Internet Threats Denial Of Service Attacks “The wonderful thing about the Internet is that you’re connected to everyone else. The terrible thing about.

Slides:



Advertisements
Similar presentations
Syn Flooding Sends TCP connections to a machine faster than it can process themSends TCP connections to a machine faster than it can process them Each.
Advertisements

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Cisco 2 - Routers Perrine. J Page 14/30/2015 Chapter 10 TCP/IP Protocol Suite The function of the TCP/IP protocol stack is to transfer information from.
Are you secured in the network ?: a quick look at the TCP/IP protocols Based on: A look back at “Security Problems in the TCP/IP Protocol Suite” by Steven.
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
Distributed Reflection Denial of Service Networking Talks for the Insufficiently Paranoid Based on:
The Latest In Denial Of Service Attacks: “Smurfing” Description and Information to Minimize Effects Craig A. Huegen Cisco Systems, Inc. NANOG 11 Interprovider.
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.
Intrusion Detection and Hackers Exploits IP Spoofing Attack Yousef Yahya & Ahmed Alkhamaisa Prepared for Arab Academy for Banking and Financial Sciences.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Network-Based Denial of Service Attacks Trends, Descriptions, and How to Protect Your Network Craig A. Huegen Cisco Systems, Inc. NANOG 12 Interprovider.
Defensive Measures for DDoS By Farhan Mirza. Contents Survey Topics Survey Topics Introduction Introduction Common Target of DoS Attacks Common Target.
Network-Based Denial of Service Attacks Trends, Descriptions, and How to Protect Your Network Craig A. Huegen Cisco Systems, Inc. NANOG Dearborn,
Firewalls and Intrusion Detection Systems
Computer Security and Penetration Testing
Computer Security and Penetration Testing
Lance West.  Just what is a Denial of Service (DoS) attack, and just how can it be used to attack a network.  A DoS attack involves exploiting operating.
Lecture 15 Denial of Service Attacks
DENIAL OF SERVICE ATTACK
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.
Internet Relay Chat Chandrea Dungy Derek Garrett #29.
Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.
Botnets An Introduction Into the World of Botnets Tyler Hudak
1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.
FIREWALL Mạng máy tính nâng cao-V1.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
Being an Intermediary for Another Attack Prepared By : Muhammad Majali Supervised By : Dr. Lo’ai Tawalbeh New York Institute of Technology (winter 2007)
ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.
Topics to be covered 1. What are bots,botnet ? 2.How does it work? 4.Prevention of botnet. 3.Types of botnets.
Forensic and Investigative Accounting Chapter 14 Internet Forensics Analysis: Profiling the Cybercriminal © 2005, CCH INCORPORATED 4025 W. Peterson Ave.
--Harish Reddy Vemula Distributed Denial of Service.
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Security News Source Courtesy:
Attacks On systems And Networks To understand how we can protect our system and network we need to know about what kind of attacks a hacker/cracker would.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
CHAPTER 3 Classes of Attack. INTRODUCTION Network attacks come from both inside and outside firewall. Kinds of attacks: 1. Denial-of-service 2. Information.
Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.
Distributed Denial of Service Attacks
NETWORK ATTACKS Dr. Andy Wu BCIS 4630 Fundamentals of IT Security.
Denial of Service Attacks
Chapter 7 Denial-of-Service Attacks Denial-of-Service (DoS) Attack The NIST Computer Security Incident Handling Guide defines a DoS attack as: “An action.
McLean HIGHER COMPUTER NETWORKING Lesson 13 Denial of Service Attacks Description of the denial of service attack: effect: disruption or denial of.
________________ CS3235, Nov 2002 (Distributed) Denial of Service Relatively new development. –Feb 2000 saw attacks on Yahoo, buy.com, ebay, Amazon, CNN.
CSE715 Presentation Project Fall 2004 by Michael Alexandrou and Rusty Coleman.
Advanced Packet Analysis and Troubleshooting Using Wireshark 23AF
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 25 November 16, 2004.
TCP Security Vulnerabilities Phil Cayton CSE
Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:
1 Distributed Denial of Service Attacks. Potential Damage of DDoS Attacks l The Problem: Massive distributed DoS attacks have the potential to severely.
DoS/DDoS attack and defense
Filtering Spoofed Packets Network Ingress Filtering (BCP 38) What are spoofed or forged packets? Why are they bad? How to keep them out.
SEMINAR ON IP SPOOFING. IP spoofing is the creation of IP packets using forged (spoofed) source IP address. In the April 1989, AT & T Bell a lab was among.
Network Security Threats KAMI VANIEA 18 JANUARY KAMI VANIEA 1.
1 Figure 4-11: Denial-of-Service (DoS) Attacks Introduction  Attack on availability  Act of vandalism Single-Message DoS Attacks  Crash a host with.
PREPARED BY : Harsh patel dhruv patel sreejit sundaram.
Network-Based Denial of Service Attacks Trends, Descriptions, and How to Protect Your Network Craig A. Huegen Cisco Systems, Inc. SANS ‘98 Conference -
Spoofing The False Digital Identity. What is Spoofing?  Spoofing is the action of making something look like something that it is not in order to gain.
Comparison of Network Attacks COSC 356 Kyler Rhoades.
Introduction to Information Security
Distributed Denial of Service Attacks
Outline Basics of network security Definitions Sample attacks
Filtering Spoofed Packets
Intro to Denial of Serice Attacks
Distributed Denial of Service Attacks
Intrusion Detection and Hackers Exploits IP Spoofing Attack
Distributed Denial of Service Attacks
Outline Basics of network security Definitions Sample attacks
Presentation transcript:

Internet Threats Denial Of Service Attacks

“The wonderful thing about the Internet is that you’re connected to everyone else. The terrible thing about the Internet is that you’re connected to everyone else.” Vint Cerf The Internet And Information Security

Denial Of Service Attack Specifics

Denial Of Service Problems Exploding in popularity –No skill required High juvenile ratio –High availability of menu-driven programs available, on multiple platforms Up and ruining in minutes Unix, NT, Win95, etc Programs available via the Internet within HOURS of the identified exploit –Often requires assistance across multiple ISPs Coordination efforts impossible at best

Denial Of Service Problems Tracing –Source is almost always hidden, or forged Need to trace in real time, router by router to find Bad_Guy –High packet rates Sometimes victims can’t use Internet to complain about or trace the attack –Group accounts or throw-away accounts used School Labs, piracy dialup, hacked systems

DOS Types “Revenge of the Nerds” SYN Floods Mail Bombs Smurf Attacks Many, many others

Syn Floods TCP Handshake required to set up communication –Send- HELLO! (TCP_SYN) –Recv- Yea, What? (TCP_SYN_ACK) –Send- Let’s Talk! (TCP_ACK) SYN Flood exploits Handshake –Bad_Guy sends TCP_SYN from forged source that doesn’t exist –Victim tries to send a TCP_SYN_ACK, but can’t find the source, so it queues the message –Message is queued for ~75 seconds –Bad-Guy fills up SYN Queue –Victim can’t communicate

DoS Packet Flow SYN Attack SYN packet from Bad_Guy Where do I send data? Bad_Guy Victim

Mail Bombs Large amounts of to victim –“FROM” address randomly created –Mail trail is often relayed through several relay systems Difficult to track origination One Word: SPAM –Explosion of tools available from Spamming organizations to make this point-and-click, and professionally difficult to trace

Smurf Attacks Most Recent Attack, also called a “Broadcast Ping Attack” Broadcast ping –Send a “broadcast_ping_request” to a network/subnet, and everyhost in that network/subnet replies with a “ping_reply” > ping is alive is alive is alive … is alive

Smurf Attacks Attack –Bad_Guy sends a “broadcast_ping_request”, that looks like it came from “Victim”, and sends it to “Innocent 3rd Party” –Every host on “Innocent 3rd Party”’s network/subnet sends a “broadcast_ping_reply” to the victim –Victim gets hit with a massive ping attack –Good_guy traces the Attack to the “Innocent 3rd Party” Compensators –Disable Broadcast Ping Replies on your routers “no ip directed broadcasts” –Deploy monitoring software –Call your ISP –Filter ICMP

Tools available to initiate attacks How they are being developed so quickly –Hackers are subscribing to “bug lists” used to discuss product bugs –Public Domain Testing software becoming widely available, being used maliciously –Template code to create TCP/IP Packets exist Their availability and dissemination –Ever try YAHOO? –IRC #DOS channel –Available within hours after bug is reported Professionally created, updated, etc

Impacts to ISPS –Bandwidth saturation Dos Attacks affect links that belong to ISPS Affects multiple customers –T1 backbone ISPs still exist! Hackers can do much damage on a 28.8 dialup T3 connected shell accounts in high demand –IRC #shells –Resources required to trace are intense Educating customer Tracing attack –Time sensitive issue

MCI’S DosTracker Reactive –Victim calls in for assistance –DoSTracker installed on Victim Border router (their connection to our Network) Proactive –DosTracker installed on Victim router, and “waits” for Attack to come in. Alerts when identified Not typically used, due to resource issues

MCI’S DoSTracker –DoSTracker watches packets going to Victim, and analyzes them for “DoS Characteristics” Forged source address Smurf Attack Large packet sources –DoSTracker traces identified DoS Packets router by router, interface by interface until it reaches an “edge” (customer or another network).

DoS Path Customer NET A NET B NET C

Migration of attacks What can we expect for future attacks? –Automation DoS Engines/Clients –Protocol exposures Streaming protocols –CUSeeMe, Multi-Cast, UseNet DNS –Reduction of detection capability Services being deployed much too quickly for security analysis, compensators and monitoring can be deployed and integrated. –We’ll always be one-two steps behind

Contact Dale Drew internetMCI Security Engineering 703/

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.