Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Real and Rising Concern

Published byLuke Bennett Modified over 6 years ago

Similar presentations

Presentation on theme: "A Real and Rising Concern"— Presentation transcript:

1 A Real and Rising Concern
DDoS Attacks Sean Dunn ICS H197 November 19, 2014

2 Distributed Denial of Service - DDoS
A DoS (Denial of Service) attack is a method by which malicious hackers prevent legitimate users from accessing a computer resource by overwhelming that resource with network requests DDoS (Distributed Denial of Service) attacks use arrays of remote or “zombie” computer systems for the same purpose

3 The Weapon of Choice DDoS attacks are growing in popularity
Any company that uses the Internet is at risk Every DDoS success inspires more attacks 2014 DDoS Attacks & Impact Report - Neustar 2014 DDoS Attacks & Impact Report - Neustar

4 Why Choose DDoS? Distribution makes the attack difficult to isolate
Harder to stop the attack without cutting all users out More points of attack allows each to be less conspicuous Fairly easy to implement Attackers can use cookie cutter versions of proven attacks (LOIC) Easier than creating a tailored virus/worm Can provide a “smokescreen” Distracts the victim, leaving the system vulnerable to other virus injections Prevention of all DDoS attacks is expensive and infeasible

5 Traditional DoS Attacks
Internet Control Message Protocol (ICMP) Flood -  ICMP echo request (ping) packets, large ICMP packets, and other ICMP types UDP Flood - resource starvation caused by UDP packets overwhelming the TCP packets in a network SYN Flood - The attacker does not reply to the server with the expected ACK. To do this, the attacker can spoof the source IP address or simply not reply to the SYN-ACK

6 Modern DDoS Attacks DNS Reflection Zero-Day Encrypted SSL

7 DNS Reflection Made possible by open DNS resolvers
The attacker uses a distributed system to request large DNS zone files Source IP address spoofed as the intended victim DNS zone files are ~100x the size of their requests Attackers can send attacks many times the size of their bandwidth

8 Zero-Day “One-packet-killers”
These attacks make use of a known vulnerability in a network With lower-level workarounds such as firmware bugs, DDoS attacks become extremely stealthy

9 Encrypted SSL This attack consumes more CPU resources during the encryption and decryption process The impact on the victim’s system is amplified Many DDoS mitigation techniques do not account for this type of attack A large number of these attacks cannot be scrubbed

10 Fighting Back Preparation Identification Reaction
Acquire tools and train a response team Identification Classify the type of attack Identify the appropriate tool to halt the attack Reaction Trace back the attack to better grasp how the network is affected Deploy your tools Assess the entire attack to better tailor your preparations for next time

11 DDoS Mitigation The most popular mitigation technique is DDoS scrubbing Scrubbing is done by passing network traffic through high- bandwidth networks with traffic filters The filters examine attributes such as: IP addresses Cookie variation HTTP headers Javascript footprints

12 Enough theory, what happens in the real world?

13

14 Infamous DDoS Attacks MafiaBoy, 2000 – 15 year old student launches DDoS against Yahoo, Ebay, CNN, Amazon, and Dell Estonia, 2007 – A slew of Estonian websites (many governmental) is DDoSed SpamHaus, 2013 – Non-profit anti-spam organization

15 MafiaBoy February, 2000 – Michael Demon Calce (aka MafiaBoy) runs a homemade script meant to take down high-profile networks The websites of Yahoo, Ebay, CNN, Amazon, and Dell were all hit within a week Calce launched his DDoS software from over 50 networks worldwide – many owned by universities Done in the spirit of “hacking” and to build reputation

16 Estonia Cyberattacks April, Many websites of Estonian organizations (banks, ministries, newspapers, etc.) brought offline The attacks ranged from ping floods to sophisticated botnets A leader in the pro-Kremlin youth movement took credit for organizing the attacks – which had political motives Experts believe the attacks had the blessing and help of Russian authorities

17 SpamHaus Directly or indirectly responsible for filtering up to 80% of daily spam messages March 19, 2013 – SpamHaus servers hit with a DNS Reflection Attack Incoming traffic between Gbits/sec The Solution - Scrubbing Routed the attack traffic to a network of 23 different data centers Many to one -> Many to many

18 The Research Popularity-based front-end cache
“IP Fast Hopping” Network-layer architecture for dynamic server IP address change Stochastic model based puzzle controller Compares entropy of a covariance matrix to a behavior threshold

19 Conclusions Denial of Service is evolving as the major cybersecurity threat to companies and governments DDoS attacks are difficult to detect and isolate Modern DDoS attacks are more precise and dangerous (Zero-Day, Encrypted SSL) Almost every high-profile company that uses the internet must purchase DDoS mitigation services Attacks are only going to increase in sophistication and size

20 Thank You! Questions?

Download ppt "A Real and Rising Concern"

Similar presentations

(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.

(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.

Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.
Security (Continued) V.T. Raja, Ph.D., Oregon State University.

Security (Continued) V.T. Raja, Ph.D., Oregon State University.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Defending Against Flooding Based DoS Attacks : A tutorial - Rocky K.C. Chang, The Hong Kong Polytechnic University Presented by – Ashish Samant.

Defending Against Flooding Based DoS Attacks : A tutorial - Rocky K.C. Chang, The Hong Kong Polytechnic University Presented by – Ashish Samant.
Lecture 15 Denial of Service Attacks

Lecture 15 Denial of Service Attacks
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.

DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.

Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.
1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.

1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
Being an Intermediary for Another Attack Prepared By : Muhammad Majali Supervised By : Dr. Lo’ai Tawalbeh New York Institute of Technology (winter 2007)

Being an Intermediary for Another Attack Prepared By : Muhammad Majali Supervised By : Dr. Lo’ai Tawalbeh New York Institute of Technology (winter 2007)
Denial of Service Bryan Oemler Web Enhanced Information Management March 22 nd, 2011.

Denial of Service Bryan Oemler Web Enhanced Information Management March 22 nd, 2011.
--Harish Reddy Vemula Distributed Denial of Service.

--Harish Reddy Vemula Distributed Denial of Service.

Similar presentations

Ads by Google