Denial-of-Service Attacks Justin Steele Definition “A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate.

Slides:

Advertisements

Similar presentations

Denial of Service Attack History What is a Denial of Service Attack? Modes of Attack Performing a Denial of Service Attack Distributed Denial of Service.

Advertisements

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security and Penetration Testing

Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.

CSE331: Introduction to Networks and Security Lecture 35 Fall 2002.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Web server security Dr Jim Briggs WEBP security1.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 7: Denial-of-Service Attacks.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Spring 2006.

Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.

Lecture 15 Denial of Service Attacks

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

DENIAL OF SERVICE ATTACK

Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.

Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,

DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.

Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.

Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

SECURITY BASELINES -Sangita Prabhu.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

Being an Intermediary for Another Attack Prepared By : Muhammad Majali Supervised By : Dr. Lo’ai Tawalbeh New York Institute of Technology (winter 2007)

Chapter 6: Packet Filtering

Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

Honeypot and Intrusion Detection System

EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Security News Source Courtesy:

1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.

Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.

DISTRIBUTED tcpdump CAPABILITY FOR LINUX Research Paper EJAZ AHMED SYED Dr. JIM MARTIN Internet Research Group. Department Of Computer Science – Clemson.

Denial of Service (DoS) DoS attacks are aggressive attacks on an individual computer or groups of computers with the intent to deny services to intended.

CHAPTER 3 Classes of Attack. INTRODUCTION Network attacks come from both inside and outside firewall. Kinds of attacks: 1. Denial-of-service 2. Information.

Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.

1 Implementing Monitoring and Reporting. 2 Why Should Implement Monitoring? One of the biggest complaints we hear about firewall products from almost.

Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.

Denial of Service Datakom Ht08 Jesper Christensen, Patrick Johansson, Robert Kajic A short introduction to DoS.

Denial of Service Attacks

Denial of Service Attack 발표자 : 전지훈. What is Denial of Service Attack?  Denial of Service Attack = DoS Attack  Service attacks on a Web server floods.

Chapter 7 Denial-of-Service Attacks Denial-of-Service (DoS) Attack The NIST Computer Security Incident Handling Guide defines a DoS attack as: “An action.

1 Network Firewalls CSCI Web Security Spring 2003 Presented By Yasir Zahur.

ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.

DoS/DDoS attack and defense

Firewalls. Intro to Firewalls Basically a firewall is a barrier to keep destructive forces away from your computer network.

Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.

DOS Attacks Lyle YapDiangco COEN 150 5/21/04. Background DOS attacks have been around for decades Usually intentional and malicious Can cost a target.

SYSTEM ADMINISTRATION Chapter 10 Public vs. Private Networks.

By Steve Shenfield COSC 480.  Definition  Incidents  Damages  Defense Mechanisms Firewalls/Switches/Routers Routing Techniques (Blackholing/Sinkholing)

Matt Jennings.  What is DDoS?  Recent DDoS attacks  History of DDoS  Prevention Techniques.

Denial of Service A comparison of DoS schemes Kevin LaMantia COSC 316.

SMOOTHWALL FIREWALL By Nitheish Kumarr. INTRODUCTION  Smooth wall Express is a Linux based firewall produced by the Smooth wall Open Source Project Team.

Denial-of-Service Attacks

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Chapter 14.  Upon completion of this chapter, you should be able to:  Identify different types of Intrusion Detection Systems and Prevention Systems.

Chapter 8.  Upon completion of this chapter, you should be able to:  Understand the purpose of a firewall  Name two types of firewalls  Identify common.

By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.

Comparison of Network Attacks COSC 356 Kyler Rhoades.

Network Security Marshall Leitem 11/30/04

Study of A2D2 and explore improvement for Snort

Red Team Exercise Part 3 Week 4

Network hardening Chapter 14.

6. Application Software Security

Presentation transcript:

Denial-of-Service Attacks Justin Steele

Definition “A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service.” 1 “A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service.” 1 Denial-of-service attacks deal with the issue of availability. Denial-of-service attacks deal with the issue of availability. 1 1 CERT Website

Examples Examples include attempts to Examples include attempts to "flood" a network, thereby preventing legitimate network traffic 1 "flood" a network, thereby preventing legitimate network traffic 1 disrupt connections between two machines, thereby preventing access to a service 1 disrupt connections between two machines, thereby preventing access to a service 1 prevent a particular individual from accessing a service 1 prevent a particular individual from accessing a service 1 disrupt service to a specific system or person 1 disrupt service to a specific system or person CERT Website

Types of Attacks Physical Attack Physical Attack Physically destroying components. Physically destroying components. Configuration Attack Configuration Attack Altering or destroying configuration files or information. Altering or destroying configuration files or information. Consumption Attack Consumption Attack Using limited or scarce resources and thereby preventing legitimate users from using them. Using limited or scarce resources and thereby preventing legitimate users from using them.

Physical Attack Probably considered the least interesting to most of us. Probably considered the least interesting to most of us. Examples Examples Taking a bat a smashing an ATM, thus denying others the ability to use the ATM. Taking a bat a smashing an ATM, thus denying others the ability to use the ATM. Snipping or cutting a fiber optic line therefore preventing communication to a network or system. Snipping or cutting a fiber optic line therefore preventing communication to a network or system. Intentionally turning off or disabling a cooling system which results in a machine overheating and failing. Intentionally turning off or disabling a cooling system which results in a machine overheating and failing.

Configuration Attack Most of us probably don’t think about this one right away. Most of us probably don’t think about this one right away. Examples Examples Obtaining administrator rights and deleting user accounts. Obtaining administrator rights and deleting user accounts. Hacking the.htaccess file on a web server and preventing anyone from viewing the site. Hacking the.htaccess file on a web server and preventing anyone from viewing the site. Changing the default gateway that a DHCP Server sends to its clients. Changing the default gateway that a DHCP Server sends to its clients. Changing the settings on a machine which interferes with its ability to get onto the network. Changing the settings on a machine which interferes with its ability to get onto the network. Modifying a domain name’s DNS information. Modifying a domain name’s DNS information.

Consumption Attack Perhaps the one most of us think of and probably find the most interesting. Perhaps the one most of us think of and probably find the most interesting. CERT defines four subtypes CERT defines four subtypes Network Connectivity Network Connectivity Using Your Own Resources Against You Using Your Own Resources Against You Other Resource Consumption Other Resource Consumption Bandwidth Consumption Bandwidth Consumption

Network Connectivity Attack “Denial-of-service attacks are most frequently executed against network connectivity. The goal is to prevent hosts or networks from communicating on the network.” 1 “Denial-of-service attacks are most frequently executed against network connectivity. The goal is to prevent hosts or networks from communicating on the network.” 1 “An example of this type of attack is the "SYN flood" attack” 1 “An example of this type of attack is the "SYN flood" attack” 1 Also known as a Protocol Attack. Also known as a Protocol Attack. This is an example of an “asymmetric attack” This is an example of an “asymmetric attack” “attacks can be executed with limited resources against a large, sophisticated site” 1 “attacks can be executed with limited resources against a large, sophisticated site” 1 “an attacker with an old PC and a slow modem may be able to disable much faster and more sophisticated machines or networks.” 1 “an attacker with an old PC and a slow modem may be able to disable much faster and more sophisticated machines or networks.” CERT Website

SYN Flood Attack (Images taken from

Using Your Own Resources Against You Attack An attacker uses your own resources against you in unexpected ways. An attacker uses your own resources against you in unexpected ways. An example is a UDP chargen/echo scenario An example is a UDP chargen/echo scenario

Other Resource Consumption Attack Most of us don’t readily consider Consumption Attacks. Most of us don’t readily consider Consumption Attacks. Examples Examples CPU time CPU time Spawning a large number of processes that bog down the CPU Spawning a large number of processes that bog down the CPU Consuming “locks” Consuming “locks” Intentionally incorrectly logging in a user until security features prevent any more login attempts for that user. Intentionally incorrectly logging in a user until security features prevent any more login attempts for that user. Could include using file or database locks so others can’t access them. Could include using file or database locks so others can’t access them. Filling up disk space Filling up disk space Generating excessive messages Generating excessive messages Generating error messages that get logged Generating error messages that get logged Placing files in anonymous ftp server space or open shares Placing files in anonymous ftp server space or open shares

Bandwidth Consumption Attack The attacker consumes all available bandwidth on a network. The attacker consumes all available bandwidth on a network. Most often done with ICMP ECHO (Ping) packets, but doesn’t have to be. Most often done with ICMP ECHO (Ping) packets, but doesn’t have to be. The attacker may be using multiple machines to coordinate the attack. The attacker may be using multiple machines to coordinate the attack. DDoS – Distributed Denial-of-Service DDoS – Distributed Denial-of-Service DRDoS – Distributed Reflection Denial-of-Service DRDoS – Distributed Reflection Denial-of-Service DoS – Any type of Denial-of-Service DoS – Any type of Denial-of-Service DDoS & DRDoS are Brute Force Attacks DDoS & DRDoS are Brute Force Attacks Filterable vs. Non-filterable Attacks Filterable vs. Non-filterable Attacks Filterable Attacks consist of bogus packets or non-critical services which can be blocked by a firewall without affecting the rest of the machine or network. Filterable Attacks consist of bogus packets or non-critical services which can be blocked by a firewall without affecting the rest of the machine or network. Non-filterable Attacks consist of packets requesting legitimate services and resources, thus a firewall will not help stop the attack. Non-filterable Attacks consist of packets requesting legitimate services and resources, thus a firewall will not help stop the attack.

Bandwidth Consumption Attack (Images taken from

DoS versus DDoS (Images taken from

DDoS Attack (Images taken from

DRDoS Attack (Images taken from

DDoS versus DRDoS (Images taken from

What can we do? ISP’s ISP’s Implement hardware/software settings and filters on routers and machines that limit and bound packets. Implement hardware/software settings and filters on routers and machines that limit and bound packets. Prevent users from spoofing packets (Firewall). Prevent users from spoofing packets (Firewall). Administrators Administrators Install and use a firewall. Install and use a firewall. Close all unnecessary ports and turn off all unused services. Close all unnecessary ports and turn off all unused services. Use quotas. Use quotas. Maintain backups of configuration files. Maintain backups of configuration files. Install intrusion detection software. Install intrusion detection software. Monitor network traffic. Monitor network traffic. Evaluate physical security on a routine basis. Evaluate physical security on a routine basis. Average Jane and John Doe Average Jane and John Doe Don’t download/install software from unknown/unreliable sources. Don’t download/install software from unknown/unreliable sources. Install personal firewall/port protection software. Install personal firewall/port protection software.

Sources html?s=IDGNS 1.html?s=IDGNS 1.html?s=IDGNS 1.html?s=IDGNS