Presentation is loading. Please wait.

Presentation is loading. Please wait.

Distributed Denial of Service Attacks CMPT 471 1 Distributed Denial of Service Attacks Darius Law.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Distributed Denial of Service Attacks CMPT 471 1 Distributed Denial of Service Attacks Darius Law."— Presentation transcript:

1 Distributed Denial of Service Attacks CMPT 471 1 Distributed Denial of Service Attacks Darius Law

2 Distributed Denial of Service Attacks CMPT 471 2 What is DDOS? Distributed denial-of-service attack is one in which a multitude of compromised systems attack a single target, thereby causing denial- of-service for users of the targeted system Forces system to shutdown by flooding with incoming messages, thereby denying services to legitimate users

3 Distributed Denial of Service Attacks CMPT 471 3 Distributed… Distributed computing is a method of computer processing in which different parts of a program run simultaneously on two or more computers that are communicating with each other over a network. Major advantages of using a distributed denial- of-service attack –Generate more traffic –Multiple machines attacking harder to turn off –Each attack machine is stealthier, making it harder to track and shutdown

4 Distributed Denial of Service Attacks CMPT 471 4 Types of DOS attacks Exercising software bug that causes the software running the service to fail Sending enough data to consume all available network resources Sending data in such a way as to consume a particular resource needed by the service

5 Distributed Denial of Service Attacks CMPT 471 5 How do DDOS attacks work? A hacker first exploits a vulnerable computer system making it the DDOS “master” –“Master” computer communicates and loads on cracking tools to thousands of other compromised systems on the internet All computers can then be instructed to launch one of many flood attacks to specified target

6 Distributed Denial of Service Attacks CMPT 471 6 SYN Flood SYN packet initiates TCP/IP connection –SYN flood consumes all available slots in server’s TCP connection table –Exploits basic weakness of TCP/IP protocol –Prevents other users from establishing new connections HTTP particularly vulnerable to SYN flood attack

7 Distributed Denial of Service Attacks CMPT 471 7 SYN Flood (2) TCP/IP Protocol requires 3-step process The originator of the connection (such as a web browser) initiates the connection by sending a packet having the SYN flag set in the TCP header (referred to as a “SYN packet”). The receiver responds by sending back to the originator a packet that has the SYN and ACK flags set (a “SYN/ACK packet”) The originator acknowledges receipt of the 2nd packet by sending to the receiver a third packet with only the ACK flag set (an “ACK packet”).

8 Distributed Denial of Service Attacks CMPT 471 8 SYN Flood (3) During SYN flood, attacker sends large number of SYN packets alone without ACK packet response

9 Distributed Denial of Service Attacks CMPT 471 9 SYN Flood (4) Connection table fills up rapidly with incomplete connections, crowding legitimate traffic

10 Distributed Denial of Service Attacks CMPT 471 10 Responding to DDOS attacks Increasing size of network table seems most straightforward but may not be configurable Spare servers to be placed in service during an attack –Very expensive to have idle equipment

11 Distributed Denial of Service Attacks CMPT 471 11 Prevention Most DDOS attacks use forged source address to lie about where they are being sent Manufacturers of firewalls/network security devices developed variety of defense methods –SYN threshold: establish limit of incomplete transactions, then start discarding –SYN defender: when SYN packet received, firewall synthesizes the final ACK packet in step 3, so no need to wait for actual ACK packet from originator –SYN Proxy: firewall synthesizes and sends SYN/ACK packet back to originator, and waits for final ACK packet. After firewall receives ACK packet from originator, firewall “replays” 3-step sequence to receiver.

12 Distributed Denial of Service Attacks CMPT 471 12 DDOS attack tools Tribal flood network Trin00 TFN2K Stacheldraht

13 Distributed Denial of Service Attacks CMPT 471 13 Sources What is denial of service; http://searchsoftwarequality.techtarget.com/sDefinition/0,,sid92_gci213591,00. html http://searchsoftwarequality.techtarget.com/sDefinition/0,,sid92_gci213591,00. html Distributed Denial of Service Attacks; http://www.linuxsecurity.com/resource_files/intrusion_detection/ddos- whitepaper.html http://www.linuxsecurity.com/resource_files/intrusion_detection/ddos- whitepaper.html Distributed Denial of Service Attack Tools; http://documents.iss.net/whitepapers/ddos.pdf http://documents.iss.net/whitepapers/ddos.pdf How a ‘denial of service’ attack works; http://www.news.com/2100-1017- 236728.htmlhttp://www.news.com/2100-1017- 236728.html DDOS; http://chinese-school.netfirms.com/computer-article-denial-of-service.html

Download ppt "Distributed Denial of Service Attacks CMPT 471 1 Distributed Denial of Service Attacks Darius Law."

Similar presentations

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
CISCO NETWORKING ACADEMY PROGRAM (CNAP)

CISCO NETWORKING ACADEMY PROGRAM (CNAP)
Availability Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Aspects of Computer.

Availability Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Aspects of Computer.
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.

Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
1 Reading Log Files. 2 Segment Format

1 Reading Log Files. 2 Segment Format
Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.

Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.
Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.

Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.
Security (Continued) V.T. Raja, Ph.D., Oregon State University.

Security (Continued) V.T. Raja, Ph.D., Oregon State University.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Scanning February 23, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
SYN Flooding: A Denial of Service Attack Shivani Hashia CS265.

SYN Flooding: A Denial of Service Attack Shivani Hashia CS265.
Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA © Abdou Illia.
Computer Security Prevention and detection of unauthorized actions by users of a computer system Confidentiality Integrity Availability.

Computer Security Prevention and detection of unauthorized actions by users of a computer system Confidentiality Integrity Availability.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Similar presentations

Ads by Google