Network Security: DoS Attacks, Smurf Attack, & Worms

Slides:



Advertisements
Similar presentations
NETWORK SECURITY ADD ON NOTES MMD © Oct2012. IMPLEMENTATION Enable Passwords On Cisco Routers Via Enable Password And Enable Secret Access Control Lists.
Advertisements

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Computer Security and Penetration Testing
Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.
Computer Security Fundamentals by Chuck Easttom Chapter 5 Malware.
DDos Distributed Denial of Service Attacks by Mark Schuchter.
Denial of Service attacks. Types of DoS attacks Bandwidth consumption attackers have more bandwidth than victim, e.g T3 (45Mpbs) attacks T1 (1.544 Mbps).
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.
Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,
Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.
1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.
Week 8-1 Week 8: Denial of Service (DoS) What is Denial of Service Attack? –Any attack that causes a system to be unavailability. This is a violation of.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
Being an Intermediary for Another Attack Prepared By : Muhammad Majali Supervised By : Dr. Lo’ai Tawalbeh New York Institute of Technology (winter 2007)
Overview Network communications exposes one to many different types of risks: No protection of the privacy, integrity, or authenticity of messages Traffic.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.
--Harish Reddy Vemula Distributed Denial of Service.
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Security News Source Courtesy:
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
CHAPTER 3 Classes of Attack. INTRODUCTION Network attacks come from both inside and outside firewall. Kinds of attacks: 1. Denial-of-service 2. Information.
Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.
Lecture 22 Network Security CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Hesham El-Rewini.
Distributed Denial of Service Attacks
NETWORK ATTACKS Dr. Andy Wu BCIS 4630 Fundamentals of IT Security.
Denial of Service Attacks
Chapter 7 Denial-of-Service Attacks Denial-of-Service (DoS) Attack The NIST Computer Security Incident Handling Guide defines a DoS attack as: “An action.
Denial of Service DoS attacks try to deny legimate users access to services, networks, systems or to other resources. There are DoS tools available, thus.
________________ CS3235, Nov 2002 (Distributed) Denial of Service Relatively new development. –Feb 2000 saw attacks on Yahoo, buy.com, ebay, Amazon, CNN.
Denial of Service Attacks: Methods, Tools, and Defenses Prof. Mort Anvari Strayer University at Arlington.
Advanced Packet Analysis and Troubleshooting Using Wireshark 23AF
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 25 November 16, 2004.
1 Distributed Denial of Service Attacks. Potential Damage of DDoS Attacks l The Problem: Massive distributed DoS attacks have the potential to severely.
DoS/DDoS attack and defense
SEMINAR ON IP SPOOFING. IP spoofing is the creation of IP packets using forged (spoofed) source IP address. In the April 1989, AT & T Bell a lab was among.
Network Security Threats KAMI VANIEA 18 JANUARY KAMI VANIEA 1.
DOS Attacks Lyle YapDiangco COEN 150 5/21/04. Background DOS attacks have been around for decades Usually intentional and malicious Can cost a target.
Denial of Service A comparison of DoS schemes Kevin LaMantia COSC 316.
Denail of Service(Dos) Attacks & Distributed Denial of Service(DDos) Attacks Chun-Chung Chen.
Comparison of Network Attacks COSC 356 Kyler Rhoades.
An Introduction To ARP Spoofing & Other Attacks
Introduction to Information Security
Chapter4 Packet and Protocol.
Port Knocking Benjamin DiYanni.
DDoS Attacks on Financial Institutions Presentation
CITA 352 Chapter 5 Port Scanning.
Instructor Materials Chapter 7 Network Security
Distributed Denial of Service Attacks
Domain 4 – Communication and Network Security
Error and Control Messages in the Internet Protocol
Port Scanning (based on nmap tool)
Denial of Service (DoS) and Distributed Denial of Service (DDoS)
Network Security: DoS Attack, Smurf Attack, Botnets, Worms
CS4622 Team 4 Worms, DoS, and Smurf Attacks
Intro to Denial of Serice Attacks
A Distributed DoS in Action
Internet Worms, SYN DOS attack
Distributed Denial of Service Attacks
Lecture 2: Overview of TCP/IP protocol
Lecture 3: Secure Network Architecture
Red Team Exercise Part 3 Week 4
Types of Network Attacks
Distributed Denial of Service Attacks
Presentation transcript:

Network Security: DoS Attacks, Smurf Attack, & Worms Team 4 Jessica Waleski, Nicolas Keeton, Griffith Knoop, Richard Luthringshauser, & Samuel Rodriguez

DoS Attack What is a DoS Attack? DoS stands for Denial of Service. DoS attack is when an attacker prevents a user or computer from accessing a site or service by flooding the network with traffic. Common Tools for DoS Attacks: TFN & TFN2K Stacheldraht Popular & Common Attacks: SYN flood ICMP flood Smurf attack UDP flood Ping flood Ping of death (PoD)

DDoS Attack What is a DDoS Attack? DDoS stands for Distributed Denial of Service. It is a subclass of the DoS. DDoS attack is when a botnet (multiple connected devices that are usually connected through illicit means) is used to overwhelm a target host with fake traffic. Main Difference Between DoS and DDoS: DoS Attack - a single internet connection. DDoS Attack - multiple connected devices.

DoS & DDoS Attack - Weakness From the Attacker’s Point of View: Flood of packets must be sustained. When packets stop sending, the target system is backed up. Often used with another form of attack, such as: Disabling a connection in TCP hijacking Preventing authentication Administrators/owners realize their machine is infected, remove the issue, and stop the attack. Must be aware that each packet can be traced back to its source. For this reason, DDoS is the most common type of DoS attack.

Common Tools for DoS Attacks - TFN & TFN2K TFN stands for Tribal Flood Network and TFN2K stands for Tribal Flood Network 2000. Can not be used to perform a DDoS attack. TFN2K is a Newer Version of TFN: More difficult to detect than its predecessor. Can use a number of agents (other hosts) to coordinate an attack against one or more targets. TFN & TFN2K - Perform Various Attacks: UDP flood attacks ICMP flood attacks TCP SYN flood attacks

TFN2K - How It Works & Advantages TFN2K Works on Two Fronts: Command-driven client on the attacker’s system. A daemon process (runs as a background process and the user has no direct control) operating on an agent system. How It Works: Attacker instructs its agents to attack a list of designated targets. Agents respond by flooding the targets with a large amount of packets. Advantages: Attacker-to-agent communications are encrypted and can be mixed with decoy packets. The attack and attacker-to-agent communications can be be randomly sent via TCP, UDP, and ICMP packets. Attacker can falsify (spoof) its IP address.

Common Tools for DoS Attacks - Stacheldraht German for “barbed wire.” Combines features of the Trinoo DDoS tool with the source code from the TFN DoS attack tool. Advantages: Adds encryption of communication, like TFN2K. It also adds an automatic updating of the agents. Detects and automatically enables source address forgery. Performs Various Attacks: UDP flood ICMP flood TCP SYN flood Smurf attacks.

DoS Attack - SYN Flood What is SYN Flood Attack? SYN is short for synchronize. This attack is dependent on the knowledge of the attacker on how connections are made to a server. The Three-Way Handshake: Client sends a packet with the SYN flag set. Server gives resources for the client and then responds with the SYN and ACK flags set. Client responds with the ACK flag set.

DoS Attack - ICMP Flood: Smurf Attack A specific type of DDoS attack. How It Works: Attacker sends an ICMP echo request packet to the IP broadcast addresses of the targeted network. The protocol echoes the packet out to all hosts on that network. Each of the hosts receives a packet and send back an ICMP echo reply packet.

DoS Attack - ICMP Flood: UDP Flood UDP Flood Attack: An attacker will use the UDP (User Datagram Protocol) packets to overwhelm the targeted host. The targeted host: Determine what application is at that port. Finds no application waiting at that port. Reply back with an ICMP Destination Unreachable packet.

DoS Attack - ICMP Flood: Ping Flood Three Categories Based on the Target’s IP Address: Targeted local disclosed ping flood: targets a known IP address of the host. Router disclosed ping flood: targets a known internal IP address of a local router. Blind ping flood: targets a chosen IP address of the host from an external program. How It Works: Attacker sends continuous ICMP echo request packets Does not wait for replies Host attempts to reply back with the ICMP echo reply packets.

DoS Attack - Ping of Death (PoD) What is Ping of Death? An attacker sends an oversized ICMP packet to a targeted host, in order to shut it down. How It Works: Attacker sends ICMP packet (IPv4) of a size greater than 65,535 bytes. Internet Protocol RFC 791: maximum packet size of 65,535 bytes. The targeted host is overloaded and is shut down.

The First Computer Worm The Morris Internet Worm: Written by Robert Tappan Morris Jr, a student at Cornell University in 1988 from an MIT system. Intended for the worm to reveal bugs in programs The worm was used in order to spread, not to cause actual harm. However, due to bugs in the worm’s code, it allowed a machine to be infected many times over. Each additional infection created a new process in the infected system. At least 6,000 UNIX machines were infected. Led to the creation of the Computer Emergency Response Team (CERT).

Worms - Propagation Worms do not require direct human interaction to propagate, unlike a virus. Propagation (Two primary ways): Spreads through the network of the infected host. Copying itself onto any other hosts that the infected host has access to. Most efficient, but harder to program. Example: The ILOVEYOU worm Scan your email address book and emails a copy of itself to everyone in your address book. Easier to program, much more common.

Worms - Harmful Effects Negative Effects: Worms could: Potentially delete/modify files. Degrade your Internet connection and overall system performance. Open a backdoor for a malicious attacker to use Used to send spam or performing DoS attacks. Least harm: consume bandwidth via its growth.

Any Questions? ?

Works Cited McAfee. “What is a Computer Worm?” McAfee Blogs, McAfee, 17 Nov 2014, https://securingtomorrow.mcafee.com/consumer/identity-protection/what-is-worm/ “Denial of Service Attacks.” Computer Security Fundamentals, by Chuck Easttom, 2nd ed., Pearson, 2012, pp. 72–84. “Distributed Denial of Service Attacks.” Incapsula.com, Imperva, https://www.incapsula.com/ddos/denial-of-service.html “In Unix, What Is a Daemon?” Knowledge Base, Indiana University, 16 May 2017, kb.iu.edu/d/aiau. Kabachinski, Jeff. "Viruses, Worms, and Trojans." Biomedical Instrumentation & Technology, vol. 39, no. 1, Jan. 2005, pp. 46-48. EBSCOhost, proxy.kennesaw.edu/login?url=http://search.ebscohost.com/login.aspx?direct=true&db=mnh&AN=15742846&site=eds-live&scope=site

Works Cited Cont’d “Malware.” Computer Security Fundamentals, by Chuck Easttom, 2nd ed., Pearson, 2012, pp. 92–106. “Ping Flood (ICMP Flood).” Incapsula.com, Imperva, www.incapsula.com/ddos/attack-glossary/Ping-icmp-flood.html Ping of Death (PoD).” Incapsula.com, Imperva, https://www.incapsula.com/ddos/attack-glossary/ping-of-death.html “Smurf DDoS Attack.” Incapsula.com, Imperva, www.incapsula.com/ddos/attack-glossary/smurf-attack-ddos.html “TCP SYN Flood.” Incapsula.com, Imperva, www.incapsula.com/ddos/attack-glossary/syn-flood.html

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.