1 / 22

Alex Ramos

Alex Ramos. Denial Of Service.

lave
Download Presentation

Alex Ramos

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Alex Ramos Denial Of Service Notice: Use and Disclosure of Data. Limited Data Rights. This proposal includes data that shall not be disclosed outside Strayer University and shall not be duplicated, used, or disclosed–in whole or in part–for any purpose other than to evaluate this oral presentation. CIS Network Security Instructor Professor Mort Anvair Federal Network Systems, LLC July 24, 2004

  2. Agenda • What is a Denial of Service Attack? • What is a Distributed Denial of Service Attack? • Why Are They Difficult to Protect Against? • Types of Denial of Service Attacks • Tools for Running Denial of Service Attacks • Preventing Denial of Service Attacks • Summary

  3. What is a Denial Of Service Attack? An attack that is specifically designed to prevent the normal functioning of a system, and thereby to prevent lawful access to that system and its data by its authorized users. DOS can be caused by the destruction or modification of data, by bringing down the system, or by overloading the system's servers to the extent that service to authorized users is delayed or prevented. www.itsecurity.com/ds.htm • DoS goals • Flooding a network to prevent legitimate network traffic • Disrupting connections between two specific machines • Preventing a service access to a specific entity or to all individuals

  4. What is a Distributed Denial of Service Attack? • Use of Several to Thousands of machines to initiate a Denial of Service attack • “Zombies” or “User Controlled” • Yahoo!,eBay, and Amazon were struck with DDoS in February 2000. • Most go Unreported • Most common form of attack on the Internet today • Recent Study showed more than 12000 DoS (DDoS) attacks during a 3 week period. • Actual number is probably higher

  5. Costs of a Distributed Denial of Service Attack

  6. Costs of a Distributed Denial of Service Attack • Problem: Need a robust and automatic way of classifying DoS attacks into these two classes: single- and multi-source. • Because: Different types of attacks (single- or multi-source) are handled differently. • Classification is not easy. For instance, packets can be spoofed by attacker.

  7. Video Demonstration of a Healthy Network

  8. Video Demonstration of a Distributed Denial of Service Attack

  9. Video Demonstration of a Distributed Denial of Service Attack (Reflector Type)

  10. Why Are They Difficult To Protect Against? • Minimize the threats but fully Protect • Threats are always there • Trade offs between Security and Functionality • Resources used to Protect against DDOS • Costly • Time Consuming • Restrictive

  11. Types of Denial of Service Attacks? • Ping of Death • Sends very Large Ping Packets to a host machine • Causes the Operating System to hang or crash • Unix command • Ping –s 65527 (ip address of the victim’s machine • DOS command • Ping –l 65527 (ip address of the victim’s machine)

  12. Types of Denial of Service Attacks? • SSPing • Sends Fragmented oversized ICMP data packets • Victim Computers try to Put the Fragmented data back together • Causes the Operating System to hang or crash • Affects Windows 95, NT, and older versions of the Mac OS • Protection • Patches for affected Operating Systems • Updated version of the TCP/IP stack

  13. Types of Denial of Service Attacks? • Smurf • Involves forged ICMP packets sent to a broadcast address • Symptoms: Everybody connected gets bogged down and kicked off, attack can last for hours or days. • Causes the Operating System to hang or crash • Affects most OS’ and Routers • Protection • No real protection

  14. Types of Denial of Service Attacks? • Land • Program that sends a TCP SYN packet where the target and source address are the same and the port numbers are the same • SYN packets are used to synchronize 2 machines • Attacking machines exploits the synchronization process by spoofing the destination pc. So when the destination pc tries to sync with an address the same as it’s own. It doesn’t know what to do. • Affects Most operating systems • Protection • Patches for affected Operating Systems • Updated version of the TCP/IP stack

  15. Types of Denial of Service Attacks? • SYN Flood • Attacker violates the 3-way handshake and opens a large number of half-open TCP/IP Connections. • Affects most OS • Causes the Operating System to hang or crash • Affects Windows 95, NT, and older versions of the Mac OS • Protection • Patches for affected Operating Systems • Updated version of the TCP/IP stack

  16. Tools for Running Denial Of Service Attacks? • Trinoo • Tribal Flood Network • Stacheldraht • Shaft • MStream • Tribal Flood Network 2000 • All the tools are similar in function • All the tools here are mainly used in Unix type machines

  17. Tools for Running Denial Of Service Attacks? • Tribal Flood Network 2000 • communicates via TCP (random ports), UDP (random ports), ICMP (Echo Replies), or all three at random. • communicates via TCP (random ports), UDP (random ports), ICMP (Echo Replies), or all three at random. The daemon never communicates with the master. The master sends all commands twenty times in order to make sure that they're received. TFN2k also will send out decoy packets -- messages to random machines so that it's not clear which machines are clients. Commands are encrypted using CAST-256 via a password specified at compile time. All packets are spoofed by default. • can attack using a SYN attack, UDP Flood, ICMP Flood, or Smurf attacks. The daemon can be set to randomly alternate between each attack type.

  18. Preventing Denial of Service Attacks? • Nothing can be done to entirely prevent DOS • Minimize the dangers • Effective and Robust Design • Bandwidth Limitations • Keep Systems Patched • Run the least amount of services • Allow only necessary traffic • Block IP addresses

  19. Preventing Denial of Service Attacks? • Nothing can be done to entirely prevent DOS • Minimize the dangers • Effective and Robust Design • Bandwidth Limitations • * implement egress and ingress filtering* implement rate limit on ICMP packets* implement rate limit on SYN packets • Keep Systems Patched • Run the least amount of services • Allow only necessary traffic • Block IP addresses

  20. Simple Demo of what a Filter \ Firewall Does • Typical Connection • Denial of Service Attack • Blocking a Denial of Service Attack

  21. Demonstration of Minimizing Your Computer’s Vulnerbility • Patch Management • Antivirus • Layered Security • Distributed Resources • Bandwidth Throttling • Physical Security

  22. Summary • What is a Denial of Service Attack? • What is a Distributed Denial of Service Attack? • Why Are They Difficult to Protect Against? • Types of Denial of Service Attacks • Tools for Running Denial of Service Attacks • Preventing Denial of Service Attacks

More Related