknoproblembro.

Mitigation DDoS attacks are easy to launch, difficult to defend against. Firewalls and intrusion-prevention (IPV) systems can be overwhelmed. Spread load across several data centers to scrub data. Use the services of a DDoS mitigation company that can scrub data over several data centers: - Prolexic - Verisign - Tata - CloudFare - AT&T Include DDoS attacks in your Business Continuity Plan.

Mitigation An excellent resource for evaluating a DDoS mitigation service: 12 Questions to Ask a DDoS Mitigation Provider - a Prolexic White Paper http://www.prolexic.com/knowledge-center-white-paper-twelve-questions.html

Thanks for Coming The material for this presentation came from the archived articles of (www.availabilitydigest.com) a monthly periodical on availability topics. Go to www.availabilitydigest.com/signups for your free subscription. Follow us on @availabilitydig.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information