Presentation is loading. Please wait.

Presentation is loading. Please wait.

GORAN OSIM AND TIM MYERS CPSC 424 DDOS AND THE SYSADMIN.

Similar presentations


Presentation on theme: "GORAN OSIM AND TIM MYERS CPSC 424 DDOS AND THE SYSADMIN."— Presentation transcript:

1 GORAN OSIM AND TIM MYERS CPSC 424 DDOS AND THE SYSADMIN

2 WHAT IS DDOS? DoS stands for Denial of Service It is an attempt to make a computer resource unavailable to its intended users The term is generally used with regards to computer networks, but is not limited to this field; for example, it is also used in reference to CPU resource management DDoS is a Distributed Denial of Service It generally consists of the concerted efforts of a person or groups of people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely

3 HISTORY OF DDOS Distributed DoS attacks are much newer than simple DoS attacks. The first attack sighted was in late June and early July of 1999. The first well-publicized DDoS attack in the public press was in February 2000. On February 7, Yahoo! was the victim of a DDoS during which its Internet portal was inaccessible for three hours. In a DDoS attack, the attacking packets come from tens or hundreds of addresses rather than just one, as in a "standard" DoS attack.

4 STRUCTURE OF DDOS ATTACK

5 EFFECT ON THE SYSADMIN Lack of service on the network Little can be done until the attack subsides Checks can be done, such as a SYN flood check, but cannot remedy the problem Anycast is a way to mitigate DDoS attacks It is a network addressing and routing methodology in which datagrams from a single sender are routed to the topologically nearest node in a group of potential receivers all identified by the same destination address

6 ANYCAST AND SYSADMINS As traffic is routed to the closest node, a process over which the attacker has no control, the DDoS traffic flow will be distributed amongst the closest nodes. Thus, not all nodes might be affected The effectiveness of this technique to divert attacks is questionable, however, because unicast addresses (used for maintenance) can be easy to obtain

7 PROTECTION A router and firewall is the SysAdmin’s first line of defense An IDS (Intrusion Detection System) is a must, so they SysAdmin is aware of possible attacks The SysAdmin should use an anycast type topology to route the attacks to various nodes Unfortunately, if the attacker makes it past all these, the only thing to do is wait for the attack to end, as they rarely last a significant amount of time

8 CONCLUSION DDoS attacks can be devastating to SysAdmin’s and the networks they administrate Once an attack is happening, little can be done to stop it The SysAdmin must put preliminary defense measures in place beforehand A SysAdmin must always be monitoring for such attacks as they could come from anywhere at anytime.

9 QUESTIONS?


Download ppt "GORAN OSIM AND TIM MYERS CPSC 424 DDOS AND THE SYSADMIN."

Similar presentations


Ads by Google