Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu, India Sathyakala, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu, India Speaker: 鍾國君 2012 – International Conference on Emerging Trends in Science, Engineering and Technology 1
Outline Introduction to DDos Attack DDos Attack Architecture Advantages of DDos Attack Four Phase of bot installation DDos Attack Methods DDos Defenses Simulation Conclusion 2
Intruduction to DDos Attack Distributed Denial of Service(DDos) ◦ Overloads the targeted server with useless traffic, crashes the server and leaves it unable to properly communicate with the legitimate users. ◦ Consume mainly the victim’s bandwidth, processing capacity and storage capacity. ◦ May need human intervention to resume. 3
DDos Attack Architecture 4
Advantages of DDos Attack Simple ◦ No sophisticated mechanisms. ◦ A single hacker can do. Difficult to trace ◦ Multi-tiered structure. ◦ IP source spoofing. 5
Advantages of DDos Attack Similar to legitimate traffic ◦ Attack streams from numerous machines converge near the victim. Robust ◦ Attacks will continue even if one node is dead. 6
Four Phase of Bot Installation What is Bot? ◦ A program that automatically operates as an user or another program. ◦ Installed in the internal-node computers called “handlers” or “agents”. ◦ Wait for the hacker to initiate the attack remotely. 7
Four Phase of Bot Installation 1.Scanning ◦ Installed bots scan lots of computers for security flaws. 2.Exploitation ◦ Susceptible hosts are found and compromised hosts are listed. 8
Four Phase of Bot Installation 3.Deployment ◦ The “handler software” is installed in the compromised hosts. 4.Propagation ◦ Handler then scans for vulnerable hosts and compromises them, called “agents/Daemon”. 9
DDos Attack Methods Methods ◦ Smurf Floods Floods the network with ICMP ECHO requests with the victim’s address, then the victim will filled with ping responses. ◦ ICMP Floods The Attacker generates lots of ICMP ECHO packets directed at the victim. Finally, the victim is busy replying all the ECHO requests. 10
DDos Attack Methods ◦ UDP/TCP Floods Send a large number of UDP/TCP packets to the victim and tie up the available network bandwidth. ◦ TCP SYN Floods Not to give the final ACK packet and make the victim waste the allocated buffer. 11
DDos Attack Methods 12
DDos Attack Methods Dynamics ◦ Application attacks ◦ Protocol attacks ◦ Operating system attacks ◦ Host attacks ◦ Network attacks ◦ Infrastructure attacks 13
DDos Defense Classification ◦ Preventive Eliminate the vulnerabilities in the system and prevent the attacker from gaining a group of zombie machines. ◦ Survival Increase the victim’s sources for surviving during the attack. ◦ Responsive Control the attack streams from influencing the victim. 14
DDos Defense Strategy ◦ Agent identification who is attacking? ◦ Rate limiting Impose a rate limit on the incoming streams. ◦ Filtering Filter out the attack streams. ◦ Reconfiguration Change the topology of the networks near the victim. 15
DDos Defense Countermeasures ◦ Path isolation Routers isolate traffic path, and this information can be used to deploy filters on the path. ◦ Privileged customer Customers used to communicate with the server will have the first priority. 16
DDos Defense ◦ Traffic baselining Filter the traffic when some traffic parameter exceed their expected value. ◦ Resource multiplication More resources are deployed to sustain large attacks. ◦ Legitimate traffic inflation Multiply the legitimate traffic. 17
Simulation Three considerations ◦ DDos attack traffic ◦ Legitimate traffic ◦ Network topology Software used - NS2 ◦ Can replicate threats of interests in a secure environment. 18
Simulation 19
Conclusion Evolution in intruder tools will continue. Even if the system/network is robust, others may be not. Thus, the security issue still exists. 20