Denial of Service Attacks

Similar documents
CS 356 Lecture 16 Denial of Service. Spring 2013

SECURING APACHE : DOS & DDOS ATTACKS - I

CSE 3482 Introduction to Computer Security. Denial of Service (DoS) Attacks

Denial Of Service. Types of attacks

Malicious Programs. CEN 448 Security and Internet Protocols Chapter 19 Malicious Software

Denial of Service Attacks

Acquia Cloud Edge Protect Powered by CloudFlare

Seminar Computer Security

Abstract. Introduction. Section I. What is Denial of Service Attack?

Analysis on Some Defences against SYN-Flood Based Denial-of-Service Attacks

CloudFlare advanced DDoS protection

How To Understand A Network Attack

How To Stop A Ddos Attack On A Website From Being Successful

Announcements. No question session this week

Attack and Defense Techniques

Chapter 8 Security Pt 2

Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst

Denial of Service Attacks. Notes derived from Michael R. Grimaila s originals

Denial of Service (DoS)

Distributed Denial of Service(DDoS) Attack Techniques and Prevention on Cloud Environment

Firewall Firewall August, 2003

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

MONITORING OF TRAFFIC OVER THE VICTIM UNDER TCP SYN FLOOD IN A LAN

Network Bandwidth Denial of Service (DoS)

co Characterizing and Tracing Packet Floods Using Cisco R

1. Firewall Configuration

SY system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

DRDoS Attacks: Latest Threats and Countermeasures. Larry J. Blunk Spring 2014 MJTS 4/1/2014

DDoS Protection Technology White Paper

DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS

How To Protect A Dns Authority Server From A Flood Attack

Content Distribution Networks (CDN)

A Very Incomplete Diagram of Network Attacks

Network Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. April 23, 2015

DoS/DDoS Attacks and Protection on VoIP/UC

Surviving DNS DDoS Attacks. Introducing self-protecting servers

Outline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg

How to launch and defend against a DDoS

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?

Botnets. Botnets and Spam. Joining the IRC Channel. Command and Control. Tadayoshi Kohno

DDoS Attack Trends and Countermeasures A Information Theoretical Metric Based Approach

Chapter 28 Denial of Service (DoS) Attack Prevention

Usage of Embedded Systems for DoS Attack Protection

CMS Operational Policy for Firewall Administration

CSCE 465 Computer & Network Security

Survey on DDoS Attack in Cloud Environment

Denial of Service. Tom Chen SMU

Protect your network: planning for (DDoS), Distributed Denial of Service attacks

Denial of Service Attacks and Countermeasures. Extreme Networks, Inc. All rights reserved. ExtremeXOS Implementing Advanced Security (EIAS)

Denial of Service (DoS) Technical Primer

V-ISA Reputation Mechanism, Enabling Precise Defense against New DDoS Attacks

Security Technology White Paper

Brocade NetIron Denial of Service Prevention

Network attack and defense

Reducing the Impact of Amplification DDoS Attack

Safeguards Against Denial of Service Attacks for IP Phones

How To Classify A Dnet Attack

Federal Computer Incident Response Center (FedCIRC) Defense Tactics for Distributed Denial of Service Attacks

Secure Software Programming and Vulnerability Analysis

VALIDATING DDoS THREAT PROTECTION

A S B

Chapter 8 Network Security

20-CS X Network Security Spring, An Introduction To. Network Security. Week 1. January 7

FIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others

DDoS Attacks Can Take Down Your Online Services

WHITE PAPER. FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems

Network Security - DDoS

CS 640 Introduction to Computer Networks. Network security (continued) Key Distribution a first step. Lecture24

Networks: IP and TCP. Internet Protocol

Cloud-based DDoS Attacks and Defenses

TECHNICAL NOTE 06/02 RESPONSE TO DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS

KASPERSKY DDoS PROTECTION. Protecting your business against financial and reputational losses with Kaspersky DDoS Protection

General Network Security

Taxonomies of Distributed Denial of Service Networks, Attacks, Tools, and Countermeasures

Presented By: Holes in the Fence. Agenda. IPCCTV Attack. DDos Attack. Why Network Security is Important

DDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT

Defending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial

Best Practices Guide: Vyatta Firewall. SOFTWARE-BASED NETWORKING & SECURITY FROM VYATTA February 2013

Lecture 13 - Network Security

CS5008: Internet Computing

TDC s perspective on DDoS threats

Gaurav Gupta CMSC 681

Denial of Service Attacks, What They are and How to Combat Them

About Firewall Protection

Modern Denial of Service Protection

Dos & DDoS Attack Signatures (note supplied by Steve Tonkovich of CAPTUS NETWORKS)

Firewalls and Intrusion Detection

Understanding & Preventing DDoS Attacks (Distributed Denial of Service) A Report For Small Business

SECURITY FLAWS IN INTERNET VOTING SYSTEM

Distributed Denial of Service (DDoS)

DDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest

Network Security. Chapter 9. Attack prevention, detection and response. Attack Prevention. Part I: Attack Prevention

Internet Firewall CSIS Internet Firewall. Spring 2012 CSIS net13 1. Firewalls. Stateless Packet Filtering

Survey on DDoS Attack Detection and Prevention in Cloud

A COMPREHENSIVE STUDY OF DDOS ATTACKS AND DEFENSE MECHANISMS

Security: Attack and Defense

Transcription:

2 Denial of Service Attacks : IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 13 August 2013 its335y13s2l06, Steve/Courses/2013/s2/its335/lectures/malicious.tex, r2851 1 Contents Denial of Service Attacks Classic Denial of Service Attacks Flooding and Distributed

4 Denial of Service Attacks A denial of service (DoS) attack is an action that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources such as CPU, memory, bandwidth and disk space. NIST Computer Security Incident Handling Guide 3 Resources Network Resources Overload communications link or devices to server Link from organisation to ISP usually lower capacity than links within and between ISP routers As link reaches capacity, router will drop packets System Resources Overload or crash network handling software by sending special packets that consume resources or triggers bug Application Resources Send packets to applications (e.g. servers) that force them to consume resources

6 Contents Denial of Service Attacks Classic Denial of Service Attacks Flooding and Distributed 5 TCP Connection Setup TCP uses 3-way handshake to establish a connection Upon receiving SYN, server stores connection information in memory, and waits for ACK Re-send SYN-ACK if no ACK from client; eventually server deletes connection information if no ACK

8 TCP SYN Flooding Attack Attacker sends TCP SYN segments to target Source address spoofing is used on TCP SYN segments; no ACKs from client Target becomes overloaded processing SYNs and storing connection information in memory Countermeasure: difficult; filter packets at routers; SYN cookies 7 TCP SYN Flooding Attack

Simple Ping Flooding Attack Assumptions Attacker has access to high capacity link Target s connection to Internet is lower capacity 9 Simple Ping Flooding Attack Attack Flood the server: Attacker uses ping to send many ICMP requests to target server Link from ISP to router is overloaded; router drops (valid) packets 10

12 Simple Ping Flooding Attack Countermeasures ISPs block ping (ICMP) packets Target can identify the source: inform ISP, take legal action ICMP responses sent back to attacker, affecting their network performance 11 Contents Denial of Service Attacks Classic Denial of Service Attacks Flooding and Distributed

14 Source Address Spoofing Attacker sends packets with fake (or spoofed) source address Target does not (immediately) know who performed attack Responses are not sent to attacker Source address may be of actual host or non-existent 13 Source Address Spoofing Countermeasure ISPs filter (drop) packets that come from invalid source address

Ping Flooding with Source Address Spoofing 15 Reflector Attack Bounce Messages Off Normal Hosts Send protocol messages to multiple normal hosts using spoofed source address set to targets All hosts respond to target 16

Reflector Attack Response Larger than Request Use protocol/application where request (sent by attacker) is small, by response (sent to target) is large Increases amount of traffic sent to target E.g. DNS, SNMP, chargen, ISAKMP 17 Amplification Attack using Broadcast Send Request to Entire LAN Packets sent to directed broadcast IP addresses (e.g. 192.168.1.255) are delivered to all hosts on subnet by router All hosts respond to target Countermeasure: Routers block directed broadcast from outside 18

20 Using Compromised Hosts Zombies and Botnets Attacker takes control of compromised hosts zombies Attacker triggers zombies to initiate attack Collection of zombies called botnet 19 Using Compromised Hosts Countermeasures?

22 Constructing Attack Network Attacker must get many slave hosts under its control Infect the hosts with zombie software 1. Create software that will perform the attacks. This should: Be able to run on different hardware architectures and OSes Hide, that is not be noticeable to the normal user of the zombie host Be able to be contacted by attacker to trigger an attack 2. Identify vulnerability (bug) in large number of systems, in order to install the zombie software 3. Locate vulnerable machines, using scanning: Attacker finds vulnerable machines and infects with zombie software Then the zombie software searches for vulnerable machines and infects with zombie software And so on, until a large distributed network of slaves is constructed Preventing D Prevention Allocate backup resources and modify protocols that are less vulnerable to attacks Aim is to still be able to provide some service when under DDoS attack Detection Aim to quickly detect an attack and respond (minimise the impact of the attack) Detection involves looking for suspicious patters of traffic Response Aim to identify attackers so can apply technical or legal measures to prevent Cannot prevent current attack; but may prevent future attacks 21

24 Contents Denial of Service Attacks Classic Denial of Service Attacks Flooding and Distributed 23 Key Points DoS attack prevents normal use of network, system or applications Exhausts resources: CPU, memory, bandwidth, disk space Address spoofing to hide attacker and redirect traffic to others Reflect packets off normal hosts Amplify bytes sent to target (compared to bytes sent by attacker) Use zombies to initiate attacks; relies on malware to take control DoS easy to perform, difficult to prevent, easy to detect (but too late)

26 Security Issues DDoS attacks continue to grow in number and resources consumed Many new devices connected to Internet (home, electricity grid, sensors, factories) are potential zombies and target Require cooperation between ISPs and companies, as well as legal measures 25 Areas To Explore Detection and prevention: SYN cookies, traffic classification, blackhole,... Spam and botnets Stuxnet and cyberwar

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information