1 / 17

Distributed Denial of Service Attacks

Distributed Denial of Service Attacks. Shankar Saxena Veer Vivek Kaushik. Agenda . Introduction and Famous Attacks How Attack Takes Place Types of DDOS Attacks Smurfing UDP Flooding TCP SYN Flooding. Introduction.

virote
Download Presentation

Distributed Denial of Service Attacks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik

  2. Agenda • Introduction and Famous Attacks • How Attack Takes Place • Types of DDOS Attacks • Smurfing • UDP Flooding • TCP SYN Flooding

  3. Introduction • Causes service to be unusable or unavailable • Coordinated mass scale attack from compromised computers • Exhaust bandwidth, router processing, network stack resource • Hard to detect at firewall level

  4. Famous Attacks • February 2000 • Yahoo, Ebay, Amazon websites attacked • Yahoo received packet traffic which some websites receive in 1 year • 1 billion dollars • October 2002 • 7 of 13 DNS root servers attacked • Attack on internet itself

  5. Scanning (Step 1) • Port Scanning • Search for open ports • NMap • Send packets to target to interact • TCP Connect, TCP SYN, UDP, • Software Vulnerabilities • Common & Default Configuration Weaknesses • Nessus • Plugin • Windows, Backdoor, File Sharing, Firewalls, Mail Servers

  6. Stack based Buffer overflow (Step 2) • Attacker chooses most vulnerable machines. • Buffer overflow occurs when attacker store too much data in undersize buffer. • Attacker precisely tune the amount and content of data. • Attacker overwrites the return pointer with his own , which points to his code.

  7. Normal Stack Bottom of memory Fill Direction Buffer(Local variable) Return pointer Function arguments

  8. Smashed Stack Bottom of memory Fill direction Buffer(Local variable) Attacker machine code New pointer Top of memory Function arg

  9. Rootkit & Attack (Step 3) • Rootkit • To get back into compromised system • Replace system file with there Trojan version • Attack • Instruct compromised systems to attack • Various flooding methods

  10. DDoS attack

  11. Kinds of Attacks Smurfing UDP Flooding TCP Syn Flooding

  12. Smurfing • Attacker sends packet to Network amplifier with return address spoofed to victim IP address • Attacking packets are typically ICMP echo request • This request generate ICMP echo reply which will flood the victim

  13. TCP SYN Attack • Exploits Three way handshaking protocol. • Large number of bogus TCP Sync request are sent to victim in order to tie up its resources. • No Ack+Syn responses are returned, Server run out of memory resources

  14. TCP SYN Attack

  15. UDP Flooding • Connectionless protocol • No 3 way handshaking is required • Large number of UDP packets saturate the Network and deplete the bandwidth.

  16. DDoS Counter Measures • Egress filtering • Scanning packets for certain criteria • Spoofed address • Close all unneeded ports • Be More aware • Install new patches • Check server logs • Test scanning tools on your system

  17. Thanks Queries?

More Related