Slides mostly by Sherif Khattab 1 Denial-of-Service [Gligor, 84] ``A group of otherwise-authorized users of a specific service is said to deny service.

Slides:

Advertisements

Similar presentations

Denial of Service By: Samarth Shah and Navin Soni.

Advertisements

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

CIS 459/659 – Introduction to Network Security – Spring 2005 – Class 13 – 4/5/05 1 D-WARD 1  Goal: detect attacks, reduce the attack traffic, recognize.

Defending against Large-Scale Distributed Denial-of-Service Attacks Department of Electrical and Computer Engineering Advanced Research in Information.

Overview of Distributed Denial of Service (DDoS) Wei Zhou.

Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Defensive Measures for DDoS By Farhan Mirza. Contents Survey Topics Survey Topics Introduction Introduction Common Target of DoS Attacks Common Target.

Computer Security and Penetration Testing

Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.

1 Controlling High Bandwidth Aggregates in the Network.

1 Network Security Derived from original slides by Henric Johnson Blekinge Institute of Technology, Sweden From the book by William Stallings.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

1 CCNA 2 v3.1 Module Intermediate TCP/IP CCNA 2 Module 10.

Web server security Dr Jim Briggs WEBP security1.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 7: Denial-of-Service Attacks.

Kill-Bots: Surviving DDoS Attacks That Mimic Legitimate Browsing Srikanth Kandula Dina Katabi, Matthias Jacob, and Arthur Berger.

WXES2106 Network Technology Semester /2005 Chapter 8 Intermediate TCP CCNA2: Module 10.

Lecture 15 Denial of Service Attacks

DENIAL OF SERVICE ATTACK

Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.

Evil DDos Attacks and Strong Defenses Group 6: Yisi Lu, YuanTong Lu, Hao Wu, YuChen Liu, Hua Li.

An Overview Zhang Fu Outline What is DDoS ? How it can be done? Different types of DDoS attacks. Reactive VS Proactive Defence.

DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.

PacNOG 6: Nadi, Fiji Dealing with DDoS Attacks Hervey Allen Network Startup Resource Center.

Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.

Review of IP traceback Ming-Hour Yang The Department of Information & Computer Engineering Chung Yuan Christian University

APA of Isfahan University of Technology In the name of God.

1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.

1 Semester 2 Module 10 Intermediate TCP/IP Yuda college of business James Chen

October 15, 2002Serguei A. Mokhov, 1 Intro to Internet-services from Security Standpoint SOEN321-Information-Systems Security Revision.

Distributed Denial of Service CRyptography Applications Bistro Presented by Lingxuan Hu April 15, 2004.

CS 640: Introduction to Computer Networks Aditya Akella Lecture 25 – Network Security.

Final Introduction ---- Web Security, DDoS, others

Source-End Defense System against DDoS attacks Fu-Yuan Lee, Shiuhpyng Shieh, Jui-Ting Shieh and Sheng Hsuan Wang Distributed System and Network Security.

--Harish Reddy Vemula Distributed Denial of Service.

A System for Denial-of- Service Attack Detection Based on Multivariate Correlation Analysis.

GORAN OSIM AND TIM MYERS CPSC 424 DDOS AND THE SYSADMIN.

Portcullis: Protecting Connection Setup from Denial-of-Capability Attacks Paper by: Bryan Parno et al. (CMU) Presented by: Ionut Trestian Gergely Biczók.

Group 8 Distributed Denial of Service. DoS SYN Flood DDoS Proposed Algorithm Group 8 What is Denial of Service? “Attack in which the primary goal is to.

McLean HIGHER COMPUTER NETWORKING Lesson 14 Firewalls & Filtering Comparison of Internet content filtering methods: firewalls, Internet filtering.

Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.

1 SOS: Secure Overlay Services A. D. Keromytis V. Misra D. Runbenstein Columbia University.

Packet-Marking Scheme for DDoS Attack Prevention

Lecture 20 Page 1 Advanced Network Security Basic Approaches to DDoS Defense Advanced Network Security Peter Reiher August, 2014.

Denial of Service Attack 발표자 : 전지훈. What is Denial of Service Attack?  Denial of Service Attack = DoS Attack  Service attacks on a Web server floods.

Chapter 7 Denial-of-Service Attacks Denial-of-Service (DoS) Attack The NIST Computer Security Incident Handling Guide defines a DoS attack as: “An action.

McLean HIGHER COMPUTER NETWORKING Lesson 13 Denial of Service Attacks Description of the denial of service attack: effect: disruption or denial of.

________________ CS3235, Nov 2002 (Distributed) Denial of Service Relatively new development. –Feb 2000 saw attacks on Yahoo, buy.com, ebay, Amazon, CNN.

Slide Background Graphics by Paul Sagona. Overview Introduction Related Work Proposed Approach Experiment Results Conclusion.

Chapter 7 Denial-of-Service Attacks 7.1. Tấn công từ chối dịch vụ 7.1. Tấn công từ chối dịch vụ Bản chất của tấn công từ chối dịch vụ Bản chất của tấn.

DoS/DDoS attack and defense

Firewalls. Intro to Firewalls Basically a firewall is a barrier to keep destructive forces away from your computer network.

Roaming Honeypots for Mitigating Service-level Denial-of-Service Attacks Sherif M. Khattab, Chatree Sangpachatanaruk, Daniel Mosse, Rami Melhem, Taieb.

1 Roaming Honeypots for Mitigating Service-Level Denial-of-Service Attacks Written by: Sherif M. Khattab Chatree Sangpachatanarukz Daniel Mossé Rami Melhem.

© 2002, Cisco Systems, Inc. All rights reserved..

DOS Attacks Lyle YapDiangco COEN 150 5/21/04. Background DOS attacks have been around for decades Usually intentional and malicious Can cost a target.

Denial of Service A comparison of DoS schemes Kevin LaMantia COSC 316.

Denial-of-Service Attacks

DDoS Attacks on Financial Institutions Presentation

Mohammad Malli Chadi Barakat, Walid Dabbous Alcatel meeting

I. Basic Network Concepts

Presentation transcript:

Slides mostly by Sherif Khattab 1 Denial-of-Service [Gligor, 84] ``A group of otherwise-authorized users of a specific service is said to deny service to another group of otherwise-authorized users if the former group makes the specified service unavailable to the latter group for a period of time which exceeds the intended (and advertised) waiting time”

Slides mostly by Sherif Khattab 2 DoS Attacks DoS attacks aim at reducing legitimate utilization of network and/or server resources through:  resource destruction (exploit bugs in the OS)  resource exhaustion vulnerability exploitation (e.g., SYN attack) brute-force flooding  Network-level (e.g., lots of packets as in UDP floods)  Service-level (e.g., flash crowds)

Slides mostly by Sherif Khattab 3 Service-level DoS A large number of attack hosts request service from the victim server at a high rate. For instance,  download files from an FTP server, or  get web pages from an WWW server

Slides mostly by Sherif Khattab 4 Front-ends Front-ends form a tree with the back-ends as its logical root.

Slides mostly by Sherif Khattab 5 Front-ends (contd.) Tree level of each front-end depends on its attack tolerance Front-ends can be the bottleneck that gets attacked. It usually can withstand a good amount of attack traffic. To join the network (or reconfigure), a front- end performs:  Parent registration  Address registration

Slides mostly by Sherif Khattab 6 DoS Attacks (1/4) They also consume server resources, such as interrupt processing capacity, operating system structures, processing time, etc. Legitimate packets consume network resources, such as router buffers and link capacity Legitimate Client Server Router

DoS Attacks (2/4) Network-level DoS attacks flood network resources Service-level DoS attacks exploit vulnerabilities to crash servers Service-level DoS attacks flood server resources, so that legitimate clients’ packets will be dropped… 7 Slides mostly by Sherif Khattab

8 Our Focus: Service-level Flooding DoS DoS Attacks Resource Destruction Resource Exhaustion Brute-force Flooding Service- level Network- level Vulnerabilit y Exploitation

Slides mostly by Sherif Khattab 9 The DoS Problem Distinguish attack packets/requests from legitimate packets/requests  quickly  accurately (low false positives and false negatives) and  efficiently (small overhead) Primary metrics  Legitimate Response Time  Legitimate Throughput

Slides mostly by Sherif Khattab 10 DoS Prevention Puzzles  Attackers forced to exert some ``effort’’  Bandwidth [Walfish et al, 2005]  Crypto [Juels and Brainard, 99]; [Wang and Reiter 03]  Network-level [Feng, 2003]  CAPTCHA [Morein et al, 2003] Ticket-based systems  [Gligor, 2003] But,  not effective against determined attackers  restricted to services with human users DoS Defense PreventionMitigation Detection/ Recovery

Slides mostly by Sherif Khattab 11 DDoS Shield  [Ranjan et al, 2006] Recovery  Capability-based systems e.g., [Yang et al, 2005]  Server relocation [Khattab et al, 2003]; [Stavrou et al, 2005] But,  hard to detect service-level DoS  high overhead Detection and Recovery DoS Defense PreventionMitigation Detection/ Recovery

Slides mostly by Sherif Khattab 12 Mitigation Sustain service under attack Replication  Anycast Routing Overlay-based  SOS [Keromytis et al, 2002] But,  high overhead  private services DoS Defense PreventionMitigation Detection/ Recovery

Slides mostly by Sherif Khattab 13 PreventionDetection/ Recovery Mitigation Network-level Network-level puzzles PacketScore; RED-PD; Heavy-hitter detection; DCAP; Pushback; MOVE; Capabilities; IP Hopping Replication; Overlay-based Service-level Application-level puzzles; Reservation- based Schemes DDoS Shield; Shadow Honeypots; Kill-Bots Replication State-of-the-art

Slides mostly by Sherif Khattab 14 Honeypots [Spitzner][Provos] Honeypots are:  decoy resources to trap attackers  useful in detecting worm-infected hosts However, honeypots are  at fixed locations  separate from real servers DoS Attackers can evade honeypots

Slides mostly by Sherif Khattab 15 Roaming Honeypots [Khattab] In roaming honeypots, the locations of honeypots are:  continuously changing  unpredictable to non-compliant attackers  disguised within servers

Slides mostly by Sherif Khattab 16 Unique, un-spoofable user identifier (dealing with proxy servers is an open problem) Main Assumption Proxy Server

Slides mostly by Sherif Khattab 17 Firewall? Packet Filtering in firewalls White-list: allow packets from certain users/Ips. Not Scalable, because list grows with number of users Black list: do not allow certain IPs or users. More Scalable: # attackers << # users