SlideShare a Scribd company logo

DDoS - Distributed Denial of Service

Download as PPTX, PDF
Er. Shiva K. Shrestha
Er. Shiva K. Shrestha

DDoS Attack (Distributed Denial of Service)

Technology
1 of 47
Er. Shiva K. Shrestha Er. Niran Kafle December 27, 2016 1 DDoS Attack (Distributed Denial of Service)
Introduction ■ Denial of Service (DoS) – Attack to disrupt the authorized use of networks, systems, or applications ■ Distributed Denial of Service (DDoS) – Employ multiple compromised computers to perform a coordinated and widely distributed DoS attack ■ DoS Attacks Affect: – Software Systems – Network Routers/Equipment/Servers – Servers and End-User PCs December 27, 2016 2
DoS Single Source December 27, 2016 3
DDoS Collateral Damage Points December 27, 2016 4
How DDoS Attacks Work ■ incoming traffic flooding the victim originates from many different sources – potentially hundreds of thousands or more. ■ effectively makes it impossible to stop the attack simply by blocking a single IP address; ■ very difficult to distinguish legitimate user traffic from attack traffic when spread across so many points of origin. December 27, 2016 5
DDoS Headlines December 27, 2016 6
DDoS Attacks Based On December 27, 2016 7
DDoS Source &Targets December 27, 2016 8
DDoSWebApplication Attacks December 27, 2016 9
Types of DDoS Attacks ■ Traffic attacks: Traffic flooding attacks send a huge volume of TCP, UDP and ICPM packets to the target. Legitimate requests get lost and these attacks may be accompanied by malware exploitation. ■ Bandwidth attacks: This DDoS attack overloads the target with massive amounts of junk data. This results in a loss of network bandwidth and equipment resources and can lead to a complete denial of service. ■ Application attacks: Application-layer data messages can deplete resources in the application layer, leaving the target's system services unavailable. December 27, 2016 10
DoS Attacks Fast Facts ■ Early 1990s: Individual Attacks single source. First DoSTools ■ Late 1990s: Botnets, First DDoSTools ■ Feb 2000: First Large-Scale DDoS Attack ■ CNN,Yahoo, E*Trade, eBay, Amazon.com, Buy.com ■ 2001: Microsoft’s name sever infrastructure was disabled ■ 2002: DDoD attack Root DNS ■ 2004: DDoS for hire and Extortion ■ 2007: DDoS against Estonia ■ 2008: DDoS against Georgia during military conflict with Russia ■ 2009: Ddos onTwitter and Facebook ■ 2010: Ddos onVISA and Master Card December 27, 2016 11
2000 DoS Attacks ■ In Feb 2000, series of massive DoS attacks – Yahoo, Amazon, eBay, CNN, E*Trade, ZDNet, Datek and Buy.com all hit ■ Attacks allegedly perpetrated by teenagers ■ Used compromised systems at UCSB ■ Yahoo : 3 hours down with $500,000 lost revenue ■ Amazon: 10 hours down with $600,000 lost revenue December 27, 2016 12
2002 DNS DoS Attacks l ICMP floods 150 Kpps (primitive attack) l Took down 7 root servers (two hours) DNS root servers December 27, 2016 13
■ Hours-long service outage – 44 million users affected ■ At the same time Facebook, LiveJournal, andYouTube were under attacked – some users experienced an outage ■ Real target: a Georgian blogger 2009 DDoS onTwitter December 27, 2016 14
■ December 2010 ■ Targets: MasterCard,Visa,Amazon, Paypal, Swiss Postal Finance, and more DDoS on Mastercard andVisa  Attack launched by a group of vigilantes called Anonymous (~5000 people)  DDoS tool is called LOIC or “Low Orbit Ion Cannon”  Bots recruited through social engineering  Directed to download DDoS software and take instructions from a master  Motivation: Payback, due to cut support of WikiLeaks after their founder was arrested on unrelated charges December 27, 2016 15
The new DDoS tool by Anonymous ■ New operation is beginning ■ A successor of LOIC ■ Using SQL and .js vulnerability, remotely deface page ■ May be available in this September 2011 V for Vendetta December 27, 2016 16
Operation Facebook ■ Announcement onYouTube to bomb Facebook on Nov. 5 2011 ■ Facebook’s privacy reveals issues Remember Remember poem Remember remember the fifth of November Gunpowder, treason and plot. I see no reason why gunpowder, treason Should ever be forgot...  Why Nov. 5? V December 27, 2016 17
DDoS Attack Classification December 27, 2016 18
DOS attack list ■ Flood attack – TCP SYN flood – UDP flood – ICMP (PING) flood – Amplification (Smurf, Fraggle since 1998) ■ Vulnerability attack – Ping of Death (since 1990) – Tear Drop (since 1997) – Land (since 1997) December 27, 2016 19
Flooding attack ■ Commonly used DDoS attack ■ Sending a vast number of messages whose processing consumes some key resource at the target ■ The strength lies in the volume, rather than the content ■ Implications : ■ The traffic look legitimate ■ Large traffic flow large enough to consume victim’s resources ■ High packet rate sending 20 December 27, 2016
Vulnerability DoS attack ■ Vulnerability : a bug in implementation or a bug in a default configuration of a service ■ Malicious messages (exploits) : unexpected input that utilize the vulnerability are sent ■ Consequences : ■ The system slows down or crashes or freezes or reboots ■ Target application goes into infinite loop ■ Consumes a vast amount of memory 21 December 27, 2016
TCP SYN flood SYN RQST SYN ACK client server Spoofed SYN RQST zombie victim Waiting queue overflows Zombies SYN ACK December 27, 2016 22
Smurf attack ■ Amplification attack – Sends ICMP ECHO to network – Amplified network flood – widespread pings with faked return address (broadcast address) – Network sends response to victim system – The "smurf" attack's cousin is called "fraggle", which uses UDP echo packets in the same fashion 23 December 27, 2016
DoS : Smurf A B Ping Broadcast Src Addr : B Dst Addr : Broadcast December 27, 2016 24
DoS : Fraggle UDP Broadcast src port : echo dest port: chargen port A B Infinite Loop! Src Addr : B Dst Addr : Broadcast ■ Well known exploit Echo/ChargenDecember 27, 2016 25
Ping of Death ■ Sending over size ping packet to victim – >65535 bytes ping violates IP packet length – Causes buffer overflow and system crash ■ Problem in implementation, not protocol ■ Has been fixed in modern OSes – Was a problem in late 1990s December 27, 2016 26
Teardrop ■ A bug in theirTCP/IP fragment reassembly code ■ Mangle IP fragments with overlapping, over-sized payloads to the target machine ■ Crash various operating systems December 27, 2016 27
LAND ■ A LAND (Local Area Network Denial) attack ■ First discovered in 1997 by “m3lt” – Effect several OS : ■ AIX 3.0 ■ FressBSD 2.2.5 ■ IBM AS/400 OS7400 3.7 ■ Mac OS 7.6.1 ■ SUN OS 4.1.3, 4.1.4 ■ Windows 95, NT and XP SP2 ■ IP packets where the source and destination address are set to address the same device – The machine replies to itself continuously – Published code land.c December 27, 2016 28
LAND December 27, 2016 29
DDoS Defense December 27, 2016 30
Are we safe from DDoS? ■ My machine are well secured – It does not matter.The problem is not your machine but everyone else ■ I have a Firewall – It does not matter.We slip with legitimate traffic or we bomb your firewall ■ I useVPN – It does not matter.We can fill yourVPN pipe ■ My system is very high provision – It does not matter.We can get bigger resource than you have 31 December 27, 2016
Why DoS Defense is difficult ■ Conceptual difficulties – Mostly random source packet – Moving filtering upstream requires communication ■ Practical difficulties – Routers don’t have many spare cycles for analysis/filtering – Networks must remain stable—bias against infrastructure change – Attack tracking can cross administrative boundaries – End-users/victims often see attack differently (more urgently) than network operators ■ Nonetheless, need to: – Maximize filtering of bad traffic – Minimize “collateral damage” December 27, 2016 32
Defenses against DoS attacks ■ DoS attacks cannot be prevented entirely ■ Impractical to prevent the flash crowds without compromising network performance ■ Three lines of defense against (D)DoS attacks – Attack prevention and preemption – Attack detection and filtering – Attack source traceback and identification 33 December 27, 2016
Attack prevention ■ Limit ability of systems to send spoofed packets – Filtering done as close to source as possible by routers/gateways – Reverse-path filtering ensure that the path back to claimed source is same as the current packet’s path ■ Ex: On Cisco router “ip verify unicast reverse-path” command ■ Rate controls in upstream distribution nets – On specific packet types – Ex: Some ICMP, some UDP,TCP/SYN ■ Block IP broadcasts 34 December 27, 2016
Responding to attacks ■ Need good incident response plan – With contacts for ISP – Needed to impose traffic filtering upstream – Details of response process ■ Ideally have network monitors and IDS – To detect and notify abnormal traffic patterns 35 December 27, 2016
How are DDoS practically handled? 36 December 27, 2016
Router Filtering 37Server1 Victim Server2 .... .... R3 R1 R2 R5R4 RR R 1000 1000 FE peering 100 ACLs, CARs December 27, 2016
Cisco uRPF 38 Router A Router B Pkt w/ source comes in Path back on this line? Accept pkt Path via different interface? Reject pkt Check source in routing table  Unicast Reverse Path Forwarding  Does routing back to the source go through same interface ?  Cisco interface command: ip verify unicast rpf December 27, 2016
Black hole Routing 39Server1 Victim Server2 .... .... R3 R1 R2 R5R4 RR R 1000 1000 FE peering 100 ip route A.B.C.0 255.255.255.0 Null0 December 27, 2016
Blackhole in Practice (I) 40 Victim Non-victimized servers Upstream = Not on the Critical Path Guard Detector December 27, 2016
Blackhole in Practice (II) 41 Guard Victim Non-victimized servers BGP announcement 1. Detect 2. Activate: Auto/Manual 3. Divert only victim’s traffic Activate Detector December 27, 2016
Blackhole in Practice (III) 42 Guard Victim Non-victimized servers Traffic destined to the victim Legitimate traffic to victim Inject= GRE, VRF, VLAN, FBF, PBR… Hijack traffic = BGP Detector December 27, 2016
■ Attackers follow defense approaches, adjust their code to bypass defenses ■ Use of subnet spoofing defeats ingress filtering ■ Use of encryption and decoy packets, IRC or P2P obscures master- slave communication ■ Encryption of attack packets defeats traffic analysis and signature detection ■ Pulsing attacks defeat slow defenses and traceback ■ Flash-crowd attacks generate application traffic DDoS AttackTrends December 27, 2016 43
Conclusion ■ No matter how secure a system is or good defense techniques has been used it is not possible to completely prevent DDoSAttack. ■ 75 % ofWeb Application attacks targeted US sites December 27, 2016 44
DoS Attack Demo December 27, 2016 45
ThankYou ! ■ Q/A ? December 27, 2016 46
Recommendations ■ http://thehackernews.com/2016/09/ddos-attack-iot.html ■ http://www.datacenterdynamics.com/content-tracks/security-risk/ddos-attacks-hit- cloudflare-originate-from-new-botnet/97438.fullarticle ■ http://www.theregister.co.uk/2016/12/08/can_isps_step_up_and_solve_the_ddos_pro blem/ ■ http://calvinayre.com/2016/12/16/business/bitcoin-exchange-btc-e-falls-victim-ddos- attack/ ■ http://en.yibada.com/articles/180618/20161222/biggest-hacks-data-breaches-2016- from-yahoo-breach-to-ddos-attacks.htm ■ http://news.softpedia.com/news/infographic-ddos-attacks-in-q3-2015-497312.shtml December 27, 2016 47

Recommended

DDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtDDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtNitin Bisht
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Gaurav Sharma
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attackstollen_fusion
 
12 types of DDoS attacks
12 types of DDoS attacks12 types of DDoS attacks
12 types of DDoS attacksHaltdos
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackAhmed Ghazey
 
Denial of service
Denial of serviceDenial of service
Denial of servicegarishma bhatia
 
Basics of Denial of Service Attacks
Basics of Denial of Service AttacksBasics of Denial of Service Attacks
Basics of Denial of Service AttacksHansa Nidushan
 
An introduction to denial of service attacks
An introduction to denial of service attacksAn introduction to denial of service attacks
An introduction to denial of service attacksRollingsherman
 

Recommended

DDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtDDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtNitin Bisht
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Gaurav Sharma
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attackstollen_fusion
 
12 types of DDoS attacks
12 types of DDoS attacks12 types of DDoS attacks
12 types of DDoS attacksHaltdos
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackAhmed Ghazey
 
Denial of service
Denial of serviceDenial of service
Denial of servicegarishma bhatia
 
Basics of Denial of Service Attacks
Basics of Denial of Service AttacksBasics of Denial of Service Attacks
Basics of Denial of Service AttacksHansa Nidushan
 
An introduction to denial of service attacks
An introduction to denial of service attacksAn introduction to denial of service attacks
An introduction to denial of service attacksRollingsherman
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackKaustubh Padwad
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS AttacksJignesh Patel
 
Destributed denial of service attack ppt
Destributed denial of service attack pptDestributed denial of service attack ppt
Destributed denial of service attack pptOECLIB Odisha Electronics Control Library
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionAPNIC
 
Dos attack
Dos attackDos attack
Dos attackManjushree Mashal
 
DDoS Protection
DDoS ProtectionDDoS Protection
DDoS ProtectionAmazon Web Services
 
Ddos attacks
Ddos attacksDdos attacks
Ddos attackscommunication-eg
 
DDoS ATTACKS
DDoS ATTACKSDDoS ATTACKS
DDoS ATTACKSAnil Antony
 
DDOS Attack
DDOS Attack DDOS Attack
DDOS Attack Ahmed Salama
 
Dos n d dos
Dos n d dosDos n d dos
Dos n d dossadhana21297
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPSSantosh Khadsare
 
Denial of Service Attack
Denial of Service AttackDenial of Service Attack
Denial of Service AttackDhrumil Panchal
 
DNS spoofing/poisoning Attack
DNS spoofing/poisoning AttackDNS spoofing/poisoning Attack
DNS spoofing/poisoning AttackFatima Qayyum
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/... Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...Suhail Khan
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissanceNishaYadav177
 
DDoS.pptx
DDoS.pptxDDoS.pptx
DDoS.pptxPraveenKumarPatel9
 
Types of attacks
Types of attacksTypes of attacks
Types of attacksVivek Gandhi
 
DoS Attack - Incident Handling
DoS Attack - Incident HandlingDoS Attack - Incident Handling
DoS Attack - Incident HandlingMarcelo Silva
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16Radware
 
Aleksei zaitchenkov slides about DOS Attacks
Aleksei zaitchenkov slides about DOS AttacksAleksei zaitchenkov slides about DOS Attacks
Aleksei zaitchenkov slides about DOS AttacksDipesh Karade
 

More Related Content

What's hot

Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackKaustubh Padwad
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionAPNIC
 
Denial of Service Attack
Denial of Service AttackDenial of Service Attack
Denial of Service AttackDhrumil Panchal
 
DNS spoofing/poisoning Attack
DNS spoofing/poisoning AttackDNS spoofing/poisoning Attack
DNS spoofing/poisoning AttackFatima Qayyum
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/... Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...Suhail Khan
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissanceNishaYadav177
 
DoS Attack - Incident Handling
DoS Attack - Incident HandlingDoS Attack - Incident Handling
DoS Attack - Incident HandlingMarcelo Silva
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 

What's hot (20)

Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS Attacks
 
Destributed denial of service attack ppt
Destributed denial of service attack pptDestributed denial of service attack ppt
Destributed denial of service attack ppt
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack Prevention
 
Dos attack
Dos attackDos attack
Dos attack
 
DDoS Protection
DDoS ProtectionDDoS Protection
DDoS Protection
 
Ddos attacks
Ddos attacksDdos attacks
Ddos attacks
 
DDoS ATTACKS
DDoS ATTACKSDDoS ATTACKS
DDoS ATTACKS
 
DDOS Attack
DDOS Attack DDOS Attack
DDOS Attack
 
Dos n d dos
Dos n d dosDos n d dos
Dos n d dos
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPS
 
Denial of Service Attack
Denial of Service AttackDenial of Service Attack
Denial of Service Attack
 
DNS spoofing/poisoning Attack
DNS spoofing/poisoning AttackDNS spoofing/poisoning Attack
DNS spoofing/poisoning Attack
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
 
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/... Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissance
 
DDoS.pptx
DDoS.pptxDDoS.pptx
DDoS.pptx
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
 
DoS Attack - Incident Handling
DoS Attack - Incident HandlingDoS Attack - Incident Handling
DoS Attack - Incident Handling
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
 

Similar to DDoS - Distributed Denial of Service

DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16Radware
 
Aleksei zaitchenkov slides about DOS Attacks
Aleksei zaitchenkov slides about DOS AttacksAleksei zaitchenkov slides about DOS Attacks
Aleksei zaitchenkov slides about DOS AttacksDipesh Karade
 
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili SaghafiComputer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili SaghafiProfessor Lili Saghafi
 
A survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigationsA survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigationsIJNSA Journal
 
A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONS
A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONSA SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONS
A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONSIJNSA Journal
 
A survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigationsA survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigationsIJNSA Journal
 
Network Security - Luxury or Must Have?
Network Security - Luxury or Must Have? Network Security - Luxury or Must Have?
Network Security - Luxury or Must Have? Allot Communications
 
DrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSDrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSSuzanne Aldrich
 
Denial of services : limiting the threat
Denial of services : limiting the threatDenial of services : limiting the threat
Denial of services : limiting the threatSensePost
 
Arbor Presentation
Arbor Presentation Arbor Presentation
Arbor Presentation J Hartig
 
Network and Application Security 2017. Prediction 2017
Network and Application Security 2017. Prediction 2017Network and Application Security 2017. Prediction 2017
Network and Application Security 2017. Prediction 2017Wallarm
 
Network Security in 2016
Network Security in 2016Network Security in 2016
Network Security in 2016Qrator Labs
 
DNS spoofing/poisoning Attack Report (Word Document)
DNS spoofing/poisoning Attack Report (Word Document)DNS spoofing/poisoning Attack Report (Word Document)
DNS spoofing/poisoning Attack Report (Word Document)Fatima Qayyum
 
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetupWeapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetupmichaelxin2015
 
4-DDoS-DES-CEN451-BSE-Fall2023-16102023-082938pm (1).pdf
4-DDoS-DES-CEN451-BSE-Fall2023-16102023-082938pm (1).pdf4-DDoS-DES-CEN451-BSE-Fall2023-16102023-082938pm (1).pdf
4-DDoS-DES-CEN451-BSE-Fall2023-16102023-082938pm (1).pdfUsamaBSEBUIC
 
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!PriyadharshiniHemaku
 
THE CYBER-DOME
THE CYBER-DOMETHE CYBER-DOME
THE CYBER-DOMEDina Beer
 

Similar to DDoS - Distributed Denial of Service (20)

DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16
 
Aleksei zaitchenkov slides about DOS Attacks
Aleksei zaitchenkov slides about DOS AttacksAleksei zaitchenkov slides about DOS Attacks
Aleksei zaitchenkov slides about DOS Attacks
 
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili SaghafiComputer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
 
A survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigationsA survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigations
 
A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONS
A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONSA SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONS
A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONS
 
A survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigationsA survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigations
 
Network Security - Luxury or Must Have?
Network Security - Luxury or Must Have? Network Security - Luxury or Must Have?
Network Security - Luxury or Must Have?
 
DrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSDrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoS
 
Network security
Network securityNetwork security
Network security
 
Denial of services : limiting the threat
Denial of services : limiting the threatDenial of services : limiting the threat
Denial of services : limiting the threat
 
Arbor Presentation
Arbor Presentation Arbor Presentation
Arbor Presentation
 
Network and Application Security 2017. Prediction 2017
Network and Application Security 2017. Prediction 2017Network and Application Security 2017. Prediction 2017
Network and Application Security 2017. Prediction 2017
 
Network Security in 2016
Network Security in 2016Network Security in 2016
Network Security in 2016
 
DDoS attacks
DDoS attacksDDoS attacks
DDoS attacks
 
DNS spoofing/poisoning Attack Report (Word Document)
DNS spoofing/poisoning Attack Report (Word Document)DNS spoofing/poisoning Attack Report (Word Document)
DNS spoofing/poisoning Attack Report (Word Document)
 
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetupWeapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
 
Ransomware ly
Ransomware lyRansomware ly
Ransomware ly
 
4-DDoS-DES-CEN451-BSE-Fall2023-16102023-082938pm (1).pdf
4-DDoS-DES-CEN451-BSE-Fall2023-16102023-082938pm (1).pdf4-DDoS-DES-CEN451-BSE-Fall2023-16102023-082938pm (1).pdf
4-DDoS-DES-CEN451-BSE-Fall2023-16102023-082938pm (1).pdf
 
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
 
THE CYBER-DOME
THE CYBER-DOMETHE CYBER-DOME
THE CYBER-DOME
 

More from Er. Shiva K. Shrestha

Workshop on Classroom and Meet - Er. Shiva K. Shrestha
Workshop on Classroom and Meet - Er. Shiva K. ShresthaWorkshop on Classroom and Meet - Er. Shiva K. Shrestha
Workshop on Classroom and Meet - Er. Shiva K. ShresthaEr. Shiva K. Shrestha
 
Deep Learning for Artificial Intelligence (AI)
Deep Learning for Artificial Intelligence (AI)Deep Learning for Artificial Intelligence (AI)
Deep Learning for Artificial Intelligence (AI)Er. Shiva K. Shrestha
 
Executing Joins Dynamically in DDBS Query Optimizer
Executing Joins Dynamically in DDBS Query OptimizerExecuting Joins Dynamically in DDBS Query Optimizer
Executing Joins Dynamically in DDBS Query OptimizerEr. Shiva K. Shrestha
 
Comparison of Amoeba, Mach & Chorus: DOS
Comparison of Amoeba, Mach & Chorus: DOSComparison of Amoeba, Mach & Chorus: DOS
Comparison of Amoeba, Mach & Chorus: DOSEr. Shiva K. Shrestha
 
Software Configuration Management (SCM)
Software Configuration Management (SCM)Software Configuration Management (SCM)
Software Configuration Management (SCM)Er. Shiva K. Shrestha
 

More from Er. Shiva K. Shrestha (7)

Workshop on Classroom and Meet - Er. Shiva K. Shrestha
Workshop on Classroom and Meet - Er. Shiva K. ShresthaWorkshop on Classroom and Meet - Er. Shiva K. Shrestha
Workshop on Classroom and Meet - Er. Shiva K. Shrestha
 
Numerical Computing
Numerical Computing Numerical Computing
Numerical Computing
 
Deep Learning for Artificial Intelligence (AI)
Deep Learning for Artificial Intelligence (AI)Deep Learning for Artificial Intelligence (AI)
Deep Learning for Artificial Intelligence (AI)
 
Executing Joins Dynamically in DDBS Query Optimizer
Executing Joins Dynamically in DDBS Query OptimizerExecuting Joins Dynamically in DDBS Query Optimizer
Executing Joins Dynamically in DDBS Query Optimizer
 
Comparison of Amoeba, Mach & Chorus: DOS
Comparison of Amoeba, Mach & Chorus: DOSComparison of Amoeba, Mach & Chorus: DOS
Comparison of Amoeba, Mach & Chorus: DOS
 
Software Configuration Management (SCM)
Software Configuration Management (SCM)Software Configuration Management (SCM)
Software Configuration Management (SCM)
 
Mongo DB
Mongo DBMongo DB
Mongo DB
 

Recently uploaded

Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfFIDO Alliance
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfFIDO Alliance
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftshyamraj55
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastUXDXConf
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...FIDO Alliance
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024Stephen Perrenod
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfFIDO Alliance
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...panagenda
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureFemke de Vroome
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...FIDO Alliance
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessUXDXConf
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...FIDO Alliance
 
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceSamy Fodil
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfFIDO Alliance
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaCzechDreamin
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsStefano
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctBrainSell Technologies
 
BT & Neo4j _ How Knowledge Graphs help BT deliver Digital Transformation.pptx
BT & Neo4j _ How Knowledge Graphs help BT deliver Digital Transformation.pptxBT & Neo4j _ How Knowledge Graphs help BT deliver Digital Transformation.pptx
BT & Neo4j _ How Knowledge Graphs help BT deliver Digital Transformation.pptxNeo4j
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024Stephanie Beckett
 

Recently uploaded (20)

Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoft
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdf
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 
BT & Neo4j _ How Knowledge Graphs help BT deliver Digital Transformation.pptx
BT & Neo4j _ How Knowledge Graphs help BT deliver Digital Transformation.pptxBT & Neo4j _ How Knowledge Graphs help BT deliver Digital Transformation.pptx
BT & Neo4j _ How Knowledge Graphs help BT deliver Digital Transformation.pptx
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
 

DDoS - Distributed Denial of Service

  • 1. Er. Shiva K. Shrestha Er. Niran Kafle December 27, 2016 1 DDoS Attack (Distributed Denial of Service)
  • 2. Introduction ■ Denial of Service (DoS) – Attack to disrupt the authorized use of networks, systems, or applications ■ Distributed Denial of Service (DDoS) – Employ multiple compromised computers to perform a coordinated and widely distributed DoS attack ■ DoS Attacks Affect: – Software Systems – Network Routers/Equipment/Servers – Servers and End-User PCs December 27, 2016 2
  • 5. How DDoS Attacks Work ■ incoming traffic flooding the victim originates from many different sources – potentially hundreds of thousands or more. ■ effectively makes it impossible to stop the attack simply by blocking a single IP address; ■ very difficult to distinguish legitimate user traffic from attack traffic when spread across so many points of origin. December 27, 2016 5
  • 7. DDoS Attacks Based On December 27, 2016 7
  • 10. Types of DDoS Attacks ■ Traffic attacks: Traffic flooding attacks send a huge volume of TCP, UDP and ICPM packets to the target. Legitimate requests get lost and these attacks may be accompanied by malware exploitation. ■ Bandwidth attacks: This DDoS attack overloads the target with massive amounts of junk data. This results in a loss of network bandwidth and equipment resources and can lead to a complete denial of service. ■ Application attacks: Application-layer data messages can deplete resources in the application layer, leaving the target's system services unavailable. December 27, 2016 10
  • 11. DoS Attacks Fast Facts ■ Early 1990s: Individual Attacks single source. First DoSTools ■ Late 1990s: Botnets, First DDoSTools ■ Feb 2000: First Large-Scale DDoS Attack ■ CNN,Yahoo, E*Trade, eBay, Amazon.com, Buy.com ■ 2001: Microsoft’s name sever infrastructure was disabled ■ 2002: DDoD attack Root DNS ■ 2004: DDoS for hire and Extortion ■ 2007: DDoS against Estonia ■ 2008: DDoS against Georgia during military conflict with Russia ■ 2009: Ddos onTwitter and Facebook ■ 2010: Ddos onVISA and Master Card December 27, 2016 11
  • 12. 2000 DoS Attacks ■ In Feb 2000, series of massive DoS attacks – Yahoo, Amazon, eBay, CNN, E*Trade, ZDNet, Datek and Buy.com all hit ■ Attacks allegedly perpetrated by teenagers ■ Used compromised systems at UCSB ■ Yahoo : 3 hours down with $500,000 lost revenue ■ Amazon: 10 hours down with $600,000 lost revenue December 27, 2016 12
  • 13. 2002 DNS DoS Attacks l ICMP floods 150 Kpps (primitive attack) l Took down 7 root servers (two hours) DNS root servers December 27, 2016 13
  • 14. ■ Hours-long service outage – 44 million users affected ■ At the same time Facebook, LiveJournal, andYouTube were under attacked – some users experienced an outage ■ Real target: a Georgian blogger 2009 DDoS onTwitter December 27, 2016 14
  • 15. ■ December 2010 ■ Targets: MasterCard,Visa,Amazon, Paypal, Swiss Postal Finance, and more DDoS on Mastercard andVisa  Attack launched by a group of vigilantes called Anonymous (~5000 people)  DDoS tool is called LOIC or “Low Orbit Ion Cannon”  Bots recruited through social engineering  Directed to download DDoS software and take instructions from a master  Motivation: Payback, due to cut support of WikiLeaks after their founder was arrested on unrelated charges December 27, 2016 15
  • 16. The new DDoS tool by Anonymous ■ New operation is beginning ■ A successor of LOIC ■ Using SQL and .js vulnerability, remotely deface page ■ May be available in this September 2011 V for Vendetta December 27, 2016 16
  • 17. Operation Facebook ■ Announcement onYouTube to bomb Facebook on Nov. 5 2011 ■ Facebook’s privacy reveals issues Remember Remember poem Remember remember the fifth of November Gunpowder, treason and plot. I see no reason why gunpowder, treason Should ever be forgot...  Why Nov. 5? V December 27, 2016 17
  • 19. DOS attack list ■ Flood attack – TCP SYN flood – UDP flood – ICMP (PING) flood – Amplification (Smurf, Fraggle since 1998) ■ Vulnerability attack – Ping of Death (since 1990) – Tear Drop (since 1997) – Land (since 1997) December 27, 2016 19
  • 20. Flooding attack ■ Commonly used DDoS attack ■ Sending a vast number of messages whose processing consumes some key resource at the target ■ The strength lies in the volume, rather than the content ■ Implications : ■ The traffic look legitimate ■ Large traffic flow large enough to consume victim’s resources ■ High packet rate sending 20 December 27, 2016
  • 21. Vulnerability DoS attack ■ Vulnerability : a bug in implementation or a bug in a default configuration of a service ■ Malicious messages (exploits) : unexpected input that utilize the vulnerability are sent ■ Consequences : ■ The system slows down or crashes or freezes or reboots ■ Target application goes into infinite loop ■ Consumes a vast amount of memory 21 December 27, 2016
  • 22. TCP SYN flood SYN RQST SYN ACK client server Spoofed SYN RQST zombie victim Waiting queue overflows Zombies SYN ACK December 27, 2016 22
  • 23. Smurf attack ■ Amplification attack – Sends ICMP ECHO to network – Amplified network flood – widespread pings with faked return address (broadcast address) – Network sends response to victim system – The "smurf" attack's cousin is called "fraggle", which uses UDP echo packets in the same fashion 23 December 27, 2016
  • 24. DoS : Smurf A B Ping Broadcast Src Addr : B Dst Addr : Broadcast December 27, 2016 24
  • 25. DoS : Fraggle UDP Broadcast src port : echo dest port: chargen port A B Infinite Loop! Src Addr : B Dst Addr : Broadcast ■ Well known exploit Echo/ChargenDecember 27, 2016 25
  • 26. Ping of Death ■ Sending over size ping packet to victim – >65535 bytes ping violates IP packet length – Causes buffer overflow and system crash ■ Problem in implementation, not protocol ■ Has been fixed in modern OSes – Was a problem in late 1990s December 27, 2016 26
  • 27. Teardrop ■ A bug in theirTCP/IP fragment reassembly code ■ Mangle IP fragments with overlapping, over-sized payloads to the target machine ■ Crash various operating systems December 27, 2016 27
  • 28. LAND ■ A LAND (Local Area Network Denial) attack ■ First discovered in 1997 by “m3lt” – Effect several OS : ■ AIX 3.0 ■ FressBSD 2.2.5 ■ IBM AS/400 OS7400 3.7 ■ Mac OS 7.6.1 ■ SUN OS 4.1.3, 4.1.4 ■ Windows 95, NT and XP SP2 ■ IP packets where the source and destination address are set to address the same device – The machine replies to itself continuously – Published code land.c December 27, 2016 28
  • 31. Are we safe from DDoS? ■ My machine are well secured – It does not matter.The problem is not your machine but everyone else ■ I have a Firewall – It does not matter.We slip with legitimate traffic or we bomb your firewall ■ I useVPN – It does not matter.We can fill yourVPN pipe ■ My system is very high provision – It does not matter.We can get bigger resource than you have 31 December 27, 2016
  • 32. Why DoS Defense is difficult ■ Conceptual difficulties – Mostly random source packet – Moving filtering upstream requires communication ■ Practical difficulties – Routers don’t have many spare cycles for analysis/filtering – Networks must remain stable—bias against infrastructure change – Attack tracking can cross administrative boundaries – End-users/victims often see attack differently (more urgently) than network operators ■ Nonetheless, need to: – Maximize filtering of bad traffic – Minimize “collateral damage” December 27, 2016 32
  • 33. Defenses against DoS attacks ■ DoS attacks cannot be prevented entirely ■ Impractical to prevent the flash crowds without compromising network performance ■ Three lines of defense against (D)DoS attacks – Attack prevention and preemption – Attack detection and filtering – Attack source traceback and identification 33 December 27, 2016
  • 34. Attack prevention ■ Limit ability of systems to send spoofed packets – Filtering done as close to source as possible by routers/gateways – Reverse-path filtering ensure that the path back to claimed source is same as the current packet’s path ■ Ex: On Cisco router “ip verify unicast reverse-path” command ■ Rate controls in upstream distribution nets – On specific packet types – Ex: Some ICMP, some UDP,TCP/SYN ■ Block IP broadcasts 34 December 27, 2016
  • 35. Responding to attacks ■ Need good incident response plan – With contacts for ISP – Needed to impose traffic filtering upstream – Details of response process ■ Ideally have network monitors and IDS – To detect and notify abnormal traffic patterns 35 December 27, 2016
  • 36. How are DDoS practically handled? 36 December 27, 2016
  • 37. Router Filtering 37Server1 Victim Server2 .... .... R3 R1 R2 R5R4 RR R 1000 1000 FE peering 100 ACLs, CARs December 27, 2016
  • 38. Cisco uRPF 38 Router A Router B Pkt w/ source comes in Path back on this line? Accept pkt Path via different interface? Reject pkt Check source in routing table  Unicast Reverse Path Forwarding  Does routing back to the source go through same interface ?  Cisco interface command: ip verify unicast rpf December 27, 2016
  • 39. Black hole Routing 39Server1 Victim Server2 .... .... R3 R1 R2 R5R4 RR R 1000 1000 FE peering 100 ip route A.B.C.0 255.255.255.0 Null0 December 27, 2016
  • 40. Blackhole in Practice (I) 40 Victim Non-victimized servers Upstream = Not on the Critical Path Guard Detector December 27, 2016
  • 41. Blackhole in Practice (II) 41 Guard Victim Non-victimized servers BGP announcement 1. Detect 2. Activate: Auto/Manual 3. Divert only victim’s traffic Activate Detector December 27, 2016
  • 42. Blackhole in Practice (III) 42 Guard Victim Non-victimized servers Traffic destined to the victim Legitimate traffic to victim Inject= GRE, VRF, VLAN, FBF, PBR… Hijack traffic = BGP Detector December 27, 2016
  • 43. ■ Attackers follow defense approaches, adjust their code to bypass defenses ■ Use of subnet spoofing defeats ingress filtering ■ Use of encryption and decoy packets, IRC or P2P obscures master- slave communication ■ Encryption of attack packets defeats traffic analysis and signature detection ■ Pulsing attacks defeat slow defenses and traceback ■ Flash-crowd attacks generate application traffic DDoS AttackTrends December 27, 2016 43
  • 44. Conclusion ■ No matter how secure a system is or good defense techniques has been used it is not possible to completely prevent DDoSAttack. ■ 75 % ofWeb Application attacks targeted US sites December 27, 2016 44
  • 46. ThankYou ! ■ Q/A ? December 27, 2016 46
  • 47. Recommendations ■ http://thehackernews.com/2016/09/ddos-attack-iot.html ■ http://www.datacenterdynamics.com/content-tracks/security-risk/ddos-attacks-hit- cloudflare-originate-from-new-botnet/97438.fullarticle ■ http://www.theregister.co.uk/2016/12/08/can_isps_step_up_and_solve_the_ddos_pro blem/ ■ http://calvinayre.com/2016/12/16/business/bitcoin-exchange-btc-e-falls-victim-ddos- attack/ ■ http://en.yibada.com/articles/180618/20161222/biggest-hacks-data-breaches-2016- from-yahoo-breach-to-ddos-attacks.htm ■ http://news.softpedia.com/news/infographic-ddos-attacks-in-q3-2015-497312.shtml December 27, 2016 47