Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Distributed Denial of Service Attacks. Potential Damage of DDoS Attacks l The Problem: Massive distributed DoS attacks have the potential to severely.

Published byRonald Nicholson Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Distributed Denial of Service Attacks. Potential Damage of DDoS Attacks l The Problem: Massive distributed DoS attacks have the potential to severely."— Presentation transcript:

1 1 Distributed Denial of Service Attacks

2 Potential Damage of DDoS Attacks l The Problem: Massive distributed DoS attacks have the potential to severely decrease backbone availability and can virtually detach a network from the Internet. 2

3 Motives for DDoS Attacks l Cyber warfare: Prevent information exchange l A means to blackmail a company or even country and cause image and money loss l Youthful mischief and desire to feel the power “to rule the world“ l Proof of technical excellence to “the world“ and oneself l Outbreak of worms from Internet security research ;-) l ?? 3

4 4 What Are DDoS Tools? l Clog victim’s network. l Use many sources (“daemons”) for attacking traffic. l Use “master” machines to control the daemon attackers. l At least 4 different versions in use: TFN, TFN2K, Trinoo, Stacheldraht.

5 5 How They Work Victim Daemon Master Real Attacker

6 6 How They Talk l Trinoo: attacker uses TCP; masters and daemons use UDP; password authentication l TFN(Tribe Flood Network): attacker uses shell to invoke master; masters and daemons use ICMP ECHOREPLY, TCP SYN flood, ICMP Broadcast (smurf) l Stacheldraht: attacker uses encrypted TCP connection to master; masters and daemons use TCP and ICMP ECHO REPLY; rcp used for auto-update and generation

7 7 Deploying DDOS l Attackers seem to use standard, well- known holes (i.e., rpc.ttdbserver, amd, rpc.cmsd, rpc.mountd, rpc.statd). – attacks on flaws of remote buffer overflows l They appear to have “auto-hack” tools – point, click, and invade. l Lesson: practice good computer hygiene.

8 8 Detecting DDOS Tools l Most current IDS’s detect the current generation of tools. l They work by looking for DDoS control messages. l Naturally, these will change over time; in particular, more such messages will be properly encrypted. (A hacker PKI?)

9 9 What Can ISPs Do? l Deploy source address anti-spoof filters (very important!). l Turn off directed broadcasts. l Develop security relationships with neighbor ISPs. l Set up mechanism for handling customer security complaints. l Develop traffic volume monitoring techniques.

10 10 Traffic Volume Monitoring – an example l Look for too much traffic to a particular destination. l Learn to look for traffic to that destination at your border routers (access routers, peers, exchange points, etc.). l Can we automate the tools – too many queue drops on an access router will trigger source detection?

11 11 References l http://www.cert.org/reports/dsit_workshop.pdf http://www.cert.org/reports/dsit_workshop.pdf l Dave Dittrich’s analyses: –http://staff.washington.edu/dittrich/misc/trinoo.analy sishttp://staff.washington.edu/dittrich/misc/trinoo.analy sis –http://staff.washington.edu/dittrich/misc/tfn.analysishttp://staff.washington.edu/dittrich/misc/tfn.analysis –http://staff.washington.edu/dittrich/misc/stacheldraht.analysishttp://staff.washington.edu/dittrich/misc/stacheldraht.analysis l Scanning tool: http://www.fbi.gov/nipc/trinoo.htm http://www.fbi.gov/nipc/trinoo.htm

Download ppt "1 Distributed Denial of Service Attacks. Potential Damage of DDoS Attacks l The Problem: Massive distributed DoS attacks have the potential to severely."

Similar presentations

Module VIII Denial Of Service

Module VIII Denial Of Service
A Brief History of Distributed Denial of Service Attacks Uniforum Chicago August 22, 2000 Viki Navratilova Security Architect, BlueMeteor, Inc.

A Brief History of Distributed Denial of Service Attacks Uniforum Chicago August 22, 2000 Viki Navratilova Security Architect, BlueMeteor, Inc.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Internet Threats Denial Of Service Attacks “The wonderful thing about the Internet is that you’re connected to everyone else. The terrible thing about.

Internet Threats Denial Of Service Attacks “The wonderful thing about the Internet is that you’re connected to everyone else. The terrible thing about.
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Distributed Denial-of-Services (DDoS) Ho Jeong AN CSE 525 – Adv. Networking Reading Group #8.

Distributed Denial-of-Services (DDoS) Ho Jeong AN CSE 525 – Adv. Networking Reading Group #8.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Network-Based Denial of Service Attacks Trends, Descriptions, and How to Protect Your Network Craig A. Huegen Cisco Systems, Inc. NANOG 12 Interprovider.

Network-Based Denial of Service Attacks Trends, Descriptions, and How to Protect Your Network Craig A. Huegen Cisco Systems, Inc. NANOG 12 Interprovider.
Defensive Measures for DDoS By Farhan Mirza. Contents Survey Topics Survey Topics Introduction Introduction Common Target of DoS Attacks Common Target.

Defensive Measures for DDoS By Farhan Mirza. Contents Survey Topics Survey Topics Introduction Introduction Common Target of DoS Attacks Common Target.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Distributed Denial of Service Attacks CMPT 471 1 Distributed Denial of Service Attacks Darius Law.

Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
An Introduction to DDoS And the “Trinoo” Attack Tool Prepared by Ray Lam, Ivan Wong July 10, 2003.

An Introduction to DDoS And the “Trinoo” Attack Tool Prepared by Ray Lam, Ivan Wong July 10, 2003.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Characterizing and Defending Against DDoS Attacks Christos Papadopoulos..and many others.

Characterizing and Defending Against DDoS Attacks Christos Papadopoulos..and many others.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 7: Denial-of-Service Attacks.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 7: Denial-of-Service Attacks.
Defending Against Flooding Based DoS Attacks : A tutorial - Rocky K.C. Chang, The Hong Kong Polytechnic University Presented by – Ashish Samant.

Defending Against Flooding Based DoS Attacks : A tutorial - Rocky K.C. Chang, The Hong Kong Polytechnic University Presented by – Ashish Samant.
DDos Distributed Denial of Service Attacks by Mark Schuchter.

DDos Distributed Denial of Service Attacks by Mark Schuchter.

Similar presentations

Ads by Google