Download presentation
Presentation is loading. Please wait.
Published byAnnabel Bridges Modified over 9 years ago
2
Denial-of-Service Attacks Justin Steele
3
Definition “A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service.” 1 “A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service.” 1 Denial-of-service attacks deal with the issue of availability. Denial-of-service attacks deal with the issue of availability. 1 1 CERT Website
4
Examples Examples include attempts to Examples include attempts to "flood" a network, thereby preventing legitimate network traffic 1 "flood" a network, thereby preventing legitimate network traffic 1 disrupt connections between two machines, thereby preventing access to a service 1 disrupt connections between two machines, thereby preventing access to a service 1 prevent a particular individual from accessing a service 1 prevent a particular individual from accessing a service 1 disrupt service to a specific system or person 1 disrupt service to a specific system or person 1 1 1 CERT Website
5
Types of Attacks Physical Attack Physical Attack Physically destroying components. Physically destroying components. Configuration Attack Configuration Attack Altering or destroying configuration files or information. Altering or destroying configuration files or information. Consumption Attack Consumption Attack Using limited or scarce resources and thereby preventing legitimate users from using them. Using limited or scarce resources and thereby preventing legitimate users from using them.
6
Physical Attack Probably considered the least interesting to most of us. Probably considered the least interesting to most of us. Examples Examples Taking a bat a smashing an ATM, thus denying others the ability to use the ATM. Taking a bat a smashing an ATM, thus denying others the ability to use the ATM. Snipping or cutting a fiber optic line therefore preventing communication to a network or system. Snipping or cutting a fiber optic line therefore preventing communication to a network or system. Intentionally turning off or disabling a cooling system which results in a machine overheating and failing. Intentionally turning off or disabling a cooling system which results in a machine overheating and failing.
7
Configuration Attack Most of us probably don’t think about this one right away. Most of us probably don’t think about this one right away. Examples Examples Obtaining administrator rights and deleting user accounts. Obtaining administrator rights and deleting user accounts. Hacking the.htaccess file on a web server and preventing anyone from viewing the site. Hacking the.htaccess file on a web server and preventing anyone from viewing the site. Changing the default gateway that a DHCP Server sends to its clients. Changing the default gateway that a DHCP Server sends to its clients. Changing the settings on a machine which interferes with its ability to get onto the network. Changing the settings on a machine which interferes with its ability to get onto the network. Modifying a domain name’s DNS information. Modifying a domain name’s DNS information.
8
Consumption Attack Perhaps the one most of us think of and probably find the most interesting. Perhaps the one most of us think of and probably find the most interesting. CERT defines four subtypes CERT defines four subtypes Network Connectivity Network Connectivity Using Your Own Resources Against You Using Your Own Resources Against You Other Resource Consumption Other Resource Consumption Bandwidth Consumption Bandwidth Consumption
9
Network Connectivity Attack “Denial-of-service attacks are most frequently executed against network connectivity. The goal is to prevent hosts or networks from communicating on the network.” 1 “Denial-of-service attacks are most frequently executed against network connectivity. The goal is to prevent hosts or networks from communicating on the network.” 1 “An example of this type of attack is the "SYN flood" attack” 1 “An example of this type of attack is the "SYN flood" attack” 1 Also known as a Protocol Attack. Also known as a Protocol Attack. This is an example of an “asymmetric attack” This is an example of an “asymmetric attack” “attacks can be executed with limited resources against a large, sophisticated site” 1 “attacks can be executed with limited resources against a large, sophisticated site” 1 “an attacker with an old PC and a slow modem may be able to disable much faster and more sophisticated machines or networks.” 1 “an attacker with an old PC and a slow modem may be able to disable much faster and more sophisticated machines or networks.” 1 1 1 CERT Website
10
SYN Flood Attack (Images taken from www.grc.com)
11
Using Your Own Resources Against You Attack An attacker uses your own resources against you in unexpected ways. An attacker uses your own resources against you in unexpected ways. An example is a UDP chargen/echo scenario An example is a UDP chargen/echo scenario
12
Other Resource Consumption Attack Most of us don’t readily consider Consumption Attacks. Most of us don’t readily consider Consumption Attacks. Examples Examples CPU time CPU time Spawning a large number of processes that bog down the CPU Spawning a large number of processes that bog down the CPU Consuming “locks” Consuming “locks” Intentionally incorrectly logging in a user until security features prevent any more login attempts for that user. Intentionally incorrectly logging in a user until security features prevent any more login attempts for that user. Could include using file or database locks so others can’t access them. Could include using file or database locks so others can’t access them. Filling up disk space Filling up disk space Generating excessive email messages Generating excessive email messages Generating error messages that get logged Generating error messages that get logged Placing files in anonymous ftp server space or open shares Placing files in anonymous ftp server space or open shares
13
Bandwidth Consumption Attack The attacker consumes all available bandwidth on a network. The attacker consumes all available bandwidth on a network. Most often done with ICMP ECHO (Ping) packets, but doesn’t have to be. Most often done with ICMP ECHO (Ping) packets, but doesn’t have to be. The attacker may be using multiple machines to coordinate the attack. The attacker may be using multiple machines to coordinate the attack. DDoS – Distributed Denial-of-Service DDoS – Distributed Denial-of-Service DRDoS – Distributed Reflection Denial-of-Service DRDoS – Distributed Reflection Denial-of-Service DoS – Any type of Denial-of-Service DoS – Any type of Denial-of-Service DDoS & DRDoS are Brute Force Attacks DDoS & DRDoS are Brute Force Attacks Filterable vs. Non-filterable Attacks Filterable vs. Non-filterable Attacks Filterable Attacks consist of bogus packets or non-critical services which can be blocked by a firewall without affecting the rest of the machine or network. Filterable Attacks consist of bogus packets or non-critical services which can be blocked by a firewall without affecting the rest of the machine or network. Non-filterable Attacks consist of packets requesting legitimate services and resources, thus a firewall will not help stop the attack. Non-filterable Attacks consist of packets requesting legitimate services and resources, thus a firewall will not help stop the attack.
14
Bandwidth Consumption Attack (Images taken from www.grc.com)
15
DoS versus DDoS (Images taken from www.grc.com)
16
DDoS Attack (Images taken from www.grc.com)
17
DRDoS Attack (Images taken from www.grc.com)
18
DDoS versus DRDoS (Images taken from www.grc.com)
19
What can we do? ISP’s ISP’s Implement hardware/software settings and filters on routers and machines that limit and bound packets. Implement hardware/software settings and filters on routers and machines that limit and bound packets. Prevent users from spoofing packets (Firewall). Prevent users from spoofing packets (Firewall). Administrators Administrators Install and use a firewall. Install and use a firewall. Close all unnecessary ports and turn off all unused services. Close all unnecessary ports and turn off all unused services. Use quotas. Use quotas. Maintain backups of configuration files. Maintain backups of configuration files. Install intrusion detection software. Install intrusion detection software. Monitor network traffic. Monitor network traffic. Evaluate physical security on a routine basis. Evaluate physical security on a routine basis. Average Jane and John Doe Average Jane and John Doe Don’t download/install software from unknown/unreliable sources. Don’t download/install software from unknown/unreliable sources. Install personal firewall/port protection software. Install personal firewall/port protection software.
20
Sources http://www.cert.org/tech_tips/denial_of_service.html http://www.cert.org/tech_tips/denial_of_service.html http://www.cert.org/tech_tips/denial_of_service.html http://grc.com/dos/drdos.htm http://grc.com/dos/drdos.htm http://grc.com/dos/drdos.htm http://grc.com/dos/grcdos.htm http://grc.com/dos/grcdos.htm http://grc.com/dos/grcdos.htm http://www.rbs2.com/ccrime.htm#anchor111666 http://www.rbs2.com/ccrime.htm#anchor111666 http://www.rbs2.com/ccrime.htm#anchor111666 http://www.netcraft.com/presentations/interop/dos.html http://www.netcraft.com/presentations/interop/dos.html http://www.netcraft.com/presentations/interop/dos.html http://lasr.cs.ucla.edu/ddos/ucla_tech_report_020018.pdf http://lasr.cs.ucla.edu/ddos/ucla_tech_report_020018.pdf http://lasr.cs.ucla.edu/ddos/ucla_tech_report_020018.pdf http://www.cnn.com/2002/TECH/internet/10/23/net.attack/ http://www.cnn.com/2002/TECH/internet/10/23/net.attack/ http://www.cnn.com/2002/TECH/internet/10/23/net.attack/ http://www.infoworld.com/article/03/01/25/030125hnsqlnet_ 1.html?s=IDGNS http://www.infoworld.com/article/03/01/25/030125hnsqlnet_ 1.html?s=IDGNS http://www.infoworld.com/article/03/01/25/030125hnsqlnet_ 1.html?s=IDGNS http://www.infoworld.com/article/03/01/25/030125hnsqlnet_ 1.html?s=IDGNS
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.