Presentation is loading. Please wait.

Presentation is loading. Please wait.

DDos Distributed Denial of Service Attacks by Mark Schuchter.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "DDos Distributed Denial of Service Attacks by Mark Schuchter."— Presentation transcript:

1 DDos Distributed Denial of Service Attacks by Mark Schuchter

2 Overview Introduction Introduction Why? Why? Timeline Timeline How? How? Typical attack (UNIX) Typical attack (UNIX) Typical attack (Windows) Typical attack (Windows)

3 Introduction DDos-Attack prevent and impair computer use limited and consumable resources (memory, processor cycles, bandwidth,...) inet security highly interdependent IntroductionWhy?TimelineHow?Typ. UNIX atkTyp. Windows atk

4 Why? sub-cultural status to gain access political reasons economic reasons revenge nastiness IntroductionWhy?TimelineHow?Typ. UNIX atkTyp. Windows atk

5 Timeline 1999: more robust tools (trinoo, TFN, Stacheldraht), auto-update, added encryption 2000: bundled with rootkits, controlled with talk or ÍRC 2002: DrDos (reflected) attack tools, (179/TCP; BGP=Border Gateway Protocol) 2001: worms include DDos-features (i.e. Code Red), include time synchro., <1999: Point2Point (SYN flood, Ping of death,...), first distributed attack tools (‘fapi’) 2003: Mydoom infects thousands of victims to attack SCO and Microsoft IntroductionWhy?TimelineHow?Typ. UNIX atkTyp. Windows atk

6 How? TCP floods (various flags) ICMP echo requests (i.e.. Ping floods) UDP floods IntroductionWhy?TimelineHow?Typ. UNIX atkTyp. Windows atk

7 SYN-Attack SYN-ACK SYN ACK Client Server SYN-ACK SYN Attacker (spoofed IP) Server SYN SYN-ACK IntroductionWhy?TimelineHow?Typ. UNIX atkTyp. Windows atk HandshakeAttack

8 Typical attack 1. prepare attack 2. set up network3. communication IntroductionWhy?TimelineHow?Typ. UNIX atkTyp. Windows atk

9 UNIX (‘trin00’) – preparation I use stolen account (high bandwidth) for repository of: use stolen account (high bandwidth) for repository of: scanners scanners attack tools (i.e. buffer overrun exploit) attack tools (i.e. buffer overrun exploit) root kits root kits sniffers sniffers trin00 master and daemon program trin00 master and daemon program list of vulnerable host, previously compromised hosts... list of vulnerable host, previously compromised hosts... IntroductionWhy?TimelineHow?Typ. UNIX atkTyp. Windows atk

10 UNIX (‘trin00’) – preparation II scan large range of network blocks to identify potential targets (running exploitable service) scan large range of network blocks to identify potential targets (running exploitable service) list used to create script that: list used to create script that: performs exploit performs exploit sets up cmd-shell running under root that listens on a TCP port (1524/tcp) sets up cmd-shell running under root that listens on a TCP port (1524/tcp) connects to this port to confirm exploit connects to this port to confirm exploit  list of owned systems IntroductionWhy?TimelineHow?Typ. UNIX atkTyp. Windows atk

11 UNIX (‘trin00’) – network I store pre-compiled binary of trin00 daemon on some stolen account on inet store pre-compiled binary of trin00 daemon on some stolen account on inet script takes ‘owned-list’ to automate installation process of daemon script takes ‘owned-list’ to automate installation process of daemon same goes for trin00 master same goes for trin00 master IntroductionWhy?TimelineHow?Typ. UNIX atkTyp. Windows atk

12 UNIX (‘trin00’) – network II attacker master daemon IntroductionWhy?TimelineHow?Typ. UNIX atkTyp. Windows atk

13 UNIX (‘trin00’) – communication attacker controls master via telnet and a pw (port 27665/tcp) attacker controls master via telnet and a pw (port 27665/tcp) trin00 master to daemon via 27444/udp (arg1 pwd arg2) trin00 master to daemon via 27444/udp (arg1 pwd arg2) daemon to master via 31335/udp daemon to master via 31335/udp ‘dos 192.168.0.1’ triggers attack ‘dos 192.168.0.1’ triggers attack IntroductionWhy?TimelineHow?Typ. UNIX atkTyp. Windows atk

14 Windows (‘Sub7’) – preparation I set up the following things on your home pc: set up the following things on your home pc: freemail freemail kazaa kazaa trojan-toolkit trojan-toolkit IRC-client IRC-client IRC-bot IRC-bot IntroductionWhy?TimelineHow?Typ. UNIX atkTyp. Windows atk

15 Windows (‘Sub7’) – preparation II assemble different trojans (GUI) assemble different trojans (GUI) define ways of communication define ways of communication name name file file IntroductionWhy?TimelineHow?Typ. UNIX atkTyp. Windows atk

16 Windows (‘Sub7’) – network I start spreading via start spreading via email/news lists email/news lists IRC IRC P2P-Software P2P-Software IntroductionWhy?TimelineHow?Typ. UNIX atkTyp. Windows atk

17 Windows (‘Sub7’) – network II attacker client IntroductionWhy?TimelineHow?Typ. UNIX atkTyp. Windows atk

18 Windows (‘Sub7’) – communication sub7client sub7client IRC channel IRC channel 1 click to launch attack 1 click to launch attack IntroductionWhy?TimelineHow?Typ. UNIX atkTyp. Windows atk

19 Development IntroductionWhy?TimelineHow?Typ. UNIX atkTyp. Windows atk High Low 1980198519901995 2001 password guessing password cracking exploiting known vulnerabilities disabling audits back doors hijacking sessions sniffers packet spoofing GUI automated probes/scans denial of service www attacks Tools Attackers Intruder Knowledge Attack Sophistication “stealth” / advanced scanning techniques burglaries network mgmt. diagnostics distributed attack tools binary encryption Source : CERT/CC

20 Solutions statistical analyses (i.e. D-ward) at core routers - not ready yet statistical analyses (i.e. D-ward) at core routers - not ready yet change awareness of people (firewalls, attachments, V-scanners,...) change awareness of people (firewalls, attachments, V-scanners,...)

21 Thanks for your attention!

Download ppt "DDos Distributed Denial of Service Attacks by Mark Schuchter."

Similar presentations

High Performance Research Network. Development Lab. / Supercomputing Center 1 Design of the Detection and Response System against DDoS attacks Yoonjoo.

High Performance Research Network. Development Lab. / Supercomputing Center 1 Design of the Detection and Response System against DDoS attacks Yoonjoo.
DDoS A look back from 2003 Dave Dittrich The Information School / Computing & Communications University of Washington I2 DDoS Workshop - August 6/7 2003.

DDoS A look back from 2003 Dave Dittrich The Information School / Computing & Communications University of Washington I2 DDoS Workshop - August 6/
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Lesson 3-Hacker Techniques

Lesson 3-Hacker Techniques
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated 9-18-08.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
DDoS: Distributed Denial of Service Cs5090: Advanced Computer Networks, fall 2004 Department of Computer Science Michigan Tech University Rock K. C. Chang.

DDoS: Distributed Denial of Service Cs5090: Advanced Computer Networks, fall 2004 Department of Computer Science Michigan Tech University Rock K. C. Chang.
Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.

Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.
Hacking Linux Based on Hacking Linux Exposed Hatch, Lee, and Kurtz ISBN 0-07-212773-2.

Hacking Linux Based on Hacking Linux Exposed Hatch, Lee, and Kurtz ISBN
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Defensive Measures for DDoS By Farhan Mirza. Contents Survey Topics Survey Topics Introduction Introduction Common Target of DoS Attacks Common Target.

Defensive Measures for DDoS By Farhan Mirza. Contents Survey Topics Survey Topics Introduction Introduction Common Target of DoS Attacks Common Target.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Distributed Denial of Service Attacks CMPT 471 1 Distributed Denial of Service Attacks Darius Law.

Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
Outline Definition Point-to-point network denial of service

Outline Definition Point-to-point network denial of service
Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Sponsored by.

Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.
Scanning February 23, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.

TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

Similar presentations

Ads by Google