Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security (Continued) V.T. Raja, Ph.D., Oregon State University.

Similar presentations


Presentation on theme: "Security (Continued) V.T. Raja, Ph.D., Oregon State University."— Presentation transcript:

1 Security (Continued) V.T. Raja, Ph.D., Oregon State University

2 Outline Denial of Service (DoS) Attack –Smurf Attack –Half-open telnet sessions –SYN Flood Attack Distributed DoS Attack Network Address Translation –NAT Proxy Server Demilitarized Zone (DMZ)

3 Denial of Service (DoS) Attacks Denial of Service attacks –“Ping” attacks –Smurf attack –SYN flood attack –Half-open telnet sessions Distributed Denial of Service attacks

4 Denial of Service (DoS) Attack Hacker attempts to disrupt the network by flooding the network with messages so that the network cannot process messages from legitimate users Examples: 1. Hacker’s program continuously pings target computer. –Consequence: –Solution: 2. Hacker’s program continuously send “ping” requests to the target that list the target as the sender –Consequence: –Solution: 3. Smurf attack: What is a smurf attack? What is the consequence of a smurf attack? 4. SYN Flood attack: What is a SYN flood attack? What is the consequence of such an attack?

5 Telnet A protocol used for remote login Does not transfer data in bulk Interactive –Each character typed by Telnet user is sent to remote host –Remote host sends back a copy of each character to Telnet user, which will be displayed on the Telnet user’s screen (echo back) –Echo back is used to ensure that characters seen by Telnet user have already been received and processed at remote site. –Each character thus traverses the network twice between the time the user hits the key and the time the character is displayed on the user’s monitor

6 ClientServer Half-open Telnet sessions

7 TCP header: Packet #s (Sequence #s) Assume a file has 500,000 bytes Assume TCP breaks this file into packets, where each packet size is 1000 bytes Each packet is given a packet # The packet # for a packet is the number of the first byte in that packet. –The packet # of first packet would be 1 –The packet # of next packet would be 1001 –The packet # of third packet would be 2001 and so on

8 TCP: Acknowledgement # Assume A transmits to B B acknowledges receipt of A’s message, by specifying an acknowledgment #. The ACK # sent by B is the packet # of the next packet that B is expecting from A. Example: –After A sends first packet, B sends an acknowledgment to A by specifying ACK# 1001. –After A sends second packet, B acknowledges by specifying ACK# 2001.

9 TCP SYN for a simple Telnet application TCP stands for: Transmission Control Protocol SYN stands for: Synchronize Sequence Numbers Assume Client A initiates a Telnet session with Server B. Assume client A has typed the letter “C.”

10 ClientServer Half-open TCP SYN

11 SYN Flood Attack Attacker (client) sends a TCP SYN (Synchronize Sequence/Packet Number) request to server. The server responds by sending a TCP SYN/ACK packet. The attacker does not respond – resulting in half- open session using up server resources. The attacker sends a flood of such TCP SYN requests without responding. Requests from other legitimate clients are unable to reach the server due to multiple half-open sessions

12 Distributed DoS (DDos) attack In A DDoS attack, a hacker first gains control of hundreds/thousands of computers. Plants software referred to as DDoS agent on each of the slaves (Zombies) Hacker then uses software referred to as DDoS handler (master zombie) to control the agents (slave zombies) Attacker launches attacks from all the slaves so that it is difficult to trace hacker

13 High Profile Victims of DDoS Yahoo, eBay, Amazon and eTrade websites were rendered inaccessible to legitimate visitors after being flooded with traffic from hundreds of hijacked system www.msn.com; www.expedia.com; www.carpoint.com sites were flooded with DDoS attack for almost one daywww.msn.comwww.expedia.com www.carpoint.com DDoS attack high-level DNS servers on the Internet

14 Network Address Translation Network address translation (NAT) is used to shield a private network from outside interference. An NAT proxy server uses an address table, translating network addresses inside the organization into aliases for use on the Internet. So, internal IP addresses remain hidden. It is common to combine DMZ, firewalls and proxy servers. (See Figure).

15 Figure: Network design using firewalls, DMZ and NAT Proxy Servers


Download ppt "Security (Continued) V.T. Raja, Ph.D., Oregon State University."

Similar presentations


Ads by Google