200 likes | 219 Views
Learn about DoS attacks, consequences, methods, and prevention strategies to safeguard hardware, software, and data availability. Explore controlling mechanisms, identification, and authentication methods. Understand network and flooding attacks such as ping flooding, Smurf attack, and Echo-Chargen. Discover prevention techniques like monitoring system performance and detecting unusual workloads. Join upcoming cybersecurity events on IT security and lectures by industry experts. Enhance your knowledge in cybersecurity defense strategies.
E N D
Denial of Service Attacks CSCE 201
Reading • Required: • Chapter 4 from textbook
Security Objectives • Confidentiality • Integrity • Availability • Control mechanisms: first line of defense • Identification and authentication • Access control
Denial of Service Attacks • Difficult to prevent • Consequences can be devastating • More-and-more services are web-based • Nation state sponsored attacks • 2007 Russia vs. Estonia • Hard to pinpoint the attack source
Availability • Target resource: • Hardware, software, communication, data, etc. • Attacker’s aim: • Reduce availability of resources for authorized users • Attack methods: • Volume-based (overwhelm capacity of the system) • Application-based (overwhelm capacity of the application) • Cut/disable communication link • Failure of hardware or software
Flooding Resources • Target: application, OS, network appliance, etc. • Operational limits • Computer: limited • # of users • Storage capacity • Processing capacity • # of open connections • Speed of data transmission • Etc.
Network Flooding • Attacker sends so much data that the communication system cannot handle authorized requests • Exploits communication protocol weaknesses, e.g., • Transmission Control Protocol (TCP) • User Datagram Protocol (UDP) • Internet Control Message Protocol (ICMP) • Ping (requests a destination to return a reply) • Echo ( requests a destination to return the data sent to it) • Destination unreachable (indicates that the destination cannot be accessed) • Source quench (indicates that the destination is becoming saturated)
Ping of Death • Attacker floods the victim with ping requests • Limited by the smallest bandwidth on the attack path ping ping ping ping reply Victim Attacker
Smurf Attack • Attacker spoofs the source address in the ping packet to the victim’s address • Attacker broadcast the ping packet to all hosts on the network • All hosts respond to the victim ping broadcast ping Victim Attacker
Echo-Chargen • Between two hosts • Chargen: ICMP protocol that generates stream of packets to test the networks capacity Attacker Chargen packet with echo bit on Echo response Chargen packet with echo bit on Echo response Victim 1 Victim 2
Classical DOS - TCP SYN Flood • TCP client-server protocol – 3 way handshake
Classical DOS - TCP SYN Flood Attacker
Addressing Failures • Domain Name System (DNS): translates logical names to addresses • Attack: • Supply incorrect address • Block address • Redirect routing
Blocked Access • Physical blocking • Prevent services from functioning • Software vulnerability • Protocol vulnerability • Manipulate authorization specifications
Physical Security • Attacks against availability • Computer • Connection • Software • Etc.
Tools • Tribal Flood Network (TFN) and TFN2K • Support launching coordinated DOS or DDOS • Hide origin of attacks • Overwhelms the victim computer • Master: controls a fleet of agents • Agents: carry out the attack • Communication between Master and Agents is protects by: • Encryption • Hide IP address • Randomized packets
How to Detect DOS and DDOS • Centralized system: • Performance degradation • Unusually large volume of work requests • Large number of new clients (malicious agents) • Distributed system: • May be difficult to detect overall performance degradation • Need to share performance data • Uses valuable communication bandwidth
How to Prevent DOS/DDOS? • Destruction of resources: • Physical security control • Backup system • Redundant communication channel • Flooding • Monitor system performance reject new requests if overwhelmed • Check packet header before processing • Understand vulnerable protocols • Time out computationally costly requests and black list them
Preventing TCP SYN Flooding • Aim: limit the over use of the resources (don’t really block the malicious requests, just do not use so much resources) • Methods: • Limit the complexity of handling requests, e.g., micro block • Limit the need to keep open connections, e.g., use cookies • Limit the processing at the server’s side, e.g., shorter timeout window, simplified processing
Next Class Attend one of these events: 1. Securing the Future for Women in IT, Wednesday, October 28, 2015 at 5:30 pm, IT-oLogy, 1301 Gervais St. Suite 200, Columbia SC, Register at: http://www.techjunto.com/events/966 2. Last Lecture Series, Wednesday, October 28, Dr. Duncan Buell, Department of Computer Science and Engineering, 7 pm in the Gressette Room of Harper College 3rd floor, https://sc.edu/ofsp/last_lecture_series.shtml