1 / 15

Security (Continued)

Security (Continued). V.T. Raja, Ph.D., Oregon State University. Outline. Denial of Service (DoS) Attack Smurf Attack Half-open telnet sessions SYN Flood Attack Distributed DoS Attack Network Address Translation NAT Proxy Server Demilitarized Zone (DMZ).

ray-dorsey
Download Presentation

Security (Continued)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security (Continued) V.T. Raja, Ph.D., Oregon State University

  2. Outline • Denial of Service (DoS) Attack • Smurf Attack • Half-open telnet sessions • SYN Flood Attack • Distributed DoS Attack • Network Address Translation • NAT Proxy Server • Demilitarized Zone (DMZ)

  3. Denial of Service (DoS) Attacks • Denial of Service attacks • “Ping” attacks • Smurf attack • SYN flood attack • Half-open telnet sessions • Distributed Denial of Service attacks

  4. Denial of Service (DoS) Attack • Hacker attempts to disrupt the network by flooding the network with messages so that the network cannot process messages from legitimate users • Examples: 1. Hacker’s program continuously pings target computer. • Consequence: • Solution: 2. Hacker’s program continuously send “ping” requests to the target that list the target as the sender • Consequence: • Solution: 3. Smurf attack: What is a smurf attack? What is the consequence of a smurf attack? 4. SYN Flood attack: What is a SYN flood attack? What is the consequence of such an attack?

  5. Telnet • A protocol used for remote login • Does not transfer data in bulk • Interactive • Each character typed by Telnet user is sent to remote host • Remote host sends back a copy of each character to Telnet user, which will be displayed on the Telnet user’s screen (echo back) • Echo back is used to ensure that characters seen by Telnet user have already been received and processed at remote site . • Each character thus traverses the network twice between the time the user hits the key and the time the character is displayed on the user’s monitor

  6. Half-open Telnet sessions Client Server

  7. TCP header: Packet #s (Sequence #s) • Assume a file has 500,000 bytes • Assume TCP breaks this file into packets, where each packet size is 1000 bytes • Each packet is given a packet # • The packet # for a packet is the number of the first byte in that packet. • The packet # of first packet would be 1 • The packet # of next packet would be 1001 • The packet # of third packet would be 2001 and so on

  8. TCP: Acknowledgement # • Assume A transmits to B • B acknowledges receipt of A’s message, by specifying an acknowledgment #. • The ACK # sent by B is the packet # of the next packet that B is expecting from A. • Example: • After A sends first packet, B sends an acknowledgment to A by specifying ACK# 1001. • After A sends second packet, B acknowledges by specifying ACK# 2001.

  9. TCP SYN for a simple Telnet application • TCP stands for: Transmission Control Protocol • SYN stands for: Synchronize Sequence Numbers • Assume Client A initiates a Telnet session with Server B. Assume client A has typed the letter “C.”

  10. Half-open TCP SYN Client Server

  11. SYN Flood Attack • Attacker (client) sends a TCP SYN (Synchronize Sequence/Packet Number) request to server. • The server responds by sending a TCP SYN/ACK packet. • The attacker does not respond – resulting in half-open session using up server resources. • The attacker sends a flood of such TCP SYN requests without responding. • Requests from other legitimate clients are unable to reach the server due to multiple half-open sessions

  12. Distributed DoS (DDos) attack • In A DDoS attack, a hacker first gains control of hundreds/thousands of computers. • Plants software referred to as DDoS agent on each of the slaves (Zombies) • Hacker then uses software referred to as DDoS handler (master zombie) to control the agents (slave zombies) • Attacker launches attacks from all the slaves so that it is difficult to trace hacker

  13. High Profile Victims of DDoS • Yahoo, eBay, Amazon and eTrade websites were rendered inaccessible to legitimate visitors after being flooded with traffic from hundreds of hijacked system • www.msn.com; www.expedia.com; www.carpoint.com sites were flooded with DDoS attack for almost one day • DDoS attack high-level DNS servers on the Internet

  14. Network Address Translation • Network address translation (NAT) is used to shield a private network from outside interference. • An NAT proxy server uses an address table, translating network addresses inside the organization into aliases for use on the Internet. So, internal IP addresses remain hidden. • It is common to combine DMZ, firewalls and proxy servers. (See Figure).

  15. Figure: Network design using firewalls, DMZ and NAT Proxy Servers

More Related