90 likes | 210 Views
DDOS AND THE SYSADMIN. GORAN OSIM AND TIM MYERS CPSC 424. WHAT IS DDOS?. DoS stands for Denial of Service It is an attempt to make a computer resource unavailable to its intended users
E N D
DDOS AND THE SYSADMIN GORAN OSIM AND TIM MYERS CPSC 424
WHAT IS DDOS? • DoS stands for Denial of Service • It is an attempt to make a computer resource unavailable to its intended users • The term is generally used with regards to computer networks, but is not limited to this field; for example, it is also used in reference to CPU resource management • DDoS is a Distributed Denial of Service • It generally consists of the concerted efforts of a person or groups of people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely
HISTORY OF DDOS • Distributed DoS attacks are much newer than simple DoS attacks. The first attack sighted was in late June and early July of 1999. • The first well-publicized DDoS attack in the public press was in February 2000. On February 7, Yahoo! was the victim of a DDoS during which its Internet portal was inaccessible for three hours. • In a DDoS attack, the attacking packets come from tens or hundreds of addresses rather than just one, as in a "standard" DoS attack.
EFFECT ON THE SYSADMIN • Lack of service on the network • Little can be done until the attack subsides • Checks can be done, such as a SYN flood check, but cannot remedy the problem • Anycast is a way to mitigate DDoS attacks • It is a network addressing and routing methodology in which datagrams from a single sender are routed to the topologically nearest node in a group of potential receivers all identified by the same destination address
ANYCAST AND SYSADMINS • As traffic is routed to the closest node, a process over which the attacker has no control, the DDoS traffic flow will be distributed amongst the closest nodes. Thus, not all nodes might be affected • The effectiveness of this technique to divert attacks is questionable, however, because unicast addresses (used for maintenance) can be easy to obtain
PROTECTION • A router and firewall is the SysAdmin’s first line of defense • An IDS (Intrusion Detection System) is a must, so they SysAdmin is aware of possible attacks • The SysAdmin should use an anycast type topology to route the attacks to various nodes • Unfortunately, if the attacker makes it past all these, the only thing to do is wait for the attack to end, as they rarely last a significant amount of time
CONCLUSION • DDoS attacks can be devastating to SysAdmin’s and the networks they administrate • Once an attack is happening, little can be done to stop it • The SysAdmin must put preliminary defense measures in place beforehand • A SysAdmin must always be monitoring for such attacks as they could come from anywhere at anytime.