SlideShare a Scribd company logo

4-DDoS-DES-CEN451-BSE-Fall2023-16102023-082938pm (1).pdf

U
UsamaBSEBUIC

Denial-of-service (DoS) attack: is an action that prevents or impairs the authorized use of networks, systems or applications by exhausting resources such as central processing units (CPU), memory, bandwidth and disk space. OR • Denial-of-service (DoS) attack: An attack that attempts to overwhelm a computer’s ability to handle incoming communications, prohibiting legitimate users from accessing those systems. Distributed DoS (DDoS) attack: A form of DoS attack in which a coordinated stream of requests is launched against a target from many locations simultaneously using bots or zombies. • Bot (also referred as botnet or zombie): an abbreviation of robot, which is an automated software program that executes certain commands when it receives a specific input. Not Defendable Attacks • DDoS attacks are difficult to defend against, and currently there are no controls that any single organization can apply! WHY? • Any system connected to the Internet and providing TCP-based network services (such as a Web server, FTP server, mail server, routers) is vulnerable to DoS/DDoS attacks.

Technology
1 of 36
Download to read offline
Denial / Distributed Denial of Service Attacks (DoS / DDoS) Information Security (CSC-407) Fall 2023 (BSE-7A & 7B)
Fall 2023 Availability of Service & Denial of Service • Availability relates to a system being accessible and usable on- demand by authorized users. • Denial-of-service (DoS) attack attempts to compromise the availability by hindering or completely blocking the provision of some service. • The attack attempts to exhaust some critical “resource(s)” associated with the service. • First known DDoS attack occurred in 1996 when Panix ISP was knocked offline for several days by a SYN flood attack. IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 2
Fall 2023 DoS and DDoS • Denial-of-service (DoS) attack: is an action that prevents or impairs the authorized use of networks, systems or applications by exhausting resources such as central processing units (CPU), memory, bandwidth and disk space. OR • Denial-of-service (DoS) attack: An attack that attempts to overwhelm a computer’s ability to handle incoming communications, prohibiting legitimate users from accessing those systems. IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 3
Fall 2023 DoS and DDoS (Cont.) • Distributed DoS (DDoS) attack: A form of DoS attack in which a coordinated stream of requests is launched against a target from many locations simultaneously using bots or zombies. • Bot (also referred as botnet or zombie): an abbreviation of robot, which is an automated software program that executes certain commands when it receives a specific input. IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 4
Fall 2023 DDoS Attack Diagram IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 5
Fall 2023 DDoS Attack on Bandwidth IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 6
Fall 2023 Use of Reflectors IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 7
Fall 2023 Distributed Reflection DoS (DRDoS) Attack IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 8
Fall 2023 Not Defendable Attacks • DDoS attacks are difficult to defend against, and currently there are no controls that any single organization can apply! WHY? • Any system connected to the Internet and providing TCP-based network services (such as a Web server, FTP server, mail server, routers) is vulnerable to DoS/DDoS attacks. IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 9
Fall 2023 Increasing DDoS Attacks DDoS attacks are expected to increase, Why? 1. The introduction of 5G technologies has accelerated the spread of Internet of Things (IoT) around the world. Hence, creating a huge pool of “under protected” new recruits for botnet armies used to launch DDoS attacks on massive scales. IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 10
Fall 2023 Increasing DDoS Attacks (Cont.) DDoS attacks are expected to increase: 2. The increase of inexpensive DDoS-as-a-service platforms. • Hping3: http://www.hping.org • HULK: https://siberianlaika.ru • High Orbit Ion Cannon (HOIC): https://sourceforge.net IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 11
Fall 2023 Increasing DDoS Attacks (Cont.) • In-terms of attack volume, DDoS attacks have increased from 400 Mbps in 2002, to 100 Gbps in 2010, to 300 Gbps in 2013 and to 600 Gbps in 2015. • The above phenomenon is mainly due to the growth in the Internet bandwidth! • In-terms of attack numbers, Cisco predicts that DDoS attacks will double from the 7.9 million (2018) to 15.4 million (2023). IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 12
Fall 2023 Increasing DDoS Attacks (Cont.) IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 13 Cisco’s analysis of DDoS total attacks: history & predictions.
Fall 2023 Increasing DDoS Attacks (Cont.) • During the pandemic, there was a rapid increase in DDoS weapons, widespread botnet activity and largest DDoS attacks ever recorded. 1. Amazon Inc. reports that in February 2020, they defended against a 2.3 Tbps DDoS attack. 2. In November 2021, Microsoft mitigated a DDoS attack targeting an Azure customer with a throughput of 3.45 Tbps. This is believed to be the largest in History (so far). IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 14
Fall 2023 Increasing DDoS Attacks (Cont.) • Massive DDoS attacks in 50 Gbps range are powerful enough to exceed the bandwidth capacity of almost any intended target, including core Internet Exchanges or critical DNS servers. • However, a DDoS attack of 1 Gbps is enough to knock most organizations off the internet. IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 15
Fall 2023 Cost of DDoS Attacks • Given that IT services downtime costs companies anywhere from $300,000 to over $1,000,000 per hour, we can imagine the financial hit from DDoS attacks. • DDoS attack can damage brand reputation and revenue. • DDoS attacks are sometimes used to distract cybersecurity operations while other criminal activity, such as data theft or network infiltration is underway. IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 16
Fall 2023 Nature of DDoS • Several categories of resources could be attacked in DDoS: 1. Network bandwidth 2. System resources 3. Application resources IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 17
Fall 2023 Network Bandwidth Attack • Network bandwidth relates to the network’s link capacity connecting a server to the Internet through ISP. • In DDoS attack, majority of traffic directed at the target server is malicious which overwhelms any legitimate traffic, hence denying legitimate users access to the server. IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 18
Fall 2023 System Resources Attack • A DoS attack targeting system resources typically aims at its “network handling software” to: 1. Overload the system 2. Crash the system IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 19
Fall 2023 System Resources Attack: Overload • Rather than consuming bandwidth with large volumes of traffic, specific types of packets are sent that “consume” the limited resources available on the system. These include:  Temporary buffers (used to hold arriving packets)  Tables of open connections  Memory data structures • The SYN spoofing attack is of this type, which targets the table of TCP connections on the server. IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 20
Fall 2023 System Resources Attack: Crash • Another form of system resource attack uses packets whose structure triggers a bug in the “system’s network handling software”, causing it to crash. This is known as a poison packet, which include:  Ping of Death attack: targets ICMP echo request packets.  Teardrop attacks: targets packet fragmentation. • After crashing, the system can no longer communicate over the network until this software is reloaded (generally by rebooting). IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 21
Fall 2023 Application Resources Attack • Similar to “System Resources Attack”, the “Application Resources Attack” can: 1. Overload the application: An attack on a “specific application”, such as a Web server, typically involves a number of valid requests, each of which consumes significant resources. This in-turn limits the server to respond to requests from valid users. 2. Crash the application: An attacker constructs a request that triggers a bug in the server program, causing it to crash. IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 22
Fall 2023 Application Resources Attack (Cont.) • Example: a Web server might handle database queries. If a large and costly query is received, then a server can be overloaded, hence limiting its ability to respond to valid requests from other users. IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 23
DDoS Attack: Mirai Malware
Fall 2023 Mirai Malware • Mirai is the name of a malicious software that infected IoT devices in August of 2016. • Till date, Mirai is considered to be the most damaging DDoS attack in history that spawned from insecure IoT devices in remote areas. • The attack came in form of botnets (zombie agent) that generated massive DDoS storm. • The botnet devices comprised IP cameras, DVRs, consumer routers, VOIP phones and printers. IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 25
Fall 2023 Mirai Malware (Cont.) • In total, 600,000 IoT devices were infected as part of the botnet. • Targets included “Krebs on Security”, Dyn, Lonestar cell, Italian political sites, Minecraft servers, Russian auction sites. • Dyn had secondary effects on other extremely large providers that used their services, such as Sony Playstation servers, Amazon, GitHub, Netflix, PayPal, Reddit and Twitter. • Mirai source code was released on hackforums.net (a hacker blog site). IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 26
Fall 2023 Mirai Malware (Cont.) Mirai attack working mechanism: 1. Scan for victims: perform a rapid scan using TCP SYN packets to probe random IPv4 addresses. It specifically looked for SSH/Telnet TCP port 23 and 2323. 2. Brute Force Telnet: Mirai attempted to establish a functional Telnet session with a victim by sending 10 username and password pairs randomly using a dictionary attack of 62 pairs. If a login was successful, Mirai logged the host to a central C2 server. IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 27
Fall 2023 Mirai Malware (Cont.) Mirai attack working mechanism: 3. Infect: a loader program (device specific malware) was sent to potential victim from server C2. The program searches for other competing processes using port 23 and kills them (along with other malware that could already be present on the device). The loader binary was deleted and the process name was “obfuscated” to hide its presence. The malware did not reside in persistent storage and didn't survive a reboot. The bot stayed dormant until it received an attack command. IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 28
Fall 2023 Mirai Malware (Cont.) • First scan (reconnaissance attack) occurred on August 1, 2016. • The scan took 120 minutes before it found a host with an open port and password in the dictionary. • After one additional minute, 834 other devices were infected. • Within 20 hours, 64,500 devices were infected. • Most of infected devices that turned into botnets were located in Brazil (15.0%), Columbia (14.0%) and Vietnam (12.5%). IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 29
Fall 2023 Mirai Malware (Cont.) • September 21, 2016, the Mirai botnet unleashed a massive DDoS attack on the Krebs on Security blogging site and generated 623 Gbps of traffic. It accounted for the single worst DDoS attack of all time. • Over a span of five months, 15,194 individual attack commands were issued by the C2 servers and hit 5,042 internet sites. • Global DDoS attack map: https://www.digitalattackmap.com/ IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 30
Fall 2023 IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 31
Fall 2023 IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 32
Fall 2023 IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 33
Fall 2023 IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 34 https://horizon.netscout.com/
Fall 2023 IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 35
Thank You!

Recommended

Distributed Denial Of Service ( Ddos )
Distributed Denial Of Service ( Ddos )Distributed Denial Of Service ( Ddos )
Distributed Denial Of Service ( Ddos )Sharon Lee
 
Ix3615551559
Ix3615551559Ix3615551559
Ix3615551559IJERA Editor
 
IRJET- A Survey on DDOS Attack in Manet
IRJET- A Survey on DDOS Attack in ManetIRJET- A Survey on DDOS Attack in Manet
IRJET- A Survey on DDOS Attack in ManetIRJET Journal
 
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...IJNSA Journal
 
L1803046876
L1803046876L1803046876
L1803046876IOSR Journals
 
Study of flooding based ddos attacks and their effect using deter testbed
Study of flooding based ddos attacks and their effect using deter testbedStudy of flooding based ddos attacks and their effect using deter testbed
Study of flooding based ddos attacks and their effect using deter testbedeSAT Journals
 
Study of flooding based d do s attacks and their effect using deter testbed
Study of flooding based d do s attacks and their effect using deter testbedStudy of flooding based d do s attacks and their effect using deter testbed
Study of flooding based d do s attacks and their effect using deter testbedeSAT Publishing House
 
A new way to prevent Botnet Attack
A new way to prevent Botnet AttackA new way to prevent Botnet Attack
A new way to prevent Botnet Attackyennhi2812
 

Recommended

Distributed Denial Of Service ( Ddos )
Distributed Denial Of Service ( Ddos )Distributed Denial Of Service ( Ddos )
Distributed Denial Of Service ( Ddos )Sharon Lee
 
Ix3615551559
Ix3615551559Ix3615551559
Ix3615551559IJERA Editor
 
IRJET- A Survey on DDOS Attack in Manet
IRJET- A Survey on DDOS Attack in ManetIRJET- A Survey on DDOS Attack in Manet
IRJET- A Survey on DDOS Attack in ManetIRJET Journal
 
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...IJNSA Journal
 
L1803046876
L1803046876L1803046876
L1803046876IOSR Journals
 
Study of flooding based ddos attacks and their effect using deter testbed
Study of flooding based ddos attacks and their effect using deter testbedStudy of flooding based ddos attacks and their effect using deter testbed
Study of flooding based ddos attacks and their effect using deter testbedeSAT Journals
 
Study of flooding based d do s attacks and their effect using deter testbed
Study of flooding based d do s attacks and their effect using deter testbedStudy of flooding based d do s attacks and their effect using deter testbed
Study of flooding based d do s attacks and their effect using deter testbedeSAT Publishing House
 
A new way to prevent Botnet Attack
A new way to prevent Botnet AttackA new way to prevent Botnet Attack
A new way to prevent Botnet Attackyennhi2812
 
Presentation1 shweta
Presentation1 shweta Presentation1 shweta
Presentation1 shweta swet4
 
3-JournalofCommunicationsVol.14No.2February2019.pdf
3-JournalofCommunicationsVol.14No.2February2019.pdf3-JournalofCommunicationsVol.14No.2February2019.pdf
3-JournalofCommunicationsVol.14No.2February2019.pdfPrasannaKumarpanda2
 
Using the Web or another research tool, search for alternative means.pdf
Using the Web or another research tool, search for alternative means.pdfUsing the Web or another research tool, search for alternative means.pdf
Using the Web or another research tool, search for alternative means.pdffms12345
 
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSPASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSIJNSA Journal
 
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSPASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSIJNSA Journal
 
A study on securing cloud environment from d do s attack to preserve data ava...
A study on securing cloud environment from d do s attack to preserve data ava...A study on securing cloud environment from d do s attack to preserve data ava...
A study on securing cloud environment from d do s attack to preserve data ava...Manimaran A
 
DDoS.ppt
DDoS.pptDDoS.ppt
DDoS.pptEllenSutiyem
 
Whitepaper on DDoS Mitigation
Whitepaper on DDoS MitigationWhitepaper on DDoS Mitigation
Whitepaper on DDoS MitigationGaurav Bhatia
 
comparing-approaches-for-web-dns-infrastructure-security-white-paper
comparing-approaches-for-web-dns-infrastructure-security-white-papercomparing-approaches-for-web-dns-infrastructure-security-white-paper
comparing-approaches-for-web-dns-infrastructure-security-white-paperRenny Shen
 
Encountering distributed denial of service attack utilizing federated softwar...
Encountering distributed denial of service attack utilizing federated softwar...Encountering distributed denial of service attack utilizing federated softwar...
Encountering distributed denial of service attack utilizing federated softwar...IJECEIAES
 
A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONS
A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONSA SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONS
A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONSIJNSA Journal
 
A survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigationsA survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigationsIJNSA Journal
 
A survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigationsA survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigationsIJNSA Journal
 
A041201010
A041201010A041201010
A041201010ijceronline
 
Preventing Distributed Denial of Service Attacks in Cloud Environments
Preventing Distributed Denial of Service Attacks in Cloud Environments Preventing Distributed Denial of Service Attacks in Cloud Environments
Preventing Distributed Denial of Service Attacks in Cloud Environments IJITCA Journal
 
PREVENTING DISTRIBUTED DENIAL OF SERVICE ATTACKS IN CLOUD ENVIRONMENTS
PREVENTING DISTRIBUTED DENIAL OF SERVICE ATTACKS IN CLOUD ENVIRONMENTS PREVENTING DISTRIBUTED DENIAL OF SERVICE ATTACKS IN CLOUD ENVIRONMENTS
PREVENTING DISTRIBUTED DENIAL OF SERVICE ATTACKS IN CLOUD ENVIRONMENTS IJITCA Journal
 
Network Attacks - (Information Assurance and Security)BS in Information Techn...
Network Attacks - (Information Assurance and Security)BS in Information Techn...Network Attacks - (Information Assurance and Security)BS in Information Techn...
Network Attacks - (Information Assurance and Security)BS in Information Techn...SyvilMaeTapinit
 
DDOS Attack on Cloud Platforms.pptx
DDOS Attack on Cloud Platforms.pptxDDOS Attack on Cloud Platforms.pptx
DDOS Attack on Cloud Platforms.pptxShaimKibria
 
A REVIEW ON DDOS PREVENTION AND DETECTION METHODOLOGY
A REVIEW ON DDOS PREVENTION AND DETECTION METHODOLOGYA REVIEW ON DDOS PREVENTION AND DETECTION METHODOLOGY
A REVIEW ON DDOS PREVENTION AND DETECTION METHODOLOGYijasa
 
IoT Security, Mirai Revisited
IoT Security, Mirai RevisitedIoT Security, Mirai Revisited
IoT Security, Mirai RevisitedClare Nelson, CISSP, CIPP-E
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDubai Multi Commodity Centre
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 

More Related Content

Similar to 4-DDoS-DES-CEN451-BSE-Fall2023-16102023-082938pm (1).pdf

Presentation1 shweta
Presentation1 shweta Presentation1 shweta
Presentation1 shweta swet4
 
3-JournalofCommunicationsVol.14No.2February2019.pdf
3-JournalofCommunicationsVol.14No.2February2019.pdf3-JournalofCommunicationsVol.14No.2February2019.pdf
3-JournalofCommunicationsVol.14No.2February2019.pdfPrasannaKumarpanda2
 
Using the Web or another research tool, search for alternative means.pdf
Using the Web or another research tool, search for alternative means.pdfUsing the Web or another research tool, search for alternative means.pdf
Using the Web or another research tool, search for alternative means.pdffms12345
 
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSPASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSIJNSA Journal
 
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSPASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSIJNSA Journal
 
A study on securing cloud environment from d do s attack to preserve data ava...
A study on securing cloud environment from d do s attack to preserve data ava...A study on securing cloud environment from d do s attack to preserve data ava...
A study on securing cloud environment from d do s attack to preserve data ava...Manimaran A
 
Whitepaper on DDoS Mitigation
Whitepaper on DDoS MitigationWhitepaper on DDoS Mitigation
Whitepaper on DDoS MitigationGaurav Bhatia
 
comparing-approaches-for-web-dns-infrastructure-security-white-paper
comparing-approaches-for-web-dns-infrastructure-security-white-papercomparing-approaches-for-web-dns-infrastructure-security-white-paper
comparing-approaches-for-web-dns-infrastructure-security-white-paperRenny Shen
 
Encountering distributed denial of service attack utilizing federated softwar...
Encountering distributed denial of service attack utilizing federated softwar...Encountering distributed denial of service attack utilizing federated softwar...
Encountering distributed denial of service attack utilizing federated softwar...IJECEIAES
 
A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONS
A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONSA SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONS
A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONSIJNSA Journal
 
A survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigationsA survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigationsIJNSA Journal
 
A survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigationsA survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigationsIJNSA Journal
 
Preventing Distributed Denial of Service Attacks in Cloud Environments
Preventing Distributed Denial of Service Attacks in Cloud Environments Preventing Distributed Denial of Service Attacks in Cloud Environments
Preventing Distributed Denial of Service Attacks in Cloud Environments IJITCA Journal
 
PREVENTING DISTRIBUTED DENIAL OF SERVICE ATTACKS IN CLOUD ENVIRONMENTS
PREVENTING DISTRIBUTED DENIAL OF SERVICE ATTACKS IN CLOUD ENVIRONMENTS PREVENTING DISTRIBUTED DENIAL OF SERVICE ATTACKS IN CLOUD ENVIRONMENTS
PREVENTING DISTRIBUTED DENIAL OF SERVICE ATTACKS IN CLOUD ENVIRONMENTS IJITCA Journal
 
Network Attacks - (Information Assurance and Security)BS in Information Techn...
Network Attacks - (Information Assurance and Security)BS in Information Techn...Network Attacks - (Information Assurance and Security)BS in Information Techn...
Network Attacks - (Information Assurance and Security)BS in Information Techn...SyvilMaeTapinit
 
DDOS Attack on Cloud Platforms.pptx
DDOS Attack on Cloud Platforms.pptxDDOS Attack on Cloud Platforms.pptx
DDOS Attack on Cloud Platforms.pptxShaimKibria
 
A REVIEW ON DDOS PREVENTION AND DETECTION METHODOLOGY
A REVIEW ON DDOS PREVENTION AND DETECTION METHODOLOGYA REVIEW ON DDOS PREVENTION AND DETECTION METHODOLOGY
A REVIEW ON DDOS PREVENTION AND DETECTION METHODOLOGYijasa
 

Similar to 4-DDoS-DES-CEN451-BSE-Fall2023-16102023-082938pm (1).pdf (20)

Presentation1 shweta
Presentation1 shweta Presentation1 shweta
Presentation1 shweta
 
3-JournalofCommunicationsVol.14No.2February2019.pdf
3-JournalofCommunicationsVol.14No.2February2019.pdf3-JournalofCommunicationsVol.14No.2February2019.pdf
3-JournalofCommunicationsVol.14No.2February2019.pdf
 
Using the Web or another research tool, search for alternative means.pdf
Using the Web or another research tool, search for alternative means.pdfUsing the Web or another research tool, search for alternative means.pdf
Using the Web or another research tool, search for alternative means.pdf
 
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSPASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
 
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSPASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKS
 
A study on securing cloud environment from d do s attack to preserve data ava...
A study on securing cloud environment from d do s attack to preserve data ava...A study on securing cloud environment from d do s attack to preserve data ava...
A study on securing cloud environment from d do s attack to preserve data ava...
 
DDoS.ppt
DDoS.pptDDoS.ppt
DDoS.ppt
 
Whitepaper on DDoS Mitigation
Whitepaper on DDoS MitigationWhitepaper on DDoS Mitigation
Whitepaper on DDoS Mitigation
 
comparing-approaches-for-web-dns-infrastructure-security-white-paper
comparing-approaches-for-web-dns-infrastructure-security-white-papercomparing-approaches-for-web-dns-infrastructure-security-white-paper
comparing-approaches-for-web-dns-infrastructure-security-white-paper
 
Encountering distributed denial of service attack utilizing federated softwar...
Encountering distributed denial of service attack utilizing federated softwar...Encountering distributed denial of service attack utilizing federated softwar...
Encountering distributed denial of service attack utilizing federated softwar...
 
A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONS
A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONSA SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONS
A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONS
 
A survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigationsA survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigations
 
A survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigationsA survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigations
 
A041201010
A041201010A041201010
A041201010
 
Preventing Distributed Denial of Service Attacks in Cloud Environments
Preventing Distributed Denial of Service Attacks in Cloud Environments Preventing Distributed Denial of Service Attacks in Cloud Environments
Preventing Distributed Denial of Service Attacks in Cloud Environments
 
PREVENTING DISTRIBUTED DENIAL OF SERVICE ATTACKS IN CLOUD ENVIRONMENTS
PREVENTING DISTRIBUTED DENIAL OF SERVICE ATTACKS IN CLOUD ENVIRONMENTS PREVENTING DISTRIBUTED DENIAL OF SERVICE ATTACKS IN CLOUD ENVIRONMENTS
PREVENTING DISTRIBUTED DENIAL OF SERVICE ATTACKS IN CLOUD ENVIRONMENTS
 
Network Attacks - (Information Assurance and Security)BS in Information Techn...
Network Attacks - (Information Assurance and Security)BS in Information Techn...Network Attacks - (Information Assurance and Security)BS in Information Techn...
Network Attacks - (Information Assurance and Security)BS in Information Techn...
 
DDOS Attack on Cloud Platforms.pptx
DDOS Attack on Cloud Platforms.pptxDDOS Attack on Cloud Platforms.pptx
DDOS Attack on Cloud Platforms.pptx
 
A REVIEW ON DDOS PREVENTION AND DETECTION METHODOLOGY
A REVIEW ON DDOS PREVENTION AND DETECTION METHODOLOGYA REVIEW ON DDOS PREVENTION AND DETECTION METHODOLOGY
A REVIEW ON DDOS PREVENTION AND DETECTION METHODOLOGY
 
IoT Security, Mirai Revisited
IoT Security, Mirai RevisitedIoT Security, Mirai Revisited
IoT Security, Mirai Revisited
 

Recently uploaded

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 

Recently uploaded (20)

DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 

4-DDoS-DES-CEN451-BSE-Fall2023-16102023-082938pm (1).pdf

  • 1. Denial / Distributed Denial of Service Attacks (DoS / DDoS) Information Security (CSC-407) Fall 2023 (BSE-7A & 7B)
  • 2. Fall 2023 Availability of Service & Denial of Service • Availability relates to a system being accessible and usable on- demand by authorized users. • Denial-of-service (DoS) attack attempts to compromise the availability by hindering or completely blocking the provision of some service. • The attack attempts to exhaust some critical “resource(s)” associated with the service. • First known DDoS attack occurred in 1996 when Panix ISP was knocked offline for several days by a SYN flood attack. IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 2
  • 3. Fall 2023 DoS and DDoS • Denial-of-service (DoS) attack: is an action that prevents or impairs the authorized use of networks, systems or applications by exhausting resources such as central processing units (CPU), memory, bandwidth and disk space. OR • Denial-of-service (DoS) attack: An attack that attempts to overwhelm a computer’s ability to handle incoming communications, prohibiting legitimate users from accessing those systems. IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 3
  • 4. Fall 2023 DoS and DDoS (Cont.) • Distributed DoS (DDoS) attack: A form of DoS attack in which a coordinated stream of requests is launched against a target from many locations simultaneously using bots or zombies. • Bot (also referred as botnet or zombie): an abbreviation of robot, which is an automated software program that executes certain commands when it receives a specific input. IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 4
  • 5. Fall 2023 DDoS Attack Diagram IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 5
  • 6. Fall 2023 DDoS Attack on Bandwidth IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 6
  • 7. Fall 2023 Use of Reflectors IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 7
  • 8. Fall 2023 Distributed Reflection DoS (DRDoS) Attack IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 8
  • 9. Fall 2023 Not Defendable Attacks • DDoS attacks are difficult to defend against, and currently there are no controls that any single organization can apply! WHY? • Any system connected to the Internet and providing TCP-based network services (such as a Web server, FTP server, mail server, routers) is vulnerable to DoS/DDoS attacks. IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 9
  • 10. Fall 2023 Increasing DDoS Attacks DDoS attacks are expected to increase, Why? 1. The introduction of 5G technologies has accelerated the spread of Internet of Things (IoT) around the world. Hence, creating a huge pool of “under protected” new recruits for botnet armies used to launch DDoS attacks on massive scales. IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 10
  • 11. Fall 2023 Increasing DDoS Attacks (Cont.) DDoS attacks are expected to increase: 2. The increase of inexpensive DDoS-as-a-service platforms. • Hping3: http://www.hping.org • HULK: https://siberianlaika.ru • High Orbit Ion Cannon (HOIC): https://sourceforge.net IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 11
  • 12. Fall 2023 Increasing DDoS Attacks (Cont.) • In-terms of attack volume, DDoS attacks have increased from 400 Mbps in 2002, to 100 Gbps in 2010, to 300 Gbps in 2013 and to 600 Gbps in 2015. • The above phenomenon is mainly due to the growth in the Internet bandwidth! • In-terms of attack numbers, Cisco predicts that DDoS attacks will double from the 7.9 million (2018) to 15.4 million (2023). IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 12
  • 13. Fall 2023 Increasing DDoS Attacks (Cont.) IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 13 Cisco’s analysis of DDoS total attacks: history & predictions.
  • 14. Fall 2023 Increasing DDoS Attacks (Cont.) • During the pandemic, there was a rapid increase in DDoS weapons, widespread botnet activity and largest DDoS attacks ever recorded. 1. Amazon Inc. reports that in February 2020, they defended against a 2.3 Tbps DDoS attack. 2. In November 2021, Microsoft mitigated a DDoS attack targeting an Azure customer with a throughput of 3.45 Tbps. This is believed to be the largest in History (so far). IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 14
  • 15. Fall 2023 Increasing DDoS Attacks (Cont.) • Massive DDoS attacks in 50 Gbps range are powerful enough to exceed the bandwidth capacity of almost any intended target, including core Internet Exchanges or critical DNS servers. • However, a DDoS attack of 1 Gbps is enough to knock most organizations off the internet. IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 15
  • 16. Fall 2023 Cost of DDoS Attacks • Given that IT services downtime costs companies anywhere from $300,000 to over $1,000,000 per hour, we can imagine the financial hit from DDoS attacks. • DDoS attack can damage brand reputation and revenue. • DDoS attacks are sometimes used to distract cybersecurity operations while other criminal activity, such as data theft or network infiltration is underway. IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 16
  • 17. Fall 2023 Nature of DDoS • Several categories of resources could be attacked in DDoS: 1. Network bandwidth 2. System resources 3. Application resources IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 17
  • 18. Fall 2023 Network Bandwidth Attack • Network bandwidth relates to the network’s link capacity connecting a server to the Internet through ISP. • In DDoS attack, majority of traffic directed at the target server is malicious which overwhelms any legitimate traffic, hence denying legitimate users access to the server. IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 18
  • 19. Fall 2023 System Resources Attack • A DoS attack targeting system resources typically aims at its “network handling software” to: 1. Overload the system 2. Crash the system IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 19
  • 20. Fall 2023 System Resources Attack: Overload • Rather than consuming bandwidth with large volumes of traffic, specific types of packets are sent that “consume” the limited resources available on the system. These include:  Temporary buffers (used to hold arriving packets)  Tables of open connections  Memory data structures • The SYN spoofing attack is of this type, which targets the table of TCP connections on the server. IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 20
  • 21. Fall 2023 System Resources Attack: Crash • Another form of system resource attack uses packets whose structure triggers a bug in the “system’s network handling software”, causing it to crash. This is known as a poison packet, which include:  Ping of Death attack: targets ICMP echo request packets.  Teardrop attacks: targets packet fragmentation. • After crashing, the system can no longer communicate over the network until this software is reloaded (generally by rebooting). IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 21
  • 22. Fall 2023 Application Resources Attack • Similar to “System Resources Attack”, the “Application Resources Attack” can: 1. Overload the application: An attack on a “specific application”, such as a Web server, typically involves a number of valid requests, each of which consumes significant resources. This in-turn limits the server to respond to requests from valid users. 2. Crash the application: An attacker constructs a request that triggers a bug in the server program, causing it to crash. IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 22
  • 23. Fall 2023 Application Resources Attack (Cont.) • Example: a Web server might handle database queries. If a large and costly query is received, then a server can be overloaded, hence limiting its ability to respond to valid requests from other users. IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 23
  • 25. Fall 2023 Mirai Malware • Mirai is the name of a malicious software that infected IoT devices in August of 2016. • Till date, Mirai is considered to be the most damaging DDoS attack in history that spawned from insecure IoT devices in remote areas. • The attack came in form of botnets (zombie agent) that generated massive DDoS storm. • The botnet devices comprised IP cameras, DVRs, consumer routers, VOIP phones and printers. IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 25
  • 26. Fall 2023 Mirai Malware (Cont.) • In total, 600,000 IoT devices were infected as part of the botnet. • Targets included “Krebs on Security”, Dyn, Lonestar cell, Italian political sites, Minecraft servers, Russian auction sites. • Dyn had secondary effects on other extremely large providers that used their services, such as Sony Playstation servers, Amazon, GitHub, Netflix, PayPal, Reddit and Twitter. • Mirai source code was released on hackforums.net (a hacker blog site). IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 26
  • 27. Fall 2023 Mirai Malware (Cont.) Mirai attack working mechanism: 1. Scan for victims: perform a rapid scan using TCP SYN packets to probe random IPv4 addresses. It specifically looked for SSH/Telnet TCP port 23 and 2323. 2. Brute Force Telnet: Mirai attempted to establish a functional Telnet session with a victim by sending 10 username and password pairs randomly using a dictionary attack of 62 pairs. If a login was successful, Mirai logged the host to a central C2 server. IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 27
  • 28. Fall 2023 Mirai Malware (Cont.) Mirai attack working mechanism: 3. Infect: a loader program (device specific malware) was sent to potential victim from server C2. The program searches for other competing processes using port 23 and kills them (along with other malware that could already be present on the device). The loader binary was deleted and the process name was “obfuscated” to hide its presence. The malware did not reside in persistent storage and didn't survive a reboot. The bot stayed dormant until it received an attack command. IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 28
  • 29. Fall 2023 Mirai Malware (Cont.) • First scan (reconnaissance attack) occurred on August 1, 2016. • The scan took 120 minutes before it found a host with an open port and password in the dictionary. • After one additional minute, 834 other devices were infected. • Within 20 hours, 64,500 devices were infected. • Most of infected devices that turned into botnets were located in Brazil (15.0%), Columbia (14.0%) and Vietnam (12.5%). IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 29
  • 30. Fall 2023 Mirai Malware (Cont.) • September 21, 2016, the Mirai botnet unleashed a massive DDoS attack on the Krebs on Security blogging site and generated 623 Gbps of traffic. It accounted for the single worst DDoS attack of all time. • Over a span of five months, 15,194 individual attack commands were issued by the C2 servers and hit 5,042 internet sites. • Global DDoS attack map: https://www.digitalattackmap.com/ IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 30
  • 31. Fall 2023 IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 31
  • 32. Fall 2023 IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 32
  • 33. Fall 2023 IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 33
  • 34. Fall 2023 IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 34 https://horizon.netscout.com/
  • 35. Fall 2023 IS (CSC-407) Dr. Osama Rehman, Department of Software Engineering 35