1 / 12

By Cheow Lip Goh

Evaluate the Merits of Using Honeypots to Defend against Distributed Denial-of-Service Attacks on Web Servers. By Cheow Lip Goh. Content. Motivations DDoS attacks Honeypots & Honeynets Evaluation Conclusion. Motivations.

marlis
Download Presentation

By Cheow Lip Goh

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Evaluate the Merits of Using Honeypots toDefend against Distributed Denial-of-Service Attacks onWeb Servers By Cheow Lip Goh

  2. Content • Motivations • DDoS attacks • Honeypots & Honeynets • Evaluation • Conclusion

  3. Motivations • “Paying an extortionist a few thousand dollars to leave your network alone might make bottom-line business sense if the alternative is enduring a distributed denial-of-service attack that could cost your company millions in lost revenue and public relations damage.” 'Net Buzz  By Paul McNamara, Network World, 05/23/05

  4. DDoS Direct Attack

  5. DDoS Reflector Attack

  6. Successful Defense against DDoS? • Normal Packet Survival Rate (NPSR) - denotes the percentage of normal packets that could make their way to the victim in the midst of a DDoS attack • Unfortunately, all current proposed solution to defend against a fully distributed DDoS attacks does not solve the issue completely.

  7. Honeypots & Honeynets • “A honeypot is a resource whose value is being in attacked or compromised. This means, that a honeypot is expected to get probed, attacked and potentially exploited. Honeypots do not fix anything. They provide us with additional, valuable information.” Lance Spitzner • A honeynet is a group of honeypots configured to be exactly like the production servers in the organizations deploying them.

  8. Actual Deployment of the honeynet

  9. View of the Honeynet to the Attacker

  10. Purpose of the Honeynet in a DDoS Attack • Lure DDoS attackers to compromise the honeypots in the honeynet and learn of the tools, tactics and motives of the attacker. This knowledge will be used to strengthen the networks and servers running in the organization. • Serve as a decoy during a real DDoS attack to deceive that attacker that the DDoS attack is going on very well.

  11. Evaluation: Issues with using the Honeynet to Defend against DDoS • A Honeynet is very complicated and costly to setup. 24x7 monitoring required. • Compromised honeynet could lead to legal issues. • DDoS detection and filtering mechanism might not work properly. • Traffic forwarder is a big bottleneck.

  12. Conclusion • The cost of deploying and maintaining a honeynet to defend against a DDoS attack is very significant. Extra prudence should be exercised to evaluate the benefits of such a complex system as a mistake could lead to costly lawsuits or compromise of machines within the intranet.

More Related