Network Attacks Instructor: Dr. X. Outline Worms DoS.

Slides:



Advertisements
Similar presentations
(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.
Advertisements

Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 3. Program Security -- Part I.
C risis And A ftermath Eugene H. Spafford 발표자 : 손유민.
Communications of the ACM (CACM), Vol. 32, No. 6, June 1989
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Introduction to Security Computer Networks Computer Networks Term B10.
 Population: N=100,000  Scan rate  = 4000/sec, Initially infected: I 0 =10  Monitored IP space 2 20, Monitoring interval:  = 1 second Infected hosts.
Computer Security and Penetration Testing
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Web server security Dr Jim Briggs WEBP security1.
How to Own the Internet in your spare time Ashish Gupta Network Security April 2004.
Lecture 15 Denial of Service Attacks
 Discovered in June/July 2010  Targeted Siemens software and equipment running Microsoft Windows  First malware for SCADA systems to spy and subvert.
BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.
MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.
1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
By: Sharad Sharma, Somya Verma, and Taranjit Pabla.
Jonathan Baulch  A worm that spreads via USB drives  Exploits a previously unknown vulnerability in Windows  Trojan backdoor that looks for a specific.
Lecture 14 Page 1 CS 236 Online Worms Programs that seek to move from system to system –Making use of various vulnerabilities Other performs other malicious.
“How to 0wn the Internet in Your Spare Time” Nathanael Paul Malware Seminar September 7, 2004.
Honeypot and Intrusion Detection System
More Network Security Threats Worm = a stand-alone program that can replicate itself and spread Worms can also contain manipulation routines to perform.
Lecture 26 Page 1 Advanced Network Security Malware for Networks Advanced Network Security Peter Reiher August, 2014.
Active Worms CSE 4471: Information Security 1. Active Worm vs. Virus Active Worm –A program that propagates itself over a network, reproducing itself.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.
Topics to be covered 1. What are bots,botnet ? 2.How does it work? 4.Prevention of botnet. 3.Types of botnets.
Final Introduction ---- Web Security, DDoS, others
1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
--Harish Reddy Vemula Distributed Denial of Service.
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Security News Source Courtesy:
How to Own the Internet in Your Spare Time (Stuart Staniford Vern Paxson Nicholas Weaver ) Giannis Kapantaidakis University of Crete CS558.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Security at NCAR David Mitchell February 20th, 2007.
Recent Internet Viruses & Worms By Doppalapudi Raghu.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.
Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.
What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.
©Ian Sommerville 2004Software Engineering Case Studies Slide 1 The Internet Worm Compromising the availability and reliability of systems through security.
Omar Hemmali CAP 6135 Paul Barford Vinod Yegneswaran Computer Sciences Department University of Wisconsen, Madison.
Chapter 7 Denial-of-Service Attacks Denial-of-Service (DoS) Attack The NIST Computer Security Incident Handling Guide defines a DoS attack as: “An action.
BY SYDNEY FERNANDES T.E COMP ROLL NO: INTRODUCTION Networks are used as a medium inorder to exchange data packets between the server and clients.
Network Programming and Network Security Lane Thames Graduate Research Assistant.
Worm Defense Alexander Chang CS239 – Network Security 05/01/2006.
Crisis And Aftermath Eugene H. Spafford 이희범.  Introduction  How the worm operated  Aftermath Contents.
4061 Session 26 (4/19). Today Network security Sockets: building a server.
Viruses a piece of self-replicating code attached to some other code – cf biological virus both propagates itself & carries a payload – carries code to.
1 Distributed Denial of Service Attacks. Potential Damage of DDoS Attacks l The Problem: Massive distributed DoS attacks have the potential to severely.
Mobile Code and Worms By Mitun Sinha Pandurang Kamat 04/16/2003.
A Case Study on Computer Worms Balaji Badam. Computer worms A self-propagating program on a network Types of Worms  Target Discovery  Carrier  Activation.
The Internet Worm Incident Eugene H. Spafford  Attack Format –Worm vs. Virus  Attack Specifications –Worm operation –Infection and propagaion  Topics.
Lecture 14 Page 1 CS 236 Online Worms Programs that seek to move from system to system –Making use of various vulnerabilities Other performs other malicious.
Speaker: Hom-Jay Hom Date:2009/10/20 Botnet Research Survey Zhaosheng Zhu. et al July 28-August
1 Botnets Group 28: Sean Caulfield and Fredrick Young ECE 4112 Internetwork Security Prof. Henry Owen.
Denial of Service A comparison of DoS schemes Kevin LaMantia COSC 316.
Comparison of Network Attacks COSC 356 Kyler Rhoades.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
The Internet Worm Compromising the availability and reliability of systems through security failure.
Viruses and Other Malicious Content
Internet Worms, SYN DOS attack
CSE551: Introduction to Information Security
Crisis and Aftermath Morris worm.
Presentation transcript:

Network Attacks Instructor: Dr. X

Outline Worms DoS

Worms What are they? What do they do?

Morris worm First worm ever: 1988 Robert Morris made it… project while he was a student at Cornell Now professor at MIT

November 2, pm: someone ran a program at a computer at MIT The program collected host, network, and user info and then spread to other machines running Sun 3, VAX, and some BSD variants... rinse and repeat Computers became multiply infected Systems became overloaded with processes Swap space became exhausted, and machines failed Wednesday night: UC Berkeley captures copy of program Around 6,000 machines (~10% of Internet) infected at cost of $10M-$100M

Morris Worm Attack Vector rsh: terminal client with network (IP) - based authentication fingerd: used gets call without bounds checking sendmail: DEBUG mode allows remote user to run commands lots of sendmail daemons running in DEBUG mode

Code Red Exploited a Microsoft IIS web-server buffer overflow Scans for vulnerabilities over random IP addresses Sometimes would deface the compromised website Initial outbreak on July 16th, 2001 version 1: contained bad randomness (fixed IPs searched) version 2: fixed the randomness, August 4 - Code Red II Different code base, same exploit Added local scanning (biased randomness to local IPs) Killed itself in October of 2001

Stuxnet First reported June 2010 Exploited unknown vulnerabilities Not one zero-day Not two zero-days Not three zero-days But four zero-days! print spooler bug handful of escalation-of-privilege vulnerabilities

Stuxnet Spread through infected USB drives - bypasses “air gaps” Worm actively targeted SCADA systems (i.e., industrial control systems)targeted SCADA looked for WINCC or PCS 7 SCADA management system attempted 0-day exploit also tried using default passwords apparently, specifically targeted Iran’s nuclear architecture

Stuxnet

Worms and infection The effectiveness of a worm is determined by how good it is at identifying vulnerable machines Multi-vector worms use lots of ways to infect: e.g., network, , drive by downloads, etc. Example scanning strategies: Random IP Signpost scanning Local scanning Permutation scanning

Worm Defense Strategies (Auto) patch your systems Heterogeneity: use more than one vendor for your networks IDS: provides filtering for known vulnerabilities

Denial of Service! What is DoS? Intentional prevention of access to valued resource CPU, memory, disk (system resources) DNS, print queues, NIS (services) Web server, database, media server (applications)

DDoS

DDoS is a data structure…

DDoS Saturate the target’s network with traffic Consume all network resources (e.g., SYN flooding) Overload a service with requests Use “expensive” requests (e.g., “sign this data”) Can be extremely costly

Botnet A botnet is a network of software robots (bots) run on zombie machines which are controlled by command and control networks IRCbots - command and control over IRC Bot master - owner/controller of network

DDoS in the news DoS attacks in the news - Hackers Target NASA with DDoS Attack, Claim to Shutdown Servers DDoS Attacks Cripple Swedish News Sites Amid Russia Tension Darkreading - Half Of Enterprises Worldwide Hit By DDoS Attacks (2014) Digital Attack Map Norse attack map Norse

DDoS

Classification continued

Example: Smurf Attack

Example: Slowloris

Demo: SYN Flood

Floods and their problems Flash crowd traffic What is the difference of a surge of traffic and DDoS flood?

Why DDoS? An axe to grind Curiosity (script kiddies) Blackmail / racketeering Information warfare Distraction

An easy fix?

DDoS Countermeasures

DDoS Reality None of the “protocol oriented” solutions have really seen any adoption: too many untrusting, ill-informed, mutually suspicious parties must play together Real Solution Large ISPs police their ingress/egress points very carefully Watch for DDoS attacks and filter appropriately Develop products that coordinate view from many vantage points in the network to identify upswings in traffic

Sources/Additional reading “Distributed Denial of Service: Taxonomies of Attacks, Tools and Countermeasures”, Stephen M. Specht, Ruby B. Lee

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.