1 / 31

Defending Against Denial of Service Attacks

Defending Against Denial of Service Attacks. Presented By: Jordan Deveroux. Outline. What are Denial of Service Attacks and what makes the internet vulnerable to them? How do these attacks occur? How do we defend against such attacks?

greta
Download Presentation

Defending Against Denial of Service Attacks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Defending Against Denial of Service Attacks Presented By: Jordan Deveroux

  2. Outline What are Denial of Service Attacks and what makes the internet vulnerable to them? How do these attacks occur? How do we defend against such attacks? What are the ethical implications of Denial of Service Attacks and their effect on our society ?

  3. Denial of Service Attacks Denial of Service (Dos)- An attack that is trying to deny access by legitimate users to shared resources or services Distributed Denial of Service (DDoS)- A denial of service attack where the traffic comes from multiple sources

  4. Attacker Zombies Victim

  5. Zombies • Malicious Payload is Installed • Communication takes place on IRC channels • Software contains a flooding mechanism • Software can be updated by attacker

  6. Internet Vulnerabilities IP Spoofing- creating an IP packet with false information, often a false address. Multipath routing makes packet tracing difficult No centralized Internet authority

  7. Outline What are Denial of Service Attacks and what makes the internet vulnerable to them? How do these attacks occur? How do we defend against such attacks? What are the ethical implications of Denial of Service Attacks and their effect on our society ?

  8. What does DoS Attack? • Consumes a host’s resources • CPU • Memory • Consumes network bandwidth • Legitimate traffic is unable to go through Attack Power- level of resources consumed at the victim by the attack

  9. Categories of Bandwidth Attacks Protocol-Based Application-Based Distributed Reflector Infrastructure Attacks

  10. Protocol-Based: SYN Flood

  11. Protocol-Based: ICMP Flood

  12. Application-Based: HTTP Flood • Attacking web servers with many http requests • Used in DDoS because it requires a genuine IP • Multiple ways to flood using this method

  13. Application Based: SIP FLOOD • VOIP Attack • Flood proxy servers with many invite packets • Affects not only proxy servers but legitimate callers

  14. Distributed Reflector Attacks

  15. Infrastructure Attacks Disable Critical components of the Internet Significant Attack power is required to successfully execute an infrastructure attack These types of attacks are why we need a globally-cooperative defense effort

  16. Outline What are Denial of Service Attacks and what makes the internet vulnerable to them? How do these attacks occur? How do we defend against such attacks? What are the ethical implications of Denial of Service Attacks and their effect on our society ?

  17. Four Categories of Defense Attack Prevention Attack Detection Attack Source Identification Attack Reaction

  18. Attack Prevention: Ingress/Egress Filtering

  19. Other Attack Prevention Techniques • Router Based Packet Filtering • Possible if Tier 1 ISPs are involved • SAVE Protocol • Needs to be universally deployed These Techniques prevent IP spoofing and filter traffic before it reaches the target, but need wide adoption to be effective

  20. Attack Detection Techniques • Easy to detect • Differentiate between flash crowds and DoS attack • Rely on certain assumptions Attack Detection Techniques: • DoS-attack-specific • Anomaly-based

  21. Dos-Specific Anomaly-Based The only way to detect a DDoS effectively and early is to monitor features attackers can’t change or are really difficult to change, (e.g. : Percent of new IP’s) Need to build a normal profile Block irregular traffic Difficult to determine all normal traffic Lightweight Intrusion Detection System (LISYS) MULTOPS SYN Detection Kolmogorov Test Spectral Analysis Time Series Analysis

  22. Attack Source Identification Tracking IP traffic is difficult to do Active IP traceback technique Probabilistic traceback technique Hash-Based IP traceback

  23. Attack Reaction Techniques

  24. Attack Reaction Techniques • Bottleneck Resource Management • Fix Software-Based Vulnerabilities • History-Based IP Filtering • Intermediate Network Reaction • Harder to track the greater the distance • Controller-Agent Scheme • Source End Reaction • D-WARD

  25. Conclusion on Defense Techniques Most of these are DoS defense Limited progress made on DDoS Attacker resources often surpass victim’s resources Defenses are limited due to lack of central control of the internet We need to increase the reliability of global network infrastructure Most effective is to block attack close to source

  26. Outline What are Denial of Service Attacks and what makes the internet vulnerable to them? How do these attacks occur? How do we defend against such attacks? What are the ethical implications of Denial of Service Attacks and their effect on our society ?

  27. Growth of DoS and DDoS attacks Security knowledge of users is decreasing while attacks are becoming more and more sophisticated In 1988, 6 attacks were reported In 2003, 137, 529 attacks were reported CSI/FBI survey shows on average 35% percent who participate suffered DoS attacks Vulnerabilities have increased to 35x the number reported in 1995 Only 4 out of 1127 customer-based system attacks used spoofed addresses in 2004

  28. What’s taking so long? • Implementing defense schemes are expensive • Lack of economic incentive • Personal users • Internet Service Providers • Don’t want to spend money to protect someone else’s network

  29. “Code Red” Worm (2001) • 300,000 zombie army to launch DoS against White House website • Distributed Reflector Attack (2002) • Brought down www.grc.com • Internet DNS Root Servers (2002) • SYN Flood and ICMP Flood • All 13 DNS root servers were attacked at the same time • Total Attack Volume: 900 Mb/s • Most queries answered but some parts of internet experienced congestion or were unreachable • Blaster Worm (2003) • Exploited vulnerability in RPC • SYN Flood against windowsupdate.com

  30. Ethics • These attacks can have lasting effects, including monetary damages • Used as a political statement • Wikileaks fiasco (2010) • Operation : Payback • Mastercard, PostFinance, Paypal

  31. References Survery of Network Based Defense Mechanisms Countering the DoS and DDoS Problems(Peng, Leckie, Ramamohanarao) www.cert.org http://www.pcmag.com/article2/0,2817,2374023,00.asp

More Related