Add to collection(s) Add to saved
  1. Arts & Humanities
  2. Communications

Denial of Service

advertisement 
Denial of Service
By: Samarth Shah and Navin Soni
Contents
•
•
•
•
•
•
•
Introduction
Symptoms
Method of Attacks
Prevention and Response
Side-effects
Downfall
Conclusion
Introduction
• Denial-of-service (DoS) attack aims at disrupting
the authorized use of networks, systems, or
applications by sending messages which exhaust
service provider’s resources
• Distributed denial-of-service (DDoS) attacks
employ multiple compromised computers to perform a
coordinated and widely distributed DoS attack
• Victims
• service-providers
• legitimate service-seekers
WHO?? Their Motives
• Who
• Highly proficient attackers who are rarely identified or caught
• The motive
• Earlier attacks were proofs of concepts or simple pranks
• Pseudo-supremacy feeling upon denying services in large scale
to normal people
• DoS attacks on Internet chat channel moderators
• Political disagreements
• Competitive edge
Daemon
Master
Daemon
Daemon
Daemon
Daemon
Victim
Real Attacker
Symptoms
•
•
•
•
Unusually slow network performance.
Unavailability of a particular web site.
Inability to access any web site.
Dramatic increase in the number of spam emails
received.
• Also lead to problems in the network 'branches'
around the actual computer being attacked.
Methods of attack
• The five basic types of attack are:
– Consumption of computational resources.
– Disruption of configuration information.
– Disruption of state information.
– Disruption of physical network components.
– Obstructing the communication media
between the intended users and the victim so
that they can no longer communicate
adequately.
Classification of DoS Attacks
Attack
Affected Area
Example
Description
Network Level Device
Routers, IP Switches, Firewalls
Ascend Kill II,
“Christmas Tree Packets”
Attack attempts to exhaust
hardware resources using
multiple duplicate packets or a
software bug.
OS Level
Equipment Vendor OS, End-User
Equipment.
Ping of Death,
Teardrop
Attack takes advantage of the
way operating systems
implement protocols.
Application Level Attacks
Finger Bomb
Finger Bomb
Attack a service or machine by
using an application attack to
exhaust resources.
Data Flood (Amplification,
Oscillation, Simple Flooding)
Host computer or network
Smurf Attack (amplifier attack)
Attack in which massive
quantities of data are sent to a
target with the intention of using
up bandwidth/processing
resources.
Protocol Feature Attacks
Servers, Client PC, DNS Servers
SYN (connection depletion)
Attack in which “bugs” in
protocol are utilized to take
down network resources.
Methods of attack include: IP
address spoofing, and corrupting
DNS server cache.
Methods of Attack
•
•
•
•
Peer to Peer Attack
Permanent Denial of Service
Nuke
Degradation of Service attack
Countermeasures
Attack
Countermeasure
Options
Example
Description
Network Level Device
Software patches, packet
filtering
Ingress and Egress Filtering
Software upgrades can fix
known bugs and packet filtering
can prevent attacking traffic
from entering a network.
OS Level
SYN Cookies, drop backlog
connections, shorten timeout
time
SYN Cookies
Shortening the backlog time and
dropping backlog connections
will free up resources. SYN
cookies proactively prevent
attacks.
Application Level Attacks
Intrusion Detection System
GuardDog, other vendors
Software used to detect illicit
activity.
Data Flood (Amplification,
Oscillation, Simple Flooding)
Replication and Load Balancing
Akami/Digital Island provide
content distribution.
Extend the volume of content
under attack makes it more
complicated and harder for
attackers to identify services to
attack and accomplish complete
attacks.
Protocol Feature Attacks
Extend protocols to support
security.
ITEF standard for itrace, DNSSEC
Trace source/destination packets
by a means other than the IP
address (blocks against IP
address spoofing). DNSSEC
would provide authorization and
authentication on DNS
information.
Prevention and Response
•
•
•
•
•
•
•
•
Firewalls
Switches
Routers
Application front end hardware
IPS based prevention
Blackholing
Sinkholing
Clean Pipes
Side-Effects
• Backscatter is a side-effect of a spoofed denial of
service attack.
• The attacker spoofs the source address in IP
packets sent to the victim.
• Response packets are known as backscatter.
• The backscatter response packets from the victim
will be sent back to random destinations. This
effect can be used by network telescopes as
indirect evidence of such attacks.
Downfalls
• DoS attacks are unable to attack large bandwidth
websites.
• New distributed server architecture makes it
harder for one DoS to take down an entire site.
• New software protections neutralize existing DoS
attacks quickly.
• Service Providers know how to prevent these
attacks from effecting their networks.
• “Old” Internet Technology.
Conclusion
• Attack techniques continue to advance and the
number of software vulnerabilities continues to
increase.
• Service providers and vendors are quickly
adapting to the new landscape.
• Prevention is always the best measure.
• Regular scanning and auditing will prevent
configuration errors from exposing infrastructure
to known attacks.
• Preparation is the key for service providers to
mitigate attacks as they happen.
THANK YOU
Related documents
dos_nanog
dos_nanog
Network Security
Network Security
How to Efficiently Communicate When Your Network is Under Attack
How to Efficiently Communicate When Your Network is Under Attack
Cryptography and Network Security Chapter 1
Cryptography and Network Security Chapter 1
Revenge-Seeking Behaviors
Revenge-Seeking Behaviors
Download PDF - Echo Photo Agency
Download PDF - Echo Photo Agency
sequence authentication
sequence authentication
Denial of Service Attacks in IP Networks Golriz Cherazi, Susanne Koch
Denial of Service Attacks in IP Networks Golriz Cherazi, Susanne Koch
Download
advertisement