Denial Of Service Attacks

Similar documents
Denial of Service and Distributed Denial of Service Attacks

Denial of Service. Serguei A. Mokhov SOEN321 - Fall 2004

NETWORK SECURITY. Ch. 3: Network Attacks

THE "TRIBE FLOOD NETWORK 2000" DISTRIBUTED DENIAL OF SERVICE ATTACK TOOL

Computer Security: Principles and Practice

Anatomy and Mechanism of DOS attack

Routing Security DDoS and Route Hijacks. Merike Kaeo CEO, Double Shot Security

A Study on Intrusion Detection Techniques in a TCP/IP Environment

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8

- כ (Overview of Internet Security Technology - DDoS Attacks) ( ) Abstract( ) OS, DoS (Distributed DoS: DDoS).

Network Security. Chapter 0. Attacks and Attack Detection

Security+ Guide to Network Security Fundamentals, Fourth Edition. Network Attacks Denial of service Attacks

Denial of Service. EJ Jung 11/08/10

Intrusion Detection System Policy Manager

Contents. Denial-of-Service Attacks. Flooding Attacks. Distributed Denial-of Service Attacks. Reflector Against Denial-of-Service Attacks

Configuring IP Services

Single Network: applications, client and server hosts, switches, access links, trunk links, frames, path. Review of TCP/IP Internetworking

DDoS and Traceback 1

Configuring attack detection and prevention 1

What are attackers after? Distributed Denial of Service and information flow, if time. How disaster strikes. Steal money. Use computer resources

Denial of Service (DoS) attacks and countermeasures

Foundations of Network and Computer Security

Distributed Denial of Service (DDoS)

CE Advanced Network Security Botnets

Network Security Protocols NET 412D

Configuring attack detection and prevention 1

Table of Contents. 1 Intrusion Detection Statistics 1-1 Overview 1-1 Displaying Intrusion Detection Statistics 1-1

Chapter 7. Denial of Service Attacks

CSE 565 Computer Security Fall 2018

NISCC Technical Note 06/02: Response to Distributed Denial of Service (DDoS) Attacks

Ping of death Land attack Teardrop Syn flood Smurf attack. DOS Attack Methods

ch02 True/False Indicate whether the statement is true or false.

TCP/IP Filtering. Main TCP/IP Filtering Dialog Box. Route Filters Button. Packet Filters Button CHAPTER

ELEC5616 COMPUTER & NETWORK SECURITY

IPv6 Firewall Support for Prevention of Distributed Denial of Service Attacks and Resource Management

Queuing Algorithms Performance against Buffer Size and Attack Intensities

INTRODUCTION ON D-DOS. Presentation by RAJKUMAR PATOLIYA

Distributed Systems. 29. Firewalls. Paul Krzyzanowski. Rutgers University. Fall 2015

Chapter 8 roadmap. Network Security

CIS 551 / TCOM 401 Computer and Network Security

Computer Science 3CN3 and Software Engineering 4C03 Final Exam Answer Key

Analysis. Group 5 Mohammad Ahmad Ryadh Almuaili

Three interface Router without NAT Cisco IOS Firewall Configuration

Defending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial

DDoS PREVENTION TECHNIQUE

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013

Honeypots for Distributed Denial of Service Attacks

Chapter 10: Denial-of-Services

Configuring IP Services

Attack Prevention Technology White Paper

Our Narrow Focus Computer Networking Security Vulnerabilities. Outline Part II

Network and Internet Vulnerabilities

A Software Tool for Network Intrusion Detection

SE 4C03 Winter 2005 Network Firewalls

HP High-End Firewalls

International Journal of Scientific & Engineering Research, Volume 7, Issue 12, December ISSN

SecBlade Firewall Cards Attack Protection Configuration Example

Why to talk about Botnets

Denial of Service, Traceback and Anonymity

Global Information Assurance Certification Paper

Denial of Service. Denial of Service. A metaphor: Denial-of-Dinner Attack. DDoS over the years. Ozalp Babaoglu

Unit 4: Firewalls (I)

Scanning. Course Learning Outcomes for Unit III. Reading Assignment. Unit Lesson UNIT III STUDY GUIDE

Dan Lo Department of Computer Science and Software Engineering Southern Polytechnic State University

Amaranth Networks Inc. Category: Best Current Practice May 2000

UDP-based Amplification Attacks and its Mitigations

A Survey on DDoS Attack and Defense Strategies: From Traditional Schemes to Current Techniques

Denial of Service. Denial of Service. A metaphor: Denial-of-Dinner Attack. DDoS over the years. Ozalp Babaoglu

CSE 565 Computer Security Fall 2018

Computer and Network Security

DENIAL OF SERVICE ATTACKS

An active intrusion-confronting system using fake session and honeypot

COMPUTER NETWORK SECURITY

DDoS Testing with XM-2G. Step by Step Guide

CTS2134 Introduction to Networking. Module 08: Network Security

HP Load Balancing Module

Protection Against Distributed Denial of Service Attacks

Access Control Lists and IP Fragments

CCNA Course Access Control Lists

Overview of the Cisco Service Control Value Added Services Feature

IPv6 Commands: ipv6 h to ipv6 mi

Hands-On Ethical Hacking and Network Defense

Object Groups for ACLs

CISCO CONTEXT-BASED ACCESS CONTROL

9. Security. Safeguard Engine. Safeguard Engine Settings

Firewall Stateful Inspection of ICMP

Computer and Network Security

Preview Test: cis191_chap1_quiz

Internet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.

TCP/IP Networking. Training Details. About Training. About Training. What You'll Learn. Training Time : 9 Hours. Capacity : 12

IBM i Version 7.3. Security Intrusion detection IBM

Using ICMP to Troubleshoot TCP/IP Networks

SANS SEC504. Hacker Tools, Techniques, Exploits and Incident Handling.

Network and Internet Vulnerabilities

ipv6 hello-interval eigrp

Layer 4: UDP, TCP, and others. based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers

Configuring Firewall TCP SYN Cookie

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

CE Advanced Network Security

C HAPTER 12. Port Binding Overview. This chapter describes how to configure the port binding settings.

Transcription:

FISTConference October 2004 Denial Of Service Attacks Gabriel Verdejo Alvarez (gaby@tau.uab.es) Barcelona

INDEX Speaker s introduction. Denial Of Service attacks (DOS). Examples. Distributed Denial of Service attacks (DDOS). DDOS tools analysis. Reflection DDOS Attack. Countermeasures. What the future brings. Questions. Bibliography. 2

Speaker s Introduction Gabriel Verdejo Alvarez,, Barcelona 1973. Computer science engineer at UAB. PhD studies (DEA) at CCD department, UAB. Senior consultant over 5 years experience. Cisco Certified teacher (CNAP). Since 2002 working at LSI department located at UPC. 3

Denial Of service attacks I Historical context: 90 s decade became the Internet age (WWW). Massive deployment of part-time time connections (modem). Bandwidth increase Interaction, pictures A new mass media has born! Hackers context: Simple attacks techniques (console VT, dial-out War games ) Almost inexistent networks attacks (IRC Wars). 4

Denial Of service attacks II A brief chronology: Until 1996 naive attacks. No worldwide connection available. 1997 97 TRIN00 tool became the starting point of Denial Of Service attacks. 1988 TFN tool improve DOS attacks. 1998 Ebay,, Yahoo, Microsoft were the favorite targets for this kind of attacks. 1999 TFN2K the new generation for denial attacks. 5

Denial Of service attacks III Definitions: Denial Of Service (DOS) means the impossibility of getting access to a resource or service by the legitimate user. Denial Of Service attack is when the resource or the service is monopolized intentionally to prevent access from other users. This definition also includes the attempts to collapse the service or resource to deny access to anyone. 6

Denial Of service attacks IV DOS attack example 1: IP Flooding Used in local l networks Consumes great amount of bandwidth. The attacker creates spurious traffic over the network: Random Guided Traffic can be UDP, ICMP or TCP. 7

Denial Of service attacks V 8

Denial Of service attacks VI DOS attack example 2: ECHO-CHARGEN CHARGEN / Snork UNIX computers provides several well known services (Telnet, FTP, ECHO ). ECHO: Replies any PING request received over the network. CHARGEN: Replies any network request with a random character generator. The attacker spoof the source address of the request crossing both services. 9

Denial Of service attacks VII 10

Denial Of service attacks VIII DOS attack example 3: Ping Of Death The most famous DOS attack. Uses programming bugs and RFC791/RFC792 definitions of maximum packet length of TCP/IP family: IP datagram has a maximum size of 64K (65535 bytes) with a typical header length of 20 bytes. ICMP packet is encapsulated into IP datagram and has a 8 bytes header. 11

Denial Of service attacks IX Attacker can send 65510 bytes of data using ICMP protocol because: 65535 8 (header) = 65527 bytes The destination computer receives the request and tries to reassemble data: But the truth is we have 65535 20 8 = 65507 bytes free!! This attack causes overflow in networks services or operative system failure. 12

Distributed Denial Of service attacks I Definitions: Distributed Denial Of Service Attacks (DDOS) can be defined as a deny of service attack with several sources distributed along the Internet that focuses on the same target. Unlimited number of sources can be used. Worldwide distribution. Any computer attached on Internet can be disabled. 13

Distributed Denial Of service attacks II 14

Distributed Denial Of service attacks III DDOS tools analysis: TRINOO / TRIN00 First DDOS tool find in the wild. Originally detected in Solaris machines but could be used in any UNIX computer. The deployment mode follows always these guidelines: The hacker goes into the computer (bugs exploit ). Software is compiled leaving a backdoor at port 1524/TCP. Other machines in the same network are hacked. 15

Distributed Denial Of service attacks IV Implements a hierarchical model based on a master-slave slave schema to permit the DDOS attacks. 16

Distributed Denial Of service attacks V A single attacker can control hundreds (even thousands) of machines in a very simple way. The attacker cannot be identified directly (the attacker computers are the slaves!). This tool implements IP flooding attack. The daemon lets the user run several commands (Telnet style) to start/stop service and to control the beginning and the end of every attack. 17

Distributed Denial Of service attacks VI DDOS tools analysis: TFN2K The most sophisticated tool find in the wild. Improves communication between master/slaves computers using TCP, UDP or ICMP packets (even all!!) to avoid firewalls / IDS. Implements different styles of attacks (TCP/UDP/ICMP flood, Smurf) that can be automatically rotated to avoid basic countermeasures. 18

Distributed Denial Of service attacks VII Packet headers are randomly changed to prevent IDS signatures. Daemons do not reply to the orders they receive. Every command is resend 20 times. This method make difficult to discover compromised computers because no outside communication exists. Uses CAST-256 as cipher method to prevent the sniffer tools over the network. 19

Distributed Denial Of service attacks VIII Reflection DDOS attack: This new approach is based on the use of legitimate (not hacked!) computers attached to the Internet. The slaves machines are not quickly discovered/banned so the attack can be done more time. The attacking method can be switched automatically. The attackers computers can change without randomly make more difficult the detection of the attack. 20

Distributed Denial Of service attacks IX 21

Distributed Denial Of service attacks X GRC.com DDOS reflection attack: On January 11 of 2002 an attack to GRC was discovered. 2 x T1 connection were collapsed few hours by several ISP computers as Verio or Qwest and well known places as Yahoo. Few hours before it was detected a filter was applied and the count of packets discarded were 1.072.519.399!!! 22

Distributed Denial Of service attacks XI Countermeasures: Ingress/Egress filtering Deny spoofing address attacks. Firewalls Poor solution, increases routing overhead. IDS Bad detection mechanism and limited response. Other solutions (Multops( Multops,, Reverse Firewall, D-Ward) D canot interoperate with external systems. 23

Distributed Denial Of service attacks XII What the future brings: The DDOS problem is not solved and periodically we read a new succefull attack against any major company (Ebay( Ebay,, SCO ). The future of DDOS are changing with virus symbiosis. Now the hacker does not need to enter into the computer, the virus let the t door open. MyDoom (2004) www.sco.com www.thescogroup.com DDOS attacks in wireless Networks. 24

Distributed Denial Of service attacks XIII Bibliography: William R. Cheswick and Steven M. Bellovin, Firewalls and Internet Security: Repelling the Wily Hacker", Addison-Wesley Publishing, 1994. W. Richard Stevens, TCP/IP Illustrated Volume 1: The protocols,, Addison- Wessley,, 1998. David Dittrich, The TRIBE FLOOD NETWORK distributed denial of service attack tool,, 1999. David Hoelzer, Intrussion Detection FAQ: Why Egress Filtering Can Benefit Your Organization,, 2000. T. M. Gil, M. Poletto, MULTOPS: a data-structure for bandwidth attack detection,, 10th Usenix Security Symposium, 2001. http://tau.uab.es/~gaby gaby@tau.uab.es 25

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback