Defending Against Denial of Service Attacks Presented By: Jordan Deveroux 1.

Slides:



Advertisements
Similar presentations
Advanced Piloting Cruise Plot.
Advertisements

Chapter 1 The Study of Body Function Image PowerPoint
Network Monitoring System In CSTNET Long Chun China Science & Technology Network.
High Performance Research Network. Development Lab. / Supercomputing Center 1 Design of the Detection and Response System against DDoS attacks Yoonjoo.
Security Issues In Mobile IP
(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
FACTORING ax2 + bx + c Think “unfoil” Work down, Show all steps.
Year 6 mental test 5 second questions
Chapter 1: Introduction to Scaling Networks
EU Market Situation for Eggs and Poultry Management Committee 21 June 2012.
MOBILE DATA CHARGING: NEW ATTACKS AND COUNTERMEASURES Chunyi Peng,
Countering DoS Attacks with Stateless Multipath Overlays Presented by Yan Zhang.
IP Multicast Information management 2 Groep T Leuven – Information department 2/14 Agenda •Why IP Multicast ? •Multicast fundamentals •Intradomain.
VOORBLAD.
Factor P 16 8(8-5ab) 4(d² + 4) 3rs(2r – s) 15cd(1 + 2cd) 8(4a² + 3b²)
1..
© 2012 National Heart Foundation of Australia. Slide 2.
Understanding Generalist Practice, 5e, Kirst-Ashman/Hull
RED-PD: RED with Preferential Dropping Ratul Mahajan Sally Floyd David Wetherall.
06-Sep-2006Copyright (C) 2006 Internet Initiative Japan Inc.1 Prevent DoS using IP source address spoofing MATSUZAKI ‘maz’ Yoshinobu.
25 seconds left…...
Detecting Spam Zombies by Monitoring Outgoing Messages Zhenhai Duan Department of Computer Science Florida State University.
H to shape fully developed personality to shape fully developed personality for successful application in life for successful.
Januar MDMDFSSMDMDFSSS
We will resume in: 25 Minutes.
©Brooks/Cole, 2001 Chapter 12 Derived Types-- Enumerated, Structure and Union.
Intracellular Compartments and Transport
PSSA Preparation.
Essential Cell Biology
Overview of Distributed Denial of Service (DDoS) Wei Zhou.
Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 7: Denial-of-Service Attacks.
Defending Against Flooding Based DoS Attacks : A tutorial - Rocky K.C. Chang, The Hong Kong Polytechnic University Presented by – Ashish Samant.
Lecture 15 Denial of Service Attacks
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.
An Overview Zhang Fu Outline What is DDoS ? How it can be done? Different types of DDoS attacks. Reactive VS Proactive Defence.
Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
Distributed Denial of Service CRyptography Applications Bistro Presented by Lingxuan Hu April 15, 2004.
Denial of Service (DoS) Attacks in Green Mobile Ad–hoc Networks Ashok M.Kanthe*, Dina Simunic**and Marijan Djurek*** MIPRO 2012, May 21-25,2012, Opatija,
Denial of Service Bryan Oemler Web Enhanced Information Management March 22 nd, 2011.
Denial-of-Service Attacks Justin Steele Definition “A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate.
--Harish Reddy Vemula Distributed Denial of Service.
1 Countering DoS Through Filtering Omar Bashir Communications Enabling Technologies
Group 8 Distributed Denial of Service. DoS SYN Flood DDoS Proposed Algorithm Group 8 What is Denial of Service? “Attack in which the primary goal is to.
Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.
1 SOS: Secure Overlay Services A. D. Keromytis V. Misra D. Runbenstein Columbia University.
Lecture 20 Page 1 Advanced Network Security Basic Approaches to DDoS Defense Advanced Network Security Peter Reiher August, 2014.
Chapter 7 Denial-of-Service Attacks Denial-of-Service (DoS) Attack The NIST Computer Security Incident Handling Guide defines a DoS attack as: “An action.
McLean HIGHER COMPUTER NETWORKING Lesson 13 Denial of Service Attacks Description of the denial of service attack: effect: disruption or denial of.
DoS/DDoS attack and defense
DDoS Defense: Utilizing P2P architecture By Joshua Aslan Smith.
By Steve Shenfield COSC 480.  Definition  Incidents  Damages  Defense Mechanisms Firewalls/Switches/Routers Routing Techniques (Blackholing/Sinkholing)
Denial of Service A comparison of DoS schemes Kevin LaMantia COSC 316.
Denial-of-Service Attacks
Authors – Johannes Krupp, Michael Backes, and Christian Rossow(2016)
Defending Against DDoS
Defending Against DDoS
DDoS Attack and Its Defense
Presentation transcript:

Defending Against Denial of Service Attacks Presented By: Jordan Deveroux 1

I.What are Denial of Service Attacks and what makes the internet vulnerable to them? II.How do these attacks occur? III.How do we defend against such attacks? IV.What are the ethical implications of Denial of Service Attacks and their effect on our society ? 2 Outline

 Denial of Service (Dos)- An attack that is trying to deny access by legitimate users to shared resources or services  Distributed Denial of Service (DDoS)- A denial of service attack where the traffic comes from multiple sources 3 Denial of Service Attacks

4 Attacker Victim Zombies

5 Malicious Payload is Installed Communication takes place on IRC channels Software contains a flooding mechanism Software can be updated by attacker

 IP Spoofing- creating an IP packet with false information, often a false address.  Multipath routing makes packet tracing difficult  No centralized Internet authority 6 Internet Vulnerabilities

I.What are Denial of Service Attacks and what makes the internet vulnerable to them? II.How do these attacks occur? III.How do we defend against such attacks? IV.What are the ethical implications of Denial of Service Attacks and their effect on our society ? 7 Outline

1.Consumes a host’s resources  CPU  Memory 2.Consumes network bandwidth  Legitimate traffic is unable to go through Attack Power- level of resources consumed at the victim by the attack 8 What does DoS Attack?

 Protocol-Based  Application-Based  Distributed Reflector  Infrastructure Attacks 9 Categories of Bandwidth Attacks

10 Protocol-Based: SYN Flood

Protocol-Based: ICMP Flood 11

Application-Based: HTTP Flood 12  Attacking web servers with many http requests  Used in DDoS because it requires a genuine IP  Multiple ways to flood using this method

13 Application Based: SIP FLOOD  VOIP Attack  Flood proxy servers with many invite packets  Affects not only proxy servers but legitimate callers

14 Distributed Reflector Attacks

 Disable Critical components of the Internet  Significant Attack power is required to successfully execute an infrastructure attack  These types of attacks are why we need a globally-cooperative defense effort 15 Infrastructure Attacks

I.What are Denial of Service Attacks and what makes the internet vulnerable to them? II.How do these attacks occur? III.How do we defend against such attacks? IV.What are the ethical implications of Denial of Service Attacks and their effect on our society ? 16 Outline

 Attack Prevention  Attack Detection  Attack Source Identification  Attack Reaction 17 Four Categories of Defense

18 Attack Prevention: Ingress/Egress Filtering

 Router Based Packet Filtering  Possible if Tier 1 ISPs are involved  SAVE Protocol  Needs to be universally deployed These Techniques prevent IP spoofing and filter traffic before it reaches the target, but need wide adoption to be effective 19 Other Attack Prevention Techniques

 Easy to detect  Differentiate between flash crowds and DoS attack  Rely on certain assumptions Attack Detection Techniques:  DoS-attack-specific  Anomaly-based 20 Attack Detection Techniques

21 Dos-Specific  MULTOPS  SYN Detection  Kolmogorov Test  Spectral Analysis  Time Series Analysis Anomaly-Based  Need to build a normal profile  Block irregular traffic  Difficult to determine all normal traffic  Lightweight Intrusion Detection System (LISYS) The only way to detect a DDoS effectively and early is to monitor features attackers can’t change or are really difficult to change, (e.g. : Percent of new IP’s)

 Tracking IP traffic is difficult to do  Active IP traceback technique  Probabilistic traceback technique  Hash-Based IP traceback 22 Attack Source Identification

23 Attack Reaction Techniques

 Bottleneck Resource Management  Fix Software-Based Vulnerabilities  History-Based IP Filtering  Intermediate Network Reaction  Harder to track the greater the distance  Controller-Agent Scheme  Source End Reaction  D-WARD 24 Attack Reaction Techniques

 Most of these are DoS defense  Limited progress made on DDoS  Attacker resources often surpass victim’s resources  Defenses are limited due to lack of central control of the internet  We need to increase the reliability of global network infrastructure  Most effective is to block attack close to source 25 Conclusion on Defense Techniques

I.What are Denial of Service Attacks and what makes the internet vulnerable to them? II.How do these attacks occur? III.How do we defend against such attacks? IV.What are the ethical implications of Denial of Service Attacks and their effect on our society ? 26 Outline

 Security knowledge of users is decreasing while attacks are becoming more and more sophisticated  In 1988, 6 attacks were reported  In 2003, 137, 529 attacks were reported  CSI/FBI survey shows on average 35% percent who participate suffered DoS attacks  Vulnerabilities have increased to 35x the number reported in 1995  Only 4 out of 1127 customer-based system attacks used spoofed addresses in Growth of DoS and DDoS attacks

 Implementing defense schemes are expensive  Lack of economic incentive  Personal users  Internet Service Providers  Don’t want to spend money to protect someone else’s network 28 What’s taking so long?

29  “Code Red” Worm (2001)  300,000 zombie army to launch DoS against White House website  Distributed Reflector Attack (2002)  Brought down  Internet DNS Root Servers (2002)  SYN Flood and ICMP Flood  All 13 DNS root servers were attacked at the same time  Total Attack Volume: 900 Mb/s  Most queries answered but some parts of internet experienced congestion or were unreachable  Blaster Worm (2003)  Exploited vulnerability in RPC  SYN Flood against windowsupdate.com

 These attacks can have lasting effects, including monetary damages  Used as a political statement  Wikileaks fiasco (2010)  Operation : Payback  Mastercard, PostFinance, Paypal 30 Ethics

 Survery of Network Based Defense Mechanisms Countering the DoS and DDoS Problems (Peng, Leckie, Ramamohanarao)   31 References

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.