Network Presence, LLC SM Innovative Security Solutions SM www.netpr.com Understanding, Planning For, and Responding To Denial of Service Attacks SANS 2001.

Slides:



Advertisements
Similar presentations
REFLEX INTRUSION PREVENTION SYSTEM.. OVERVIEW The Reflex Interceptor appliance is an enterprise- level Network Intrusion Prevention System. It is designed.
Advertisements

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
IUT– Network Security Course 1 Network Security Firewalls.
Net security - budi rahardjo Overview of Network Security Budi Rahardjo CISCO seminar 13 March 2002.
CISCO NETWORKING ACADEMY PROGRAM (CNAP)
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
1 Reading Log Files. 2 Segment Format
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Raw Sockets CS-480b Dick Steflik Raw Sockets Raw Sockets let you program at just above the network (IP) layer You could program at the IP level using.
Network-Based Denial of Service Attacks Trends, Descriptions, and How to Protect Your Network Craig A. Huegen Cisco Systems, Inc. NANOG 12 Interprovider.
Firewalls and Intrusion Detection Systems
Student : Wilson Hidalgo Ramirez Supervisor: Udaya Tupakula Filtering Techniques for Counteracting DDoS Attacks.
Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing Base on RFC 2827 Lector Kirill Motul.
UNITS meeting September 30, 2004 Network Security Roger Safian
Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
Sniffing the sniffers - detecting passive protocol analysers John Baldock, Intel Corp Craig Duffy, Bristol UWE.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
1 CCNA 2 v3.1 Module Intermediate TCP/IP CCNA 2 Module 10.
Lecture 15 Denial of Service Attacks
Bandwidth DoS Attacks and Defenses Robert Morris Frans Kaashoek, Hari Balakrishnan, Students MIT LCS.
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.
Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,
Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.
PacNOG 6: Nadi, Fiji Dealing with DDoS Attacks Hervey Allen Network Startup Resource Center.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
APA of Isfahan University of Technology In the name of God.
1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.
FIREWALL Mạng máy tính nâng cao-V1.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
Firewall and Internet Access Mechanism that control (1)Internet access, (2)Handle the problem of screening a particular network or an organization from.
Denial-of-Service Attacks Justin Steele Definition “A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Denial of Service (DoS) Attacks: A Nightmare for eCommerce Jearanai Muangsuwan Strayer University.
Scanning & Enumeration Lab 3 Once attacker knows who to attack, and knows some of what is there (e.g. DNS servers, mail servers, etc.) the next step is.
Lecture 22 Network Security CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Hesham El-Rewini.
Distributed Denial of Service Attacks
Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.
1 SOS: Secure Overlay Services A. D. Keromytis V. Misra D. Runbenstein Columbia University.
Denial of Service Attack 발표자 : 전지훈. What is Denial of Service Attack?  Denial of Service Attack = DoS Attack  Service attacks on a Web server floods.
Chapter 7 Denial-of-Service Attacks Denial-of-Service (DoS) Attack The NIST Computer Security Incident Handling Guide defines a DoS attack as: “An action.
Module 11: Designing Security for Network Perimeters.
Tracking Rejected Traffic.  When creating Cisco router access lists, one of the greatest downfalls of the log keyword is that it only records matches.
Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Attacking on IPv6 W.lilakiatsakun Ref: ipv6-attack-defense-33904http://
DoS/DDoS attack and defense
An Analysis of Using Reflectors for Distributed Denial-of- Service Attacks Paper by Vern Paxson.
1 Figure 4-11: Denial-of-Service (DoS) Attacks Introduction  Attack on availability  Act of vandalism Single-Message DoS Attacks  Crash a host with.
Joe Budzyn Jeff Goeke-Smith Jeff Utter. Risk Analysis  Match the technologies used with the security need  Spend time and resources covering the most.
Network-Based Denial of Service Attacks Trends, Descriptions, and How to Protect Your Network Craig A. Huegen Cisco Systems, Inc. SANS ‘98 Conference -
© 2002, Cisco Systems, Inc. All rights reserved..
DOS Attacks Lyle YapDiangco COEN 150 5/21/04. Background DOS attacks have been around for decades Usually intentional and malicious Can cost a target.
By Steve Shenfield COSC 480.  Definition  Incidents  Damages  Defense Mechanisms Firewalls/Switches/Routers Routing Techniques (Blackholing/Sinkholing)
Network Devices and Firewalls Lesson 14. It applies to our class…
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 ISP Help Desk Working at a Small-to-Medium Business or ISP – Chapter.
FIREWALLS An Important Component in Computer Systems Security By: Bao Ming Soh.
DDoS Attacks on Financial Institutions Presentation
Working at a Small-to-Medium Business or ISP – Chapter 8
Managing Secure Network Systems
Firewalls.
Computer Data Security & Privacy
Footprinting (definition 1)
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Firewalls Purpose of a Firewall Characteristic of a firewall
Session 20 INST 346 Technologies, Infrastructure and Architecture
Presentation transcript:

Network Presence, LLC SM Innovative Security Solutions SM Understanding, Planning For, and Responding To Denial of Service Attacks SANS 2001 Robert Brown Barrett Lyon

SANS Network Security 2001 Understanding, Planning For, and Responding To Denial of Service Attacks Slide - 2 Denial of Service Attacks – The Game Types of attacks Flood-based Crash-based Difficult problem Network Engineering Information Security Psychology

SANS Network Security 2001 Understanding, Planning For, and Responding To Denial of Service Attacks Slide - 3 Denial of Service Attacks – The Game Vulnerability management (or lack thereof) Psychology aspect – what is the attacker trying to accomplish? Legal liability and negligence issues

SANS Network Security 2001 Understanding, Planning For, and Responding To Denial of Service Attacks Slide - 4 Denial of Service Attacks – The Game Attacker compromises multiple hosts and configures DDoS clients Attacker utilizes hosts to flood the Internet pipe of your organization Most commonly use ICMP, UDP, and TCP SYN floods New paper measuring attacks shows 4000 DoS attacks per week

SANS Network Security 2001 Understanding, Planning For, and Responding To Denial of Service Attacks Slide - 5 Overview of TheShell.com ISP specializing in Unix shell accounts Most users utilize the IRC chat network IRC is a magnet for attack At least one attack per day and 19 serious attacks in a 1 year period

SANS Network Security 2001 Understanding, Planning For, and Responding To Denial of Service Attacks Slide - 6 Planning for the Attack – Training Camp Developing an incident response plan is key All players must be identified, brought on board, and taught their assignments Network Engineering Information Security Internet Service Provider

SANS Network Security 2001 Understanding, Planning For, and Responding To Denial of Service Attacks Slide - 7 Planning for the Attack – Training Camp Create a form with complete contact information, network information, and responsibilities Ensure ISP engineering contacts are established – this is extremely important!

SANS Network Security 2001 Understanding, Planning For, and Responding To Denial of Service Attacks Slide - 8 Planning for the Attack – Training Camp Have a packet sniffer ready to go Ensure that a SPAN port is available on your Internet-facing switch Map existing traffic patterns Implement bandwidth limiting filters at your ISP Implement ISP-side filters for other traffic you don’t want/need

SANS Network Security 2001 Understanding, Planning For, and Responding To Denial of Service Attacks Slide - 9 Playing the Game Identify that you are under attack MRTG, syslog, flow logs, Intrusion Detection, Firewall logs, sniffers Identify deviation from normal traffic Determine intent of attacker Immediately look for ICMP pings and traceroute packets – the attacker usually will try to determine if the attack is working

SANS Network Security 2001 Understanding, Planning For, and Responding To Denial of Service Attacks Slide - 10 Playing the Game Climb the ladder Port/Service Host IP stack Local segment (switches/routers) Border router ISP router

SANS Network Security 2001 Understanding, Planning For, and Responding To Denial of Service Attacks Slide - 11 Playing the Game Take system offline Ask ISP to null route IP or group of IPs Develop local filters to push the traffic up the ladder (and farther away from you) Implement local filters at your border router Ask your ISP to implement the same filters on their side of the link

SANS Network Security 2001 Understanding, Planning For, and Responding To Denial of Service Attacks Slide - 12 Sample ISP Contact Policy TheShell.com Qwest Communications NOC: Press: 1,#,2,2 IP Team: Tony: Tony Cell: CORE: ACCT: Circuit: :

SANS Network Security 2001 Understanding, Planning For, and Responding To Denial of Service Attacks Slide - 13 Conclusion Nobody wins this game No easy solution to the problem Best defense lies in organization and policy

SANS Network Security 2001 Understanding, Planning For, and Responding To Denial of Service Attacks Slide - 14 Contact: Barrett Lyon Security Consultant Network Presence, LLC 6033 W. Century Blvd., Ste 400 Los Angeles, CA Robert Brown Vice President

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.