1 / 20

Ddos Attacks

Ddos Attacks. Ali Kapucu July 29 th 2013. Who is your Speaker?. Ali Kapucu Network Design Engineer at KSU Penetration Tester Information Security Consultant CS Master Student. Agenda. DDoS Definition DDoS Motivations DDoS Flavors Standard Attacks Botnets Sophisticated attacks

peta
Download Presentation

Ddos Attacks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Ddos Attacks Ali Kapucu July 29th 2013

  2. Who is your Speaker? • Ali Kapucu • Network Design Engineer at KSU • Penetration Tester • Information Security Consultant • CS Master Student

  3. Agenda • DDoS Definition • DDoS Motivations • DDoSFlavors • Standard Attacks • Botnets • Sophisticated attacks • DDoS Flavors- Future (now) • How to defend

  4. DDoS Definition?

  5. DoS - DDoS Definition??? • Denial of Service attacks attempt to negate service by • exhausting the resources at the victim side (such as network bandwidth, CPU, memory, etc.) , • forcing victim equipment into non operational state • hijacking victim equipment/resources for malicious goals. • Distributed Denial of Service (DDoS) attack is a special case of the DoS when multiple distributed network nodes (zombies) are used to multiply DoS effect.

  6. Basically DDoS Definition??? 15 fat men trying to get through a revolving door at the same time

  7. DDoS Motivations? • DDoS is act of taking down a service • Political • Groups like Lulzsec and Anonymous have repeatedly brought down popular websites of corporations and governments • Monetary – money talk • Telephony DDoS is used frequently to hold corporations to ransom • International “relations” • Iran has targeted US with DDOS attacks repeatedly • No longer a kids game

  8. DDoSFlavors • “Classic” DDoS, a.k.a Floods • SYN Flooding, UDP Bombs, Fragment Flood, direct/indirect ARP Floods • Still work great, however less savvy • Countermeasures include in network devices, rate limiting, proxy techniques (syn cookies) • Botnets • Slightly More advanced • Stateful TCP (three way handshake only) • DNS Request flooding • Fragments that add up almost full packets.

  9. A->B:SYN A->B:SYN B->A: SYN & ACK B->A: SYN & ACK Attacker Server B DDoS ExamplesSYN Flood Unused address A Creates a connection object Creates a connection object Send large number of SYN packets with a spoofed source address. Initiate creation of the large number connection objects.

  10. Botnets • The term bot is short for robot. Criminals distribute malicious software (also known as malware) that can turn your computer into a bot (also known as a zombie). When this occurs, your computer can perform automated tasks over the Internet, without you knowing it. • Criminals typically use bots to infect large numbers of computers. These computers form a network, or a botnet. • Criminals use botnets to send out spam email messages, spread viruses, attack computers and servers, and commit other kinds of crime and fraud. If your computer becomes part of a botnet, your computer might slow down and you might inadvertently be helping criminals.

  11. Botnets • They used to communicate with through IRC channels • Nowadays analyzing botnets very difficult because their communication went to http level. • The Dutch police found a 1.5 million node botnet • Telenor – Norwegian ISP – disbanded a 10.000 node botnet

  12. Botnets

  13. Volunteer soldiers

  14. DDoSFlavors • Application Level DDoS • Much more intelligent • Target flaws upper layer OSI Stack • Typically less bandwidth intensive • Slowloris • Focused on design flaws in HTTP spec. Hold connections open indefinitely • Selective URL attacks • Hit slowest responding URL/page on website. Vary the URL for each request so that there is no discernable pattern. • Reverse Proxies • Can be slowed down to 1/8th of their speed with repeated cache misses • Multi Layer attacks • Zero window + HTTP get get flooding in one session

  15. New Rock Star - DNS Amplifications

  16. During the DDoS

  17. DDoSFlavors • Telephony DDoS • Many different types • Used for extortion of call centers • SIP Flooding • Similar to DNS flooding • IVR walking • Call 800 number • Navigate the menu for days on end • Never talk to a person • Bounce Attacks • Use misconfigured SBC to send spoofed invites that cause RTP floods on target.

  18. How to Defend • Develop a checklist for standard operating procedures • Be friendly with your ISP • Identify and prioritize critical services • Make sure critical systems have sufficient capacity • You should/must/have to know Network map, diagrams, connection type, capacities. • Implement bogus ip addresses block list. • Service screening from firewall to edge router. • Separate your services. Do not keep all the services under the “server” • Be smart

  19. DDoSFlavors- Future • Smartphone revolution puts us at roughly 2001 security time frame • 1000`s of mobile malware apps available • Mobile botnets are a real thing today already • Carriers struggling with basic visibility into core 3G and LTE networks • Structure of 3G/LTE places trust in handset. Handset can dictate throughput, features, bearers etc • 3G/4G core is a ripe target for DDoS

  20. Questions??? Thanks

More Related