Download presentation
Presentation is loading. Please wait.
Published byAnnice Gardner Modified over 9 years ago
1
Week 8-1 Week 8: Denial of Service (DoS) What is Denial of Service Attack? –Any attack that causes a system to be unavailability. This is a violation of security policy. A DoS attack can have an impact on commerce, industry, aviation, health care
2
Week 8-2 Week 8: Denial of Service (DoS) Types of DoS Attacks –Stopping local services (process kill, process crash, sys reconfig) –Exhausting local resources (forking processes to fill process table, filling up file system) –Remotely stopping services (Malformed packet attack via Land, Ping of Death, Jolt2, Buffer Overflow ) –Remotely exhausting resources (SYN flood, Smurf, DDoS) How DoS Works?
3
Week 8-3 Week 8: Denial of Service (DoS) Hacking Tool: Ping of Death –Sending oversized ping pkt (> 64KB ). Some TCP/IP implementations crash Hacking Tool: SSPing (Malformed ICMP pkt causes server to hang) Hacking Tool: Land –Send spoofed pkt with IPsrc=IPdest, PortSrc= PortDest. Unexpected event Causes system crash Hacking Tool: Smurf –Directed Broadcast attack via sending ping to a broadcast address but using a spoofed source address.
4
Week 8-4 Week 8: Denial of Service (DoS) Hacking Tool: SYN Flood (send several SYN pkts using spoofed unknown source address. Fills up connection queue) Hacking Tool: CPU Hog Hacking Tool: Win Nuke (Send garbage to an open file sharing machine on TCP port 139. system crashes) Hacking Tool: RPC Locator
5
Week 8-5 SYN Flood Countermeasure Increase size of connection queue Decrease connection establishment timeout period Detect and employ SYNcookie to use cryptographic challenge for legitimate users. Have connection queue at a threshhold. Use NIDS
6
Week 8-6 Week 8: Denial of Service (DoS) Hacking Tool: Jolt2 –Send a stream of pkt fragments none with fragment offset = 0. Affects Windows OS Hacking Tool: Bubonic Hacking Tool: Targa
7
Week 8-7 Distributed DoS Attacker uses zombies to launch DoS attacks. Most zombies are taken over using buffer overflow attacks or related exploits. Zombies wait for command from attacker using a client tool to launch simultaneous attack.
8
Week 8-8 Week 8: Denial of Service (DoS) Tools for Running DDoS Attacks Hacking Tool: Trinoo Hacking Tool: WinTrinoo Hacking Tool: TFN (Tribe Flood Network) Hacking Tool: TFN2K (DDo Hacking Tool: Stacheldraht – combines features of TFN and Trin00
9
Week 8-9 Week 8: Denial of Service (DoS) Hacking Tool: Shaft Hacking Tool: mstream DDoS Attack Sequence
10
Week 8-10 Week 8: Denial of Service (DoS) Preventing DoS Attack –Use anti-spoof filters on routers –Disable directed-broadcast at border router. –Use find DDOS, a tool distributed by US Govt. –Get zombie zapper DoS Scanning Tools eg. IDS like Snort to give early warning Find_ddos
11
Week 8-11 Week 8: Denial of Service (DoS) SARA DDoSPing RID Zombie Zapper
12
Week 8-12 Week 8: Denial of Service (DoS) Summary
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.