Inferring Denial of Service Attacks David Moore, Geoffrey Volker and Stefan Savage Presented by Rafail Tsirbas 4/1/20151.

Slides:



Advertisements
Similar presentations
Syn Flooding Sends TCP connections to a machine faster than it can process themSends TCP connections to a machine faster than it can process them Each.
Advertisements

Network support for DoS Protection Stefan Savage Dept of Computer Science and Engineering UC San Diego.
Denial of Service By: Samarth Shah and Navin Soni.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
Inferring Internet Denial-of- Service Activity David Moore, Colleen Shannon, Douglas J. Brown, Geoffrey M. Voelker, and Stefan Savage Presented by Qian.
MULTOPS A data-structure for bandwidth attack detection Thomer M. Gil Vrije Universiteit, Amsterdam, Netherlands MIT, Cambridge, MA, USA
Operating Systems Concepts 1/e Ruth Watson Chapter 11 Chapter 11 Network Maintenance Ruth Watson.
Use of Measurements in Anomaly Detection CS 8803: Network Measurements Seminar Instructor: Constantinos Dovrolis Fall 2003 Presenter: Buğra Gedik.
Security (Continued) V.T. Raja, Ph.D., Oregon State University.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Network Attacks Mark Shtern.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Network-Based Denial of Service Attacks Trends, Descriptions, and How to Protect Your Network Craig A. Huegen Cisco Systems, Inc. NANOG Dearborn,
 Unlike other forms of computer attacks, goal isn’t access or theft of information or services  The goal is to stop the service from operating o.
Inferring Internet Denial-of- Service Activity David Moore, Colleen Shannon, Douglas J. Brown, Geoffrey M. Voelker, Stefan Savage Presented by Thangam.
Student : Wilson Hidalgo Ramirez Supervisor: Udaya Tupakula Filtering Techniques for Counteracting DDoS Attacks.
Lan Nguyen Mounika Namburu 1.  DDoS Defense Research  A2D2 Design ◦ Subnet Flooding Detection using Snort ◦ Class -Based Queuing ◦ Multi-level Rate.
1 Network Security Derived from original slides by Henric Johnson Blekinge Institute of Technology, Sweden From the book by William Stallings.
TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Inferring Internet Denial-of- Service Activity David Moore, Geoffrey M Voelker, Stefan Savage Presented by Yuemin Yu – CS290F – Winter 2005.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 7: Denial-of-Service Attacks.
10/21/20031 Framework For Classifying Denial of Service Attacks Alefiya Hussain, John Heidemann, Christos Papadopoulos Kavita Chada & Viji Avali CSCE 790.
Vocabulary URL = uniform resource locator: web address protocol –set of rules that networked computers follow in order to share data and coordinate communications.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Spring 2006.
DDos Distributed Denial of Service Attacks by Mark Schuchter.
Lecture 15 Denial of Service Attacks
CISCO NETWORKING ACADEMY Chabot College ELEC ping & traceroute.
Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,
Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.
Lecture 22 Page 1 Advanced Network Security Other Types of DDoS Attacks Advanced Network Security Peter Reiher August, 2014.
1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.
Internet Control Message Protocol ICMP. ICMP has two major purposes: –To report erroneous conditions –To diagnose network problems ICMP has two major.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
Characteristics of Internet Background Radiation Authors: Ruoming Pang, Vinod Yegneswaran, Paul Barford, Vern Paxson, & Larry Peterson & Larry Peterson.
1 Network Packet Generator Midway presentation Supervisor: Mony Orbach Presenting: Eugeney Ryzhyk, Igor Brevdo.
Denial of Service Bryan Oemler Web Enhanced Information Management March 22 nd, 2011.
Chapter 9 & 10 TCP/IP. TCP/IP Model Application Transport Internet Internet Access.
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Security News Source Courtesy:
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Lecture 18 Page 1 Advanced Network Security Distributed Denial of Service Attacks Advanced Network Security Peter Reiher August, 2014.
The UCSD Network Telescope A Real-time Monitoring System for Tracking Internet Attacks Stefan Savage David Moore, Geoff Voelker, and Colleen Shannon Department.
CHAPTER 3 Classes of Attack. INTRODUCTION Network attacks come from both inside and outside firewall. Kinds of attacks: 1. Denial-of-service 2. Information.
Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.
Group 8 Distributed Denial of Service. DoS SYN Flood DDoS Proposed Algorithm Group 8 What is Denial of Service? “Attack in which the primary goal is to.
DoS Suite and Raw Socket Programming Group 16 Thomas Losier Paul Obame Group 16 Thomas Losier Paul Obame.
Chapter 7 Denial-of-Service Attacks Denial-of-Service (DoS) Attack The NIST Computer Security Incident Handling Guide defines a DoS attack as: “An action.
McLean HIGHER COMPUTER NETWORKING Lesson 13 Denial of Service Attacks Description of the denial of service attack: effect: disruption or denial of.
Denial of Service DoS attacks try to deny legimate users access to services, networks, systems or to other resources. There are DoS tools available, thus.
________________ CS3235, Nov 2002 (Distributed) Denial of Service Relatively new development. –Feb 2000 saw attacks on Yahoo, buy.com, ebay, Amazon, CNN.
Network Sniffer Anuj Shah Advisor: Dr. Chung-E Wang Department of Computer Science.
CSE715 Presentation Project Fall 2004 by Michael Alexandrou and Rusty Coleman.
The Tech Behind Cyber Security October 31 | Part 1: From Packets to IP and the “Ping of Death”: An Introduction to Cyber November ? |Part 2: Case Study:
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 25 November 16, 2004.
1 Figure 3-13: Internet Protocol (IP) IP Addresses and Security  IP address spoofing: Sending a message with a false IP address (Figure 3-17)  Gives.
DoS/DDoS attack and defense
Filtering Spoofed Packets Network Ingress Filtering (BCP 38) What are spoofed or forged packets? Why are they bad? How to keep them out.
Network Security Threats KAMI VANIEA 18 JANUARY KAMI VANIEA 1.
Internet Control Message Protocol (ICMP). ICMP Internet Control Message Protocol –IP is the delivery standard at the TCP/IP internet layer –ICMP is the.
DOS Attacks Lyle YapDiangco COEN 150 5/21/04. Background DOS attacks have been around for decades Usually intentional and malicious Can cost a target.
Inferring Internet Denial-of-Service Activity Authors: David Moore, Geoffrey M. Voelker and Stefan Savage; University of California, San Diego Publish:
Denial of Service A comparison of DoS schemes Kevin LaMantia COSC 316.
Denail of Service(Dos) Attacks & Distributed Denial of Service(DDos) Attacks Chun-Chung Chen.
Comparison of Network Attacks COSC 356 Kyler Rhoades.
General Classes of TCP/IP Problems
A Real and Rising Concern
Filtering Spoofed Packets
Threats in Networks Jagdish S. Gangolly School of Business
Presentation transcript:

Inferring Denial of Service Attacks David Moore, Geoffrey Volker and Stefan Savage Presented by Rafail Tsirbas 4/1/20151

Outline Denial of Service Attacks Motivation & Limitations Backscatter Analysis Results Conclusion 4/1/2015Footer Text2

Denial of Service Attacks Logic Attacks o “Ping of Death” Flooding Attacks o Overflow victim’s computer 4/1/2015Footer Text3

Flooding Attacks The attacker tries to overflow victim’s pc o SYN Floods o TCP DATA o TCP NULL o ICMP Echo Requests o DNS Request o “Monlist” o … 4/1/2015Footer Text4 Victim Attacker

Flooding Attacks The attacker tries to overflow victim’s pc o SYN Floods o TCP DATA o TCP NULL o ICMP Echo Requests o DNS Request o Zero Day Attack o NTP “monlist” o … 4/1/2015Footer Text5 AttackerVictim

Flooding Attacks Distributed Denial of Service Attacks o A lot more power o Hide easier o More sophisticated attack IP spoofing o Change source IP address o Tools Shaft, TFT etc 4/1/2015Footer Text6 Attacker Botnets

4/1/2015Footer Text7 Outline Denial of Service Attacks Motivation & Limitations Backscatter Analysis Results Conclusion

Motivation & Limitations “How prevalent are Denial of Service Attacks in the Internet today?” Base line for long term analysis Limitation Factors 4/1/20158

9 Outline Denial of Service Attacks Motivation & Limitations Backscatter Analysis Results Conclusion

Backscatter analysis 4/1/2015Footer Text10

Backscatter effect 4/1/2015Footer Text11 Attacker Victim Host A Host B Host C

Backscatter analysis 4/1/2015Footer Text12 Attacker Victim Host A Host B Host C M packets N pc’s monitoring

Backscatter analysis 4/1/2015Footer Text13

Attack classification Flow-based o How many, how long, what kind Event-based o Fixed time windows 4/1/2015Footer Text14

Backscatter analysis They monitored /8 Network 3 weeks long 4/1/2015Footer Text15 /8 Network Monitor

4/1/2015Footer Text16 Outline Denial of Service Attacks Motivation & Limitations Backscatter Analysis Results Conclusion

Results 4/1/2015Footer Text17 Flow based Over 12,800 attacks 6,000 distinct IP addresses Almost 200 million backscatter packets Event-based 10,000 distinct IP addresses Almost 200 million backscatter packets

Results 4/1/2015Footer Text18

Responses Protocols 4/1/2015Footer Text19

Protocols 4/1/2015Footer Text20

Duration 4/1/2015Footer Text21

TLDs 4/1/2015Footer Text22

4/1/2015Footer Text23 Outline Denial of Service Attacks Motivation & Limitations Backscatter Analysis Results Conclusion

Conclusions New techinque “backscatter analysis” DoS attacks exist 4/1/2015Footer Text24

Questions? 4/1/2015Footer Text25

Thank You! 4/1/2015Footer Text26

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.