The document is a presentation discussing denial of service (DoS) and distributed denial of service (DDoS) attacks, detailing their definitions, types, and specific examples, such as UDP floods and SYN floods. It also explores amplification attacks, like DNS and NTP amplification, which significantly increase the scale of DDoS attacks. Mitigation techniques and the ongoing challenges posed by these attacks to network security are summarized in the conclusion.

1. Presenation on
DENIAL OF SERVICE ATTACKS
(DOS/ DDOS)
Presented By:
Gaurav Sharma
1/13/FET/BCS/2/068
6CSE1
MANAV RACHNA INTERNATIONAL UNIVERSITY
FACULTY OF ENGINEERING, CSE

2. OUTLINE
 What is DoS/DDoS?
 An example of DoS Attack
 Type of DoS/DDoS Attacks
 Specific Type of DoS attacks
SYN Flood Attack
Slowloris
UDP Flood
ICMP Flood
Ping-of-Death
 The Amplification attacks
DNS AMLIFICATION ATTACK
NTP AMPLIFICATION ATTACK
 MITIGATION TECHNIQUES
 CONCLUSION

3. What is a DoS/DDoS Attack?
DDoS stands for “Distributed Denial of Service.” A DDoS attack is a
malicious attempt to make an online service unavailable to users,
usually by temporarily interrupting or suspending the services of its
hosting server.
Unlike a Denial of Service (DoS) attack, in which a single Internet-
connected device (one network connection) is used to flood targeted
resource with packets, a DDoS attack is launched from numerous
compromised devices, often distributed globally in what is referred to
as a BOTNETS.

4. SO WHAT A DOS ATTACK CAN
DO?
On 19th June, 2015 , a massive
DOS attack originated from
China and the victim was
Facebook.
And , the website was down for
30 minutes.

5. DDoS attacks can be broadly
divided into three types:
›Volume Based
Attacks
›Includes UDP floods,
ICMP floods, and
other spoofed-packet
floods. The attack’s
goal is to saturate the
bandwidth of the
attacked site, and
magnitude is
measured in bits per
second (Bps).
›Protocol Attacks
›Includes SYN floods,
fragmented packet
attacks, Ping of Death,
Smurf DDoS. This type
of attack consumes
actual server resources,
or those of intermediate
communication
equipment, such as
firewalls and load
balancers, and is
measured in Packets
per second.
›Application Layer
Attacks
›Comprised of
seemingly legitimate
and innocent requests,
the goal of these
attacks is to crash the
web server, and the
magnitude is
measured in Requests
per second.

6. Specific DDoS Attacks Types
Some specific and particularly popular and dangerous types of DDoS
attacks include:
UDP Flood:
This type of attack floods random ports on a remote host with numerous
UDP packets, causing the host to repeatedly check for the application
listening at that port.
ICMP (Ping) Flood
ICMP flood overwhelms the target resource with ICMP Echo Request
(ping) packets, generally sending packets as fast as possible without
waiting for replies. This type of attack can consume both outgoing and
incoming bandwidth.
SYN Flood
A SYN flood DDoS attack exploits a known weakness in the TCP connection
sequence (the “three-way handshake”), wherein a SYN request to initiate a TCP
connection with a host must be answered by a SYN-ACK response from that
host, and then confirmed by an ACK response from the requester.

7. Ping of Death
In a Ping of Death scenario, following malicious manipulation of fragment
content, the recipient ends up with an IP packet which is larger than 65,535
bytes when reassembled. This can overflow memory buffers allocated for the
packet, causing denial of service for legitimate packets.
It can be done using cmd on windows:
ping targeted-site -l 65500 -n 10000000 -w 0.00001
Slowloris
Slowloris constantly sends more
HTTP headers, but never completes
a request. The targeted server keeps
each of these false connections
open. This eventually overflows the
maximum concurrent connection
pool, and leads to denial of additional
connections from legitimate clients.

8. LOIC
Used by the infamous
group Anonymous to
DDoS ISIS websites.

9. A NEW BREED OF MUCH DANGEROUS DOS
ATTACKS WHICH CAN DISRUPT THE WHOLE
INTERNET !!
THE AMPLIFICATION
ATTACKS

10. DNS AMPLIFICATION ATTACK
›The attacker spoofs look-up requests to domain name system (DNS)
servers to hide the source of the exploit and direct the response to the
target. The attacker sends a DNS look-up request using the spoofed IP
address of the target to vulnerable DNS servers.
›These amplifications can increase the size of the requests from around 40
bytes to above the maximum Ethernet packet size of 4000 bytes.

11. Attacker achieves the
amplification due to larger reply
on DNS server , sometimes 100
times larger
And , by using very few
computers (botnets) , attacker can
amplify the overall attack to
dangerous times and the poor
victim webserver exhaust all his
resources reading all the requests
made. Causing denial of service

12. NTP AMPLIFICATION ATTACK
›In NTP Amplification attacks the perpetrator
exploits publically-accessible Network Time Protocol
(NTP) servers to overwhelm the targeted server with
User Datagram Protocol (UDP) traffic. In an NTP
amplification attack, the query-to-response ratio is
anywhere between 1:20 and 1:200 or more. This
means that any attacker that obtains a list of open
NTP servers, can easily generate a devastating high-
bandwidth, high-volume DDoS attack.

14. This type of attack are capable of generating a massive
attack and recently witnessed 400Gbps , also dubbed
as “Most devastating attack in history of digital Era”

15. MITIGATING DOS ATTACKS
There are no strict ways to completely preventing DDoS attacks but
there can be a preparation done by the organizations to slow down
the attack and reduce the impact of the attack.
Some of the known techniques used by renowned network security
companies are:
1. By absorbing them with a global network of scrubbing centers
that scale, on demand, to counter multi-gigabyte DDoS attacks.
2. By blocking "bad" traffic before it even reaches the site,
leveraging visitor identification technology that differentiates
between legitimate website visitors (humans, search engines
etc.) and automated or malicious clients.
3. Mitigating Application Layer attacks by monitoring visitor
behavior, blocking known bad bots, and challenging suspicious
or unrecognized entities with JS test, Cookie challenge, and
even CAPTCHAs.

16. CONCLUSION
Distributed Denial of Services attack poses great challenges to the
researchers in the field of network security. It has already taken a
heavy toll on many Internet based service providers in the world.
There have been significant amount of work to tackle such DDoS
attack with different kinds of approaches. Perhaps it will be a hard
and impossible task to discuss each and every published work in this
field and propose the best solution.

17. ANY
QUESTIONS ?