Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 18 Page 1 Advanced Network Security Distributed Denial of Service Attacks Advanced Network Security Peter Reiher August, 2014.

Published byBrian Holt Modified over 9 years ago

Similar presentations

Presentation on theme: "Lecture 18 Page 1 Advanced Network Security Distributed Denial of Service Attacks Advanced Network Security Peter Reiher August, 2014."— Presentation transcript:

1 Lecture 18 Page 1 Advanced Network Security Distributed Denial of Service Attacks Advanced Network Security Peter Reiher August, 2014

2 Lecture 18 Page 2 Advanced Network Security Outline Attacker solution #2: distributed denial of service attacks What are they? DDoS toolkits

3 Lecture 18 Page 3 Advanced Network Security A Flooding Attack But does it actually deny service here?

4 Lecture 18 Page 4 Advanced Network Security The Problem With This Attack The attacking computer is usually a home machine or office workstation Maybe it’s got outgoing bandwidth of 10Mbps The target is usually a server Maybe it’s got incoming bandwidth of 1 Gbps The target barely notices the attack

5 Lecture 18 Page 5 Advanced Network Security “Solving” This Problem How can an attacker overwhelm a machine with more resources than his? Two possibilities: –Find a way to make the target pay more per message than the attacker –Use more than one machine to attack

6 Lecture 18 Page 6 Advanced Network Security Solution #2: Use Multiple Machines to Attack If one machine can’t generate enough traffic to overwhelm a server, Maybe two can Or three Or four Or forty thousand

7 Lecture 18 Page 7 Advanced Network Security Distributed Denial of Service Attacks

8 Lecture 18 Page 8 Advanced Network Security What Is Distributed Denial of Service? A concerted attack by multiple machines on a single target –Usually a large number of machines Intended to make the target unable to service its regular customers By overwhelming some resource –Typically bandwidth

9 Lecture 18 Page 9 Advanced Network Security How To Perform a DDoS Attack: Step 1 Gain control of a lot of machines You could buy them But, if you’re going to use them to make an illegal attack, why buy them? Usually, you steal them –Or, more precisely, take them over with malware

10 Lecture 18 Page 10 Advanced Network Security How To Perform a DDoS Attack: Step 2 Install software on all the machines to send packets to a specified target Usually the software has various options –When to begin –For how long –What kind of packets

11 Lecture 18 Page 11 Advanced Network Security How To Perform a DDoS Attack: Step 3 Issue commands to your machines to start them sending packets If there are a lot of your machines, maybe use an efficient way to tell them –Like some tree-structured distribution system They will then start attacking

12 Lecture 18 Page 12 Advanced Network Security Some Refinements to the Attack Vary the number of packets sent by each attacker over time Only use a fraction of your available machines at any given moment –Cycling through the entire set Pulse the attack, turning it on and off

13 Lecture 18 Page 13 Advanced Network Security 13 Typical Attack Modus Operandi

14 Lecture 18 Page 14 Advanced Network Security Typical Effects of a DDoS Attack A sudden, vast flood of packets being sent to a site Typically packets that are fairly clearly junk –But could be close to real traffic These packets drown out the legitimate traffic So only junk gets delivered

15 Lecture 18 Page 15 Advanced Network Security DDoS Attacks in the Real World Very common Some are pretty small –On small targets, often Occasionally we see a really big one –Typically on a high profile target Often difficult to handle

16 Lecture 18 Page 16 Advanced Network Security Some Important Examples Microsoft, Yahoo, etc. targeted Recent large DDoS attack on Hong Kong voting site 25 million packet per second attacks on domain hosting and online gaming sites At least one company went out of business due to a DDoS attack

17 Lecture 18 Page 17 Advanced Network Security DDoS Attack on DNS Root Servers Concerted ping flood attack on all 13 of the DNS root servers in October 2002 Successfully halted operations on 9 of them Lasted for 1 hour –Turned itself off, was not defeated Did not cause major impact on Internet –DNS uses caching aggressively Another (less effective) attack in February 2007

18 Lecture 18 Page 18 Advanced Network Security DDoS Attack on Estonia Occurred April-May 2007 Estonia removed a statue that Russians liked Then somebody launched large DDoS attack on Estonian government sites Took much of Estonia off-line for ~ 3 weeks DDoS attack on Radio Free Europe sites in Belarus in 2008

19 Lecture 18 Page 19 Advanced Network Security DDoS Attack on Al Jazeera DNS name server floods of 200-300 Mbps on English language web site Successfully made Al Jazeera web site unreachable for two days –After which, their DNS name was hijacked Al Jazeera not easily able to recover from attack –As Al Jazeera added capacity, the attack got stronger

20 Lecture 18 Page 20 Advanced Network Security Combining the Two Attacker “Solutions” Attackers can use both asymmetry and multiple machines Making the problem that much harder to solve Reflector attacks are one example Recent Hong Kong attack required SSL decryption from large number of attack machines

21 Lecture 18 Page 21 Advanced Network Security Attack Toolkits Widely available on net –Easily downloaded along with source code –Easily deployed and used Automated code for: –Scanning – detection of vulnerable machines –Exploit – breaking into the machine –Infection – placing the attack code Rootkit –Hides the attack code –Restarts the attack code –Keeps open backdoors for attacker access DDoS attack code: –Trinoo, TFN, TFN2K, Stacheldraht, Shaft, mstream, Trinity

22 Lecture 18 Page 22 Advanced Network Security DDoS Attack Code Attacker can customize: –Type of attack UDP flood, ICMP flood, TCP SYN flood, Smurf attack Web server request flood, authentication request flood, DNS flood –Victim IP address –Duration –Packet size –Source IP spoofing –Dynamics (constant rate or pulsing) –Communication between master and slaves

23 Lecture 18 Page 23 Advanced Network Security Implications of Attack Toolkits You don’t need much knowledge or many skills to perpetrate DDoS Toolkits allow unsophisticated users to become DDoS perpetrators in little time DDoS is, unfortunately, a game anyone can play

24 Lecture 18 Page 24 Advanced Network Security Conclusion Distributed denial of service attacks solve the attacker’s problem of asymmetric capabilities DDoS attacks harness multiple hosts to attack a single machine DDoS attacks are simple, yet hard to handle

Download ppt "Lecture 18 Page 1 Advanced Network Security Distributed Denial of Service Attacks Advanced Network Security Peter Reiher August, 2014."

Similar presentations

(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.

(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.
On the Necessity of Handling DDoS Traffic in the Middle of the Network Peter Reiher UCLA Computer Communications Workshop October 22, 2008.

On the Necessity of Handling DDoS Traffic in the Middle of the Network Peter Reiher UCLA Computer Communications Workshop October 22, 2008.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.

 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.

Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.

Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.
Security (Continued) V.T. Raja, Ph.D., Oregon State University.

Security (Continued) V.T. Raja, Ph.D., Oregon State University.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
 Unlike other forms of computer attacks, goal isn’t access or theft of information or services  The goal is to stop the service from operating o.

 Unlike other forms of computer attacks, goal isn’t access or theft of information or services  The goal is to stop the service from operating o.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Distributed Denial of Service Attacks CMPT 471 1 Distributed Denial of Service Attacks Darius Law.

Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
Network Layer Security Distributed Denial of Service (DDoS) attacks and the proposed solutions November 12, 2007.

Network Layer Security Distributed Denial of Service (DDoS) attacks and the proposed solutions November 12, 2007.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
CIS 659 – Introduction to Network Security – Fall 2003 – Class 10 – 10/9/03 1 What is Distributed Denial of Service?

CIS 659 – Introduction to Network Security – Fall 2003 – Class 10 – 10/9/03 1 What is Distributed Denial of Service?
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.

Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
DDos Distributed Denial of Service Attacks by Mark Schuchter.

DDos Distributed Denial of Service Attacks by Mark Schuchter.

Similar presentations

Ads by Google