DENIAL OF SERVICE ATTACK YVONNE M. AKUTSA 128467 BEHROKH MOHEB 118451
Objectives What is denial of service? What is distributed denial of service? Common forms of attack Modes of attack Consequences of attack Real example of attack Sign of attack Prevention Ethic on Denial of Service attack
WHAT IS DENIAL OF SERVICE ATTACK? Denial-of-service attack, is a type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic. DoS attack, denial-of-service attack, is an explicit attempt to make a computer resource unavailable by either injecting a computer virus or flooding the network with useless traffic.
WHAT IS DENIAL OF SERVICE ATTACK? cont’ Its aim is to prevent legitimate users by: Attempting to flood a network To disrupt connections between computers Prevent certain individuals from accessing a service Disrupt service to a specific system or person
Common forms of Attack SYN Floods Ping of death Smurf Attack Teardrop Attack Mail Bomb Ping of flood
SYN Floods It takes advantage of the flaw of TCP three-way handshaking behavior. Sends many requests to the connection. Do not response to replies. The SYN flood attack sends TCP connections requests faster than a machine can process them
Ping of death Is a denial of service (DoS) attack caused by an attacker deliberately sending an IP packet larger than the bytes allowed by the IP protocol. Since the received ICMP(Internet Control Message Protocol) echo request packet is bigger than the normal IP packet size, the victim cannot reassemble the packets. The OS may be crashed or rebooted as a result.
Smurf Attack A smurf attack occurs when an attacker sends a large amount of IP packets to the broadcast address of an intermediate network with spoofed IP addresses as the origin. This cause all hosts on the network to reply to the ICMP request, causing significant traffic to the victim's computer.
Teardrop Attack Divides large files into fragments. An attacker sends two fragments that cannot be reassembled properly by manipulating the offset value of packet and cause reboot or halt of victim system. Teardrop exploits an overlapping IP fragment bug present in Windows 95, Windows NT and Windows 3.1 machines.
Mail Bomb Email bombing is characterized by abusers repeatedly sending an email message to a particular address at a specific victim site. In many instances, the messages will be large and constructed from meaningless data in an effort to consume additional system and network resources
Ping of flood Attacker simply sends a huge number of "ICMP Echo Requests(ping)" to the victim. It sends ICMP packets as fast as possible without waiting for replies. The continuing combination of requests and replies can slow the network or, in extreme cases, to disconnect. This is an easy attack because many ping utilities support this operation, and the hacker doesn't need much knowledge.
What does the DoS attack? NETWORK BANDWITH SERVER MEMORY CPU USAGE DATABASE CONNECTION POOL DATABASE SPACE HARD DISK SPACE
What is Distributed Denial of Service? DDOS, short for Distributed Denial of Service, is a type of DOS attack where multiple compromised systems , which are usually infected with a Trojan -- are used to target a single system causing a Denial of Service (DoS) attack. DDoS = when multiple hosts attack simultaneously DoS = when a single host attacks.
MODES OF ATTACK Consumption of scarce, limited or non renewable resources Destruction or alteration of configuration information Physical destruction or alteration of network components
CONSEQUENCES OF ATTACKS BRAND DAMAGE FINANCIAL LOSSES SABORTAGE EXTORTION REPEAT ATTACK IF NOT WELL PROTECTED
Examples of Attack Schwab Website Again Hit With Denial of Service Attack (http://www.euroinvestor.com/news/2013/04/24/s chwab-website-again-hit-with-denial-of-service- attack/12305777) Spamhaus hit by biggest-ever DDoS attacks (http://www.computerworld.com/s/article/923793 8/Update_Spamhaus_hit_by_biggest_ever_DDoS _attacks)
SIGNS OF AN ATTACK Unusually slow network Certain websites become slower to open or unavailable. A high increase in the amount of spam received. Disconnection of a wireless or wired internet connection
PREVENTION OF ATTACK Businesses Firewall and Router configuration Block unnecessary ports Filter broadcast messages Verify source IP address (prevent IP spoofing across subnets) Install DDoS protection equipment or services Monitor traffic under normal circumstances and detect anomalies
Cont’ Apply latest patches to servers and PCs, Use Antivirus software Maintain a redundant environment (hot swap server) End Users Use a home firewall/router Apply latest updates for operating system Use Antivirus software Use caution when opening email attachments or clicking on links
ETHICS IN DOS ATTACK A Denial of Service Attack is unethical. This is because it is an invasion of someone’s space and with others the destruction of property which denies them the right to use what rightfully belongs to them as a legitimate owner.
CONCLUSION Denial of service attacks have now become common forms of protests online for many groups that feel unfairly treated or have prejudices against companies.
References http://www.iplocation.net/tools/denial-of-service.php http://www.webopedia.com/TERM/D/DoS_attack.html http://www.webopedia.com/TERM/D/DDoS_attack.ht ml http://ethics.csc.ncsu.edu/abuse/dos/study.php http://www.iss.net/security_center/advice/Exploits/TC P/SYN_flood/default.htm http://searchsecurity.techtarget.com/definition/ping-of- death http://www.cert.org/tech_tips/email_bombing_spamm ing.html