290 likes | 518 Views
Chapter 5 DoS & DDoS. Hoon Ko hoon.ko@ujep.cz Office# 460, Department of Informatics, J. E. Purkinje University. Learning Objectives. Denial-Of-Service (DoS) attacks Distributed Denial-Of-Service (DDoS) attacks How to protect. DoS. Simple attack
E N D
Chapter 5DoS & DDoS Hoon Ko hoon.ko@ujep.cz Office# 460, Department of Informatics, J. E. Purkinje University
Learning Objectives • Denial-Of-Service (DoS) attacks • Distributed Denial-Of-Service (DDoS) attacks • How to protect
DoS • Simple attack • Classic way: visit the target web and press ‘F5 (refresh)’ continually. • an attempt to make a machine or network resource unavailable to its intended users. • Target resources: CPU, Memory, Network (ex. bomb mail etc.) • Those are illegality.
Any malicious act that causes a system to be unusable by its real user(s) • Take numerous forms • Are very common • Can be very costly • Major types • Ping of Death • SYN flooding • Boink, Bonk, Teardrop
Land • Smurf, Fraggle • System Resource Exhaustion Attack
New DoS in smart ages • In smart ages, there are many legal D(D)oS attacks around us. • Many emails from some where, ex., shopping center, shops,… • Many messages from some one, ex., friends, family, unknown persons,…. • Mom/Dad/Wife/son/daughter: they are always / sometimes asking / ordering some things to do by smart devices. • Next?
Ping of death attack • To make big size of ICMP packet • To route big ICMP, it has to do the fragment. It makes them to be delayed.
SYN Flooding attack • Exploits the TCP three-way handshake • Inhibits server’s ability to accept new TCP connections
gcc –o synk synk.c • ./synk 0 target_computer 80 80 • tcpdump eth0 • netstat -an
Boink, Bonk, Teardrop • Protocol reliablity: it depends on next; • packet ordering • packet lose • packet re-send request • BBT attacks three issues to decrease the protocol reliablity.
Teardrop attack • gcc –o newtear newtear.c • ./newtear 222.222.222.222 target_computter -t 80 –n 80
Land attack • When it sends the packets, it makes them to send with attacker’s IP address. • But, it define that the sender IP sets as the destination IP. • Result, the packets can’t forward outside.
Smurf, Fraggle • Non-OS specific attack that uses the network to amplify its effect on the victim • Floods a host with ICMP • Saturates Internet connection with bogus traffic and delays/prevents legitimate traffic from reaching its destination
System Resource Exhaustion Attacks • Available Disk Resource Exhaustion
Distributed Denial-of-Service Attacks • Use hundreds of hosts on the Internet to attack the victim by flooding its link to the Internet or depriving it of resources • Used by hackers to target government and business Internet sites • Automated tools; can be executed by script kiddies • Result in temporary loss of access to a given site and associated loss in revenue and prestige
How to protect • Firewall • IDS • Secure Network set • System patch • Scanning • Set bandwidth to each searvice