1 / 13

Advanced Higher Computing Computer Networking Topic 6: DoS Attacks

Advanced Higher Computing Computer Networking Topic 6: DoS Attacks. Effects of a DoS attack. Exploitation of programming flaws Bandwidth consumption Resource starvation (CPU resources, memory or hard disk space - often the result of 1 or 2) DNS attacks A combination of several of the above.

torsten-markku
Download Presentation

Advanced Higher Computing Computer Networking Topic 6: DoS Attacks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Advanced Higher ComputingComputer Networking Topic 6: DoS Attacks

  2. Effects of a DoS attack • Exploitation of programming flaws • Bandwidth consumption • Resource starvation (CPU resources, memory or hard disk space - often the result of 1 or 2) • DNS attacks • A combination of several of the above

  3. How Dos Attacks work • Causing the machine to crash through a buffer overflow or other vulnerability • Flooding the target with network traffic • Monopolising the storage space or memory of the target by forcing it to log errors or by filling up message queues • Attacking the target from a number of locations simultaneously (Distributed DoS attack) Distributed attacks typically use remote machines compromised by viruses or trojans to launch the attack.

  4. Buffer Overflow • Keep up to date with security developments • Patch servers as soon as a vulnerability is discovered • If possible allocate more memory to buffer

  5. ICMP and UDP • Internet Control Messaging Protocol – used for diagnostic messaging like Ping, Traceroute etc • User Datagram Protocol – does not have error correction or acknowledgement, used for VOIP, streaming media etc.

  6. Smurf Attack • Send a ping (ICMP) request to the broadcast address on a network • The ping request has a spoofed source IP address which becomes the victim of the flood of replies • A Fraggle attack uses the same system using UDP packets

  7. Counteracting Smurf attacks • Configure network not to respond to a broadcast ICMP ECHO_REQUEST. • block spoofed outgoing packets • Lower the abort timeout for ECHO_REQUEST

  8. SYN and ACK • SYN and ACK packets are part of the Transmission Control Protocol (TCP) and are used to set up a connection and acknowledge receipt of a message. TCP uses a three-way handshake: • The client sends a SYN to the server. • response, the server replies with a SYN-ACK. • Finally, the client sends an ACK back to the server.

  9. SYN Flood • Send a large number of SYN packets with a spoof return address • The SYN/ACK packet is never acknowledged and so buffer is filled Counter-measure: • Increase buffer size, shorten time before unacknowledged packets are dropped or use a firewall to respond instead

  10. Distributed DoS attack • Infect a large number of machines with a trojan program • Use a port scanner to detect the IP address of infected machines • Instruct infected machines to initiate DoS attack • Take machine which issued instruction off line to avoid detection

  11. Countermeasures to Distributed DoS attack • Buy additional bandwidth • Block IP range of infected machines • Create and distribute “anti-virus virus”

  12. DNS attacks • Bombard DNS servers with query from spoofed IP address which requires a verbose response • Poison the cache of the DNS server with false DNS information to redirect traffic from target machine to non-existent or alternative IP

  13. Countermeasures to DNS attacks • Configure DNS servers not to respond to unexpected queries verbosely • Use a variety of platforms to run DNS servers • Keep DNS software (BIND) patched

More Related