Overview of Distributed Denial of Service (DDoS) Wei Zhou.

Slides:



Advertisements
Similar presentations
Quiz 1 Posted on DEN 8 multiple-choice questions
Advertisements

Denial of Service, Firewalls, and Intrusion Detection
CIS 459/659 – Introduction to Network Security – Spring 2005 – Class 13 – 4/5/05 1 D-WARD 1  Goal: detect attacks, reduce the attack traffic, recognize.
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
Defending against Large-Scale Distributed Denial-of-Service Attacks Department of Electrical and Computer Engineering Advanced Research in Information.
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Defensive Measures for DDoS By Farhan Mirza. Contents Survey Topics Survey Topics Introduction Introduction Common Target of DoS Attacks Common Target.
You should worry if you are below this point.  Your projected and optimistically projected grades should be in the grade center soon o Projected:  Your.
2005 Stanford Computer Systems Lab Flow Cookies Bandwidth Amplification as Flooding Defense Martin Casado, Pei Cao Niels Provos.
15-441: Computer Networking Lecture 26: Networking Future.
1 SOS: Secure Overlay Services Angelos Keromytis, Dept. of Computer Science Vishal Misra, Dept. of Computer Science Dan Rubenstein, Dept. of Electrical.
Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.
1 Controlling High Bandwidth Aggregates in the Network.
PSMC Proxy Server-based Multipath Connection CS 526 Advanced Networking - Richard White.
DFence: Transparent Network-based Denial of Service Mitigation CSC7221 Advanced Topics in Internet Technology Presented by To Siu Sang Eric ( )
“A Taxonomy of DDoS Attack and DDoS Defense Mechanisms”
Introduction. Overview of Pushback. Architecture of router. Pushback mechanism. Conclusion. Pushback: Remedy for DDoS attack.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
DDoS Attack Prevention by Rate Limiting and Filtering d’Artagnan de Anda CS239 Network Security 26 Apr 04.
Towards a More Functional and Secure Network Infrastructure Dan Adkins, Karthik Lakshminarayanan, Adrian Perrig (CMU), and Ion Stoica.
Survey of Distributed Denial of Service Attacks and Popular Countermeasures Andrew Knotts, Kent State University Referenced from: Charalampos Patrikakis,Michalis.
Lecture 15 Denial of Service Attacks
Bandwidth DoS Attacks and Defenses Robert Morris Frans Kaashoek, Hari Balakrishnan, Students MIT LCS.
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.
An Overview Zhang Fu Outline What is DDoS ? How it can be done? Different types of DDoS attacks. Reactive VS Proactive Defence.
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
Sample Research Defenses Packetscore Pushback Traceback SOS Proof-of-work systems Human behavior modeling SENSS.
Lecture 22 Page 1 Advanced Network Security Other Types of DDoS Attacks Advanced Network Security Peter Reiher August, 2014.
1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.
1. SOS: Secure Overlay Service (+Mayday) A. D. Keromytis, V. Misra, D. Runbenstein Columbia University Presented by Yingfei Dong.
Brief Announcement: Spoofing Prevention Method Anat Bremler-Barr Hanoch Levy computer science computer science Interdisciplinary Center Herzliya Tel-Aviv.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
Clouseau: A practical IP spoofing defense through route-based filtering Jelena Mirkovic, University of Delaware Nikola Jevtic,
Network security Further protocols and issues. Protocols: recap There are a few main protocols that govern the internet: – Internet Protocol: IP – Transmission.
Distributed Denial of Service CRyptography Applications Bistro Presented by Lingxuan Hu April 15, 2004.
Denial of Service (DoS) Attacks in Green Mobile Ad–hoc Networks Ashok M.Kanthe*, Dina Simunic**and Marijan Djurek*** MIPRO 2012, May 21-25,2012, Opatija,
Final Introduction ---- Web Security, DDoS, others
--Harish Reddy Vemula Distributed Denial of Service.
SOS: Security Overlay Service Angelos D. Keromytis, Vishal Misra, Daniel Rubenstein- Columbia University ACM SIGCOMM 2002 CONFERENCE, PITTSBURGH PA, AUG.
1 Countering DoS Through Filtering Omar Bashir Communications Enabling Technologies
SOS: Secure Overlay Services A.Keromytis, V. Misra, and D. Rubenstein Presented by Tsirbas Rafail.
Distributed Denial of Service Attacks
SOS: An Architecture For Mitigating DDoS Attacks Angelos D. Keromytis, Vishal Misra, Dan Rubenstein ACM SIGCOMM 2002 Presented By : Tracy Wagner CDA 6938.
Group 8 Distributed Denial of Service. DoS SYN Flood DDoS Proposed Algorithm Group 8 What is Denial of Service? “Attack in which the primary goal is to.
Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.
1 SOS: Secure Overlay Services A. D. Keromytis V. Misra D. Runbenstein Columbia University.
Lecture 20 Page 1 Advanced Network Security Basic Approaches to DDoS Defense Advanced Network Security Peter Reiher August, 2014.
CIS 459/659 – Introduction to Network Security – Spring 2005 – Class 12 – 3/24/05 1 Resource Limitations  Don’t allow an individual attack machine to.
Chapter 7 Denial-of-Service Attacks Denial-of-Service (DoS) Attack The NIST Computer Security Incident Handling Guide defines a DoS attack as: “An action.
SOS: An Architecture For Mitigating DDoS Attacks Angelos D. Keromytis, Vishal Misra, Dan Rubenstein ACM SIGCOMM 2002 Presented By : Hiral Chhaya CDA 6133.
Lecture 17 Page 1 CS 236, Spring 2008 Distributed Denial of Service (DDoS) Attacks Goal: Prevent a network site from doing its normal business Method:
________________ CS3235, Nov 2002 (Distributed) Denial of Service Relatively new development. –Feb 2000 saw attacks on Yahoo, buy.com, ebay, Amazon, CNN.
DoS/DDoS attack and defense
Distributed Denial of Service (DDoS)
DDoS Defense: Utilizing P2P architecture By Joshua Aslan Smith.
An Analysis of Using Reflectors for Distributed Denial-of- Service Attacks Paper by Vern Paxson.
SOS: An Architecture For Mitigating DDoS Attacks Authors: Angelos D. Keromytis, Vishal Misra, Dan Rubenstein. Published: ACM SIGCOMM 2002 Presenter: Jerome.
Lecture 17 Page 1 CS 236, Spring 2008 Distributed Denial of Service (DDoS) Attacks Goal: Prevent a network site from doing its normal business Method:
Spoofing Prevention Method Srikanth T.S.S. Sri Lakshmi Ramya S.
Denial-of-Service Attacks
Outline Basics of network security Definitions Sample attacks
Defending Against DDoS
Defending Against DDoS
Outline Basics of network security Definitions Sample attacks
DDoS Attack and Its Defense
Outline Basics of network security Definitions Sample attacks
Presentation transcript:

Overview of Distributed Denial of Service (DDoS) Wei Zhou

Outline of the presentation ● DDoS definition and its attacking architectures ● DDoS classification ● Defense mechanism classification – Reactive VS. Proactive – Classification by defending front-line ● SOS – a case study

What is it? – Two major attacking architecture ● Direct attack ● Reflector attack – Characteristics ● Multiple attackers vs. single victim ● To cause denial of service to legitimate users on the victim – No ready-to-go definition available

Hacker's attacking network Attacking Architecture - Direct Attack Masters (handlers) Zombies

Attacking Architecture – Reflector Attack Reflector Attack Hacker's DDoS attacking network TCP SYN, ICMP, UDP... (with victim's addr. as the src IP addr.) Reflectors

Classification of DDoS Attacks ● Classification by exploited vulnerability – Protocol Attacks ● TCP SYN attacks ● CGI request attacks ● Authentication server attacks ● – Flooding-based Attacks ● Filterable ● Non-filterable

Defense Mechanisms ● Classification by activity level – Reactive mechanisms ● Easy to be deployed ● Hard to tell good guys from bad guys ● Inflexible to adapt new attacks – Proactive mechanisms ● Motivations to deploy ● Accuracy on differentiating packets

Defense Mechanisms (cont.) ● Classification by defending front-line – Victim network – Intermediate network – Source network

At the victim side ● IDS plus Firewall – Detect bogus packets based on well-known attack signatures – Flexibility ● Puzzle solving by clients – Client must solve a puzzle (small scripts, cookies etc.) in order to access server's resources – Efficiency ● Duplicate server resources – Distribute server resources into more places – Synchronization, costs etc. Victim network can't do NOTHING if its link(s) to the ISP is jammed

In the intermediate network ● IP traceback – Can be used to collect forensic evidence – (Need further exploration on this topic) ● Push-back mechanism ● Route-Based packet filtering ● Overlay network

Push-back – the idea R2R2 R0R0 R1R1 R3R3 R7R7 R6R6 R5R5 R4R4 Heavy traffic flow Push-back messages ● Reactive mechanism ● Accuracy of telling 'poor' packets from bad packets

Route-based packet filtering – the idea R2R2 R0R0 R1R1 R3R3 R7R7 R6 R5R5 R4R4 R9R9 R8R8 Routes from node 2 Attack from node 7 with node 2 addresses ● Proactive mechanism ● Overheads ● Need to change routers

At the source side ● Ingress/egress filtering – Ingress filtering ● To prevent packets with faked source IP addresses from entering the network – Egress filtering ● To prevent packets with faked source IP addresses from leaving the network Egress filtering Ingress filtering /

At the source side (cont.) ● D-WARD (DDoS netWork Attack Recognition and Defense) – Balance of inbound and outbound traffic

D-WARD (cont.) ● Motivation of deployment ● Asymmetric problems Source network

SOS – Security Overlay Service ● To protect a dedicated server from DDoS attacks ● Use high-performance filters to drop all the packets not from secret servlets ● Path redundancy in overlay network is used to hide the identities of secret servlets ● Legitimate users enter the overlay network at the point of SOAP (secure overlay access point)

SOS (cont.) Big time delay Overlay network SOAP(s) Secret servlet(s) Server Filter

References ● R. K. C. Chang, “Defending against Flooding-Based Distributed Denial- of-Sevice Attacks: A Tutorial” ● P. Ferguson and D. Senie, “Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing”, RFC 2827 ● J. Ioannidis and S. M. Bellovin, “Implementing Pushback: Router-Based Defense Against DDoS Attacks” ● A. D. Keromytis, V. Misra and D. Rubenstein, “SOS: Secure Overlay Services” ● R. Mahajan, S. M. Bellovin, S. Floyd, J. Ioannidis, V. Paxson and S. Shenker, “Controlling High Bandwidth Aggregates in the Network” ● J. Mirkovic, J. Martin and P. Reiher, “A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms” ● J. Mirkovic, G. Prier and P. Reiher, “Attacking DDoS at the Source” ● K. Park and H. Lee, “A Proactive Approach to Distributed DoS Attack Prevention using Route-Based Packet Filtering”

Thank you!