1 / 12

Week 8: Denial of Service (DoS)

Week 8: Denial of Service (DoS). What is Denial of Service Attack? Any attack that causes a system to be unavailability. This is a violation of security policy. A DoS attack can have an impact on commerce, industry, aviation, health care. Week 8: Denial of Service (DoS). Types of DoS Attacks

laddie
Download Presentation

Week 8: Denial of Service (DoS)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Week 8: Denial of Service (DoS) • What is Denial of Service Attack? • Any attack that causes a system to be unavailability. This is a violation of security policy. • A DoS attack can have an impact on commerce, industry, aviation, health care

  2. Week 8: Denial of Service (DoS) • Types of DoS Attacks • Stopping local services (process kill, process crash, sys reconfig) • Exhausting local resources (forking processes to fill process table, filling up file system) • Remotely stopping services (Malformed packet attack via Land, Ping of Death, Jolt2, Buffer Overflow ) • Remotely exhausting resources (SYN flood, Smurf, DDoS) • How DoS Works?

  3. Week 8: Denial of Service (DoS) • Hacking Tool: Ping of Death • Sending oversized ping pkt (> 64KB ). Some TCP/IP implementations crash • Hacking Tool: SSPing (Malformed ICMP pkt causes server to hang) • Hacking Tool: Land • Send spoofed pkt with IPsrc=IPdest, PortSrc= PortDest. Unexpected event Causes system crash • Hacking Tool: Smurf • Directed Broadcast attack via sending ping to a broadcast address but using a spoofed source address.

  4. Week 8: Denial of Service (DoS) • Hacking Tool: SYN Flood (send several SYN pkts using spoofed unknown source address. Fills up connection queue) • Hacking Tool: CPU Hog • Hacking Tool: Win Nuke (Send garbage to an open file sharing machine on TCP port 139. system crashes) • Hacking Tool: RPC Locator

  5. SYN Flood Countermeasure • Increase size of connection queue • Decrease connection establishment timeout period • Detect and employ SYNcookie to use cryptographic challenge for legitimate users. • Have connection queue at a threshhold. • Use NIDS

  6. Week 8: Denial of Service (DoS) • Hacking Tool: Jolt2 • Send a stream of pkt fragments none with fragment offset = 0. Affects Windows OS • Hacking Tool: Bubonic • Hacking Tool: Targa

  7. Distributed DoS • Attacker uses zombies to launch DoS attacks. • Most zombies are taken over using buffer overflow attacks or related exploits. • Zombies wait for command from attacker using a client tool to launch simultaneous attack.

  8. Week 8: Denial of Service (DoS) • Tools for Running DDoS Attacks • Hacking Tool: Trinoo • Hacking Tool: WinTrinoo • Hacking Tool: TFN (Tribe Flood Network) • Hacking Tool: TFN2K (DDo • Hacking Tool: Stacheldraht – combines features of TFN and Trin00

  9. Week 8: Denial of Service (DoS) • Hacking Tool: Shaft • Hacking Tool: mstream • DDoS Attack Sequence

  10. Week 8: Denial of Service (DoS) • Preventing DoS Attack • Use anti-spoof filters on routers • Disable directed-broadcast at border router. • Use find DDOS, a tool distributed by US Govt. • Get zombie zapper • DoS Scanning Tools eg. IDS like Snort to give early warning • Find_ddos

  11. Week 8: Denial of Service (DoS) • SARA • DDoSPing • RID • Zombie Zapper

  12. Week 8: Denial of Service (DoS) • Summary

More Related