Distributed Denial of Service Attacks

Slides:



Advertisements
Similar presentations
Module VIII Denial Of Service
Advertisements

A Brief History of Distributed Denial of Service Attacks Uniforum Chicago August 22, 2000 Viki Navratilova Security Architect, BlueMeteor, Inc.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Internet Threats Denial Of Service Attacks “The wonderful thing about the Internet is that you’re connected to everyone else. The terrible thing about.
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Distributed Denial-of-Services (DDoS) Ho Jeong AN CSE 525 – Adv. Networking Reading Group #8.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Network-Based Denial of Service Attacks Trends, Descriptions, and How to Protect Your Network Craig A. Huegen Cisco Systems, Inc. NANOG 12 Interprovider.
Firewalls and Intrusion Detection Systems
Computer Security and Penetration Testing
An Introduction to DDoS And the “Trinoo” Attack Tool Prepared by Ray Lam, Ivan Wong July 10, 2003.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Defending Against Flooding Based DoS Attacks : A tutorial - Rocky K.C. Chang, The Hong Kong Polytechnic University Presented by – Ashish Samant.
DDos Distributed Denial of Service Attacks by Mark Schuchter.
Chapter 9 Phase 3: Denial-of-Service Attacks. Fig 9.1 Denial-of-Service attack categories.
Denial of Service attacks. Types of DoS attacks Bandwidth consumption attackers have more bandwidth than victim, e.g T3 (45Mpbs) attacks T1 (1.544 Mbps).
Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,
Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.
1 Figure 5-4: Drivers of Performance Requirements: Traffic Volume and Complexity of Filtering Performance Requirements Traffic Volume (Packets per Second)
1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.
Week 8-1 Week 8: Denial of Service (DoS) What is Denial of Service Attack? –Any attack that causes a system to be unavailability. This is a violation of.
FIREWALL Mạng máy tính nâng cao-V1.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
Being an Intermediary for Another Attack Prepared By : Muhammad Majali Supervised By : Dr. Lo’ai Tawalbeh New York Institute of Technology (winter 2007)
Overview Network communications exposes one to many different types of risks: No protection of the privacy, integrity, or authenticity of messages Traffic.
--Harish Reddy Vemula Distributed Denial of Service.
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Security News Source Courtesy:
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Security Issues in Control, Management and Routing Protocols M.Baltatu, A.Lioy, F.Maino, D.Mazzocchi Computer and Network Security Group Politecnico di.
Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.
Lecture 22 Network Security CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Hesham El-Rewini.
Distributed Denial of Service Attacks
Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.
NETWORK ATTACKS Dr. Andy Wu BCIS 4630 Fundamentals of IT Security.
Denial of Service Attacks Dr. John R. Durrett ISQS 6342 Spring 2003 Dipen Joshi.
Denial of Service Attacks
Denial of Service DoS attacks try to deny legimate users access to services, networks, systems or to other resources. There are DoS tools available, thus.
1 Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise your system.
________________ CS3235, Nov 2002 (Distributed) Denial of Service Relatively new development. –Feb 2000 saw attacks on Yahoo, buy.com, ebay, Amazon, CNN.
CSE715 Presentation Project Fall 2004 by Michael Alexandrou and Rusty Coleman.
Denial of Service Attacks: Methods, Tools, and Defenses Prof. Mort Anvari Strayer University at Arlington.
NT SECURITY: HACKING AND HOW TO PREVENT IT BY GREG WATSON.
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 25 November 16, 2004.
1 Distributed Denial of Service Attacks. Potential Damage of DDoS Attacks l The Problem: Massive distributed DoS attacks have the potential to severely.
DoS/DDoS attack and defense
High Performance Research Network Dept. / Supercomputing Center 1 DDoS Detection and Response System NetWRAP : Running on KREONET Yoonjoo Kwon
1 Figure 4-11: Denial-of-Service (DoS) Attacks Introduction  Attack on availability  Act of vandalism Single-Message DoS Attacks  Crash a host with.
Data Security in Local Network Using Distributed Firewall Presented By- Rahul N.Bais Guide Prof. Vinod Nayyar H.O.D Prof.Anup Gade.
Denial of Service Attacks and Countermeasures Analysis Dang Nguyen Duc School of Engineering ( )
Comparison of Network Attacks COSC 356 Kyler Rhoades.
Presentation on ip spoofing BY
Working at a Small-to-Medium Business or ISP – Chapter 8
Attacks and Malicious Code
A Real and Rising Concern
Distributed Denial of Service Attacks
Error and Control Messages in the Internet Protocol
Defending Against DDoS
Network Attacks Dylan Small.
Denial of Service (DoS) and Distributed Denial of Service (DDoS)
Network Security: DoS Attacks, Smurf Attack, & Worms
CS4622 Team 4 Worms, DoS, and Smurf Attacks
سمینار آموزشی امنیت شبکه
DDoS Attack and Its Defense
Internet Security by Alan S H Lam 2019/4/9.
was not invented by Al Gore…
Distributed Denial of Service Attacks
Session 20 INST 346 Technologies, Infrastructure and Architecture
Presentation transcript:

Distributed Denial of Service Attacks

Potential Damage of DDoS Attacks The Problem: Massive distributed DoS attacks have the potential to severely decrease backbone availability and can virtually detach a network from the Internet.

Motives for DDoS Attacks Cyber warfare: Prevent information exchange A means to blackmail a company or even country and cause image and money loss Youthful mischief and desire to feel the power “to rule the world“ Proof of technical excellence to “the world“ and oneself Outbreak of worms from Internet security research ;-) ??

What Are DDoS Tools? Clog victim’s network. Use many sources (“daemons”) for attacking traffic. Use “master” machines to control the daemon attackers. At least 4 different versions in use: TFN, TFN2K, Trinoo, Stacheldraht.

How They Work Daemon Master Daemon Daemon Daemon Daemon Real Attacker Victim

How They Talk Trinoo: attacker uses TCP; masters and daemons use UDP; password authentication TFN(Tribe Flood Network): attacker uses shell to invoke master; masters and daemons use ICMP ECHOREPLY, TCP SYN flood, ICMP Broadcast (smurf) Stacheldraht: attacker uses encrypted TCP connection to master; masters and daemons use TCP and ICMP ECHO REPLY; rcp used for auto-update and generation

Deploying DDOS Attackers seem to use standard, well-known holes (i.e., rpc.ttdbserver, amd, rpc.cmsd, rpc.mountd, rpc.statd). attacks on flaws of remote buffer overflows They appear to have “auto-hack” tools – point, click, and invade. Lesson: practice good computer hygiene.

Detecting DDOS Tools Most current IDS’s detect the current generation of tools. They work by looking for DDoS control messages. Naturally, these will change over time; in particular, more such messages will be properly encrypted. (A hacker PKI?)

What Can ISPs Do? Deploy source address anti-spoof filters (very important!). Turn off directed broadcasts. Develop security relationships with neighbor ISPs. Set up mechanism for handling customer security complaints. Develop traffic volume monitoring techniques.

Traffic Volume Monitoring – an example Look for too much traffic to a particular destination. Learn to look for traffic to that destination at your border routers (access routers, peers, exchange points, etc.). Can we automate the tools – too many queue drops on an access router will trigger source detection?

References http://www.cert.org/reports/dsit_workshop.pdf Dave Dittrich’s analyses: http://staff.washington.edu/dittrich/misc/trinoo.analysis http://staff.washington.edu/dittrich/misc/tfn.analysis http://staff.washington.edu/dittrich/misc/stacheldraht.analysis Scanning tool: http://www.fbi.gov/nipc/trinoo.htm

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.