0
./whoami
0 If You want to Hack some one First Hack Your self.
0 I am NOT a Hacker Just Learning for Security analyst.
Why DoS?
0 Sub-cultural status
0 To gain access
0 Revenge
0 Political reasons
0 Economic reasons
0 Nastiness
How DoS (remotely)?
0 Consume host resources
0 Memory
0 Processor cycles
0 Network state

0 Consume network resources

0 B...
Where DoS
0 End hosts
0 Critical servers (disrupt C/S network)
0 Web, File, Authentication, Update
0 DNS
0 Infrastructure
...
Outline


What is a DDOS attack?



How to defend a DDoS attack?
What is DDoS attack?
• Internet DDoS attack is real threat
0
0
0

- on websites
· Yahoo, CNN, Amazon, eBay, etc (Feb. 2000...
What is a DDos Attack?
0 Examples of DoS include:
0 Flooding a network

0 Disrupting connections between machines
0 Disrup...
ATTACK SIZE IN GBPS
MAIN TARGETS
What Makes DDoS Attacks
Possible?
0 Internet was designed with functionality & not

security in mind
0 Internet security i...
IP Traceback
- Allows victim to identify the origin of attackers
- Several approaches
ICMP trace messages, Probabilistic P...
PPM
0 Probabilistic Packet Marking scheme

- Probabilistically inscribe local path info
- Use constant space in the packet...
PPM (Cont.)

legitimate user

attacker

Victim

DDoS Attack and Its Defense

16
PPM (Cont.)

legitimate user

attacker

Victim

DDoS Attack and Its Defense

17
PPM (Cont.)

legitimate user

attacker

R

R
R

R

R
Victim

V
DDoS Attack and Its Defense

18
What is Pushback?
0 A mechanism that allows a router to request adjacent

upstream routers to limit the rate of traffic
How Does it Work?
0 A congested router requests adjacent routers to limit

the rate of traffic for that particular aggrega...
How Does it Work?
When is it invoked?
0 Drop rate for an aggregate exceeds the limit imposed

on it (monitoring the queue)

0 Pushback agent...
When does it stop?
0 Feedback messages are sent to upstream routers that

report on how much traffic from the aggregates i...
What are some advantages?
0 Pushback prevents bandwidth from being wasted on

packets that will later be dropped (better w...
Conclusion
0 Defending a DDoS attack
0 Ingress filtering
0 Traceback
0 Pushback
!! For Regarding any question contact me !!
http://www.maulikkotak.webnode.com
http://www.facebook.com/maulikkotakstar
htt...
DDOS
DDOS
DDOS
Upcoming SlideShare
Loading in...5
×

DDOS

687

Published on

Published in: Education, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
687
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
11
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "DDOS"

  1. 1. ./whoami 0 If You want to Hack some one First Hack Your self. 0 I am NOT a Hacker Just Learning for Security analyst.
  2. 2. Why DoS? 0 Sub-cultural status 0 To gain access 0 Revenge 0 Political reasons 0 Economic reasons 0 Nastiness
  3. 3. How DoS (remotely)? 0 Consume host resources 0 Memory 0 Processor cycles 0 Network state 0 Consume network resources 0 Bandwidth 0 Router resources (it’s a host too!) 0 Exploit protocol vulnerabilities 0 Poison ARP cache 0 Poison DNS cache 0 Etc…
  4. 4. Where DoS 0 End hosts 0 Critical servers (disrupt C/S network) 0 Web, File, Authentication, Update 0 DNS 0 Infrastructure 0 Routers within org 0 All routers in upstream path
  5. 5. Outline  What is a DDOS attack?  How to defend a DDoS attack?
  6. 6. What is DDoS attack? • Internet DDoS attack is real threat 0 0 0 - on websites · Yahoo, CNN, Amazon, eBay, etc (Feb. 2000) services were unavailable for several hours on Internet infrastructure 13 root DNS servers (Oct, 2002) 7 of them were shut down, 2 others partially unavailable • Lack of defense mechanism on current Internet
  7. 7. What is a DDos Attack? 0 Examples of DoS include: 0 Flooding a network 0 Disrupting connections between machines 0 Disrupting a service 0 Distributed Denial-of-Service Attacks 0 Many machines are involved in the attack against one or more victim(s)
  8. 8. ATTACK SIZE IN GBPS
  9. 9. MAIN TARGETS
  10. 10. What Makes DDoS Attacks Possible? 0 Internet was designed with functionality & not security in mind 0 Internet security is highly interdependent 0 Internet resources are limited 0 Power of many is greater than power of a few
  11. 11. IP Traceback - Allows victim to identify the origin of attackers - Several approaches ICMP trace messages, Probabilistic Packet Marking, Hash-based IP Traceback, etc.
  12. 12. PPM 0 Probabilistic Packet Marking scheme - Probabilistically inscribe local path info - Use constant space in the packet header - Reconstruct the attack path with high probability Marking at router R For each packet w Generate a random number x from [0,1) If x < p then Write IP address of R into w.head Write 0 into w.distance else if w.distance == 0 then write IP address of R into w.tail Increase w.distance endif
  13. 13. PPM (Cont.) legitimate user attacker Victim DDoS Attack and Its Defense 16
  14. 14. PPM (Cont.) legitimate user attacker Victim DDoS Attack and Its Defense 17
  15. 15. PPM (Cont.) legitimate user attacker R R R R R Victim V DDoS Attack and Its Defense 18
  16. 16. What is Pushback? 0 A mechanism that allows a router to request adjacent upstream routers to limit the rate of traffic
  17. 17. How Does it Work? 0 A congested router requests adjacent routers to limit the rate of traffic for that particular aggregate 0 Router sends pushback message 0 Received routers propagate pushback
  18. 18. How Does it Work?
  19. 19. When is it invoked? 0 Drop rate for an aggregate exceeds the limit imposed on it (monitoring the queue) 0 Pushback agent receives information that a DoS attack is underway (packet drop history)
  20. 20. When does it stop? 0 Feedback messages are sent to upstream routers that report on how much traffic from the aggregates is still present
  21. 21. What are some advantages? 0 Pushback prevents bandwidth from being wasted on packets that will later be dropped (better when closer to the source) 0 Protects other traffic from the attack traffic 0 When network is under attack it can rate limit the malicious traffic
  22. 22. Conclusion 0 Defending a DDoS attack 0 Ingress filtering 0 Traceback 0 Pushback
  23. 23. !! For Regarding any question contact me !! http://www.maulikkotak.webnode.com http://www.facebook.com/maulikkotakstar http://www.twitter.com/maulikkotakstar
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×