Presentation is loading. Please wait.

Presentation is loading. Please wait.

Intro to Denial of Serice Attacks

Published byJerónimo Leal Peixoto Modified over 6 years ago

Similar presentations

Presentation on theme: "Intro to Denial of Serice Attacks"— Presentation transcript:

1 Intro to Denial of Serice Attacks
Some slides have been taken from: Computer Networking: A Top Down Approach Featuring the Internet, 7th edition. Jim Kurose, Keith Ross. Addison-Wesley, All material copyright J.F Kurose and K.W. Ross, All Rights Reserved. Security

2 Roadmap What is Denial of Service Attack How does an attack work
Attack Classification Examples Operational security: firewalls and IDS

3 What is denial of service attack?
When a denial of service (DoS) attack occurs, a computer or a network user is unable to access resources like and the Internet. An attack can be directed at an operating system or at the network. Bad guy Victim Compromised host Third parties

4 What is distributed denial of service?
A distributed denial of service (DDoS) attack is accomplished by using the Internet to break into computers and using them to attack a network. Hundreds or thousands of computer systems across the Internet can be turned into “zombies” and used to attack another system or website.

5 Brief history and trends
DoS attacks started at around early ’90s. At the first stage they were quite "primitive", involving only one attacker exploiting maximum bandwidth from the victim, denying others the ability to be served. This was done mainly by using simple methods of ping floods, SYN floods and UDP floods. These attacks had to be "manually" synchronized by a lot of attackers in order to cause an effective damage.

6 Massive attack on public sites
Analysts estimated that Yahoo! Lost $500,000 in e-commerce and advertising revenue when it was knocked offline for three hours.

7 How does an attack work? One way to attack a company’s network or website is to flood its systems with information. Web and servers can only handle a finite amount of traffic and an attacker overloads the targeted system with packets of data.

8 Attack classification
DoS attacks exploit the asymmetric nature of certain types of network traffic. One attack method seeks to cause the target to use more resources processing traffic than the attacker does sending the traffic. Another method is to control multiple attackers. Therefore DoS attacks can be classified into three categories Bandwidth/Throughput Attacks Protocol Attacks Software Vulnerability Attacks

9 Bandwidth/Throughput Attacks
Ping Flood Attack (ICMP echo) SYN Flood Attack (DoS attack) DDoS Attack (Distributed SYN Flood) UDP Flood Attacks

10 Ping Flood Attack An attempt by an attacker on a high bandwidth connection to saturate a network with ICMP echo request packets in order to slow or stop legitimate traffic going through the network.

11 SYN Flood Attack

12 DDoS Attack The idea behind this attack is focusing Internet connection bandwidth of many machines upon one or a few machines. This way it is possible to use a large array of smaller (or “weaker”) widely distributed computers to create the big flood effect.

13 UDP Flood Attacks UDP protocol is a connectionless unreliable protocol which doesn't require session negotiation between client and server application. UDP provides easy to use interface for producing large quantity of packets. A common attack which exploits UDP simply floods the network with UDP packets destined to a victim's host. Due to the relative simplicity of this protocol an attacker can produce large bandwidth capacity with relatively small effort.

14 Protocol Attack: Smurf Attack
In this attack, spoofed IP packets containing ICMP Echo-Request with a source address equal to that of the attacked system and a broadcast destination address are sent to the intermediate network. Sending a ICMP Echo Request to a broadcast address triggers all hosts included in the network to respond with an ICMP response packet, thus creating a large mass of packets which are routed to the victim's spoofed address.

15 Protocol Attack: DNS name server Attack
The most common method seen involves an intruder sending a large number of UDP-based DNS requests to a Nameserver using a spoofed source IP address. Any Nameserver response is sent back to the spoofed IP address as the destination. In this scenario, the spoofed IP address represents the victim of the denial of service attack. The Nameserver is an intermediate party in the attack. The true source of the attack is difficult for an intermediate or a victim site to determine due to the use of spoofed source addresses.

16 Software Vulnerability Attacks
Land Attack Ping of Death Attack Fragmentation Attack and Teardrop Attack

17 Land Attack In this attack, an attacker sends spoofed TCP SYN packets, with the same source and destination addresses as the victim's host address. In some TCP/IP stack implementations those kinds of packets may cause the victim's host to crash. Any remote user that can send spoofed packets to a host can crash or "hang" that host. Possible solution for this attack is to block IP-spoofed packets. Attacks like those of the Land tool rely on the use of forged packets, that is, packets where the attacker deliberately falsifies the origin address. With the current IP protocol technology, it is impossible to eliminate IP-spoofed packets. However, you can reduce the likelihood of your site's networks being used to initiate forged packets by filtering outgoing packets that have a source address different from that of your internal network.

18 Land Attack (contd.) In cases where the victim's host is a router, this attack may result in a routing loop consuming large quantities of bandwidth (unless filtered in advance). One of the variations of this attack targets a certain TCP service provided by the victim. In this case the attacker uses the same source and destination ports which used by the victim's service. This may consume the victim's host CPU resources.

19 Ping of Death Attack Ping of Death is an attempt by an attacker to crash, reboot or freeze a system by sending an illegal ICMP (over IP) packet to the host under attack. The TCP/IP specification allows for a maximum packet size of up to octets. In some TCP stack implementation encountering packets of greater size may cause the victim's host to crash.

20 Ping of Death Attack (contd.)
Most implementations of the ICMP protocol use packet header size of 8 octets but allow the user to specify larger packet header sizes. In the attack, the ICMP packet is sent in the form of a fragmented message which, when reassembled is larger than the maximum legal IP packet size.

21 Ping of Death Attack (contd.)

22 DoS attack tools Nemesy Land and LaTierra Panther
Used to generate random packets. It works on windows. Land and LaTierra Can be used for IP spoofing and opening TCP connections Panther Can be used to flood a victim’s network with UDP packets.

23 Ethical Hacking: Ping of Death
Enter the command ipconfig. You will get results similar to the ones shown below ping our victim computer with infinite data packets of 65500 Ping –t |65500

24 Ethical Hacking cont. Nemesy

25 Geo Locations of Mirai-infected Devices

26 Summary TCP SYN Flood Attack
Taking advantage of the flaw of TCP three-way handshaking behavior, an attacker makes connection requests aimed at the victim server with packets with unreachable source addresses. The server is not able to complete the connection requests and, as a result, the victim wastes all of its network resources. A relatively small flood of bogus packets will tie up memory, CPU, and applications, resulting in shutting down a server. Graphic:

27 Summary Smurf IP Attack
An attacker sends forged ICMP echo packets to broadcast addresses of vulnerable networks. All the systems on these networks reply to the victim with ICMP echo replies. This rapidly exhausts the bandwidth available to the target, effectively denying its services to legitimate users.

28 Summary UDP Flood Attack
UDP is a connectionless protocol and it does not require any connection setup procedure to transfer data. A UDP Flood Attack is possible when an attacker sends a UDP packet to a random port on the victim system. When the victim system receives a UDP packet, it will determine what application is waiting on the destination port. When it realizes that there is no application that is waiting on the port, it will generate an ICMP packet of destination unreachable to the forged source address. If enough UDP packets are delivered to ports on victim, the system will go down.

29 Summary ICMP Flood Attack
An ICMP flood occurs when ICMP pings overload a system with so many echo requests that the system expends all its resources responding until it can no longer process valid network traffic.

30 Conclusion Susceptibility to attacks could be alleviated with better Internet Architectures (goal of class). Don’t leave all the decision making to the machines on either end of a connection Provide ‘intelligent’ support along the path (e.g. No Blind forwarding of packets) Create “Hardened” networks

Download ppt "Intro to Denial of Serice Attacks"

Similar presentations

NETWORK SECURITY ADD ON NOTES MMD © Oct2012. IMPLEMENTATION Enable Passwords On Cisco Routers Via Enable Password And Enable Secret Access Control Lists.

NETWORK SECURITY ADD ON NOTES MMD © Oct2012. IMPLEMENTATION Enable Passwords On Cisco Routers Via Enable Password And Enable Secret Access Control Lists.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
CISCO NETWORKING ACADEMY PROGRAM (CNAP)

CISCO NETWORKING ACADEMY PROGRAM (CNAP)
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.

Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.

Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.
Intrusion Detection and Hackers Exploits IP Spoofing Attack Yousef Yahya & Ahmed Alkhamaisa Prepared for Arab Academy for Banking and Financial Sciences.

Intrusion Detection and Hackers Exploits IP Spoofing Attack Yousef Yahya & Ahmed Alkhamaisa Prepared for Arab Academy for Banking and Financial Sciences.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.
Security (Continued) V.T. Raja, Ph.D., Oregon State University.

Security (Continued) V.T. Raja, Ph.D., Oregon State University.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.

Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
WXES2106 Network Technology Semester 1 2004/2005 Chapter 8 Intermediate TCP CCNA2: Module 10.

WXES2106 Network Technology Semester /2005 Chapter 8 Intermediate TCP CCNA2: Module 10.
Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.

Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.
Lance West.  Just what is a Denial of Service (DoS) attack, and just how can it be used to attack a network.  A DoS attack involves exploiting operating.

Lance West.  Just what is a Denial of Service (DoS) attack, and just how can it be used to attack a network.  A DoS attack involves exploiting operating.
Lecture 15 Denial of Service Attacks

Lecture 15 Denial of Service Attacks

Similar presentations

Ads by Google