1 / 20

Denial of Service Attacks CSCE 201

Denial of Service Attacks CSCE 201. Reading. Required: Chapter 4 from textbook. Security Objectives. Confidentiality Integrity Availability Control mechanisms: first line of defense Identification and authentication Access control. Denial of Service Attacks. Difficult to prevent

jenkinsw
Download Presentation

Denial of Service Attacks CSCE 201

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Denial of Service Attacks CSCE 201

  2. Reading • Required: • Chapter 4 from textbook

  3. Security Objectives • Confidentiality • Integrity • Availability • Control mechanisms: first line of defense • Identification and authentication • Access control

  4. Denial of Service Attacks • Difficult to prevent • Consequences can be devastating • More-and-more services are web-based • Nation state sponsored attacks • 2007 Russia vs. Estonia • Hard to pinpoint the attack source

  5. Availability • Target resource: • Hardware, software, communication, data, etc. • Attacker’s aim: • Reduce availability of resources for authorized users • Attack methods: • Volume-based (overwhelm capacity of the system) • Application-based (overwhelm capacity of the application) • Cut/disable communication link • Failure of hardware or software

  6. Flooding Resources • Target: application, OS, network appliance, etc. • Operational limits • Computer: limited • # of users • Storage capacity • Processing capacity • # of open connections • Speed of data transmission • Etc.

  7. Network Flooding • Attacker sends so much data that the communication system cannot handle authorized requests • Exploits communication protocol weaknesses, e.g., • Transmission Control Protocol (TCP) • User Datagram Protocol (UDP) • Internet Control Message Protocol (ICMP) • Ping (requests a destination to return a reply) • Echo ( requests a destination to return the data sent to it) • Destination unreachable (indicates that the destination cannot be accessed) • Source quench (indicates that the destination is becoming saturated)

  8. Ping of Death • Attacker floods the victim with ping requests • Limited by the smallest bandwidth on the attack path ping ping ping ping reply Victim Attacker

  9. Smurf Attack • Attacker spoofs the source address in the ping packet to the victim’s address • Attacker broadcast the ping packet to all hosts on the network • All hosts respond to the victim ping broadcast ping Victim Attacker

  10. Echo-Chargen • Between two hosts • Chargen: ICMP protocol that generates stream of packets to test the networks capacity Attacker Chargen packet with echo bit on Echo response Chargen packet with echo bit on Echo response Victim 1 Victim 2

  11. Classical DOS - TCP SYN Flood • TCP client-server protocol – 3 way handshake

  12. Classical DOS - TCP SYN Flood Attacker

  13. Addressing Failures • Domain Name System (DNS): translates logical names to addresses • Attack: • Supply incorrect address • Block address • Redirect routing

  14. Blocked Access • Physical blocking • Prevent services from functioning • Software vulnerability • Protocol vulnerability • Manipulate authorization specifications

  15. Physical Security • Attacks against availability • Computer • Connection • Software • Etc.

  16. Tools • Tribal Flood Network (TFN) and TFN2K • Support launching coordinated DOS or DDOS • Hide origin of attacks • Overwhelms the victim computer • Master: controls a fleet of agents • Agents: carry out the attack • Communication between Master and Agents is protects by: • Encryption • Hide IP address • Randomized packets

  17. How to Detect DOS and DDOS • Centralized system: • Performance degradation • Unusually large volume of work requests • Large number of new clients (malicious agents) • Distributed system: • May be difficult to detect overall performance degradation • Need to share performance data • Uses valuable communication bandwidth

  18. How to Prevent DOS/DDOS? • Destruction of resources: • Physical security control • Backup system • Redundant communication channel • Flooding • Monitor system performance  reject new requests if overwhelmed • Check packet header before processing • Understand vulnerable protocols • Time out computationally costly requests and black list them

  19. Preventing TCP SYN Flooding • Aim: limit the over use of the resources (don’t really block the malicious requests, just do not use so much resources) • Methods: • Limit the complexity of handling requests, e.g., micro block • Limit the need to keep open connections, e.g., use cookies • Limit the processing at the server’s side, e.g., shorter timeout window, simplified processing

  20. Next Class Attend one of these events: 1. Securing the Future for Women in IT, Wednesday, October 28, 2015 at 5:30 pm, IT-oLogy, 1301 Gervais St. Suite 200, Columbia SC, Register at: http://www.techjunto.com/events/966 2. Last Lecture Series, Wednesday, October 28, Dr. Duncan Buell, Department of Computer Science and Engineering, 7 pm in the Gressette Room of Harper College 3rd floor, https://sc.edu/ofsp/last_lecture_series.shtml

More Related