1 / 9

DDOS AND THE SYSADMIN

DDOS AND THE SYSADMIN. GORAN OSIM AND TIM MYERS CPSC 424. WHAT IS DDOS?. DoS stands for Denial of Service  It is an attempt to make a computer resource unavailable to its intended users

libby-perkins
Download Presentation

DDOS AND THE SYSADMIN

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DDOS AND THE SYSADMIN GORAN OSIM AND TIM MYERS CPSC 424

  2. WHAT IS DDOS? • DoS stands for Denial of Service  • It is an attempt to make a computer resource unavailable to its intended users • The term is generally used with regards to computer networks, but is not limited to this field; for example, it is also used in reference to CPU resource management • DDoS is a Distributed Denial of Service • It generally consists of the concerted efforts of a person or groups of people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely

  3. HISTORY OF DDOS •  Distributed DoS attacks are much newer than simple DoS attacks. The first attack sighted was in late June and early July of 1999. • The first well-publicized DDoS attack in the public press was in February 2000. On February 7, Yahoo! was the victim of a DDoS during which its Internet portal was inaccessible for three hours. • In a DDoS attack, the attacking packets come from tens or hundreds of addresses rather than just one, as in a "standard" DoS attack.

  4. STRUCTURE OF DDOS ATTACK

  5. EFFECT ON THE SYSADMIN • Lack of service on the network • Little can be done until the attack subsides • Checks can be done, such as a SYN flood check, but cannot remedy the problem • Anycast is a way to mitigate DDoS attacks • It is a network addressing and routing methodology in which datagrams from a single sender are routed to the topologically nearest node in a group of potential receivers all identified by the same destination address

  6. ANYCAST AND SYSADMINS • As traffic is routed to the closest node, a process over which the attacker has no control, the DDoS traffic flow will be distributed amongst the closest nodes. Thus, not all nodes might be affected • The effectiveness of this technique to divert attacks is questionable, however, because unicast addresses (used for maintenance) can be easy to obtain

  7. PROTECTION • A router and firewall is the SysAdmin’s first line of defense • An IDS (Intrusion Detection System) is a must, so they SysAdmin is aware of possible attacks • The SysAdmin should use an anycast type topology to route the attacks to various nodes • Unfortunately, if the attacker makes it past all these, the only thing to do is wait for the attack to end, as they rarely last a significant amount of time

  8. CONCLUSION • DDoS attacks can be devastating to SysAdmin’s and the networks they administrate • Once an attack is happening, little can be done to stop it • The SysAdmin must put preliminary defense measures in place beforehand • A SysAdmin must always be monitoring for such attacks as they could come from anywhere at anytime.

  9. QUESTIONS?

More Related