Your SlideShare is downloading. ×
DDOS
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
654
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. ./whoami 0 If You want to Hack some one First Hack Your self. 0 I am NOT a Hacker Just Learning for Security analyst.
  • 2. Why DoS? 0 Sub-cultural status 0 To gain access 0 Revenge 0 Political reasons 0 Economic reasons 0 Nastiness
  • 3. How DoS (remotely)? 0 Consume host resources 0 Memory 0 Processor cycles 0 Network state 0 Consume network resources 0 Bandwidth 0 Router resources (it’s a host too!) 0 Exploit protocol vulnerabilities 0 Poison ARP cache 0 Poison DNS cache 0 Etc…
  • 4. Where DoS 0 End hosts 0 Critical servers (disrupt C/S network) 0 Web, File, Authentication, Update 0 DNS 0 Infrastructure 0 Routers within org 0 All routers in upstream path
  • 5. Outline  What is a DDOS attack?  How to defend a DDoS attack?
  • 6. What is DDoS attack? • Internet DDoS attack is real threat 0 0 0 - on websites · Yahoo, CNN, Amazon, eBay, etc (Feb. 2000) services were unavailable for several hours on Internet infrastructure 13 root DNS servers (Oct, 2002) 7 of them were shut down, 2 others partially unavailable • Lack of defense mechanism on current Internet
  • 7. What is a DDos Attack? 0 Examples of DoS include: 0 Flooding a network 0 Disrupting connections between machines 0 Disrupting a service 0 Distributed Denial-of-Service Attacks 0 Many machines are involved in the attack against one or more victim(s)
  • 8. ATTACK SIZE IN GBPS
  • 9. MAIN TARGETS
  • 10. What Makes DDoS Attacks Possible? 0 Internet was designed with functionality & not security in mind 0 Internet security is highly interdependent 0 Internet resources are limited 0 Power of many is greater than power of a few
  • 11. IP Traceback - Allows victim to identify the origin of attackers - Several approaches ICMP trace messages, Probabilistic Packet Marking, Hash-based IP Traceback, etc.
  • 12. PPM 0 Probabilistic Packet Marking scheme - Probabilistically inscribe local path info - Use constant space in the packet header - Reconstruct the attack path with high probability Marking at router R For each packet w Generate a random number x from [0,1) If x < p then Write IP address of R into w.head Write 0 into w.distance else if w.distance == 0 then write IP address of R into w.tail Increase w.distance endif
  • 13. PPM (Cont.) legitimate user attacker Victim DDoS Attack and Its Defense 16
  • 14. PPM (Cont.) legitimate user attacker Victim DDoS Attack and Its Defense 17
  • 15. PPM (Cont.) legitimate user attacker R R R R R Victim V DDoS Attack and Its Defense 18
  • 16. What is Pushback? 0 A mechanism that allows a router to request adjacent upstream routers to limit the rate of traffic
  • 17. How Does it Work? 0 A congested router requests adjacent routers to limit the rate of traffic for that particular aggregate 0 Router sends pushback message 0 Received routers propagate pushback
  • 18. How Does it Work?
  • 19. When is it invoked? 0 Drop rate for an aggregate exceeds the limit imposed on it (monitoring the queue) 0 Pushback agent receives information that a DoS attack is underway (packet drop history)
  • 20. When does it stop? 0 Feedback messages are sent to upstream routers that report on how much traffic from the aggregates is still present
  • 21. What are some advantages? 0 Pushback prevents bandwidth from being wasted on packets that will later be dropped (better when closer to the source) 0 Protects other traffic from the attack traffic 0 When network is under attack it can rate limit the malicious traffic
  • 22. Conclusion 0 Defending a DDoS attack 0 Ingress filtering 0 Traceback 0 Pushback
  • 23. !! For Regarding any question contact me !! http://www.maulikkotak.webnode.com http://www.facebook.com/maulikkotakstar http://www.twitter.com/maulikkotakstar

×