Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.

Published byAsher Willson Modified over 10 years ago

Similar presentations

Presentation on theme: "Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing."— Presentation transcript:

1 Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing tables Or flooding routers Or destroying key packets

2 Lecture 9 Page 2 CS 236 Online How Do Denial of Service Attacks Occur? Basically, the attacker injects some form of traffic Most current networks aren’t built to throttle uncooperative parties very well All-inclusive nature of the Internet makes basic access trivial Universality of IP makes reaching most of the network easy

3 Lecture 9 Page 3 CS 236 Online An Example: SYN Flood Based on vulnerability in TCP Attacker uses initial request/response to start TCP session to fill a table at the server Preventing new real TCP sessions SYN cookies and firewalls with massive tables are possible defenses

4 Lecture 9 Page 4 CS 236 Online Normal SYN Behavior SYN SYN/ACK ACK Table of open TCP connections

5 Lecture 9 Page 5 CS 236 Online A SYN Flood SYN SYN/ACK Table of open TCP connections SYN SYN/ACK SYN Server can’t fill request! SYN

6 Lecture 9 Page 6 CS 236 Online SYN Cookies SYN No room in the table, so send back a SYN cookie, instead SYN/ACK SYN/ACK number is secret function of various information ACK Server recalculates cookie to determine if proper response + 1 Client IP address & port, server’s IP address and port, and a timer KEY POINT: Server doesn’t need to save cookie value! And no changes to TCP protocol itself

7 Lecture 9 Page 7 CS 236 Online General Network Denial of Service Attacks Need not tickle any particular vulnerability Can achieve success by mere volume of packets If more packets sent than can be handled by target, service is denied A hard problem to solve

8 Lecture 9 Page 8 CS 236 Online Distributed Denial of Service Attacks Goal: Prevent a network site from doing its normal business Method: overwhelm the site with attack traffic Response: ?

9 Lecture 9 Page 9 CS 236 Online The Problem

10 Lecture 9 Page 10 CS 236 Online Why Are These Attacks Made? Generally to annoy Sometimes for extortion Sometimes to prevent adversary from doing something important If directed at infrastructure, might cripple parts of Internet

11 Lecture 9 Page 11 CS 236 Online Attack Methods Pure flooding –Of network connection –Or of upstream network Overwhelm some other resource –SYN flood –CPU resources –Memory resources –Application level resource Direct or reflection

12 Lecture 9 Page 12 CS 236 Online Why “Distributed”? Targets are often highly provisioned servers A single machine usually cannot overwhelm such a server So harness multiple machines to do so Also makes defenses harder

13 Lecture 9 Page 13 CS 236 Online How to Defend? A vital characteristic: –Don’t just stop a flood –ENSURE SERVICE TO LEGITIMATE CLIENTS!!! If you deliver a manageable amount of garbage, you haven’t solved the problem Nor have you if you prevent a flood by dropping all packets

14 Lecture 9 Page 14 CS 236 Online Complicating Factors High availability of compromised machines –Millions of zombie machines out there Internet is designed to deliver traffic –Regardless of its value IP spoofing allows easy hiding Distributed nature makes legal approaches hard Attacker can choose all aspects of his attack packets –Can be a lot like good ones

15 Lecture 9 Page 15 CS 236 Online Basic Defense Approaches Overprovisioning Dynamic increases in provisioning Hiding Tracking attackers Legal approaches Reducing volume of attack None of these are totally effective

Download ppt "Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing."

Similar presentations

Why Is DDoS Hard to Solve? 1.A simple form of attack 2.Designed to prey on the Internet’s strengths 3.Easy availability of attack machines 4.Attack can.

Why Is DDoS Hard to Solve? 1.A simple form of attack 2.Designed to prey on the Internet’s strengths 3.Easy availability of attack machines 4.Attack can.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Lecture 8 Page 1 CS 236, Spring 2008 Distributed Denial of Service Attacks CS 236 Advanced Computer Security Peter Reiher May 20, 2008.

Lecture 8 Page 1 CS 236, Spring 2008 Distributed Denial of Service Attacks CS 236 Advanced Computer Security Peter Reiher May 20, 2008.
CISCO NETWORKING ACADEMY PROGRAM (CNAP)

CISCO NETWORKING ACADEMY PROGRAM (CNAP)
 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.

 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.

IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.
Security (Continued) V.T. Raja, Ph.D., Oregon State University.

Security (Continued) V.T. Raja, Ph.D., Oregon State University.
Network Attacks Mark Shtern.

Network Attacks Mark Shtern.
Distributed Denial of Service Attacks CMPT 471 1 Distributed Denial of Service Attacks Darius Law.

Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
SYN Flooding: A Denial of Service Attack Shivani Hashia CS265.

SYN Flooding: A Denial of Service Attack Shivani Hashia CS265.
Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA © Abdou Illia.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.

Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.
1 CCNA 2 v3.1 Module 10. 2 Intermediate TCP/IP CCNA 2 Module 10.

1 CCNA 2 v3.1 Module Intermediate TCP/IP CCNA 2 Module 10.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 7: Denial-of-Service Attacks.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 7: Denial-of-Service Attacks.
Network Attacks. Network Trust Issues – TCP Congestion control – IP Src Spoofing – Wireless transmission Denial of Service Attacks – TCP-SYN – Name Servers.

Network Attacks. Network Trust Issues – TCP Congestion control – IP Src Spoofing – Wireless transmission Denial of Service Attacks – TCP-SYN – Name Servers.
Lecture 15 Denial of Service Attacks

Lecture 15 Denial of Service Attacks
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.

Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

Similar presentations

Ads by Google