Denial of Service Datakom Ht08 Jesper Christensen, Patrick Johansson, Robert Kajic A short introduction to DoS

Introduction – Examples Some known incidents Types of attacks – DoS – Denial of Service – DDoS – Distributed Denial of Service – Flavours PDoS - Permanent Denial of Service DRDoS(?) - Distributed Reflected Denial of Service Unintentional Prevention – Being prepared – Network infrastructure

Introduction A ”denial-of-service” or DoS attack is a security threat in which an attacker attempts to deny users from using a service by rendering some network, host or another piece of infrastructure unusable Typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even DNS root server

Examples Some examples of DoS attacks are: – ”Flooding” of a network which prevents legitimate network traffic – Disruption of connections between two machines in order to prevent access to a service – Preventing some individual from accessing a service – Disruption of a service to a specific system or person

”Flooding” of a network which prevents legitimate network traffic

Disruption of connections between two machines in order to prevent access to a service

Preventing some individual from accessing a service

Disruption of a service to a specific system or person

Some known incidents DDoS attacks against the DNS Root servers – DNS Root servers are responsible for redirecting requests for a particular top domain to that top domains authorative dns servers. I.e. break them and you break the internet. – There have been two major DoS attacks against the root servers 2002, 9 of 13 servers 2007, 3 of 13 servers More recent attacks Digg.com - social networking site – September 2008, 6 hours downtime Polisen.se – 1-2 of June 2006 the Swedish police website was subject to an attack originating from multiple countries, probably as a response to the raid on The Pirate Bay. – Simple attack, started out by many people linking to / downloading a picture from the site.

Types of attacks DoS – Consumption of scarce, limited, or non-renewable resources – Destruction or alteration of configuration information – Ex. Smurf attack – relies on misconfigured network devices that allow packets to be sent to all computer hosts on a particular network via the broadcast address of the network, rather than a specific machine. By spoofing the source adress the broadcast replies will flood the holder of the fake source address. Ping flood - sends overwhelming number of ping packets. SYN flood - sends a flood of TCP/SYN packets, often with a forged sender address.

Types of attacks DDoS - Distributed Denial of Service – Multiple systems participate in a DoS attack

Types of attacks Flavors – PDoS - Permanent Denial of Service Permanently damaging hardware Not many known examples – DRDoS – Distributed Reflected Denial of Service Internet protocol spoofing – Unintentional ”attacks” Slashdot effect Utube.com sued Youtube.com

Preventing DoS attacks Being prepared – Secure individual hosts Minimize number of running services Setup disk quotas Make backups Etc. – Backup Systems – Backup Connections Network infrastructure – Firewalls – Routers/Switches – IPS – Intrusion Prevention System