ID NO : 1070 S. VARALAKSHMI Sethu Institute Of Tech IV year -ECE department CEC Batch : AUG 2012.

Slides:



Advertisements
Similar presentations
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Advertisements

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
Umut Girit  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.
Introduction to TCP/IP TCP / IP –including 2 protocols Protocol : = a set of rules that govern the communication between different devices Protocol : =
CCNA2 Module 4. Discovering and Connecting to Neighbors Enable and disable CDP Use the show cdp neighbors command Determine which neighboring devices.
Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.
UDP & TCP Where would we be without them!. UDP User Datagram Protocol.
Security (Continued) V.T. Raja, Ph.D., Oregon State University.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Internet Control Message Protocol (ICMP)
UDP - User Datagram Protocol UDP – User Datagram Protocol Author : Nir Shafrir Reference The TCP/IP Guide - ( Version Version.
Internet Networking Spring 2003
Using Multiple Gateways to Foil DDOS Attack by David Wilkinson.
11 ASSIGNING IP ADDRESSES Chapter 2. Chapter 2: ASSIGNING IP ADDRESSES2 CHAPTER OVERVIEW  Describe the structure of IP addresses and subnet masks. 
CMPT 471 Networking II Address Resolution IPv6 Neighbor Discovery 1© Janice Regan, 2012.
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
1 ICMP : Internet Control Message Protocol Computer Network System Sirak Kaewjamnong.
Lecture 22 Page 1 Advanced Network Security Other Types of DDoS Attacks Advanced Network Security Peter Reiher August, 2014.
Module A Panko and Panko Business Data Networks and Security, 9 th Edition © 2013 Pearson.
Review of IP traceback Ming-Hour Yang The Department of Information & Computer Engineering Chung Yuan Christian University
1 Figure 3-33: Internet Control Message Protocol (ICMP) ICMP is for Supervisory Messages at the Internet Layer ICMP and IP  An ICMP message is delivered.
Internet Control Message Protocol ICMP. ICMP has two major purposes: –To report erroneous conditions –To diagnose network problems ICMP has two major.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 9 Internet Control Message.
Lecture 2 TCP/IP Protocol Suite Reference: TCP/IP Protocol Suite, 4 th Edition (chapter 2) 1.
Internet Control Message Protocol (ICMP). Objective l IP and ICMP l Why need ICMP? l ICMP Message Format l ICMP fields l Examples: »Ping »Traceroute.
1 Semester 2 Module 10 Intermediate TCP/IP Yuda college of business James Chen
PA3: Router Junxian (Jim) Huang EECS 489 W11 /
Distributed Denial of Service CRyptography Applications Bistro Presented by Lingxuan Hu April 15, 2004.
1 Internet Protocol. 2 Connectionless Network Layers Destination, source, hop count Maybe other stuff –fragmentation –options (e.g., source routing) –error.
1 The Internet and Networked Multimedia. 2 Layering  Internet protocols are designed to work in layers, with each layer building on the facilities provided.
More on TCP Acknowledgements Sequence Number Field Initial Sequence Number Acknowledgement Number Field.
The Internet The internet is simply a worldwide computer network that uses standardised communication protocols to transmit and exchange data.
1 Internet Control Message Protocol (ICMP) Used to send error and control messages. It is a necessary part of the TCP/IP suite. It is above the IP module.
Lecture 20 Hacking. Over the Internet Over LAN Locally Offline Theft Deception Modes of Hacker Attack.
Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.
Lector: Aliyev H.U. Lecture №10 Multicast network software design TASHKENT UNIVERSITY OF INFORMATION TECHNOLOGIES THE DEPARTMENT OF DATA COMMUNICATION.
Internet Protocols. Address Resolution IP Addresses are not recognized by hardware. If we know the IP address of a host, how do we find out the hardware.
1 Network Administration Module 3 ARP/RARP. 2 Address Resolution The problem Physical networks use physical addresses, not IP addresses Need the physical.
ICMP
Internet Control Message Protocol (ICMP) Chapter 7.
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 25 November 16, 2004.
1 Figure 3-13: Internet Protocol (IP) IP Addresses and Security  IP address spoofing: Sending a message with a false IP address (Figure 3-17)  Gives.
1 Figure 3-5: IP Packet Total Length (16 bits) Identification (16 bits) Header Checksum (16 bits) Time to Live (8 bits) Flags Protocol (8 bits) 1=ICMP,
1 Connectivity with ARP and RARP. 2 There needs to be a mapping between the layer 2 and layer 3 addresses (i.e. IP to Ethernet). Mapping should be dynamic.
An Analysis of Using Reflectors for Distributed Denial-of- Service Attacks Paper by Vern Paxson.
UDP & TCP Where would we be without them!. UDP User Datagram Protocol.
1 Kyung Hee University Chapter 11 User Datagram Protocol.
COSC513 Final Project Firewall in Internet Security Student Name: Jinqi Zhang Student ID: Instructor Name: Dr.Anvari.
Secure Single Packet IP Traceback Mechanism to Identify the Source Zeeshan Shafi Khan, Nabila Akram, Khaled Alghathbar, Muhammad She, Rashid Mehmood Center.
Denail of Service(Dos) Attacks & Distributed Denial of Service(DDos) Attacks Chun-Chung Chen.
Process-to-Process Delivery:
1 Address Resolution Protocol (ARP). 2 Overview 3 Need for Address Translation Note: –The Internet is based on IP addresses –Local area networks use.
Chapter 11 User Datagram Protocol
Chapter 19 Network Layer Protocols
Address Resolution Protocol (ARP)
21-2 ICMP(Internet control message protocol)
Chapter 9 ICMP.
Error and Control Messages in the Internet Protocol
Defending Against DDoS
Byungchul Park ICMP & ICMPv DPNM Lab. Byungchul Park
NET323 D: Network Protocols
Internet Control Message Protocol (ICMP)
Internet Control Message Protocol (ICMP)
Internet Control Message Protocol Version 4 (ICMPv4)
NET323 D: Network Protocols
CS4470 Computer Networking Protocols
Address Resolution Protocol (ARP)
ARP Spoofing.
IIT Indore © Neminath Hubballi
Process-to-Process Delivery: UDP, TCP
Presentation transcript:

ID NO : 1070 S. VARALAKSHMI Sethu Institute Of Tech IV year -ECE department CEC Batch : AUG 2012

The Internet was initially designed for openness and scalability

The attacker first takes control of a large number of vulnerable hosts on the internet, and then uses them to send a huge flood of packets to the victim simultaneously, exhausting all of its resources.

 Sender authentication process Marking M (24 bit random number generated by the source) is sent to the receiver proxy server by the sender After receiving the Marking value M, the receiver proxy server sends back an echo message for the verification of the marking value If the marking value is correct, then the sender drops a positive acknowledgement After receiving positive acknowledgement, the receiver will send a new marking digest to the source The sender will put the digest value to the option field of the packet and then sends the packet

 TCP flow rate calculation Normal user usually sends 3 to 4 packet successively and wait for reply Attacker sends the packets continuously Normal flow rate = tp/2 TD is the time duration between two packets tp is the propagation time If ((tp/2)< TD)  Normal packet Else  Attack packets

 Entropy calculation Entropy is the measure of uncertainty or randomness associated with a random variable (data over the network) The entropy value is  small when the class distribution is pure  large when the class distribution is impure Change in randomness is detected on comparing the value of a sample of packet header files to that of another sample of packet header files Entropy on receiver proxy server is given by P (xi) = (Number of attack)/ Total No of packet

Normalized Entropy is given by NE = H/log n0 n0 = no of source node in particular Time Interval If NE < threshold (Δ), then attack is there in receiver proxy server The routers with NE rate less than threshold are suspected as attack routers The NE rate for the neighboring routers of the attack routers are calculated The process is repeated until we reach the source attacker

The date and time of the agent software installation is gathered from the attacker The above details are provided to the attacker’s ISP to get the IP address of the source attacker The IANA provides the information related on which ISP the IP address belongs From the new ISP, the source attacker is traced ATTACKER IDENTIFICATION

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.