Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Presence, LLC SM Innovative Security Solutions SM www.netpr.com Understanding, Planning For, and Responding To Denial of Service Attacks SANS 2001.

Published byKevin Griffin Modified over 9 years ago

Similar presentations

Presentation on theme: "Network Presence, LLC SM Innovative Security Solutions SM www.netpr.com Understanding, Planning For, and Responding To Denial of Service Attacks SANS 2001."— Presentation transcript:

1 Network Presence, LLC SM Innovative Security Solutions SM www.netpr.com Understanding, Planning For, and Responding To Denial of Service Attacks SANS 2001 Robert Brown rjb@netpr.com Barrett Lyon blyon@netpr.com

2 SANS Network Security 2001 Understanding, Planning For, and Responding To Denial of Service Attacks Slide - 2 Denial of Service Attacks – The Game Types of attacks Flood-based Crash-based Difficult problem Network Engineering Information Security Psychology

3 SANS Network Security 2001 Understanding, Planning For, and Responding To Denial of Service Attacks Slide - 3 Denial of Service Attacks – The Game Vulnerability management (or lack thereof) Psychology aspect – what is the attacker trying to accomplish? Legal liability and negligence issues

4 SANS Network Security 2001 Understanding, Planning For, and Responding To Denial of Service Attacks Slide - 4 Denial of Service Attacks – The Game Attacker compromises multiple hosts and configures DDoS clients Attacker utilizes hosts to flood the Internet pipe of your organization Most commonly use ICMP, UDP, and TCP SYN floods New paper measuring attacks shows 4000 DoS attacks per week

5 SANS Network Security 2001 Understanding, Planning For, and Responding To Denial of Service Attacks Slide - 5 Overview of TheShell.com ISP specializing in Unix shell accounts Most users utilize the IRC chat network IRC is a magnet for attack At least one attack per day and 19 serious attacks in a 1 year period

6 SANS Network Security 2001 Understanding, Planning For, and Responding To Denial of Service Attacks Slide - 6 Planning for the Attack – Training Camp Developing an incident response plan is key All players must be identified, brought on board, and taught their assignments Network Engineering Information Security Internet Service Provider

7 SANS Network Security 2001 Understanding, Planning For, and Responding To Denial of Service Attacks Slide - 7 Planning for the Attack – Training Camp Create a form with complete contact information, network information, and responsibilities Ensure ISP engineering contacts are established – this is extremely important!

8 SANS Network Security 2001 Understanding, Planning For, and Responding To Denial of Service Attacks Slide - 8 Planning for the Attack – Training Camp Have a packet sniffer ready to go Ensure that a SPAN port is available on your Internet-facing switch Map existing traffic patterns Implement bandwidth limiting filters at your ISP Implement ISP-side filters for other traffic you don’t want/need

9 SANS Network Security 2001 Understanding, Planning For, and Responding To Denial of Service Attacks Slide - 9 Playing the Game Identify that you are under attack MRTG, syslog, flow logs, Intrusion Detection, Firewall logs, sniffers Identify deviation from normal traffic Determine intent of attacker Immediately look for ICMP pings and traceroute packets – the attacker usually will try to determine if the attack is working

10 SANS Network Security 2001 Understanding, Planning For, and Responding To Denial of Service Attacks Slide - 10 Playing the Game Climb the ladder Port/Service Host IP stack Local segment (switches/routers) Border router ISP router

11 SANS Network Security 2001 Understanding, Planning For, and Responding To Denial of Service Attacks Slide - 11 Playing the Game Take system offline Ask ISP to null route IP or group of IPs Develop local filters to push the traffic up the ladder (and farther away from you) Implement local filters at your border router Ask your ISP to implement the same filters on their side of the link

12 SANS Network Security 2001 Understanding, Planning For, and Responding To Denial of Service Attacks Slide - 12 Sample ISP Contact Policy TheShell.com Qwest Communications NOC: 1-800-860-1020 Press: 1,#,2,2 IP Team: 888-795-0420 Tony: 408-555-6677 Tony Cell: 703-455-6677 CORE: 98765432 ACCT: 44566789 Circuit: 1234567890 email: support@qwestip.net : cmc1@qwest.com

13 SANS Network Security 2001 Understanding, Planning For, and Responding To Denial of Service Attacks Slide - 13 Conclusion Nobody wins this game No easy solution to the problem Best defense lies in organization and policy

14 SANS Network Security 2001 Understanding, Planning For, and Responding To Denial of Service Attacks Slide - 14 Contact: Barrett Lyon Security Consultant blyon@netpr.com Network Presence, LLC 6033 W. Century Blvd., Ste 400 Los Angeles, CA 90045 310-412-8607 Robert Brown Vice President rjb@netpr.com

Download ppt "Network Presence, LLC SM Innovative Security Solutions SM www.netpr.com Understanding, Planning For, and Responding To Denial of Service Attacks SANS 2001."

Similar presentations

REFLEX INTRUSION PREVENTION SYSTEM.. OVERVIEW The Reflex Interceptor appliance is an enterprise- level Network Intrusion Prevention System. It is designed.

REFLEX INTRUSION PREVENTION SYSTEM.. OVERVIEW The Reflex Interceptor appliance is an enterprise- level Network Intrusion Prevention System. It is designed.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
Net security - budi rahardjo Overview of Network Security Budi Rahardjo CISCO seminar 13 March 2002.

Net security - budi rahardjo Overview of Network Security Budi Rahardjo CISCO seminar 13 March 2002.
CISCO NETWORKING ACADEMY PROGRAM (CNAP)

CISCO NETWORKING ACADEMY PROGRAM (CNAP)
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.

Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
1 Reading Log Files. 2 Segment Format

1 Reading Log Files. 2 Segment Format
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.

Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Raw Sockets CS-480b Dick Steflik Raw Sockets Raw Sockets let you program at just above the network (IP) layer You could program at the IP level using.

Raw Sockets CS-480b Dick Steflik Raw Sockets Raw Sockets let you program at just above the network (IP) layer You could program at the IP level using.
Network-Based Denial of Service Attacks Trends, Descriptions, and How to Protect Your Network Craig A. Huegen Cisco Systems, Inc. NANOG 12 Interprovider.

Network-Based Denial of Service Attacks Trends, Descriptions, and How to Protect Your Network Craig A. Huegen Cisco Systems, Inc. NANOG 12 Interprovider.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Student : Wilson Hidalgo Ramirez Supervisor: Udaya Tupakula Filtering Techniques for Counteracting DDoS Attacks.

Student : Wilson Hidalgo Ramirez Supervisor: Udaya Tupakula Filtering Techniques for Counteracting DDoS Attacks.
Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing Base on RFC 2827 Lector Kirill Motul.

Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing Base on RFC 2827 Lector Kirill Motul.
UNITS meeting September 30, 2004 Network Security Roger Safian

UNITS meeting September 30, 2004 Network Security Roger Safian
Scanning February 23, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
Sniffing the sniffers - detecting passive protocol analysers John Baldock, Intel Corp Craig Duffy, Bristol UWE.

Sniffing the sniffers - detecting passive protocol analysers John Baldock, Intel Corp Craig Duffy, Bristol UWE.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Similar presentations

Ads by Google