Dos threats and countermeasures


Published on

null Pune April 2012 Meet

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Bots on rent
  • Dos threats and countermeasures

    1. 1. DOS Threats and Countermeasure
    2. 2. DOS Attacks in news• Anonymous takes down formula1 website with ddos attack against the bahrain’s hosting the grand prix race.• DDOS attack on paypal,visa and mastercard against blocking the accounts of wikileaks.
    3. 3. Terminology-:• DOS,DDOS attack is an attempt to make computer or network resource unavailable to its intended users.• However, DDOS is something more artistic and involves the masters controlling bots which are then used to attack the network all together.• DRDOS i.e. distributed reflected DOS that involves spoofing the victim• Bots also known as zombies are infected computers under the control of attacker.• Botnet is the network of bots.• C&C server is known as command and control server.
    4. 4. DDOS in action
    5. 5. Classification of DoS attacks-:Bandwidth consumptionLocal Resource starvationProgramming flaws
    6. 6. Different types of DOS AttackTCP SYN attack TCP SYN flood sends a host more TCP SYN packets than the . protocol implementation can handle
    7. 7. Smurf attack• A smurf attack is an exploitation of the Internet Protocol (IP) broadcast addressing to create a denial of service.
    8. 8. Vulnerable HTTPType of resource starvation attackSlow http response attack Exploiting the content-length field of thehttp request which is used to specify the length of message body in bytes.Slow Read basically sends a legitimate HTTP request and then very slowly reads the response, thus keeping as many open connections as possible and eventually causing a DoS.
    9. 9. DHCP Starvation & prevention• An idea to make dummy leased for all the IPs in DHCP range and will effectively cause the DOS to new connecting users that are trying to receive ip from DHCP.
    10. 10. Programming flaws exploited
    11. 11. TORPIG BOTNET-an analysis
    12. 12. Communicating bots• IP fast-flux which provides multiple IPs to a domain name and the IPs changing frequently.• Domain flux involves the use of DGA i.e.Domain Generation Algorithm .
    13. 13. Countermeasures• Delayed binding (TCP connection splicing)• Rate limiter• IPS and rate based IPS• Blackholing• Sinkholing• Clean Pipes• Bogon filtering, URPF i.e. unicast reverse path forwarding• Wan-link failover
    14. 14. Some more to know• Bots are available on rent pricing as $3 per day to $300 a week.• Zombies are also used for spamming but difficult to get blocked by DNSBLs.• Know hacking but no hacking.
    15. 15. References• `• DDOS attack and countermeasure by Pier Luigi Rotondo• RioRey_Taxonomy_DDoS_Attacks_2.2_2011•• IEEE security and privacy magazine-volume9,number 1