Presentation is loading. Please wait.

Presentation is loading. Please wait.

Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,

Published byRalf Townsend Modified over 9 years ago

Similar presentations

Presentation on theme: "Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,"— Presentation transcript:

1 Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, vm@kondor.etf.bg.ac.yu Savic, Milan, savicm@net.yu Milic, Bratislav, zverko@eunet.yu

2 2/27 Introduction Basic types of DoS attacks Evolution of DoS tools Overview of DoS tools Defenses

3 3/27 What is Denial of Service Attack? Consumption of limited resources Network connectivity Bandwidth consumption Other resources: Processing time Disk space Lockout of an account Alteration of configuration information

4 DoS Attacks - Basics

5 5/27 DoS Attacks - Basics Attack has two phases: Installation of DoS tools Committing an attack

6 6/27 DoS Attacks - Basics Installation of DoS tools: Finding a suitable machine: Unprotected ports Vulnerable services Errors in operating systems Trojan horses and worms Installation of the tool itself Installation of a root-kit

7 7/27 DoS Attacks - Basics Ping of Death Maximum size of TCP/IP packet is 65536 bytes Oversized packet may crash, freeze, reboot system Obsolete

8 8/27 DoS Attacks - Basics Teardrop IP packet can be broken Broken packet is reassembled using offset fields Overlapping offset fields Obsolete

9 9/27 DoS Attacks - Basics Syn flood attack TCP Syn handshake Finite length of backlog queue Lots of half-open connections Partially solved SYN SYNACK ACK Client Server

10 10/27 DoS Attacks - Basics UDP flood UDP echo service UDP chargen service Spoofed address Victim 1 Victim 2 Cracker Chargen Echo Spoofed Easy prevention Brute force approach if this one doesn’t work

11 11/27 DoS Attacks - Basics Smurf Attack

12 12/27 DoS Attacks - Basics Smurf attack ICMP packets Broadcast request Spoofed address Two victims Cannot be easily prevented

13 13/27 DoS Attacks - Basics Distributed DoS tools and networks Client-Server architecture Open-source approach Several layers Difficulties in tracking back the attacker

14 14/27 DoS Attacks - Basics All of the systems are compromised Terminology: Client Handler Agent

15 15/27 DoS Attacks - Basics Implications of DDoS network: One or two attackers Small number of clients Several handlers Huge number of agents Humongous traffic

16 DoS Attacks - Tools

17 17/27 DoS Attacks - Tools Evolution of DoS tools: IRC disable tools Single attack method tools Distributed tools, with possibility of selecting the type of attack

18 18/27 DoS Attacks - Tools Trinoo Distributed UDP flood (brute force) Menu operated Agent passwords are sent in plain text form (not encrypted)

19 19/27 DoS Attacks - Tools TFN (Tribal Flood Network) Multi-type attack UDP flood SYN flood ICMP_ECHOREPLY flood Smurf Handler keeps track of its agents in “Blowfish” encrypted file

20 20/27 DoS Attacks - Tools Improved version of TFN Agent can randomly alternate between the types of attack Agent is completely silent (handler sends the same command several times, hoping that agent will receive at least one) TFN2K

21 21/27 DoS Attacks - Tools All communication is encrypted Random source IP address and port number Decoy packets (send to non-target networks) TFN2K

22 22/27 DoS Attacks - Tools Several levels of protection: Hard-coded password in client Password is needed to take control over handler Encrypted communication between handler and agent Stacheldraht

23 23/27 DoS Attacks - Tools Stacheldraht Automated update of agents TCP is used for communication between client and handler, and ICMP_ECHOREPLY for communication between handler and agent

24 24/27 DoS Attacks - Tools ICMP_ECHOREPLY packets are difficult to stop Each agent has a list of its handlers (Blowfish encrypted) and in case that there is no such list, agent uses several hard-coded IP addresses Agent tests for a possibility of spoofing the source address Stacheldraht

25 25/27 DoS Attacks - Tools Weakness: it uses rpc command for update rpc command uses UDP port 514. Listening on this port can lead to detection of an agent. Drawback is in fact that this can generate a lot of false alarms (rpc is used by legitimate users too) Stacheldraht

26 Defenses

27 27/27 Defenses There is no universal solution There are some preventions that can help in minimizing the damage: Prevention of becoming the source of an attack Preparations for defending against an attack

28 28/27 Defenses Disable and filter out chargen and echo services Disable and filter out all unused UDP services. Good practice is to block all UDP ports below 900 (excluding some specific ports like DNS)

29 29/27 Defenses Install a filtering router to disable following cases: Do not allow packet to pass through if it is coming to your network and has a source address from your network Do not allow packet to pass through if it comes from your network and has a source address that doesn’t belong to your network

30 30/27 Defenses Network administrators should log all information on packets that are dropped If you are providing external UDP services, monitor them for signs of misuse

31 31/27 Defenses The following networks are defined as reserved private networks, and no traffic should ever be received from or transmitted to these networks through a router: 10.0.0.0 to 10.255.255.255 (reserved) 127.0.0.0 to 127.255.255.255 (loopback) 172.16.0.0 to 172.31.255.255 (reserved) 192.168.0.0 to 192.168.255.255 (reserved) 0.0.0.0 and 255.255.255.255 (broadcasts)

32 32/27 Defenses Routers, machines, and all other Internet accessible equipment should be periodically checked to verify that all security patches have been installed System should be checked periodically for presence of malicious software (Trojan horses, viruses, worms, root-kits, back doors, etc.)

33 33/27 Defenses Train your system and network administrators Read security bulletins like: www.cert.org, www.sans.org, www.eEye.com www.cert.orgwww.sans.orgwww.eEye.com From time to time listen on to cracker community to be informed about their latest achievements Be in contact with your ISP. In case that your network is being attacked, this can save a lot of time

34 34/27 Conclusion Several examples of large scale DoS attacks (yahoo, eBuy, CERT, FBI, Amazon) Increased number of consumers with high bandwidth technologies, but with poor knowledge of network security Easy accessible, easy to use DoS attack tools No final solution for attacks

35 Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, vm@kondor.etf.bg.ac.yu Savic, Milan, savicm@net.yu Milic, Bratislav, zverko@eunet.yu

Download ppt "Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,"

Similar presentations

COMP 7320 Internet Security: Prevention of DDoS Attacks By Dack Phillips.

COMP 7320 Internet Security: Prevention of DDoS Attacks By Dack Phillips.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
1 Reading Log Files. 2 Segment Format

1 Reading Log Files. 2 Segment Format
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.

IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
Security (Continued) V.T. Raja, Ph.D., Oregon State University.

Security (Continued) V.T. Raja, Ph.D., Oregon State University.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Network-Based Denial of Service Attacks Trends, Descriptions, and How to Protect Your Network Craig A. Huegen Cisco Systems, Inc. NANOG 12 Interprovider.

Network-Based Denial of Service Attacks Trends, Descriptions, and How to Protect Your Network Craig A. Huegen Cisco Systems, Inc. NANOG 12 Interprovider.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Distributed Denial of Service Attacks CMPT 471 1 Distributed Denial of Service Attacks Darius Law.

Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
Outline Definition Point-to-point network denial of service

Outline Definition Point-to-point network denial of service
1 Network Security Derived from original slides by Henric Johnson Blekinge Institute of Technology, Sweden From the book by William Stallings.

1 Network Security Derived from original slides by Henric Johnson Blekinge Institute of Technology, Sweden From the book by William Stallings.
Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA © Abdou Illia.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.

Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Defending Against Flooding Based DoS Attacks : A tutorial - Rocky K.C. Chang, The Hong Kong Polytechnic University Presented by – Ashish Samant.

Defending Against Flooding Based DoS Attacks : A tutorial - Rocky K.C. Chang, The Hong Kong Polytechnic University Presented by – Ashish Samant.

Similar presentations

Ads by Google