Lecture 18 Page 1 Advanced Network Security Distributed Denial of Service Attacks Advanced Network Security Peter Reiher August, 2014.

Slides:



Advertisements
Similar presentations
(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.
Advertisements

On the Necessity of Handling DDoS Traffic in the Middle of the Network Peter Reiher UCLA Computer Communications Workshop October 22, 2008.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.
Security (Continued) V.T. Raja, Ph.D., Oregon State University.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
 Unlike other forms of computer attacks, goal isn’t access or theft of information or services  The goal is to stop the service from operating o.
Computer Security and Penetration Testing
Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
Network Layer Security Distributed Denial of Service (DDoS) attacks and the proposed solutions November 12, 2007.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
CIS 659 – Introduction to Network Security – Fall 2003 – Class 10 – 10/9/03 1 What is Distributed Denial of Service?
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.
Web server security Dr Jim Briggs WEBP security1.
DDos Distributed Denial of Service Attacks by Mark Schuchter.
Bandwidth DoS Attacks and Defenses Robert Morris Frans Kaashoek, Hari Balakrishnan, Students MIT LCS.
An Overview Zhang Fu Outline What is DDoS ? How it can be done? Different types of DDoS attacks. Reactive VS Proactive Defence.
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.
Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
Lecture 22 Page 1 Advanced Network Security Other Types of DDoS Attacks Advanced Network Security Peter Reiher August, 2014.
1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
Being an Intermediary for Another Attack Prepared By : Muhammad Majali Supervised By : Dr. Lo’ai Tawalbeh New York Institute of Technology (winter 2007)
Global NetWatch Copyright © 2003 Global NetWatch, Inc. Factors Affecting Web Performance Getting Maximum Performance Out Of Your Web Server.
Denial of Service Bryan Oemler Web Enhanced Information Management March 22 nd, 2011.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.
Topics to be covered 1. What are bots,botnet ? 2.How does it work? 4.Prevention of botnet. 3.Types of botnets.
--Harish Reddy Vemula Distributed Denial of Service.
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Security News Source Courtesy:
Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.
Lecture 1 Page 1 CS 239, Fall 2010 Distributed Denial of Service Attacks and Defenses CS 239 Advanced Topics in Computer Security Peter Reiher September.
CHAPTER 3 Classes of Attack. INTRODUCTION Network attacks come from both inside and outside firewall. Kinds of attacks: 1. Denial-of-service 2. Information.
Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.
Lecture 12 Page 1 CS 236 Online Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite coasts.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
Distributed Denial of Service Attacks
What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.
Denial of Service Datakom Ht08 Jesper Christensen, Patrick Johansson, Robert Kajic A short introduction to DoS.
Denial of Service Attacks
Lecture 20 Page 1 Advanced Network Security Basic Approaches to DDoS Defense Advanced Network Security Peter Reiher August, 2014.
Denial of Service Attack 발표자 : 전지훈. What is Denial of Service Attack?  Denial of Service Attack = DoS Attack  Service attacks on a Web server floods.
CIS 659 – Introduction to Network Security – Fall 2003 – Class 10 – 10/9/03 1 Simple Denial of Service.
Lecture 17 Page 1 CS 236, Spring 2008 Distributed Denial of Service (DDoS) Attacks Goal: Prevent a network site from doing its normal business Method:
CSE715 Presentation Project Fall 2004 by Michael Alexandrou and Rusty Coleman.
1 Distributed Denial of Service Attacks. Potential Damage of DDoS Attacks l The Problem: Massive distributed DoS attacks have the potential to severely.
DoS/DDoS attack and defense
Network Security Threats KAMI VANIEA 18 JANUARY KAMI VANIEA 1.
Lecture 17 Page 1 CS 236, Spring 2008 Distributed Denial of Service (DDoS) Attacks Goal: Prevent a network site from doing its normal business Method:
Lecture 17 Page 1 Advanced Network Security Network Denial of Service Attacks Advanced Network Security Peter Reiher August, 2014.
Denial of Service Attacks Simulating Strategic Firewall Placement By James Box, J.A. Hamilton Jr., Adam Hathcock, Alan Hunt.
Matt Jennings.  What is DDoS?  Recent DDoS attacks  History of DDoS  Prevention Techniques.
Denial of Service A comparison of DoS schemes Kevin LaMantia COSC 316.
Lecture 18 Page 1 CS 236 Online Prolog to Lecture 18 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Comparison of Network Attacks COSC 356 Kyler Rhoades.
Botnets A collection of compromised machines
Distributed Denial of Service (DDoS) Attacks
Outline Basics of network security Definitions Sample attacks
DDoS In the Real World Do DDoS attacks really happen?
Botnets A collection of compromised machines
Network Security: DoS Attacks, Smurf Attack, & Worms
Outline Basics of network security Definitions Sample attacks
Outline Basics of network security Definitions Sample attacks
Distributed Denial of Service (DDoS) Attacks
Presentation transcript:

Lecture 18 Page 1 Advanced Network Security Distributed Denial of Service Attacks Advanced Network Security Peter Reiher August, 2014

Lecture 18 Page 2 Advanced Network Security Outline Attacker solution #2: distributed denial of service attacks What are they? DDoS toolkits

Lecture 18 Page 3 Advanced Network Security A Flooding Attack But does it actually deny service here?

Lecture 18 Page 4 Advanced Network Security The Problem With This Attack The attacking computer is usually a home machine or office workstation Maybe it’s got outgoing bandwidth of 10Mbps The target is usually a server Maybe it’s got incoming bandwidth of 1 Gbps The target barely notices the attack

Lecture 18 Page 5 Advanced Network Security “Solving” This Problem How can an attacker overwhelm a machine with more resources than his? Two possibilities: –Find a way to make the target pay more per message than the attacker –Use more than one machine to attack

Lecture 18 Page 6 Advanced Network Security Solution #2: Use Multiple Machines to Attack If one machine can’t generate enough traffic to overwhelm a server, Maybe two can Or three Or four Or forty thousand

Lecture 18 Page 7 Advanced Network Security Distributed Denial of Service Attacks

Lecture 18 Page 8 Advanced Network Security What Is Distributed Denial of Service? A concerted attack by multiple machines on a single target –Usually a large number of machines Intended to make the target unable to service its regular customers By overwhelming some resource –Typically bandwidth

Lecture 18 Page 9 Advanced Network Security How To Perform a DDoS Attack: Step 1 Gain control of a lot of machines You could buy them But, if you’re going to use them to make an illegal attack, why buy them? Usually, you steal them –Or, more precisely, take them over with malware

Lecture 18 Page 10 Advanced Network Security How To Perform a DDoS Attack: Step 2 Install software on all the machines to send packets to a specified target Usually the software has various options –When to begin –For how long –What kind of packets

Lecture 18 Page 11 Advanced Network Security How To Perform a DDoS Attack: Step 3 Issue commands to your machines to start them sending packets If there are a lot of your machines, maybe use an efficient way to tell them –Like some tree-structured distribution system They will then start attacking

Lecture 18 Page 12 Advanced Network Security Some Refinements to the Attack Vary the number of packets sent by each attacker over time Only use a fraction of your available machines at any given moment –Cycling through the entire set Pulse the attack, turning it on and off

Lecture 18 Page 13 Advanced Network Security 13 Typical Attack Modus Operandi

Lecture 18 Page 14 Advanced Network Security Typical Effects of a DDoS Attack A sudden, vast flood of packets being sent to a site Typically packets that are fairly clearly junk –But could be close to real traffic These packets drown out the legitimate traffic So only junk gets delivered

Lecture 18 Page 15 Advanced Network Security DDoS Attacks in the Real World Very common Some are pretty small –On small targets, often Occasionally we see a really big one –Typically on a high profile target Often difficult to handle

Lecture 18 Page 16 Advanced Network Security Some Important Examples Microsoft, Yahoo, etc. targeted Recent large DDoS attack on Hong Kong voting site 25 million packet per second attacks on domain hosting and online gaming sites At least one company went out of business due to a DDoS attack

Lecture 18 Page 17 Advanced Network Security DDoS Attack on DNS Root Servers Concerted ping flood attack on all 13 of the DNS root servers in October 2002 Successfully halted operations on 9 of them Lasted for 1 hour –Turned itself off, was not defeated Did not cause major impact on Internet –DNS uses caching aggressively Another (less effective) attack in February 2007

Lecture 18 Page 18 Advanced Network Security DDoS Attack on Estonia Occurred April-May 2007 Estonia removed a statue that Russians liked Then somebody launched large DDoS attack on Estonian government sites Took much of Estonia off-line for ~ 3 weeks DDoS attack on Radio Free Europe sites in Belarus in 2008

Lecture 18 Page 19 Advanced Network Security DDoS Attack on Al Jazeera DNS name server floods of Mbps on English language web site Successfully made Al Jazeera web site unreachable for two days –After which, their DNS name was hijacked Al Jazeera not easily able to recover from attack –As Al Jazeera added capacity, the attack got stronger

Lecture 18 Page 20 Advanced Network Security Combining the Two Attacker “Solutions” Attackers can use both asymmetry and multiple machines Making the problem that much harder to solve Reflector attacks are one example Recent Hong Kong attack required SSL decryption from large number of attack machines

Lecture 18 Page 21 Advanced Network Security Attack Toolkits Widely available on net –Easily downloaded along with source code –Easily deployed and used Automated code for: –Scanning – detection of vulnerable machines –Exploit – breaking into the machine –Infection – placing the attack code Rootkit –Hides the attack code –Restarts the attack code –Keeps open backdoors for attacker access DDoS attack code: –Trinoo, TFN, TFN2K, Stacheldraht, Shaft, mstream, Trinity

Lecture 18 Page 22 Advanced Network Security DDoS Attack Code Attacker can customize: –Type of attack UDP flood, ICMP flood, TCP SYN flood, Smurf attack Web server request flood, authentication request flood, DNS flood –Victim IP address –Duration –Packet size –Source IP spoofing –Dynamics (constant rate or pulsing) –Communication between master and slaves

Lecture 18 Page 23 Advanced Network Security Implications of Attack Toolkits You don’t need much knowledge or many skills to perpetrate DDoS Toolkits allow unsophisticated users to become DDoS perpetrators in little time DDoS is, unfortunately, a game anyone can play

Lecture 18 Page 24 Advanced Network Security Conclusion Distributed denial of service attacks solve the attacker’s problem of asymmetric capabilities DDoS attacks harness multiple hosts to attack a single machine DDoS attacks are simple, yet hard to handle

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.