DoS/DDoS attack and defense

Slides:



Advertisements
Similar presentations
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Advertisements

Review For Exam 2 March 9, 2010 MIS 4600 – MBA © Abdou Illia.
CISCO NETWORKING ACADEMY PROGRAM (CNAP)
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
1 Reading Log Files. 2 Segment Format
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.
Security (Continued) V.T. Raja, Ph.D., Oregon State University.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Network-Based Denial of Service Attacks Trends, Descriptions, and How to Protect Your Network Craig A. Huegen Cisco Systems, Inc. NANOG 12 Interprovider.
Computer Security and Penetration Testing
Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
SYN Flooding: A Denial of Service Attack Shivani Hashia CS265.
Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA © Abdou Illia.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.
1 CCNA 2 v3.1 Module Intermediate TCP/IP CCNA 2 Module 10.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 7: Denial-of-Service Attacks.
WXES2106 Network Technology Semester /2005 Chapter 8 Intermediate TCP CCNA2: Module 10.
Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.
Lance West.  Just what is a Denial of Service (DoS) attack, and just how can it be used to attack a network.  A DoS attack involves exploiting operating.
Lecture 15 Denial of Service Attacks
Chapter 9 Phase 3: Denial-of-Service Attacks. Fig 9.1 Denial-of-Service attack categories.
DENIAL OF SERVICE ATTACK
Dos (Denial of Services) Aamir Wahid September 23 rd 2004.
Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,
Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.
1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.
Week 8-1 Week 8: Denial of Service (DoS) What is Denial of Service Attack? –Any attack that causes a system to be unavailability. This is a violation of.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
Being an Intermediary for Another Attack Prepared By : Muhammad Majali Supervised By : Dr. Lo’ai Tawalbeh New York Institute of Technology (winter 2007)
1 Network Packet Generator Midway presentation Supervisor: Mony Orbach Presenting: Eugeney Ryzhyk, Igor Brevdo.
Firewalls. Evil Hackers FirewallYour network Firewalls mitigate risk Block many threats They have vulnerabilities.
Overview Network communications exposes one to many different types of risks: No protection of the privacy, integrity, or authenticity of messages Traffic.
1 Semester 2 Module 10 Intermediate TCP/IP Yuda college of business James Chen
Denial-of-Service Attacks Justin Steele Definition “A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate.
--Harish Reddy Vemula Distributed Denial of Service.
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Security News Source Courtesy:
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Network Security Lecture 6 Presented by: Dr. Munam Ali Shah.
Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.
Lecture 22 Network Security CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Hesham El-Rewini.
Group 8 Distributed Denial of Service. DoS SYN Flood DDoS Proposed Algorithm Group 8 What is Denial of Service? “Attack in which the primary goal is to.
Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.
NETWORK ATTACKS Dr. Andy Wu BCIS 4630 Fundamentals of IT Security.
Denial of Service Attacks Dr. John R. Durrett ISQS 6342 Spring 2003 Dipen Joshi.
Denial of Service Attacks
Denial of Service Attack 발표자 : 전지훈. What is Denial of Service Attack?  Denial of Service Attack = DoS Attack  Service attacks on a Web server floods.
Chapter 7 Denial-of-Service Attacks Denial-of-Service (DoS) Attack The NIST Computer Security Incident Handling Guide defines a DoS attack as: “An action.
Denial of Service DoS attacks try to deny legimate users access to services, networks, systems or to other resources. There are DoS tools available, thus.
________________ CS3235, Nov 2002 (Distributed) Denial of Service Relatively new development. –Feb 2000 saw attacks on Yahoo, buy.com, ebay, Amazon, CNN.
Denial of Service Attacks: Methods, Tools, and Defenses Prof. Mort Anvari Strayer University at Arlington.
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 25 November 16, 2004.
Autonomic Response to Distributed Denial of Service Attacks Paper by: Dan Sterne, Kelly Djahandari, Brett Wilson, Bill Babson, Dan Schnackenberg, Harley.
Network Security Threats KAMI VANIEA 18 JANUARY KAMI VANIEA 1.
An Analysis of Using Reflectors for Distributed Denial-of- Service Attacks Paper by Vern Paxson.
1 Figure 4-11: Denial-of-Service (DoS) Attacks Introduction  Attack on availability  Act of vandalism Single-Message DoS Attacks  Crash a host with.
Network-Based Denial of Service Attacks Trends, Descriptions, and How to Protect Your Network Craig A. Huegen Cisco Systems, Inc. SANS ‘98 Conference -
DOS Attacks Lyle YapDiangco COEN 150 5/21/04. Background DOS attacks have been around for decades Usually intentional and malicious Can cost a target.
Denial of Service A comparison of DoS schemes Kevin LaMantia COSC 316.
Denail of Service(Dos) Attacks & Distributed Denial of Service(DDos) Attacks Chun-Chung Chen.
Denial-of-Service Attacks
AP Waseem Iqbal.  DoS is an attack on computer or network that reduces, restricts or prevents legitimate of its resources  In a DoS attack, attackers.
DDoS Attacks on Financial Institutions Presentation
Domain 4 – Communication and Network Security
Error and Control Messages in the Internet Protocol
Intro to Denial of Serice Attacks
Red Team Exercise Part 3 Week 4
Presentation transcript:

DoS/DDoS attack and defense Nguyen Tien Thanh

Outline Countermeasures to DoS/DDoS Tools for DoS/DDoS Denial of Service attack Introduction Impact of DoS attack DoS attack types (ping flood, UDP flood, buffer overflow, ping of death, teardrop, SYN flood) Distributed Denial of Service attack Handler-Agent model IRC based model Countermeasures to DoS/DDoS Tools for DoS/DDoS

DoS Introduction Denial of Service attack is an attack which can render a system service slow or unusable for legitimate users, by consuming system resources

DoS Impact of DoS attack Financial loss Reputation damage Disabled network Disabled organization

DoS attack types Smurf attack (ping flood) The attacker generates a large amount of ICMP echo (ping) traffic to the network broadcast address with a spoofed source IP address of the victim The result will be a lot of ping replies flooding the victim host, severely impact the victim’s network connection

DoS attack types Fraggle attack (UDP flood) The attacker sends UDP packets to the random ports on the victim host. The victim will check for application listening on the port and reply with the “ICMP destination unreachable” packet The attacker can spoof the IP address of the UDP packets so that no one can trace back

DoS attack types Buffer overflow Buffer overflow occurs when a program writes data into the buffer and overruns the buffer boundary, overwrites the adjacent memory location. The attacker can use this to crash the victim machine

DoS attack types Ping of death The IP protocol allows the maximum IP packet size of 65,535 bytes. The attacker sends an IP packet larger than that. The fragmentation allows IP packets to be divided into smaller fragments The fragments can be combined up to more than the allowed size. The Operating system cannot handle the oversized packet and crash.

DoS attack types Teardrop attack The fragmentation allows IP packets to be divided into smaller fragments The attacker puts the confusing offset value into the second or later fragment The target machine cannot reassemble the packets and crash

DoS attack types SYN flooding SYN flooding exploits a flaw in TCP three-way handshake

DoS attack types SYN flooding (cont.) When a host receives the SYN request it must keep track of the partially opened connection in a "listen queue“ for at least 75 seconds The attacker can fill up the listen queue by sending multiple SYN requests to the host, but never reply to the SYN&ACK

DDoS Introduction (video) Distributed Denial of Service attack is carried out by using multiple compromised systems to attack a target to deny the service to the legitimate users The service under attack is the “primary victim,” while the compromised systems used to launch the attack are often called the “secondary victims” The sheer volume of sources involved in DDoS attacks make it nearly impossible to stop

DDoS Handler-Agent model

DDoS DDoS IRC based model

DoS/DDoS Countermeasures Smurf attacks (ping flood) Disable IP-directed broadcasts at routers. Most of the time, this function is not needed (defend against outside attack) Configure your operating system to prevent the machine from responding to ICMP packets sent to IP broadcast addresses (defend against inside attack) Fraggle attack (UDP flood) Disable UDP echo UDP is not very important, the negative impact is low.

DoS/DDoS Countermeasures (cont.) Buffer Overflow attack Operating system and software vendors often employ countermeasures in their products to prevent Buffer Overflow Attacks; particularly call stack and virtual memory randomization. Buffer Overflow Attacks have been rendered more difficult, although still possible to carry out. Ping of death does not affect modern Operating Systems Teardrop attack does not affect modern Operating Systems

DoS/DDoS Countermeasures (cont.) SYN flooding attack prevention: using firewall/proxy The firewall spoofs the ACK to prevent the listener TCB (transmission control block) from staying in the SYN-RECEIVED state, and thus maintains free space in the backlog. The firewall waits for sometime. If a legitimate ACK from the initiator is not observed, then it can signal the listener to free the TCB using a spoofed TCP RST segment. For legitimate connections, packet flow can continue, with no interference from the firewall/ proxy

DoS/DDoS Countermeasures (cont.) SYN flood attack countermeasure: Packet Exchanges through an ACK-spoofing Firewall/Proxy.

DoS/DDoS Countermeasures (cont.) There is no absolute solution to prevent DDoS, we only try to reduce the impact of the attack DoS countermeasures can be used also Based on the Handler-Agent model, we deduce the countermeasures in 3 components Prevent secondary victim; detect and neutralize handlers Detect and mitigate the attack Post-attack forensic

Improve awareness of internet users Install antivirus software DoS/DDoS Countermeasures (cont.) Prevent secondary victim; detect and neutralize handlers Improve awareness of internet users Install antivirus software Detect and neutralize handlers Study the communication protocol and traffic pattern between handlers and agents to locate the handler Handler-agent model suffers from single point of failure

DoS/DDoS Countermeasures (cont.) Detect and mitigate the attack Scan packets’ IP addresses when they leave the network. The spoofed source address of DDoS attack packets will not represent the valid source address of the specific network Load balancing: Increase bandwidth to prevent connection going down when under attack Balancing the load to each server in multi-server architecture Honeypot: Systems that are set up with low security act as a lure for an attacker Used to learn the attacker’s activities

DoS/DDoS Countermeasures (cont.) Post-attack forensics Analyze data to find specific pattern of the attacking traffic. This can help network admin to develop new filtering techniques Packet traceback: Can help identify the attacker Event logs: It keeps logs of DDoS attack information to do a forensic analysis

Tools for DoS/DDoS http://resources.infosecinstitute.com/dos-attacks-free-dos-attacking-tools/

References Certified Ethical Hacker ver.6 module 14 Denial of Service Tools for DoS and DDoS. Retrieved 1-Nov-2015 http://resources.infosecinstitute.com/dos-attacks-free-dos-attacking-tools/ DDoSpedia. Retrieved 1-Nov-2015 http://security.radware.com/knowledge-center/DDoSPedia Smurf attack prevention. Retrieved 1-Nov-2015 http://www.cert.org/historical/advisories/CA-1998-01.cfm SYN flood attack prevention. Retrieved 1-Nov-2015 http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_9-4/syn_flooding_attacks.html Video. Retrieved 1-Nov-2015 https://www.youtube.com/watch?v=OhA9PAfkJ10

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.