110 likes | 323 Views
DOS attacks under IP Traceback. by Guntaka Fall 2013 CS-555. Outline. Introduction to DOS Attack How does DOS Attack Need for IP Trace back: Evaluation Metrics for IP Trace back Techniques Trace back using ICMP Trace back IP Trace back Limitations Summary . Introduction TO DOS.
E N D
DOS attacks under IP Traceback by Guntaka Fall 2013 CS-555
Outline • Introduction to DOS Attack • How does DOS Attack • Need for IP Trace back: Evaluation Metrics for IP Trace back Techniques • Trace back using ICMP Trace back • IP Trace back Limitations • Summary
Introduction TO DOS • DOS : Denial of Service Attack Denial of Service Availability Some security threats affect Confidentiality... Others impact the Integrity of Information... • Security attack on the networks, applications makes them unavailable for legitimate users. ! ? • What the DoS is all about? • It is not about to gain unauthorized access to a system • It is not about to corrupt data • It is not about to crack any password. • Consequences • Unavailability of websites • Degraded network performance • Disconnection from network It is not about Confidentiality or Integrity. It is about: Availability
How does DOS attack work ? • The resources are not available to the legitimate users, as the attacker floods the network with packets in the network.
DOS : What happens when a DOS attack is going on? Networks Computers Applications • Performance is compromised. • Broadcasts are sent on the same frequencies than wireless devices. • Components are modified or destructed. • OSs are crashed by malformed IP packets. • Servers establish many simultaneous login sessions. • Too many intensive-processor requests are made. • Application crash by receiving illegal requests • Applications on Web tier, Application tier and data tier can be affected.
DOS Distributed denial of service 1 • Agents are installed on compromised set of hosts, are also called “bots” or “botnets”. • This program that controls the agents • The handler says: • When to attack • What to attack • How to attack • Bots follow the instructions and attack the targeted victims. • Attacker can also communicate with the bots via IRC. DoS Agents are installed on the hosts Handler instructs the DoS Agents DoS Agents attack the victim networks and hosts
IP Trace back • To identify the address of the true source of the packets causing DOS attacks( by spoofed address). • Evaluation Metrics for IP Trace back Techniques: • ISP involvement. • Number of Packets needed for Trace back. • Effect of Partial Deployment. • Processing Overhead. • Bandwidth Overhead. • Memory Requirements. • Number of Functions needed to implement.
ICMP Traceback • It traces the full path of the attack, generates an iTrace at every router directed to the same destination as selected packet. • IP trace back message has part of traversing packet, sends packet to destination. • Next hop, Previous hop • Timestamp • TTL=255’ • Bytes of the traced packet.
Itrace generation • Introduces a new bit – intension bit in routing table will set to 1 if it receives an ICMP packet • Decision Module • “Choose” one from routing table • prefer the one with the highest value
Technogies to prevent the network from attacks, Limitations and open issues: • Firewalls , Intrusion Detection System/IPS. • Intrusion Source Identification. • LIMITATIONS: • Tracing beyond IP trace back, accomplishing trace back. • Tracing packets through firewalls.
SUMMARY: • The IP Trace back measures are deployed all over internet, are only effective for controlled networks. • Today the internet security is been a major concern as it is prone to many attacks, proper mechanisms should be designed to protect systems from such attacks. • REFERENCES: • http://www.slideshare.net/bnoox/overview-of-ip-traceback-mechanism • http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=5195740&url=http%3A%2F%2Fieeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D5195740