Denial of Service By: Samarth Shah and Navin Soni

Contents Introduction Symptoms Method of Attacks Prevention and Response Side-effects Downfall Conclusion

Introduction Denial-of-service (DoS) attack aims at disrupting the authorized use of networks, systems, or applications by sending messages which exhaust service providers resources Distributed denial-of-service (DDoS) attacks employ multiple compromised computers to perform a coordinated and widely distributed DoS attack Victims service-providers legitimate service-seekers

WHO?? Their Motives Who Highly proficient attackers who are rarely identified or caught The motive Earlier attacks were proofs of concepts or simple pranks Pseudo-supremacy feeling upon denying services in large scale to normal people DoS attacks on Internet chat channel moderators Political disagreements Competitive edge

Victim Daemon Master Real Attacker

Symptoms Unusually slow network performance. Unavailability of a particular web site. Inability to access any web site. Dramatic increase in the number of spam s received. Also lead to problems in the network 'branches' around the actual computer being attacked.

Methods of attack The five basic types of attack are: – Consumption of computational resources. – Disruption of configuration information. – Disruption of state information. – Disruption of physical network components. – Obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.

Classification of DoS Attacks AttackAffected AreaExampleDescription Network Level DeviceRouters, IP Switches, FirewallsAscend Kill II, Christmas Tree Packets Attack attempts to exhaust hardware resources using multiple duplicate packets or a software bug. OS LevelEquipment Vendor OS, End-User Equipment. Ping of Death, Teardrop Attack takes advantage of the way operating systems implement protocols. Application Level AttacksFinger Bomb Attack a service or machine by using an application attack to exhaust resources. Data Flood (Amplification, Oscillation, Simple Flooding) Host computer or networkSmurf Attack (amplifier attack)Attack in which massive quantities of data are sent to a target with the intention of using up bandwidth/processing resources. Protocol Feature AttacksServers, Client PC, DNS ServersSYN (connection depletion)Attack in which bugs in protocol are utilized to take down network resources. Methods of attack include: IP address spoofing, and corrupting DNS server cache.

Methods of Attack Peer to Peer Attack Permanent Denial of Service Nuke Degradation of Service attack

Countermeasures AttackCountermeasure Options ExampleDescription Network Level DeviceSoftware patches, packet filtering Ingress and Egress FilteringSoftware upgrades can fix known bugs and packet filtering can prevent attacking traffic from entering a network. OS LevelSYN Cookies, drop backlog connections, shorten timeout time SYN CookiesShortening the backlog time and dropping backlog connections will free up resources. SYN cookies proactively prevent attacks. Application Level AttacksIntrusion Detection SystemGuardDog, other vendorsSoftware used to detect illicit activity. Data Flood (Amplification, Oscillation, Simple Flooding) Replication and Load BalancingAkami/Digital Island provide content distribution. Extend the volume of content under attack makes it more complicated and harder for attackers to identify services to attack and accomplish complete attacks. Protocol Feature AttacksExtend protocols to support security. ITEF standard for itrace, DNSSECTrace source/destination packets by a means other than the IP address (blocks against IP address spoofing). DNSSEC would provide authorization and authentication on DNS information.

Prevention and Response Firewalls Switches Routers Application front end hardware IPS based prevention Blackholing Sinkholing Clean Pipes

Side-Effects Backscatter is a side-effect of a spoofed denial of service attack. The attacker spoofs the source address in IP packets sent to the victim. Response packets are known as backscatter. The backscatter response packets from the victim will be sent back to random destinations. This effect can be used by network telescopes as indirect evidence of such attacks.

Downfalls DoS attacks are unable to attack large bandwidth websites. New distributed server architecture makes it harder for one DoS to take down an entire site. New software protections neutralize existing DoS attacks quickly. Service Providers know how to prevent these attacks from effecting their networks. Old Internet Technology.

Conclusion Attack techniques continue to advance and the number of software vulnerabilities continues to increase. Service providers and vendors are quickly adapting to the new landscape. Prevention is always the best measure. Regular scanning and auditing will prevent configuration errors from exposing infrastructure to known attacks. Preparation is the key for service providers to mitigate attacks as they happen.

THANK YOU