Link Flooding DDoS Attack

Slides:



Advertisements
Similar presentations
Countering DoS Attacks with Stateless Multipath Overlays Presented by Yan Zhang.
Advertisements

Data and Computer Communications
Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.
Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 11 04/25/2011 Security and Privacy in Cloud Computing.
Authored by: Rachit Rastogi Computer Science & Engineering Deptt., College of Technology, G.B.P.U.A. & T., Pantnagar.
© 2007 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. The Taming of The Shrew: Mitigating.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
 Unlike other forms of computer attacks, goal isn’t access or theft of information or services  The goal is to stop the service from operating o.
1 LINK STATE PROTOCOLS (contents) Disadvantages of the distance vector protocols Link state protocols Why is a link state protocol better?
Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.
An Effective Placement of Detection Systems for Distributed Attack Detection in Large Scale Networks Telecommunication and Security LAB. Dept. of Industrial.
Detecting Network Intrusions via Sampling : A Game Theoretic Approach Presented By: Matt Vidal Murali Kodialam T.V. Lakshman July 22, 2003 Bell Labs, Lucent.
DDoS Defense by Offense Presented by: Matthew C.H. Ma Damon Chan.
DFence: Transparent Network-based Denial of Service Mitigation CSC7221 Advanced Topics in Internet Technology Presented by To Siu Sang Eric ( )
Aleksandar Kuzmanovic & Edward W. Knightly A Performance vs. Trust Perspective in the Design of End-Point Congestion Control Protocols.
A General approach to MPLS Path Protection using Segments Ashish Gupta Ashish Gupta.
Flash Crowds And Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites Aaron Beach Cs395 network security.
Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.
Tesseract A 4D Network Control Plane
A General approach to MPLS Path Protection using Segments Ashish Gupta Ashish Gupta.
Defense Against DDoS Presented by Zhanxiang for [Crab] Apr. 15, 2004.
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.
Evil DDos Attacks and Strong Defenses Group 6: Yisi Lu, YuanTong Lu, Hao Wu, YuChen Liu, Hua Li.
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
An Overview Zhang Fu Outline What is DDoS ? How it can be done? Different types of DDoS attacks. Reactive VS Proactive Defence.
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.
Network Topologies.
1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.
Low-Rate TCP-Targeted DoS Attack Disrupts Internet Routing
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
DaVinci: Dynamically Adaptive Virtual Networks for a Customized Internet Jennifer Rexford Princeton University With Jiayue He, Rui Zhang-Shen, Ying Li,
IDRM: Inter-Domain Routing Protocol for Mobile Ad Hoc Networks C.-K. Chau, J. Crowcroft, K.-W. Lee, S. H.Y. Wong.
Source-End Defense System against DDoS attacks Fu-Yuan Lee, Shiuhpyng Shieh, Jui-Ting Shieh and Sheng Hsuan Wang Distributed System and Network Security.
SOS: Security Overlay Service Angelos D. Keromytis, Vishal Misra, Daniel Rubenstein- Columbia University ACM SIGCOMM 2002 CONFERENCE, PITTSBURGH PA, AUG.
Network Survivability Against Region Failure Signal Processing, Communications and Computing (ICSPCC), 2011 IEEE International Conference on Ran Li, Xiaoliang.
QoS Routing Using Traffic Forecast - A Case Study of Time-Dependent Routing Yuekang Yang Chung-Horng Lung Dept. of Systems and Computer Engineering, Carleton.
The Crossfire Attack MIN SUK KANG, SOO BUM LEE, VIRGIL D. GLIGOR ECE DEPARTMENT AND CYLAB CARNEGIE MELLON UNIVERSITY 2013 IEEE Symposium on Security and.
1 Countering DoS Through Filtering Omar Bashir Communications Enabling Technologies
A Firewall for Routers: Protecting Against Routing Misbehavior1 June 26, A Firewall for Routers: Protecting Against Routing Misbehavior Jia Wang.
Distributed Denial of Service Attacks
A Light-Weight Distributed Scheme for Detecting IP Prefix Hijacks in Real-Time Lusheng Ji†, Joint work with Changxi Zheng‡, Dan Pei†, Jia Wang†, Paul Francis‡
A Practical Approach for Providing QoS: MPLS and DiffServ
Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.
Multimedia & Mobile Communications Lab.
1 A Framework for Measuring and Predicting the Impact of Routing Changes Ying Zhang Z. Morley Mao Jia Wang.
Detecting Selective Dropping Attacks in BGP Mooi Chuah Kun Huang November 2006.
Denial of Service Attack 발표자 : 전지훈. What is Denial of Service Attack?  Denial of Service Attack = DoS Attack  Service attacks on a Web server floods.
Chapter 7 Denial-of-Service Attacks Denial-of-Service (DoS) Attack The NIST Computer Security Incident Handling Guide defines a DoS attack as: “An action.
Routing and Routing Protocols
1 - CS7701 – Fall 2004 Review of: Detecting Network Intrusions via Sampling: A Game Theoretic Approach Paper by: – Murali Kodialam (Bell Labs) – T.V. Lakshman.
Denial of Service DoS attacks try to deny legimate users access to services, networks, systems or to other resources. There are DoS tools available, thus.
1 SIGCOMM ’ 03 Low-Rate TCP-Targeted Denial of Service Attacks A. Kuzmanovic and E. W. Knightly Rice University Reviewed by Haoyu Song 9/25/2003.
High-Speed Policy-Based Packet Forwarding Using Efficient Multi-dimensional Range Matching Lakshman and Stiliadis ACM SIGCOMM 98.
Low-Rate TCP-Targeted DoS Attack Disrupts Internet Routing Ying Zhang Z. Morley Mao Jia Wang Presented in NDSS07 Prepared by : Hale Ismet.
Interactive Connectivity Establishment : ICE
6.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 6: Designing.
Lecture 17 Page 1 Advanced Network Security Network Denial of Service Attacks Advanced Network Security Peter Reiher August, 2014.
Denial of Service Attacks Simulating Strategic Firewall Placement By James Box, J.A. Hamilton Jr., Adam Hathcock, Alan Hunt.
Denial of Service A comparison of DoS schemes Kevin LaMantia COSC 316.
IPv6 Security Issues Georgios Koutepas, NTUA IPv6 Technology and Advanced Services Oct.19, 2004.
Outline Basics of network security Definitions Sample attacks
The Taming of The Shrew: Mitigating Low-Rate TCP-targeted Attack
Defending Against DDoS
COS 561: Advanced Computer Networks
COS 561: Advanced Computer Networks
COS 561: Advanced Computer Networks
Data and Computer Communications
COS 561: Advanced Computer Networks
Outline Basics of network security Definitions Sample attacks
Presentation transcript:

Link Flooding DDoS Attack Group 6

Link Flooding Attack Bot Decoy Server Target Area Target Link

Contents Crossfire Attack CXPST Attack Coremelt Attack 3

Crossfire Attack The Crossfire Attack M. Kang et al. IEEE S&P 2013 4

Crossfire Attack-Definition Flood a small set of selected network links using low-rate flows from bots to publicly accessible servers and degrade connectivity of, and even disconnect, chosen end-point servers. 5

Crossfire Attack-Elements Target Area A geographic region of the Internet that the attack is launched Target Link Network links to be flood so that the target area is cut off from the rest of the Internet Decoy servers Share the same links with target servers 6

Crossfire Attack-Elements Decoy Servers (Traffic destination) Target Servers Target Link The purpose of the attacker is to flood the shared link by the means of sending flow to the decoy servers. 7

Crossfire Attack-Steps Link Map Construction Traceroute from Bots to Servers Use “Traceroute” Check Link-Persistence Exclude the unstable links 72% of the links are stable 8

Crossfire Attack-Steps Attack Setup Flow-Density Computation Flow-Density The higher, the better Target-Link Selection Degradation ratio Select the target links maximize degradation ratio Heuristic algorithm(Greedy algorithm) 9

Crossfire Attack-Steps Bot Coordination Goal Keep flow rate appropriate to evade the protection mechanisms Attack-Flow Assignment Aggregate traffic rate slightly higher than bandwidth of target Bots attack the target evenly 10

Key Factors Enable Crossfire Power Law of Flow-density Distribution Flow Density # of persistent source-to-destination pairs Good targets for attack for a particular area Distribution Easy to find target links extremely high flow density for a selected target area Flow Density is not constant but varies depending on area 11

Key Factors Enable Crossfire East Coast New York Fit to diagonal lines, probability much higher than significance level (i.e., 0.68 to 0.96 to 0.05 as normal) 12

Crossfire Attack-Flow Density Distribution Target-area dependency A target link that has overall high flow density may have a very low density in some area These links are extremely useless in an attack targeted at such area 13

Crossfire Attack-Bot Distribution Links are dependent on area but Bots are NOT Separate bots into subsets based on location Select different subsets to form different distributions Perform Crossfire attack to different locations Analysis relation between distribution and performance 14

Bot Distribution Experiment overlap Performance 15

Crossfire Attack-Bot Distribution Line selection matters Geographical position selection doesn’t matter, as long as the packets can get to the line 16

Conclusion : Crossfire Undetectability at the Target Area Use legitimate flows, not directly attacked Indistinguishable of Flows in Routers Low rate, different source and destination Persistence Rolling attack Flexibility Large Number of links and decoy servers 17

CXPST Attack Losing control of the internet: using the data plane to attack the control plane M. Schuchard et al. ACM 2010 18

CXPST Attack-Definitions Coordinated Cross Plane Session Termination Control Plane route around connectivity outages robustness to localized failure 19

CXPST Attack-Theory Weakness Exploited Main Theory Control plane and data plane share the same physical media No priority defined Local events lead to global impact Main Theory Data plane congestions trigger failure of links Route withdrawal, re-calculate, broadcast Route flapping Overwhelm of routers’ calculation capacity 20

CXPST Attack-Strategy Select Target Link BGP betweeness: number of routes passes through the link Select links with highest betweeness Counter Changing Topology Avoid using routes passing two target links simultaneously Send more traffic than needed on each branch 21

CXPST Attack-Strategy Design Traffic Flow Build two flow networks Use max flow algorithm to select bots and destinations Thwart Defense Against route damping Keep an eye on disrupted paths Remove links do not re-appear 22

22

CXPST Attack-Impact Overwhelm Routers on Target Links Handle heavy traffic Impose Workload on Routers Globally Compute new routes Send/receive broadcast Crippling the control plane Cause loss of Data Traffic on routes will continue until its failure announced globally 23

CXPST Attack-Defense Deployed Measures Stopping Session Failure BGP Graceful Restart: Not work Route Flap Damping: No significant impact Stopping Session Failure Focus: Stop it before updates generated Disable hold timer functionality in routers 10% implementation produce dramatic change 24

Coremelt Attack The Coremelt Attack A. Studer, A. Perrig ESORICS 2009 25

Coremelt Attack-Strategy Select Target Link Identify Bots Pairs of subverted machines can generate traffic that traverse the target link Send traffic between the pairs identified in step 2 to overload the target link 26

Coremelt Attack-Advantage Wanted Traffic Defense against DoS attack may eliminate ‘unwanted’ traffic Both ends of the traffic are owned by attacker The attacker know ‘wanted’ traffic of every receiver All traffic in the attack will be ‘legitimate’ 27

Coremelt Attack-Defense Defense Mode Trace Back System Administrators can turn off the port to stop the attack traffic. Can’t separate legitimate and attack traffic Capacity Based System Give legitimate traffic priority Bots will give permissions to each other 28

Coremelt Attack-Defense Puzzles Increase the cost of the attacker. If the puzzle is large enough, the attacker will be unable to launch a successful attack. Computational capacity becomes the bottleneck 29

Coremelt Attack-Defense Fair Bandwidth Allocation Based on Source/Destination Pair Isolate legitimate traffic from attack traffic such that an attack flow can only use as much bandwidth as the non-attack flow. Distributed botnet means a fair share (O(N- 2)) is much less than users typically experience 29

Reference M.S. Kang, S.B. Lee, and V.D. Gligor, "The Crossfire Attack", ;in Proc. IEEE Symposium on Security and Privacy, 2013, pp.127-141 M. Schuchard, A. Mohaisen, D. Foo Kune, N. Hopper, Y. Kim, and E. Y. Vasserman, “Losing control of the in- ternet: using the data plane to attack the control plane,” in Proceedings of NDSS 2011. ACM, 2010, pp. 726–728 Y. Zhang, Z. M. Mao, and J. Wang, “Low-rate TCP- targeted DoS attack disrupts internet routing,” in Proc. 14th Annual Network & Distributed System Security Symposium, 2007 A. Studer and A. Perrig, “The Coremelt attack,” in Proceed- ings of ESORICS’09. Berlin, Heidelberg: Springer-Verlag, 2009, pp. 37–52 30

Thank You! Group Member Yisi Lu Hua Li Hao Wu Yuantong Lu Yuchen Liu 31

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.