Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Attacks Instructor: Dr. X. Outline Worms DoS.

Published byImogene Sharyl Cunningham Modified over 8 years ago

Similar presentations

Presentation on theme: "Network Attacks Instructor: Dr. X. Outline Worms DoS."— Presentation transcript:

1 Network Attacks Instructor: Dr. X

2 Outline Worms DoS

3 Worms What are they? What do they do?

4 Morris worm First worm ever: 1988 Robert Morris made it… project while he was a student at Cornell Now professor at MIT

5 November 2, 1988 6pm: someone ran a program at a computer at MIT The program collected host, network, and user info...... and then spread to other machines running Sun 3, VAX, and some BSD variants... rinse and repeat Computers became multiply infected Systems became overloaded with processes Swap space became exhausted, and machines failed Wednesday night: UC Berkeley captures copy of program Around 6,000 machines (~10% of Internet) infected at cost of $10M-$100M

6 Morris Worm Attack Vector rsh: terminal client with network (IP) - based authentication fingerd: used gets call without bounds checking sendmail: DEBUG mode allows remote user to run commands lots of sendmail daemons running in DEBUG mode

7 Code Red - 2001 Exploited a Microsoft IIS web-server buffer overflow Scans for vulnerabilities over random IP addresses Sometimes would deface the compromised website Initial outbreak on July 16th, 2001 version 1: contained bad randomness (fixed IPs searched) version 2: fixed the randomness, August 4 - Code Red II Different code base, same exploit Added local scanning (biased randomness to local IPs) Killed itself in October of 2001

8 Stuxnet First reported June 2010 Exploited unknown vulnerabilities Not one zero-day Not two zero-days Not three zero-days But four zero-days! print spooler bug handful of escalation-of-privilege vulnerabilities

9 Stuxnet Spread through infected USB drives - bypasses “air gaps” Worm actively targeted SCADA systems (i.e., industrial control systems)targeted SCADA looked for WINCC or PCS 7 SCADA management system attempted 0-day exploit also tried using default passwords apparently, specifically targeted Iran’s nuclear architecture

10 Stuxnet

11 Worms and infection The effectiveness of a worm is determined by how good it is at identifying vulnerable machines Multi-vector worms use lots of ways to infect: e.g., network, email, drive by downloads, etc. Example scanning strategies: Random IP Signpost scanning Local scanning Permutation scanning

12 Worm Defense Strategies (Auto) patch your systems Heterogeneity: use more than one vendor for your networks IDS: provides filtering for known vulnerabilities

13 Denial of Service! What is DoS? Intentional prevention of access to valued resource CPU, memory, disk (system resources) DNS, print queues, NIS (services) Web server, database, media server (applications)

14 DDoS

15 DDoS is a data structure…

16 DDoS Saturate the target’s network with traffic Consume all network resources (e.g., SYN flooding) Overload a service with requests Use “expensive” requests (e.g., “sign this data”) Can be extremely costly

17 Botnet A botnet is a network of software robots (bots) run on zombie machines which are controlled by command and control networks IRCbots - command and control over IRC Bot master - owner/controller of network

18 DDoS in the news DoS attacks in the news - http://www.ddosattacks.net/ Hackers Target NASA with DDoS Attack, Claim to Shutdown Email Servers DDoS Attacks Cripple Swedish News Sites Amid Russia Tension Darkreading - Half Of Enterprises Worldwide Hit By DDoS Attacks (2014) Digital Attack Map Norse attack map Norse

19 DDoS

20 Classification continued

21 Example: Smurf Attack

22 Example: Slowloris

23 Demo: SYN Flood

24 Floods and their problems Flash crowd traffic What is the difference of a surge of traffic and DDoS flood?

25 Why DDoS? An axe to grind Curiosity (script kiddies) Blackmail / racketeering Information warfare Distraction

26 An easy fix?

27 DDoS Countermeasures

28 DDoS Reality None of the “protocol oriented” solutions have really seen any adoption: too many untrusting, ill-informed, mutually suspicious parties must play together Real Solution Large ISPs police their ingress/egress points very carefully Watch for DDoS attacks and filter appropriately Develop products that coordinate view from many vantage points in the network to identify upswings in traffic

29 Sources/Additional reading http://spectrum.ieee.org/telecom/security/the-real-story-of-stuxnet “Distributed Denial of Service: Taxonomies of Attacks, Tools and Countermeasures”, Stephen M. Specht, Ruby B. Lee

Download ppt "Network Attacks Instructor: Dr. X. Outline Worms DoS."

Similar presentations

(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.

(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.
Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 3. Program Security -- Part I.

Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 3. Program Security -- Part I.
C risis And A ftermath Eugene H. Spafford 발표자 : 손유민.

C risis And A ftermath Eugene H. Spafford 발표자 : 손유민.
Communications of the ACM (CACM), Vol. 32, No. 6, June 1989

Communications of the ACM (CACM), Vol. 32, No. 6, June 1989
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Introduction to Security Computer Networks Computer Networks Term B10.

Introduction to Security Computer Networks Computer Networks Term B10.
 Population: N=100,000  Scan rate  = 4000/sec, Initially infected: I 0 =10  Monitored IP space 2 20, Monitoring interval:  = 1 second Infected hosts.

 Population: N=100,000  Scan rate  = 4000/sec, Initially infected: I 0 =10  Monitored IP space 2 20, Monitoring interval:  = 1 second Infected hosts.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
How to Own the Internet in your spare time Ashish Gupta Network Security April 2004.

How to Own the Internet in your spare time Ashish Gupta Network Security April 2004.
Lecture 15 Denial of Service Attacks

Lecture 15 Denial of Service Attacks
 Discovered in June/July 2010  Targeted Siemens software and equipment running Microsoft Windows  First malware for SCADA systems to spy and subvert.

 Discovered in June/July 2010  Targeted Siemens software and equipment running Microsoft Windows  First malware for SCADA systems to spy and subvert.
BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.

BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.
MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.

MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.
1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.

1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel 434920317 1.

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel

Similar presentations

Ads by Google