Ddos attack and its defense
This presentation is the property of its rightful owner.
Sponsored Links
1 / 33

DDoS Attack and Its Defense PowerPoint PPT Presentation


  • 70 Views
  • Uploaded on
  • Presentation posted in: General

DDoS Attack and Its Defense. CSE 5473: Network Security Prof. Dong Xuan. Why DoS?. Sub-cultural status To gain access Revenge Political reasons Economic reasons Nastiness. How DoS (remotely)?. Consume host resources Memory Processor cycles Network state Consume network resources

Download Presentation

DDoS Attack and Its Defense

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Ddos attack and its defense

DDoS Attack and Its Defense

CSE 5473: Network Security

Prof. Dong Xuan

DDoS Attack and Its Defense


Why dos

Why DoS?

  • Sub-cultural status

  • To gain access

  • Revenge

  • Political reasons

  • Economic reasons

  • Nastiness

DDoS Attack and Its Defense


How dos remotely

How DoS (remotely)?

  • Consume host resources

    • Memory

    • Processor cycles

    • Network state

  • Consume network resources

    • Bandwidth

    • Router resources (it’s a host too!)

  • Exploit protocol vulnerabilities

    • Poison ARP cache

    • Poison DNS cache

  • Etc…

DDoS Attack and Its Defense


Where dos

Where DoS

  • End hosts

  • Critical servers (disrupt C/S network)

    • Web, File, Authentication, Update

    • DNS

  • Infrastructure

    • Routers within org

    • All routers in upstream path

DDoS Attack and Its Defense


Outline

Outline

  • What is a DDOS attack?

  • How to defend a DDoS attack?

DDoS Attack and Its Defense


What is ddos attack

What is DDoS attack?

  • Internet DDoS attack is real threat

  • - on websites

  • · Yahoo, CNN, Amazon, eBay, etc (Feb. 2000)

  •  services were unavailable for several hours

  • - on Internet infrastructure

  • · 13 root DNS servers (Oct, 2002)

  •  7 of them were shut down, 2 others partially unavailable

  • Lack of defense mechanism on current Internet

DDoS Attack and Its Defense


What is a ddos attack

What is a DDos Attack?

  • Examples of DoS include:

    • Flooding a network

    • Disrupting connections between machines

    • Disrupting a service

  • Distributed Denial-of-Service Attacks

    • Many machines are involved in the attack against one or more victim(s)

DDoS Attack and Its Defense


Attack size in gbps

attack Size in Gbps


Attack size in gbps1

Attack Size in GBPS


Main targets

Main Targets


Estonian cyberwar april 27 2007

Estonian Cyberwar April 27, 2007

  • Inoperability of the following state and commercial sites:

    • The Estonian presidency and its parliament.

    • Almost all of the country’s government ministries.

    • Political parties.

    • Three news organizations.

    • Two biggest banks and communication’s firms.

    • Governmental ISP.

    • Telecom companies.

      • Source: Alexei Zhatechenko


Distributed denial of service ddos networks

Distributed Denial of Service (DDoS) Networks

DDoS Attack and Its Defense


Ddos network

DDoS Network

http://www.adelphi.edu/~spock/lisa2000-shaft.pdf

DDoS Attack and Its Defense


You are here

You are here…

DDoS Attack and Its Defense


Typical ddos attack

Typical DDoS attack

DDoS Attack and Its Defense


Ddos attack and its defense

DDoS Attack and Its Defense


Ddos attack and its defense

DDoS Attack and Its Defense


Ddos attack and its defense

DDoS Attack and Its Defense


What makes ddos attacks possible

What Makes DDoS Attacks Possible?

  • Internet was designed with functionality & not security in mind

  • Internet security is highly interdependent

  • Internet resources are limited

  • Power of many is greater than power of a few

DDoS Attack and Its Defense


To address ddos attack

To Address DDoS attack

  • Ingress Filtering

    - P. Ferguson and D. Senie, RFC 2267, Jan 1998

    - Block packets that has illegitimate source addresses

    - Disadvantage : Overhead makes routing slow

  • Identification of the origins (Traceback problem)

    - IP spoofing enables attackers to hide their identity

    - Many IP traceback techniques are suggested

  • Mitigating the effect during the attack

    - Pushback

DDoS Attack and Its Defense


Ip traceback

IP Traceback

- Allows victim to identify the origin of attackers

- Several approaches

ICMP trace messages, Probabilistic Packet Marking,

Hash-based IP Traceback, etc.

DDoS Attack and Its Defense


Ddos attack and its defense

PPM

  • Probabilistic Packet Marking scheme

    - Probabilistically inscribe local path info

    - Use constant space in the packet header

    - Reconstruct the attack path with high probability

Marking at router R

For each packet w

Generate a random number x from [0,1)

If x < p then

Write IP address of R into w.head

Write 0 into w.distance

else

if w.distance == 0 then

write IP address of R into w.tail

Increase w.distance

endif

DDoS Attack and Its Defense


Ppm cont

PPM (Cont.)

legitimate user

attacker

Victim

DDoS Attack and Its Defense


Ppm cont1

PPM (Cont.)

legitimate user

attacker

Victim

DDoS Attack and Its Defense


Ppm cont2

R

R

R

R

R

V

PPM (Cont.)

legitimate user

attacker

Victim

DDoS Attack and Its Defense


What is pushback

What is Pushback?

  • A mechanism that allows a router to request adjacent upstream routers to limit the rate of traffic

  • Reference

DDoS Attack and Its Defense


How does it work

How Does it Work?

  • A congested router requests adjacent routers to limit the rate of traffic for that particular aggregate

  • Router sends pushback message

  • Received routers propagate pushback

DDoS Attack and Its Defense


How does it work1

How Does it Work?

DDoS Attack and Its Defense


When is it invoked

When is it invoked?

  • Drop rate for an aggregate exceeds the limit imposed on it (monitoring the queue)

  • Pushback agent receives information that a DoS attack is underway (packet drop history)

DDoS Attack and Its Defense


When does it stop

When does it stop?

  • Feedback messages are sent to upstream routers that report on how much traffic from the aggregates is still present

DDoS Attack and Its Defense


What are some advantages

What are some advantages?

  • Pushback prevents bandwidth from being wasted on packets that will later be dropped (better when closer to the source)

  • Protects other traffic from the attack traffic

  • When network is under attack it can rate limit the malicious traffic

DDoS Attack and Its Defense


Any disadvantages

Any disadvantages?

  • Pushback will be ineffective against certain DoS attacks (reflector attack)

  • Can make matters worse (against flooding attacks)

  • Not the only solution

DDoS Attack and Its Defense


Conclusion

Conclusion

  • What is a DDoS attack?

  • Defending a DDoS attack

    • Ingress filtering

    • Traceback

    • Pushback

DDoS Attack and Its Defense


  • Login