Lecture 1 Page 1 CS 239, Fall 2010 Distributed Denial of Service Attacks and Defenses CS 239 Advanced Topics in Computer Security Peter Reiher September.

Slides:



Advertisements
Similar presentations
(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.
Advertisements

On the Necessity of Handling DDoS Traffic in the Middle of the Network Peter Reiher UCLA Computer Communications Workshop October 22, 2008.
Why Is DDoS Hard to Solve? 1.A simple form of attack 2.Designed to prey on the Internet’s strengths 3.Easy availability of attack machines 4.Attack can.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Lecture 8 Page 1 CS 236, Spring 2008 Distributed Denial of Service Attacks CS 236 Advanced Computer Security Peter Reiher May 20, 2008.
 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
Overview of Distributed Denial of Service (DDoS) Wei Zhou.
 Unlike other forms of computer attacks, goal isn’t access or theft of information or services  The goal is to stop the service from operating o.
DFence: Transparent Network-based Denial of Service Mitigation CSC7221 Advanced Topics in Internet Technology Presented by To Siu Sang Eric ( )
Flash Crowds And Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites Aaron Beach Cs395 network security.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.
Defending Against Flooding Based DoS Attacks : A tutorial - Rocky K.C. Chang, The Hong Kong Polytechnic University Presented by – Ashish Samant.
Network Attacks. Network Trust Issues – TCP Congestion control – IP Src Spoofing – Wireless transmission Denial of Service Attacks – TCP-SYN – Name Servers.
Lecture 15 Denial of Service Attacks
Bandwidth DoS Attacks and Defenses Robert Morris Frans Kaashoek, Hari Balakrishnan, Students MIT LCS.
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.
An Overview Zhang Fu Outline What is DDoS ? How it can be done? Different types of DDoS attacks. Reactive VS Proactive Defence.
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
Lecture 22 Page 1 Advanced Network Security Other Types of DDoS Attacks Advanced Network Security Peter Reiher August, 2014.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
Global NetWatch Copyright © 2003 Global NetWatch, Inc. Factors Affecting Web Performance Getting Maximum Performance Out Of Your Web Server.
Network security Further protocols and issues. Protocols: recap There are a few main protocols that govern the internet: – Internet Protocol: IP – Transmission.
Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.
Lecture 18 Page 1 Advanced Network Security Distributed Denial of Service Attacks Advanced Network Security Peter Reiher August, 2014.
Lecture 9 Page 1 CS 136, Fall 2014 Network Security Computer Security Peter Reiher November 4, 2014.
Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.
Lecture 12 Page 1 CS 236 Online Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite coasts.
Group 8 Distributed Denial of Service. DoS SYN Flood DDoS Proposed Algorithm Group 8 What is Denial of Service? “Attack in which the primary goal is to.
Lecture 12 Page 1 CS 236, Spring 2008 Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite.
Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.
Denial of Service Datakom Ht08 Jesper Christensen, Patrick Johansson, Robert Kajic A short introduction to DoS.
Packet-Marking Scheme for DDoS Attack Prevention
Lecture 20 Page 1 Advanced Network Security Basic Approaches to DDoS Defense Advanced Network Security Peter Reiher August, 2014.
Denial of Service Attack 발표자 : 전지훈. What is Denial of Service Attack?  Denial of Service Attack = DoS Attack  Service attacks on a Web server floods.
Chapter 7 Denial-of-Service Attacks Denial-of-Service (DoS) Attack The NIST Computer Security Incident Handling Guide defines a DoS attack as: “An action.
Lecture 11 Page 1 CS 136, Spring 2009 Network Security CS 136 Computer Security Peter Reiher May 7, 2009.
Denial of Service DoS attacks try to deny legimate users access to services, networks, systems or to other resources. There are DoS tools available, thus.
CIS 659 – Introduction to Network Security – Fall 2003 – Class 10 – 10/9/03 1 Simple Denial of Service.
Lecture 17 Page 1 CS 236, Spring 2008 Distributed Denial of Service (DDoS) Attacks Goal: Prevent a network site from doing its normal business Method:
DoS/DDoS attack and defense
Lecture 17 Page 1 CS 236, Spring 2008 Advanced Topics in Network Security: IP Spoofing and DDoS CS 236 On-Line MS Program Networks and Systems Security.
Lecture 16 Page 1 CS 239, Spring 2007 Designing Performance Experiments: An Example CS 239 Experimental Methodologies for System Software Peter Reiher.
An Analysis of Using Reflectors for Distributed Denial-of- Service Attacks Paper by Vern Paxson.
Lecture 17 Page 1 CS 236, Spring 2008 Distributed Denial of Service (DDoS) Attacks Goal: Prevent a network site from doing its normal business Method:
Lecture 17 Page 1 Advanced Network Security Network Denial of Service Attacks Advanced Network Security Peter Reiher August, 2014.
Denial of Service Attacks Simulating Strategic Firewall Placement By James Box, J.A. Hamilton Jr., Adam Hathcock, Alan Hunt.
Matt Jennings.  What is DDoS?  Recent DDoS attacks  History of DDoS  Prevention Techniques.
Denial of Service A comparison of DoS schemes Kevin LaMantia COSC 316.
Lecture 9 Page 1 CS 136, Spring 2014 Network Security CS 136 Computer Security Peter Reiher May 6, 2014.
Lecture 12 Page 1 CS 136, Spring 2009 Network Security: Firewalls CS 136 Computer Security Peter Reiher May 12, 2009.
Lecture 9 Page 1 CS 136, Spring 2016 Network Security Computer Security Peter Reiher April 26, 2016.
Lecture 18 Page 1 CS 236 Online Prolog to Lecture 18 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 9 Page 1 CS 236 Online Firewalls What is a firewall? A machine to protect a network from malicious external attacks Typically a machine that sits.
DNS Security Advanced Network Security Peter Reiher August, 2014
DDoS In the Real World Do DDoS attacks really happen?
Distributed Denial of Service (DDoS) Attacks
Outline Basics of network security Definitions Sample attacks
DDoS In the Real World Do DDoS attacks really happen?
Outline Basics of network security Definitions Sample attacks
Red Team Exercise Part 3 Week 4
COS 561: Advanced Computer Networks
Outline Basics of network security Definitions Sample attacks
Outline The spoofing problem Approaches to handle spoofing
Outline Basics of network security Definitions Sample attacks
Outline Why is DDoS hard to handle?
Distributed Denial of Service (DDoS) Attacks
Presentation transcript:

Lecture 1 Page 1 CS 239, Fall 2010 Distributed Denial of Service Attacks and Defenses CS 239 Advanced Topics in Computer Security Peter Reiher September 28, 2010

Lecture 1 Page 2 CS 239, Fall 2010 The Problem

Lecture 1 Page 3 CS 239, Fall 2010 Distributed Denial of Service (DDoS) Attacks Goal: Prevent a network site from doing its normal business Method: overwhelm the site with attack traffic Response: ?

Lecture 1 Page 4 CS 239, Fall 2010 Why Are These Attacks Made? Sometimes to annoy Sometimes for extortion Sometimes for political reasons If directed at infrastructure, might cripple parts of Internet –So who wants to do that...?

Lecture 1 Page 5 CS 239, Fall 2010 Attack Methods Pure flooding –Of network connection –Or of upstream network Overwhelm some other resource –SYN flood –CPU resources –Memory resources –Application level resource Direct or reflection

Lecture 1 Page 6 CS 239, Fall 2010 Why “Distributed”? Targets are often highly provisioned servers A single machine usually cannot overwhelm such a server So harness multiple machines to do so Also makes defenses harder

Lecture 1 Page 7 CS 239, Fall 2010 DDoS Attack on DNS Root Servers Concerted ping flood attack on all 13 of the DNS root servers in October 2002 Successfully halted operations on 9 of them Lasted for 1 hour –Turned itself off, was not defeated Did not cause major impact on Internet –DNS uses caching aggressively Another (less effective) attack in February 2007

Lecture 1 Page 8 CS 239, Fall 2010 DDoS Attack on Estonia Occurred April-May 2007 Estonia removed a statue that Russians liked Then somebody launched large DDoS attack on Estonian government sites Took much of Estonia off-line for ~ 3 weeks DDoS attack on Radio Free Europe sites in Belarus in 2008

Lecture 1 Page 9 CS 239, Fall 2010 How to Defend? A vital characteristic: –Don’t just stop a flood –ENSURE SERVICE TO LEGITIMATE CLIENTS!!! If you deliver a manageable amount of garbage, you haven’t solved the problem

Lecture 1 Page 10 CS 239, Fall 2010 Complicating Factors High availability of compromised machines –Millions of zombie machines out there Internet is designed to deliver traffic –Regardless of its value IP spoofing allows easy hiding Distributed nature makes legal approaches hard Attacker can choose all aspects of his attack packets –Can be a lot like good ones

Lecture 1 Page 11 CS 239, Fall 2010 Basic Defense Approaches Overprovisioning Dynamic increases in provisioning Hiding Tracking attackers Legal approaches Reducing volume of attack

Lecture 1 Page 12 CS 239, Fall 2010 Overprovisioning Be able to handle more traffic than attacker can generate Works pretty well for Microsoft and Google Not a suitable solution for Mom and Pop Internet stores

Lecture 1 Page 13 CS 239, Fall 2010 Dynamic Increases in Provisioning As attack volume increases, increase your resources Dynamically replicate servers Obtain more bandwidth Not always feasible Probably expensive Might be easy for attacker to outpace you

Lecture 1 Page 14 CS 239, Fall 2010 Hiding Don’t let most people know where your server is If they can’t find it, they can’t overwhelm it Possible to direct your traffic through other sites first –Can they be overwhelmed...? Not feasible for sites that serve everyone

Lecture 1 Page 15 CS 239, Fall 2010 Tracking Attackers Almost trivial without IP spoofing With IP spoofing, more challenging Big issue: –Once you’ve found them, what do you do? Not clear tracking actually does much good Loads of fun for algorithmic designers, though

Lecture 1 Page 16 CS 239, Fall 2010 Legal Approaches Sic the FBI on them and throw them in jail Usually hard to do FBI might not be interested in “small fry” Slow, at best Very hard in international situations Generally only feasible if extortion is involved –By following the money

Lecture 1 Page 17 CS 239, Fall 2010 Reducing the Volume of Traffic Addresses the core problem: –Too much traffic coming in, so get rid of some of it Vital to separate the sheep from the goats Unless you have good discrimination techniques, not much help Most DDoS defense proposals are variants of this

Lecture 1 Page 18 CS 239, Fall 2010 Approaches to Reducing the Volume Give preference to your “friends” Require “proof of work” from submitters Detect difference between good and bad traffic –Drop the bad –Easier said than done

Lecture 1 Page 19 CS 239, Fall 2010 Where To Defend? At the target? + Good knowledge of situation + Strong motivation to deploy + OK to do what’s needed At the source? + Drops junk early + Cost paid close to attacker + May be easy to distinguish packets - Poor deployment incentive - Requires wide deployment - May be subject to influence In the core? + Scales nicely + Works with moderate deployment - Low per packet budget possible - Poor deployment incentive - Against end-to-end philosophy - Easy to overwhelm - Often limited defense resources

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.