Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 1 Page 1 CS 239, Fall 2010 Distributed Denial of Service Attacks and Defenses CS 239 Advanced Topics in Computer Security Peter Reiher September.

Published byAnn Bridges Modified over 9 years ago

Similar presentations

Presentation on theme: "Lecture 1 Page 1 CS 239, Fall 2010 Distributed Denial of Service Attacks and Defenses CS 239 Advanced Topics in Computer Security Peter Reiher September."— Presentation transcript:

1 Lecture 1 Page 1 CS 239, Fall 2010 Distributed Denial of Service Attacks and Defenses CS 239 Advanced Topics in Computer Security Peter Reiher September 28, 2010

2 Lecture 1 Page 2 CS 239, Fall 2010 The Problem

3 Lecture 1 Page 3 CS 239, Fall 2010 Distributed Denial of Service (DDoS) Attacks Goal: Prevent a network site from doing its normal business Method: overwhelm the site with attack traffic Response: ?

4 Lecture 1 Page 4 CS 239, Fall 2010 Why Are These Attacks Made? Sometimes to annoy Sometimes for extortion Sometimes for political reasons If directed at infrastructure, might cripple parts of Internet –So who wants to do that...?

5 Lecture 1 Page 5 CS 239, Fall 2010 Attack Methods Pure flooding –Of network connection –Or of upstream network Overwhelm some other resource –SYN flood –CPU resources –Memory resources –Application level resource Direct or reflection

6 Lecture 1 Page 6 CS 239, Fall 2010 Why “Distributed”? Targets are often highly provisioned servers A single machine usually cannot overwhelm such a server So harness multiple machines to do so Also makes defenses harder

7 Lecture 1 Page 7 CS 239, Fall 2010 DDoS Attack on DNS Root Servers Concerted ping flood attack on all 13 of the DNS root servers in October 2002 Successfully halted operations on 9 of them Lasted for 1 hour –Turned itself off, was not defeated Did not cause major impact on Internet –DNS uses caching aggressively Another (less effective) attack in February 2007

8 Lecture 1 Page 8 CS 239, Fall 2010 DDoS Attack on Estonia Occurred April-May 2007 Estonia removed a statue that Russians liked Then somebody launched large DDoS attack on Estonian government sites Took much of Estonia off-line for ~ 3 weeks DDoS attack on Radio Free Europe sites in Belarus in 2008

9 Lecture 1 Page 9 CS 239, Fall 2010 How to Defend? A vital characteristic: –Don’t just stop a flood –ENSURE SERVICE TO LEGITIMATE CLIENTS!!! If you deliver a manageable amount of garbage, you haven’t solved the problem

10 Lecture 1 Page 10 CS 239, Fall 2010 Complicating Factors High availability of compromised machines –Millions of zombie machines out there Internet is designed to deliver traffic –Regardless of its value IP spoofing allows easy hiding Distributed nature makes legal approaches hard Attacker can choose all aspects of his attack packets –Can be a lot like good ones

11 Lecture 1 Page 11 CS 239, Fall 2010 Basic Defense Approaches Overprovisioning Dynamic increases in provisioning Hiding Tracking attackers Legal approaches Reducing volume of attack

12 Lecture 1 Page 12 CS 239, Fall 2010 Overprovisioning Be able to handle more traffic than attacker can generate Works pretty well for Microsoft and Google Not a suitable solution for Mom and Pop Internet stores

13 Lecture 1 Page 13 CS 239, Fall 2010 Dynamic Increases in Provisioning As attack volume increases, increase your resources Dynamically replicate servers Obtain more bandwidth Not always feasible Probably expensive Might be easy for attacker to outpace you

14 Lecture 1 Page 14 CS 239, Fall 2010 Hiding Don’t let most people know where your server is If they can’t find it, they can’t overwhelm it Possible to direct your traffic through other sites first –Can they be overwhelmed...? Not feasible for sites that serve everyone

15 Lecture 1 Page 15 CS 239, Fall 2010 Tracking Attackers Almost trivial without IP spoofing With IP spoofing, more challenging Big issue: –Once you’ve found them, what do you do? Not clear tracking actually does much good Loads of fun for algorithmic designers, though

16 Lecture 1 Page 16 CS 239, Fall 2010 Legal Approaches Sic the FBI on them and throw them in jail Usually hard to do FBI might not be interested in “small fry” Slow, at best Very hard in international situations Generally only feasible if extortion is involved –By following the money

17 Lecture 1 Page 17 CS 239, Fall 2010 Reducing the Volume of Traffic Addresses the core problem: –Too much traffic coming in, so get rid of some of it Vital to separate the sheep from the goats Unless you have good discrimination techniques, not much help Most DDoS defense proposals are variants of this

18 Lecture 1 Page 18 CS 239, Fall 2010 Approaches to Reducing the Volume Give preference to your “friends” Require “proof of work” from submitters Detect difference between good and bad traffic –Drop the bad –Easier said than done

19 Lecture 1 Page 19 CS 239, Fall 2010 Where To Defend? At the target? + Good knowledge of situation + Strong motivation to deploy + OK to do what’s needed At the source? + Drops junk early + Cost paid close to attacker + May be easy to distinguish packets - Poor deployment incentive - Requires wide deployment - May be subject to influence In the core? + Scales nicely + Works with moderate deployment - Low per packet budget possible - Poor deployment incentive - Against end-to-end philosophy - Easy to overwhelm - Often limited defense resources

Download ppt "Lecture 1 Page 1 CS 239, Fall 2010 Distributed Denial of Service Attacks and Defenses CS 239 Advanced Topics in Computer Security Peter Reiher September."

Similar presentations

(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.

(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.
On the Necessity of Handling DDoS Traffic in the Middle of the Network Peter Reiher UCLA Computer Communications Workshop October 22, 2008.

On the Necessity of Handling DDoS Traffic in the Middle of the Network Peter Reiher UCLA Computer Communications Workshop October 22, 2008.
Why Is DDoS Hard to Solve? 1.A simple form of attack 2.Designed to prey on the Internet’s strengths 3.Easy availability of attack machines 4.Attack can.

Why Is DDoS Hard to Solve? 1.A simple form of attack 2.Designed to prey on the Internet’s strengths 3.Easy availability of attack machines 4.Attack can.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Lecture 8 Page 1 CS 236, Spring 2008 Distributed Denial of Service Attacks CS 236 Advanced Computer Security Peter Reiher May 20, 2008.

Lecture 8 Page 1 CS 236, Spring 2008 Distributed Denial of Service Attacks CS 236 Advanced Computer Security Peter Reiher May 20, 2008.
 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.

 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.

Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.

IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
Overview of Distributed Denial of Service (DDoS) Wei Zhou.

Overview of Distributed Denial of Service (DDoS) Wei Zhou.
 Unlike other forms of computer attacks, goal isn’t access or theft of information or services  The goal is to stop the service from operating o.

 Unlike other forms of computer attacks, goal isn’t access or theft of information or services  The goal is to stop the service from operating o.
DFence: Transparent Network-based Denial of Service Mitigation CSC7221 Advanced Topics in Internet Technology Presented by To Siu Sang Eric (07016080)

DFence: Transparent Network-based Denial of Service Mitigation CSC7221 Advanced Topics in Internet Technology Presented by To Siu Sang Eric ( )
Flash Crowds And Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites Aaron Beach Cs395 network security.

Flash Crowds And Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites Aaron Beach Cs395 network security.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.

Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.
Defending Against Flooding Based DoS Attacks : A tutorial - Rocky K.C. Chang, The Hong Kong Polytechnic University Presented by – Ashish Samant.

Defending Against Flooding Based DoS Attacks : A tutorial - Rocky K.C. Chang, The Hong Kong Polytechnic University Presented by – Ashish Samant.
Network Attacks. Network Trust Issues – TCP Congestion control – IP Src Spoofing – Wireless transmission Denial of Service Attacks – TCP-SYN – Name Servers.

Network Attacks. Network Trust Issues – TCP Congestion control – IP Src Spoofing – Wireless transmission Denial of Service Attacks – TCP-SYN – Name Servers.
Lecture 15 Denial of Service Attacks

Lecture 15 Denial of Service Attacks
Bandwidth DoS Attacks and Defenses Robert Morris Frans Kaashoek, Hari Balakrishnan, Students MIT LCS.

Bandwidth DoS Attacks and Defenses Robert Morris Frans Kaashoek, Hari Balakrishnan, Students MIT LCS.
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.

Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.
------ An Overview Zhang Fu Outline What is DDoS ? How it can be done? Different types of DDoS attacks. Reactive VS Proactive Defence.

An Overview Zhang Fu Outline What is DDoS ? How it can be done? Different types of DDoS attacks. Reactive VS Proactive Defence.

Similar presentations

Ads by Google