1 / 33

DDoS Attack and Its Defense

DDoS Attack and Its Defense. CSE 5473: Network Security Prof. Dong Xuan. Why DoS?. Sub-cultural status To gain access Revenge Political reasons Economic reasons Nastiness. How DoS (remotely)?. Consume host resources Memory Processor cycles Network state Consume network resources

keziah
Download Presentation

DDoS Attack and Its Defense

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. DDoS Attack and Its Defense CSE 5473: Network Security Prof. Dong Xuan DDoS Attack and Its Defense

  2. Why DoS? • Sub-cultural status • To gain access • Revenge • Political reasons • Economic reasons • Nastiness DDoS Attack and Its Defense

  3. How DoS (remotely)? • Consume host resources • Memory • Processor cycles • Network state • Consume network resources • Bandwidth • Router resources (it’s a host too!) • Exploit protocol vulnerabilities • Poison ARP cache • Poison DNS cache • Etc… DDoS Attack and Its Defense

  4. Where DoS • End hosts • Critical servers (disrupt C/S network) • Web, File, Authentication, Update • DNS • Infrastructure • Routers within org • All routers in upstream path DDoS Attack and Its Defense

  5. Outline • What is a DDOS attack? • How to defend a DDoS attack? DDoS Attack and Its Defense

  6. What is DDoS attack? • Internet DDoS attack is real threat • - on websites • · Yahoo, CNN, Amazon, eBay, etc (Feb. 2000) •  services were unavailable for several hours • - on Internet infrastructure • · 13 root DNS servers (Oct, 2002) •  7 of them were shut down, 2 others partially unavailable • Lack of defense mechanism on current Internet DDoS Attack and Its Defense

  7. What is a DDos Attack? • Examples of DoS include: • Flooding a network • Disrupting connections between machines • Disrupting a service • Distributed Denial-of-Service Attacks • Many machines are involved in the attack against one or more victim(s) DDoS Attack and Its Defense

  8. attack Size in Gbps

  9. Attack Size in GBPS

  10. Main Targets

  11. Estonian Cyberwar April 27, 2007 • Inoperability of the following state and commercial sites: • The Estonian presidency and its parliament. • Almost all of the country’s government ministries. • Political parties. • Three news organizations. • Two biggest banks and communication’s firms. • Governmental ISP. • Telecom companies. • Source: Alexei Zhatechenko

  12. Distributed Denial of Service (DDoS) Networks DDoS Attack and Its Defense

  13. DDoS Network http://www.adelphi.edu/~spock/lisa2000-shaft.pdf DDoS Attack and Its Defense

  14. You are here… DDoS Attack and Its Defense

  15. Typical DDoS attack DDoS Attack and Its Defense

  16. DDoS Attack and Its Defense

  17. DDoS Attack and Its Defense

  18. DDoS Attack and Its Defense

  19. What Makes DDoS Attacks Possible? • Internet was designed with functionality & not security in mind • Internet security is highly interdependent • Internet resources are limited • Power of many is greater than power of a few DDoS Attack and Its Defense

  20. To Address DDoS attack • Ingress Filtering - P. Ferguson and D. Senie, RFC 2267, Jan 1998 - Block packets that has illegitimate source addresses - Disadvantage : Overhead makes routing slow • Identification of the origins (Traceback problem) - IP spoofing enables attackers to hide their identity - Many IP traceback techniques are suggested • Mitigating the effect during the attack - Pushback DDoS Attack and Its Defense

  21. IP Traceback - Allows victim to identify the origin of attackers - Several approaches ICMP trace messages, Probabilistic Packet Marking, Hash-based IP Traceback, etc. DDoS Attack and Its Defense

  22. PPM • Probabilistic Packet Marking scheme - Probabilistically inscribe local path info - Use constant space in the packet header - Reconstruct the attack path with high probability Marking at router R For each packet w Generate a random number x from [0,1) If x < p then Write IP address of R into w.head Write 0 into w.distance else if w.distance == 0 then write IP address of R into w.tail Increase w.distance endif DDoS Attack and Its Defense

  23. PPM (Cont.) legitimate user attacker Victim DDoS Attack and Its Defense

  24. PPM (Cont.) legitimate user attacker Victim DDoS Attack and Its Defense

  25. R R R R R V PPM (Cont.) legitimate user attacker Victim DDoS Attack and Its Defense

  26. What is Pushback? • A mechanism that allows a router to request adjacent upstream routers to limit the rate of traffic • Reference DDoS Attack and Its Defense

  27. How Does it Work? • A congested router requests adjacent routers to limit the rate of traffic for that particular aggregate • Router sends pushback message • Received routers propagate pushback DDoS Attack and Its Defense

  28. How Does it Work? DDoS Attack and Its Defense

  29. When is it invoked? • Drop rate for an aggregate exceeds the limit imposed on it (monitoring the queue) • Pushback agent receives information that a DoS attack is underway (packet drop history) DDoS Attack and Its Defense

  30. When does it stop? • Feedback messages are sent to upstream routers that report on how much traffic from the aggregates is still present DDoS Attack and Its Defense

  31. What are some advantages? • Pushback prevents bandwidth from being wasted on packets that will later be dropped (better when closer to the source) • Protects other traffic from the attack traffic • When network is under attack it can rate limit the malicious traffic DDoS Attack and Its Defense

  32. Any disadvantages? • Pushback will be ineffective against certain DoS attacks (reflector attack) • Can make matters worse (against flooding attacks) • Not the only solution DDoS Attack and Its Defense

  33. Conclusion • What is a DDoS attack? • Defending a DDoS attack • Ingress filtering • Traceback • Pushback DDoS Attack and Its Defense

More Related