1 / 16

CIS 450 – Network Security

CIS 450 – Network Security. Chapter 6 – Denial of Service Attacks. Definition – an attack through which a person can render a system unstable or significantly slow down the system for legitimate users by overloading the resources so no one else can access it Can be deliberate or accidental

judith-holt
Download Presentation

CIS 450 – Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CIS 450 – Network Security Chapter 6 – Denial of Service Attacks

  2. Definition – an attack through which a person can render a system unstable or significantly slow down the system for legitimate users by overloading the resources so no one else can access it • Can be deliberate or accidental • Most operating systems, routers, and network components that have to process packets at some level are vulnerable to DoS attacks

  3. Types of DoS Attacks • Crashing a system or network • Send victim unexpected data or packets that causes the system to crash or reboot (Sasser worm) • Can render a system inaccessible with a couple of packets • Flooding the system or network • Attacker floods the network much more information/packets that it can handle • More work for attacker

  4. Types of DoS Attacks • Distributed DoS Attack (DDoS) • A traditional DoS attack involves a single machine launching the attack • In DDoS an attacker breaks into several machines, or coordinates with several friends, to launch an attack against a target machine or network at the same time • More difficult to block or detect • Things can be done to minimize DoS threat but almost impossible to be 100% safe

  5. Types of DoS Attacks • Ping of Death • Affects Most Operating Systems • Technically speaking, the Ping of Death attack involved sending IP packets of a size greater than 65,535 bytes to the target computer. IP packets of this size are illegal, but applications can be built that are capable of creating them. Carefully programmed operating systems could detect and safely handle illegal IP packets, but some failed to do this. ICMP (Internet Control Message Protocol) ping utilities often included large-packet capability and became the namesake of the problem, although UDP and other IP-based protocols also could transport Ping of Death. • Operating system vendors quickly devised patches to avoid the Ping of Death. Still, many Web sites today block ICMP ping messages at their firewalls to avoid similar denial of service attacks.

  6. Types of DoS Attacks • SSPing • Microsoft Windows 95 & NT • The attack is designed to crash your system by sending invalid IP fragments at it. Receiving system locks when it tries to put fragments together. • Defense • Most firewalls will automatically filter out these packets. • Microsoft security patches

  7. Types of DoS Attacks • Land Exploit • Most operating systems • A SYN packet in which the source address and port are the same as the destination • Relies on the use of forged packets, that is, packets where the attacker deliberately falsifies the origin address • Defense • Apply vendor patches • Install filtering on your routers that requires packets leaving your network to have a source address from your internal network. This type of filter prevents a source IP spoofing attack from your site by filtering all outgoing packets that contain a source address from a different network

  8. Types of DoS Attacks • Smurf • Involves forged ICMP packets sent to a broadcast address • Most OSs and routers • http://www.networkcommand.com/docs/smurf.html • SYN Flood • Most Operating Systems • http://www.networkcommand.com/docs/synflood.doc

  9. Types of DoS Attacks • CPU Hog • Microsoft NT • Win Nuke • Most Microsoft OSs • Test if your machine is vulnerable - http://www.jtan.com/resources/winnuke.html • RPC Locator • Microsoft NT • http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q193/2/33.asp&NoWebContent=1

  10. Types of DoS Attacks • Jolt2 • Operating Systems: Numerous • http://www.bindview.com/Support/RAZOR/Advisories/2000/adv_Jolt2.cfm • Bubonic • Operating System: Windows 98/2000 • Microsoft Incomplete TCP/IP Packet Vulnerability • Operating System: Windows NT/ME/9x • http://www.microsoft.com/technet/security/bulletin/MS00-091.mspx

  11. Types of DoS Attacks • HP Openview Node Manager SNMP DOS Vulnerability • Operating System: Various • NetScreen Firewall DOS Vulnerability • Operating Systems: Various Net Screen Screen OSs • http://www.secureroot.com/security/advisories/9790497270.html

  12. Tools for Running Attacks • DOS Attacks • Master List • http://www.cotse.com/dos.htm • Targa • http://www.cotse.com/sw/dos/misc/targa.c • DDOS Attacks • Tribal Flood Network 2000 (TFN2K) • Trinoo, http://www.donkboy.com/html/stuff.htm • Satcheldraht

  13. Preventing DoS Attacks • Effective Robust Design • Build redundancy and robustness into system • Have multiple connections to the Internet and connections from multiple geographic locations • Have services at different locations • The more machines and connections a company has the harder it is for an effective Dos Attack • Bandwidth Limitations • Limit your bandwith based on protocol • Keep Systems Patched • Run the least amount of services • Windows 2000 server has 100 services

  14. Preventing DoS Attacks • Allow only necessary traffic • Concentrates on your perimeter – mainly your router and firewall • Make sure that your firewall allows only necessary traffic in and out of your network • Most routers have firewall rulesets that you can add to the IOS. Can provide backup and checking for the firewall and help unload some filtering from the firewall • Block IP addresses

  15. Preventing DDoS Attacks • Keep the network secure • Install Intrusion Detection System • Networked-based • A passive device that sits on the network and sniffs all packets crossing a given network segment • Looks for signatures that indicate a possible attack and sets off alarms on questionable behavior • Host-based • Runs on an individual server and actively reviews the audit log looking for possible indications of an attack • IDS technologies • Pattern matching – database of signatures of known attacks. Sets off alarm for a given pattern. • Anomaly detection – determines what is normal for a network and any traffic that is not normal is flagged as suspicious

  16. Preventing DDoS Attacks • Use scanning tools • Run zombie tools

More Related