1 / 14

Denial-of-Service [Gligor, 84]

Denial-of-Service [Gligor, 84]. ``A group of otherwise-authorized users of a specific service is said to deny service to another group of otherwise-authorized users if the former group makes the specified service unavailable to the latter group for

xiang
Download Presentation

Denial-of-Service [Gligor, 84]

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Denial-of-Service [Gligor, 84] ``A group of otherwise-authorized users of a specific service is said to deny service to another group of otherwise-authorized users if the former group makes the specified service unavailable to the latter group for a period of time which exceeds the intended (and advertised) waiting time” Slides mostly by SherifKhattab

  2. DoS Attacks • DoS attacks aim at reducing legitimate utilization of network and/or server resources through: • resource destruction (exploit bugs in the OS) • resource exhaustion • vulnerability exploitation (e.g., SYN attack) • brute-force flooding • Network-level (e.g., lots of packets as in UDP floods) • Service-level (e.g., flash crowds) Slides mostly by Sherif Khattab

  3. Service-level DoS • A large number of attack hosts request service from the victim server at a high rate. For instance, • download files from an FTP server, or • get web pages from an WWW server Slides mostly by Sherif Khattab

  4. Front-ends • Front-ends form a tree with the back-ends as its logical root. Slides mostly by Sherif Khattab

  5. Front-ends (contd.) • Tree level of each front-end depends on its attack tolerance • Front-ends can be the bottleneck that gets attacked. It usually can withstand a good amount of attack traffic. • To join the network (or reconfigure), a front-end performs: • Parent registration • Address registration Slides mostly by Sherif Khattab

  6. DoS Attacks (1/4) Legitimate packets consume network resources, such as router buffers and link capacity Router Server Legitimate Client They also consume server resources, such as interrupt processing capacity, operating system structures, processing time, etc. Slides mostly by Sherif Khattab

  7. DoS Attacks (2/4) • Network-level DoS attacks flood network resources • Service-level DoS attacks exploit vulnerabilities to crash servers • Service-level DoS attacks flood server resources, so that legitimate clients’ packets will be dropped… Slides mostly by Sherif Khattab

  8. Our Focus: Service-level Flooding DoS Slides mostly by Sherif Khattab

  9. The DoS Problem Distinguish attack packets/requests from legitimate packets/requests • quickly • accurately (low false positives and false negatives) and • efficiently (small overhead) Primary metrics • Legitimate Response Time • Legitimate Throughput Slides mostly by Sherif Khattab

  10. State-of-the-art Slides mostly by Sherif Khattab

  11. Honeypots [Spitzner][Provos] • Honeypots are: • decoy resources to trap attackers • useful in detecting worm-infected hosts • However, honeypots are • at fixed locations • separate from real servers DoS Attackers can evade honeypots Slides mostly by Sherif Khattab

  12. Roaming Honeypots [Khattab] In roaming honeypots, the locations of honeypots are: • continuously changing • unpredictable to non-compliant attackers • disguised within servers Slides mostly by Sherif Khattab

  13. Main Assumption Unique, un-spoofable user identifier (dealing with proxy servers is an open problem) Proxy Server Slides mostly by Sherif Khattab

  14. Firewall Packet Filtering in firewalls • White-list: • allow packets from certain users/Ips. • Not Scalable, because list grows with number of users • Black list: • do not allow certain IPs or users. • More Scalable: # attackers << # users ?? Slides mostly by Sherif Khattab

More Related