SlideShare a Scribd company logo

DoS.ppt

Download as PPT, PDF
V
VishalSb4

ddos

Engineering
1 of 35
1/42 Arab Academy for Banking &Financial Sciences Faculty of Information Systems & Technology - Department of CIS Information System Security Ph.D Prepared by : mohammad nassar Prepared To: Dr. lo’ai tawalbeh Denial of Service Attack (DoS)
2/42 Learning Objectives TYPES OF ATTACKS. Definitions of DoS and DDoS attacks . Costs of DoS attacks for victim organizations. Classification of DoS attacks. Strategic Firewall Placement. Default Deny. Detecting DDoS Attacks by Monitoring the Source IP addresses. Example. Conclusion.
3/42 TYPES OF ATTACKS Nontechnical attack Technical attack Denial-of-service attack Malicious code Sniffing Spoofing Virus Worm Trojan horse
4/42 • A DoS (Denial of Service) attack aims at preventing, for legitimate users, authorized access to a system resource . The attacker uses specialized software to send a flood of data packets to the target computer with the aim of overloading its resources • DDoS ( distributed Denial of Service attacks) A denial-of-service attack in which the attacker gains illegal administrative access to as many computers on the Internet as possible and uses the multiple computers to send a flood of data packets to the target computer Definitions of DoS and DDoS attacks
5/42 Distributed Denial-of-service (DDoS) attack
6/42 INTERNET INSECURITY • 􀂾 Morris worm of 1987 • 􀂾 Password sniffing attacks in 1994 • 􀂾 IP spoofing attacks in 1995 • 􀂾 Denial of service attacks in 1996 • 􀂾 Email borne viruses 1999 • 􀂾 Distributed denial of service attacks 2000 • 􀂾 Fast spreading worms and viruses 2003 • 􀂾 Spam 2004 • 􀂾 … no end in sight • 􀂾 Internet insecurity grows at super-Internet speed • 􀂾 security incidents are growing faster than the Internet (which has • roughly doubled every year since 1988)
7/42 Costs of DoS attacks for victim organizations • Denial of Service is currently the most expensive computer crime for victim organizations:
8/42 Classification of DoS attacks 1. Bandwidth consumption: Attacks will consume all available network bandwidth 2. Resource starvation: Attacks will consume system resources (mainly CPU, memory, storage space) 3. Programming flaws: Failures of applications or OS components to handle exceptional conditions (i.e. unexpected data is sent to a vulnerable component). 4. Routing and DNS attacks:  manipulate routing tables.  changing routing tables to route to attacker’s net or black hole.  attack to DNS servers, again route to attackers or black hole.
9/42 examples  Smurf  1. Attacker sends sustained ICMP (availability of host) Echo packets (ping) to broadcast address of the amplifying network, with source address is forged.  2. Since traffic was sent to broadcast address all hosts in the amplifying LAN will answer to the victim’s IP address.  Ping of death???
10/42 Ping (win XP)  C:>ping 64.233.183.103 with 32 bytes of data (yahoo)  Reply from 64.233.183.103: bytes=32 time=25ms TTL=245  Reply from 64.233.183.103: bytes=32 time=22ms TTL=245  Reply from 64.233.183.103: bytes=32 time=25ms TTL=246  Reply from 64.233.183.103: bytes=32 time=22ms TTL=246  Ping statistics for 64.233.183.103: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
11/42 examples  Syn flood  TCP three-way handshake: • The client requests a connection by sending a SYN (synchronize) message to the server. • The server acknowledges this request by sending SYN-ACK back to the client, which, • Responds with an ACK, and the connection is established.  How it work………???  1. attacker sends SYN packet to victim forging non-existent IP address  2. victim replies with Syn/Ack but neither receives Ack nor RST from non-existent IP address  3. victim keeps potential connection in a queue in Syn_Recv state, but the queue is small and takes some time to timeout and flush the queue, e.g 75 seconds  4. If a few SYN packets are sent by the attacker every 10 seconds, the victim will never clear the queue and stops to respond.
12/42 examples  LAND: • The attack involves sending a spoofed TCP SYN packet (connection initiation) with the target host's IP address as both source and destination. • It uses ports (echo and chargen ports).
13/42 Bottleneck • To shut down the company’s connection, a hacker only has to overload this relatively slow part of the line. • To stop DDoS attacks, illegitimate traffic must never be allowed to reach the bottleneck.
14/42 ISP Cable connection (Bottleneck) Normal connection Firewall (Bad traffic stopped here)
15/42 Strategic Firewall Placement • In the strategic firewall placement method, the company’s firewall is placed on the ISP’s premises. • This means that the line connecting the ISP router to the firewall is very short, and a much higher bandwidth line (ex. Ethernet) can be used for this connection at very little extra cost.
16/42 ISP Firewall Ethernet connection Bottleneck Strategic Firewall Placement ISP Firewall (Bad traffic stopped here) Ethernet connection Bottleneck
17/42 Strategic Firewall Placement • Firewall remains under the control of the company. • Now the company is able to control exactly which traffic is allowed into the bottleneck part of the connection.
18/42 Strategic Firewall Placement • In the old setup, to thwart a DDoS attack, the company had to call the ISP and tell them which kinds of packets to filter. • The company’s internet connection remained inoperative until the ISP was able to complete the company’s request. • When the company controls the firewall, as in strategic firewall placement, they can instead filter unwanted packets almost immediately.
19/42 Additional Requirements • Moving the firewall is helpful, but, to completely protect against DDoS attacks, the company also has to change the way its firewall handles inbound connection requests.
20/42 Default Deny • Again !!!!!!TCP three-way handshake ……
21/42 Spoofed TCP/SYN SYN/ACK Blocked Connection Default Deny • If every TCP/SYN packet is allowed to reach the company server, hackers can flood the company’s server with these packets, and overload the connection. • Instead, the firewall sends back a SYN/ACK packet to the source IP. • Once the firewall sends out the SYN/ACK packet, it only allows a connection from the IP address that sent the original TCP/SYN packet. • A hacker has to have control of that IP address to be able to connect to the company. Firewall Real TCP/SYN SYN/ACK Connection Allowed Server 1 2
22/42 Default Deny • Default Deny helps prevent a technique known as “spoofing” IP addresses.
23/42 Firewall Capabilities • Maintaining these policies could require a lot of computational power from the firewall. • Firewall may not be able to handle the entire job itself. • The processing work of the firewall can be spread among multiple computers if necessary, and those computers would feed directly into the firewall.
24/42 Simulation of Strategic Firewall Placement (NS-2 to simulate DDoS traffic.) DDoS attack Legitimate traffic Router Firewall Target Buildup of packets in queue on high-speed link 1.5 mbps
25/42 Simulation of Strategic Firewall Placement • When the link leading up to the firewall is too slow, a DDoS attack basically shuts down the system. • When the link leading up to the firewall is fast enough, the system continues running through a DDoS attack, even after the attack is increased in intensity from 50 to 100 mbps.
26/42 How to know if an attack is happening? • Not all disruptions to service are the result of a DOS. There may be technical problems with a particular network. However, the following symptoms could indicate a DoS or DDoS attack: • Unusually slow network performance • Unavailability of a particular web site • Inability to access any web site or any resources • Dramatic increase in the amount of spam received in the account.
27/42 Detecting Distributed Denial of Service Attacks by Monitoring the Source IP addresses • IP addresses in DDoS attack traffic did not appear before. [Peng et al. 2003] • Monitoring the traffic volume is likely to create high false positive • Monitoring the percentage of new IP addresses is very effective in detecting the attacks
28/42 there are no effective ways to prevent being the victim of a DoS or DDoS attack, but these ways can help: • Install anti-virus software • Install a firewall, • Applying email filters may help manage unwanted traffic How to avoid being part of the problem?
29/42 Example (spoofed DoS attack ) • A spoofed DoS attack is a process in which one host (usually a server or router) sends a flood of network traffic to another host .
30/42 A&B • B: target machine (Athlon 64 3400+ with 1 GB of RAM). • A: The source machine is a Pentium( 3) 700 with 512 MB of RAM.
31/42 Using xxpoof … Why?
32/42 Target Machine Health
33/42 Source Machine Health
34/42 Conclusion  Denial of Service is currently the most expensive computer crime for victim organizations. Strategic firewall placement allows companies to use the Internet during a DDoS attack, and it allows them to continue receiving the packets they want. Distributed Denial of Service Attacks could be Detected by Monitoring the Source IP. It is easy to generate a successful DDoS attack that bypasses these defenses.
35/42 References: • Turban, Efraim; King,davaid;lee Jae;viehland ,Dannis, (2006),electronic Commerce A Managerial Perspective .International Edition ,Prentice Hall • Chatam, W. Rice, J. and Hamilton, J.A. Jr., "Using Simulation to Analyze Denial of Service Attacks" 2004 • Advanced Simulation Technology Conference, April 18 - 24, Arlington, VA,2004 • Distributed and Cooperating Firewalls in a Secure Data Network,” IEEE Transactions on Knowledge and Data Engineering, IEEE Educational Activities Department, vol 40, no 5, (September): pp 1307 – 1315, 2003. • S. Gibson, “Distributed Reflection Denial of Service. Description and analysis of a potent, increasingly prevalent, and worrisome Internet attack,” February 22, 2002, available at http://grc.com/dos/drdos.htm • Smith, R.; Chen, Y; and Bhattacharya, S., “Cascade of Huegen C.A. , “The latest in Denial of Service attacks: smurfing description and information to minimize effects”, Feb 2000, available at http://www.pentics.net/denial-of- service/white-apers/smurf.cgi • United State Computer Emergency Readiness Team (2004) “Understanding Denial-of-Service Attacks” http://www.us- cert.gov/cas/tips/ST04-015.html • Williams, Charles (Dr.), (2001)“Who Goes There? Authentication in the On- Line World”, <http://www.bizforum.org/whitepapers/cylink002.htm

Recommended

DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM ijcseit
 
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISMDISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISMijcseit
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Gaurav Sharma
 
DDoS ATTACKS
DDoS ATTACKSDDoS ATTACKS
DDoS ATTACKSAnil Antony
 
denialofservice.pdfdos attacck basic details with interactive design
denialofservice.pdfdos attacck basic details with interactive designdenialofservice.pdfdos attacck basic details with interactive design
denialofservice.pdfdos attacck basic details with interactive designperfetbyedshareen
 
Denial of service
Denial of serviceDenial of service
Denial of servicegarishma bhatia
 
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!PriyadharshiniHemaku
 
DDoS-bdNOG
DDoS-bdNOGDDoS-bdNOG
DDoS-bdNOGZobair Khan
 

Recommended

DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM ijcseit
 
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISMDISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISMijcseit
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Gaurav Sharma
 
DDoS ATTACKS
DDoS ATTACKSDDoS ATTACKS
DDoS ATTACKSAnil Antony
 
denialofservice.pdfdos attacck basic details with interactive design
denialofservice.pdfdos attacck basic details with interactive designdenialofservice.pdfdos attacck basic details with interactive design
denialofservice.pdfdos attacck basic details with interactive designperfetbyedshareen
 
Denial of service
Denial of serviceDenial of service
Denial of servicegarishma bhatia
 
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!PriyadharshiniHemaku
 
DDoS-bdNOG
DDoS-bdNOGDDoS-bdNOG
DDoS-bdNOGZobair Khan
 
DDOS ATTACKS
DDOS ATTACKSDDOS ATTACKS
DDOS ATTACKSShaurya Gogia
 
DDoS.ppt
DDoS.pptDDoS.ppt
DDoS.pptEllenSutiyem
 
DoS/DDoS
DoS/DDoSDoS/DDoS
DoS/DDoSVihari Piratla
 
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/... Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...Suhail Khan
 
Session for InfoSecGirls - New age threat management vol 1
Session for InfoSecGirls - New age threat management vol 1Session for InfoSecGirls - New age threat management vol 1
Session for InfoSecGirls - New age threat management vol 1InfoSec Girls
 
DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeMyNOG
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS AttacksJignesh Patel
 
Destributed denial of service attack ppt
Destributed denial of service attack pptDestributed denial of service attack ppt
Destributed denial of service attack pptOECLIB Odisha Electronics Control Library
 
Innovation in Network Security
Innovation in Network Security Innovation in Network Security
Innovation in Network Security MoranLeven
 
Ix3615551559
Ix3615551559Ix3615551559
Ix3615551559IJERA Editor
 
L1803046876
L1803046876L1803046876
L1803046876IOSR Journals
 
UDP Flood Attack.pptx
UDP Flood Attack.pptxUDP Flood Attack.pptx
UDP Flood Attack.pptxdawitTerefe5
 
Types of Attack in Information and Network Security
Types of Attack in Information and Network SecurityTypes of Attack in Information and Network Security
Types of Attack in Information and Network Securitypadmeshagrekar
 
Azure DDoS Protection Standard
Azure DDoS Protection StandardAzure DDoS Protection Standard
Azure DDoS Protection Standardarnaudlh
 
Dos attack
Dos attackDos attack
Dos attackSuraj Swarnakar
 
ENHANCING THE IMPREGNABILITY OF LINUX SERVERS
ENHANCING THE IMPREGNABILITY OF LINUX SERVERSENHANCING THE IMPREGNABILITY OF LINUX SERVERS
ENHANCING THE IMPREGNABILITY OF LINUX SERVERSIJNSA Journal
 
Enhancing the impregnability of linux servers
Enhancing the impregnability of linux serversEnhancing the impregnability of linux servers
Enhancing the impregnability of linux serversIJNSA Journal
 
Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3Kabul Education University
 
D do s
D do sD do s
D do ssunilkumar021
 
An introduction to denial of service attack
An introduction to denial of service attackAn introduction to denial of service attack
An introduction to denial of service attackMohammad Reza Mousavinasr
 
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...9953056974 Low Rate Call Girls In Saket, Delhi NCR
 

More Related Content

Similar to DoS.ppt

Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/... Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...Suhail Khan
 
Session for InfoSecGirls - New age threat management vol 1
Session for InfoSecGirls - New age threat management vol 1Session for InfoSecGirls - New age threat management vol 1
Session for InfoSecGirls - New age threat management vol 1InfoSec Girls
 
DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeMyNOG
 
Innovation in Network Security
Innovation in Network Security Innovation in Network Security
Innovation in Network Security MoranLeven
 
UDP Flood Attack.pptx
UDP Flood Attack.pptxUDP Flood Attack.pptx
UDP Flood Attack.pptxdawitTerefe5
 
Types of Attack in Information and Network Security
Types of Attack in Information and Network SecurityTypes of Attack in Information and Network Security
Types of Attack in Information and Network Securitypadmeshagrekar
 
Azure DDoS Protection Standard
Azure DDoS Protection StandardAzure DDoS Protection Standard
Azure DDoS Protection Standardarnaudlh
 
ENHANCING THE IMPREGNABILITY OF LINUX SERVERS
ENHANCING THE IMPREGNABILITY OF LINUX SERVERSENHANCING THE IMPREGNABILITY OF LINUX SERVERS
ENHANCING THE IMPREGNABILITY OF LINUX SERVERSIJNSA Journal
 
Enhancing the impregnability of linux servers
Enhancing the impregnability of linux serversEnhancing the impregnability of linux servers
Enhancing the impregnability of linux serversIJNSA Journal
 

Similar to DoS.ppt (20)

DDOS ATTACKS
DDOS ATTACKSDDOS ATTACKS
DDOS ATTACKS
 
DDoS.ppt
DDoS.pptDDoS.ppt
DDoS.ppt
 
DoS/DDoS
DoS/DDoSDoS/DDoS
DoS/DDoS
 
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/... Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
 
Session for InfoSecGirls - New age threat management vol 1
Session for InfoSecGirls - New age threat management vol 1Session for InfoSecGirls - New age threat management vol 1
Session for InfoSecGirls - New age threat management vol 1
 
DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL Lee
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS Attacks
 
Destributed denial of service attack ppt
Destributed denial of service attack pptDestributed denial of service attack ppt
Destributed denial of service attack ppt
 
Innovation in Network Security
Innovation in Network Security Innovation in Network Security
Innovation in Network Security
 
Ix3615551559
Ix3615551559Ix3615551559
Ix3615551559
 
L1803046876
L1803046876L1803046876
L1803046876
 
UDP Flood Attack.pptx
UDP Flood Attack.pptxUDP Flood Attack.pptx
UDP Flood Attack.pptx
 
Types of Attack in Information and Network Security
Types of Attack in Information and Network SecurityTypes of Attack in Information and Network Security
Types of Attack in Information and Network Security
 
Azure DDoS Protection Standard
Azure DDoS Protection StandardAzure DDoS Protection Standard
Azure DDoS Protection Standard
 
Dos attack
Dos attackDos attack
Dos attack
 
ENHANCING THE IMPREGNABILITY OF LINUX SERVERS
ENHANCING THE IMPREGNABILITY OF LINUX SERVERSENHANCING THE IMPREGNABILITY OF LINUX SERVERS
ENHANCING THE IMPREGNABILITY OF LINUX SERVERS
 
Enhancing the impregnability of linux servers
Enhancing the impregnability of linux serversEnhancing the impregnability of linux servers
Enhancing the impregnability of linux servers
 
Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3
 
D do s
D do sD do s
D do s
 
An introduction to denial of service attack
An introduction to denial of service attackAn introduction to denial of service attack
An introduction to denial of service attack
 

Recently uploaded

Work Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvWork Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvLewisJB
 
Electronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfElectronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfme23b1001
 
Concrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxConcrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxKartikeyaDwivedi3
 
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...srsj9000
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024hassan khalil
 
Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxk795866
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...asadnawaz62
 
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsync
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsyncWhy does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsync
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsyncssuser2ae721
 
Correctly Loading Incremental Data at Scale
Correctly Loading Incremental Data at ScaleCorrectly Loading Incremental Data at Scale
Correctly Loading Incremental Data at ScaleAlluxio, Inc.
 
Introduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHIntroduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHC Sai Kiran
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile servicerehmti665
 
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)Dr SOUNDIRARAJ N
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfAsst.prof M.Gokilavani
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AIabhishek36461
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024Mark Billinghurst
 

Recently uploaded (20)

9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
 
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
 
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
 
Work Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvWork Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvv
 
Electronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfElectronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdf
 
Concrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxConcrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptx
 
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
 
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCRCall Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024
 
Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptx
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...
 
POWER SYSTEMS-1 Complete notes examples
POWER SYSTEMS-1 Complete notes examplesPOWER SYSTEMS-1 Complete notes examples
POWER SYSTEMS-1 Complete notes examples
 
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsync
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsyncWhy does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsync
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsync
 
Correctly Loading Incremental Data at Scale
Correctly Loading Incremental Data at ScaleCorrectly Loading Incremental Data at Scale
Correctly Loading Incremental Data at Scale
 
Introduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHIntroduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECH
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile service
 
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AI
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024
 

DoS.ppt

  • 1. 1/42 Arab Academy for Banking &Financial Sciences Faculty of Information Systems & Technology - Department of CIS Information System Security Ph.D Prepared by : mohammad nassar Prepared To: Dr. lo’ai tawalbeh Denial of Service Attack (DoS)
  • 2. 2/42 Learning Objectives TYPES OF ATTACKS. Definitions of DoS and DDoS attacks . Costs of DoS attacks for victim organizations. Classification of DoS attacks. Strategic Firewall Placement. Default Deny. Detecting DDoS Attacks by Monitoring the Source IP addresses. Example. Conclusion.
  • 3. 3/42 TYPES OF ATTACKS Nontechnical attack Technical attack Denial-of-service attack Malicious code Sniffing Spoofing Virus Worm Trojan horse
  • 4. 4/42 • A DoS (Denial of Service) attack aims at preventing, for legitimate users, authorized access to a system resource . The attacker uses specialized software to send a flood of data packets to the target computer with the aim of overloading its resources • DDoS ( distributed Denial of Service attacks) A denial-of-service attack in which the attacker gains illegal administrative access to as many computers on the Internet as possible and uses the multiple computers to send a flood of data packets to the target computer Definitions of DoS and DDoS attacks
  • 6. 6/42 INTERNET INSECURITY • 􀂾 Morris worm of 1987 • 􀂾 Password sniffing attacks in 1994 • 􀂾 IP spoofing attacks in 1995 • 􀂾 Denial of service attacks in 1996 • 􀂾 Email borne viruses 1999 • 􀂾 Distributed denial of service attacks 2000 • 􀂾 Fast spreading worms and viruses 2003 • 􀂾 Spam 2004 • 􀂾 … no end in sight • 􀂾 Internet insecurity grows at super-Internet speed • 􀂾 security incidents are growing faster than the Internet (which has • roughly doubled every year since 1988)
  • 7. 7/42 Costs of DoS attacks for victim organizations • Denial of Service is currently the most expensive computer crime for victim organizations:
  • 8. 8/42 Classification of DoS attacks 1. Bandwidth consumption: Attacks will consume all available network bandwidth 2. Resource starvation: Attacks will consume system resources (mainly CPU, memory, storage space) 3. Programming flaws: Failures of applications or OS components to handle exceptional conditions (i.e. unexpected data is sent to a vulnerable component). 4. Routing and DNS attacks:  manipulate routing tables.  changing routing tables to route to attacker’s net or black hole.  attack to DNS servers, again route to attackers or black hole.
  • 9. 9/42 examples  Smurf  1. Attacker sends sustained ICMP (availability of host) Echo packets (ping) to broadcast address of the amplifying network, with source address is forged.  2. Since traffic was sent to broadcast address all hosts in the amplifying LAN will answer to the victim’s IP address.  Ping of death???
  • 10. 10/42 Ping (win XP)  C:>ping 64.233.183.103 with 32 bytes of data (yahoo)  Reply from 64.233.183.103: bytes=32 time=25ms TTL=245  Reply from 64.233.183.103: bytes=32 time=22ms TTL=245  Reply from 64.233.183.103: bytes=32 time=25ms TTL=246  Reply from 64.233.183.103: bytes=32 time=22ms TTL=246  Ping statistics for 64.233.183.103: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
  • 11. 11/42 examples  Syn flood  TCP three-way handshake: • The client requests a connection by sending a SYN (synchronize) message to the server. • The server acknowledges this request by sending SYN-ACK back to the client, which, • Responds with an ACK, and the connection is established.  How it work………???  1. attacker sends SYN packet to victim forging non-existent IP address  2. victim replies with Syn/Ack but neither receives Ack nor RST from non-existent IP address  3. victim keeps potential connection in a queue in Syn_Recv state, but the queue is small and takes some time to timeout and flush the queue, e.g 75 seconds  4. If a few SYN packets are sent by the attacker every 10 seconds, the victim will never clear the queue and stops to respond.
  • 12. 12/42 examples  LAND: • The attack involves sending a spoofed TCP SYN packet (connection initiation) with the target host's IP address as both source and destination. • It uses ports (echo and chargen ports).
  • 13. 13/42 Bottleneck • To shut down the company’s connection, a hacker only has to overload this relatively slow part of the line. • To stop DDoS attacks, illegitimate traffic must never be allowed to reach the bottleneck.
  • 15. 15/42 Strategic Firewall Placement • In the strategic firewall placement method, the company’s firewall is placed on the ISP’s premises. • This means that the line connecting the ISP router to the firewall is very short, and a much higher bandwidth line (ex. Ethernet) can be used for this connection at very little extra cost.
  • 17. 17/42 Strategic Firewall Placement • Firewall remains under the control of the company. • Now the company is able to control exactly which traffic is allowed into the bottleneck part of the connection.
  • 18. 18/42 Strategic Firewall Placement • In the old setup, to thwart a DDoS attack, the company had to call the ISP and tell them which kinds of packets to filter. • The company’s internet connection remained inoperative until the ISP was able to complete the company’s request. • When the company controls the firewall, as in strategic firewall placement, they can instead filter unwanted packets almost immediately.
  • 19. 19/42 Additional Requirements • Moving the firewall is helpful, but, to completely protect against DDoS attacks, the company also has to change the way its firewall handles inbound connection requests.
  • 20. 20/42 Default Deny • Again !!!!!!TCP three-way handshake ……
  • 21. 21/42 Spoofed TCP/SYN SYN/ACK Blocked Connection Default Deny • If every TCP/SYN packet is allowed to reach the company server, hackers can flood the company’s server with these packets, and overload the connection. • Instead, the firewall sends back a SYN/ACK packet to the source IP. • Once the firewall sends out the SYN/ACK packet, it only allows a connection from the IP address that sent the original TCP/SYN packet. • A hacker has to have control of that IP address to be able to connect to the company. Firewall Real TCP/SYN SYN/ACK Connection Allowed Server 1 2
  • 22. 22/42 Default Deny • Default Deny helps prevent a technique known as “spoofing” IP addresses.
  • 23. 23/42 Firewall Capabilities • Maintaining these policies could require a lot of computational power from the firewall. • Firewall may not be able to handle the entire job itself. • The processing work of the firewall can be spread among multiple computers if necessary, and those computers would feed directly into the firewall.
  • 24. 24/42 Simulation of Strategic Firewall Placement (NS-2 to simulate DDoS traffic.) DDoS attack Legitimate traffic Router Firewall Target Buildup of packets in queue on high-speed link 1.5 mbps
  • 25. 25/42 Simulation of Strategic Firewall Placement • When the link leading up to the firewall is too slow, a DDoS attack basically shuts down the system. • When the link leading up to the firewall is fast enough, the system continues running through a DDoS attack, even after the attack is increased in intensity from 50 to 100 mbps.
  • 26. 26/42 How to know if an attack is happening? • Not all disruptions to service are the result of a DOS. There may be technical problems with a particular network. However, the following symptoms could indicate a DoS or DDoS attack: • Unusually slow network performance • Unavailability of a particular web site • Inability to access any web site or any resources • Dramatic increase in the amount of spam received in the account.
  • 27. 27/42 Detecting Distributed Denial of Service Attacks by Monitoring the Source IP addresses • IP addresses in DDoS attack traffic did not appear before. [Peng et al. 2003] • Monitoring the traffic volume is likely to create high false positive • Monitoring the percentage of new IP addresses is very effective in detecting the attacks
  • 28. 28/42 there are no effective ways to prevent being the victim of a DoS or DDoS attack, but these ways can help: • Install anti-virus software • Install a firewall, • Applying email filters may help manage unwanted traffic How to avoid being part of the problem?
  • 29. 29/42 Example (spoofed DoS attack ) • A spoofed DoS attack is a process in which one host (usually a server or router) sends a flood of network traffic to another host .
  • 30. 30/42 A&B • B: target machine (Athlon 64 3400+ with 1 GB of RAM). • A: The source machine is a Pentium( 3) 700 with 512 MB of RAM.
  • 34. 34/42 Conclusion  Denial of Service is currently the most expensive computer crime for victim organizations. Strategic firewall placement allows companies to use the Internet during a DDoS attack, and it allows them to continue receiving the packets they want. Distributed Denial of Service Attacks could be Detected by Monitoring the Source IP. It is easy to generate a successful DDoS attack that bypasses these defenses.
  • 35. 35/42 References: • Turban, Efraim; King,davaid;lee Jae;viehland ,Dannis, (2006),electronic Commerce A Managerial Perspective .International Edition ,Prentice Hall • Chatam, W. Rice, J. and Hamilton, J.A. Jr., "Using Simulation to Analyze Denial of Service Attacks" 2004 • Advanced Simulation Technology Conference, April 18 - 24, Arlington, VA,2004 • Distributed and Cooperating Firewalls in a Secure Data Network,” IEEE Transactions on Knowledge and Data Engineering, IEEE Educational Activities Department, vol 40, no 5, (September): pp 1307 – 1315, 2003. • S. Gibson, “Distributed Reflection Denial of Service. Description and analysis of a potent, increasingly prevalent, and worrisome Internet attack,” February 22, 2002, available at http://grc.com/dos/drdos.htm • Smith, R.; Chen, Y; and Bhattacharya, S., “Cascade of Huegen C.A. , “The latest in Denial of Service attacks: smurfing description and information to minimize effects”, Feb 2000, available at http://www.pentics.net/denial-of- service/white-apers/smurf.cgi • United State Computer Emergency Readiness Team (2004) “Understanding Denial-of-Service Attacks” http://www.us- cert.gov/cas/tips/ST04-015.html • Williams, Charles (Dr.), (2001)“Who Goes There? Authentication in the On- Line World”, <http://www.bizforum.org/whitepapers/cylink002.htm