• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Denial of Service Attacks
 

Denial of Service Attacks

on

  • 3,454 views

 

Statistics

Views

Total Views
3,454
Views on SlideShare
3,454
Embed Views
0

Actions

Likes
2
Downloads
206
Comments
1

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel

11 of 1 previous next

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Denial of Service Attacks Denial of Service Attacks Presentation Transcript

    • Denial-of-service (DoS) Attacks Risk & Security Management Dipl.-Phys. Rainer Barthels 09.11.2012 Pascal Flöschel (FS060217) Tomal K. Ganguly (FS090182) Risk & Security Management – DoS Attacks 09.11.2012University of Liechtenstein
    • Agenda 1. Facts and Figures Tomal 2. Examples Tomal 3. DoS – denial of service Tomal 4. DoS Attacks Pascal 5. Flooding Attacks Pascal 6. Attack Architectures Pascal 7. Defenses against DoS-Attacks Tomal 8. Responding to a DoS-Attack Tomal Risk & Security Management – DoS Attacks 09.11.2012University of Liechtenstein
    • 1. Facts and Figures > Hackers have been carrying out DDoS attacks for more than a decade (400 MB/s in 2002 100 GB/s in 2010) > CSI Computer Crime and Security Survey states that 17% of respondents experienced some form of DoS attack in 2010 > Focus is generally on network services that are attacked over their network connection > Slashdotting / Flash crowd > popular website links to smaller site causing massive increase of traffic > overloading smaller site slow down, temporary unavailability > Flash crowd is more generic term network or host receives lots of traffic source: Stallings/Brown (2012), p. 243 f. Risk & Security Management – DoS Attacks 09.11.2012University of Liechtenstein
    • 2. Examples Risk & Security Management – DoS Attacks 09.11.2012University of Liechtenstein
    • 3. DoS – denial of service «A denial of service (DoS) is an action that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources such as central processing units (CPU), memory bandwidth, and disk space.» (from: NIST Computer Security Incident Handling Guide, source: Stallings/Brown (2012), p.244) > Categories of resources which can be attacked: network bandwidth, system resources, application resources > Typical aims of DoS attacks: > consuming bandwidth with large traffic volumes > overload or crash the network handling software > send specific types of packets to consume limited available resources Risk & Security Management – DoS Attacks 09.11.2012University of Liechtenstein
    • 4. DoS Attacks Example network to illustrate DoS Attacks source: Stallings/Brown (2012), p. 245 Risk & Security Management – DoS Attacks 09.11.2012University of Liechtenstein
    • 4. DoS Attacks > SYN Spoofing source: Stallings/Brown (2012), p. 248 f. Risk & Security Management – DoS Attacks 09.11.2012University of Liechtenstein
    • 5. Flooding Attacks «Flooding attacks take a variety of forms, based on which network protocol is being used to implement the attack. In all cases the intent is generally to overload the network capacity on some link to a server.» (from: Stallings/Brown (2012), p.250) > ICMP Flood > UDP Flood > TCP Syn Flood > Distributed denial-of-service Attacks > Reflector Attacks > Amplifier Attacks Risk & Security Management – DoS Attacks 09.11.2012University of Liechtenstein
    • 6. Attack Architectures > Distributed Denial-of-Service (DDoS) Attacks source: Stallings/Brown (2012), p. 253 Risk & Security Management – DoS Attacks 09.11.2012University of Liechtenstein
    • 6. Attack Architectures > Application-based bandwidth attacks > SIP Flood > HTTP-Based Attacks > HTTP Flood source: Stallings/Brown (2012), p. 255 Risk & Security Management – DoS Attacks 09.11.2012University of Liechtenstein
    • 6. Attack Architectures > Reflector and Amplifier Attacks > Reflection Attacks source: Stallings/Brown (2012), p. 247 ff. Risk & Security Management – DoS Attacks 09.11.2012University of Liechtenstein
    • 6. Attack Architectures > Reflector and Amplifier Attacks > Amplification Attacks source: Stallings/Brown (2012), p. 259 Risk & Security Management – DoS Attacks 09.11.2012University of Liechtenstein
    • 7. Defenses against DoS-Attacks > Attack prevention and preemption (before the attack) > Attack detection and filtering (during the attack) > Attack source traceback and identification (during and after the attack) Risk & Security Management – DoS Attacks 09.11.2012University of Liechtenstein
    • 8. Responding to a DoS-Attack > Incident response plan > Details of how to contact technical personal for ISP > Flooding attacks can only be filtered upstream from user’s network connection > Details of how to respond to the attack > Implementation of standard antispoofing, directed broadcast and rate limiting filtering > Automated network monitoring and instrusion detection system for abnormal traffic flows and identification (attack, misconfiguration, hard- / software failure) Risk & Security Management – DoS Attacks 09.11.2012University of Liechtenstein
    • 8. Responding to a DoS-Attack > Proposal of guideline for organizations 1) Identify the type of attack and traceback 2) Identify best approach to defend against it 3) Capture packets flowing into the organization and analyze them, looking for common attack types (e.g. network analysis tool) 4) Documentation of actions for support of any legal action 5) Develop a strategy to switch to alternative backup servers or commission of new site with new address to restore the service (forward planning) Risk & Security Management – DoS Attacks 09.11.2012University of Liechtenstein
    • Thank you for your attention. Any questions? Risk & Security Management – DoS Attacks 09.11.2012University of Liechtenstein