Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Figure 4-11: Denial-of-Service (DoS) Attacks Introduction  Attack on availability  Act of vandalism Single-Message DoS Attacks  Crash a host with.

Published byDaisy Burke Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Figure 4-11: Denial-of-Service (DoS) Attacks Introduction  Attack on availability  Act of vandalism Single-Message DoS Attacks  Crash a host with."— Presentation transcript:

1

2 1 Figure 4-11: Denial-of-Service (DoS) Attacks Introduction  Attack on availability  Act of vandalism Single-Message DoS Attacks  Crash a host with a single attack packet  Examples: Ping-of-Death, Teardrop, and LAND  Send unusual combination for which developers did not test

3 2 Figure 4-11: Denial-of-Service (DoS) Attacks Flooding Denial-of-Service Attacks  SYN flooding (Figure 4-12) Try to open many connections with SYN segments Victim must prepare to work with many connections Victim crashes if runs out of resources; at least slows down More expensive for the victim than the attacker

4 3 Figure 4-12: SYN Flooding DoS Attack SYN Attacker 1.34.150.37 Victim 60.168.47.47 Attacker Sends Flood of SYN Segments Victim Sets Aside Resources for Each Victim Crashes or Victim Becomes Too Overloaded to Respond to the SYNs from Legitimate Uses

5 4 Figure 4-13: Smurf Flooding DoS Attack “Innocent” Firm Attacker 1.34.150.37 1. Single ICMP Echo Message Source IP: 60.168.47.47 (Victim) Destination IP: Broadcast Echo 4. Echo Replies Victim 60.168.47.47 2. Router with Broadcasting Enabled 3. Broadcast Echo Message

6 5 Figure 4-14: Distributed Denial-of- Service (DDoS) Attack Attacker 1.34.150.37 Attack Command Handler Attack Command Zombie Attack Packet Victim 60.168.47.47 Attack Packet Zombie Handler Attack Command

7 6 Figure 4-11: Denial-of-Service (DoS) Attacks Stopping DoS Attacks  Ingress filtering to stop attack packets (Figure 4- 14)  Limited ability of ingress filtering because link to ISP might become overloaded  Egress filtering by attacker’s company or ISP  Requires cooperating from attacker’s company or ISP  Requires a community response; victim cannot do it alone

8 7 Figure 4-15: The Difficulty of Stopping DoS Attacks 2. Attack Packets Blocked But Internet Backbone Site Border Firewall Attack packets 1. ISP Access Line Saturated by Attack Packets 3. Legitimate Packets Cannot Get Through 4. Attacks Must Be Stopped on the Internet ISP 5. Other Companies Must Harden Hosts So They Are Not Compromised and Used in Attacks

Download ppt "1 Figure 4-11: Denial-of-Service (DoS) Attacks Introduction  Attack on availability  Act of vandalism Single-Message DoS Attacks  Crash a host with."

Similar presentations

Syn Flooding Sends TCP connections to a machine faster than it can process themSends TCP connections to a machine faster than it can process them Each.

Syn Flooding Sends TCP connections to a machine faster than it can process themSends TCP connections to a machine faster than it can process them Each.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Review For Exam 2 March 9, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Review For Exam 2 March 9, 2010 MIS 4600 – MBA © Abdou Illia.
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.

IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
Security (Continued) V.T. Raja, Ph.D., Oregon State University.

Security (Continued) V.T. Raja, Ph.D., Oregon State University.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Network-Based Denial of Service Attacks Trends, Descriptions, and How to Protect Your Network Craig A. Huegen Cisco Systems, Inc. NANOG 12 Interprovider.

Network-Based Denial of Service Attacks Trends, Descriptions, and How to Protect Your Network Craig A. Huegen Cisco Systems, Inc. NANOG 12 Interprovider.
Network-Based Denial of Service Attacks Trends, Descriptions, and How to Protect Your Network Craig A. Huegen Cisco Systems, Inc. NANOG 13 -- Dearborn,

Network-Based Denial of Service Attacks Trends, Descriptions, and How to Protect Your Network Craig A. Huegen Cisco Systems, Inc. NANOG Dearborn,
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.

Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.
1/42 Arab Academy for Banking &Financial Sciences Faculty of Information Systems & Technology - Department of CIS Information System Security Ph.D Prepared.

1/42 Arab Academy for Banking &Financial Sciences Faculty of Information Systems & Technology - Department of CIS Information System Security Ph.D Prepared.
Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA © Abdou Illia.
Computer Security Prevention and detection of unauthorized actions by users of a computer system Confidentiality Integrity Availability.

Computer Security Prevention and detection of unauthorized actions by users of a computer system Confidentiality Integrity Availability.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 7: Denial-of-Service Attacks.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 7: Denial-of-Service Attacks.
Defending Against Flooding Based DoS Attacks : A tutorial - Rocky K.C. Chang, The Hong Kong Polytechnic University Presented by – Ashish Samant.

Defending Against Flooding Based DoS Attacks : A tutorial - Rocky K.C. Chang, The Hong Kong Polytechnic University Presented by – Ashish Samant.
Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.

Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.
DoS/DDoS Attack Forbes Henderson. What is a DoS Attack  DoS Attack (Denial of Service Attack)  A Denial of Service Attack is Often used by hackers to.

DoS/DDoS Attack Forbes Henderson. What is a DoS Attack  DoS Attack (Denial of Service Attack)  A Denial of Service Attack is Often used by hackers to.
Lecture 15 Denial of Service Attacks

Lecture 15 Denial of Service Attacks

Similar presentations

Ads by Google