DDOS Attacks And Defence Technics

621 views

Published on

Published in: Technology, News & Politics
  • Be the first to comment

  • Be the first to like this

DDOS Attacks And Defence Technics

  1. 1. DENIAL OF SERVICE ATTACKS AND DEFENCE TECHNICS BEGÜM TOKUYUCU 1
  2. 2. OUTLINE • What is DOS? • What is DDOS? • Types of DOS and DDOS Attacks • Defencing ways of DDOS Attacks 2
  3. 3. What is DENial of service attacks? • To prevent or impairs the authorised use of networks, systems or applications by resources. • Resources: • Network Bandwidth, • System Resources, • Application Resources • To characterise by how many systems are used to direct traffic at the target system
  4. 4. WHAT IS DISTRIBUTED DENIAL SERVICE ATTACK? • DDOS • Steps • Recruiting of zombie machines • Discovering the vulnerability of the target • Sending the attack instructions to the zombies • Attack
  5. 5. WHY DDOS? • Financial and economical gain • Revenge • Fun • Show • Cyberwarfare 6
  6. 6. TYPES OF ATTACKS • Classical DOS Attacks • Source Address Spoofing • TCP SYN/ACK Spoofing • ICMP Flood Attacks • UDP Flood Attacks • Smurf Attack • DNS DDOS • Peer to Peer Attacks 9
  7. 7. CLASSIC DOS ATTACKS • Flooding attack • To overwhelm the capacity of network connection to the target organization • The source of the attack is clearly identified. 10
  8. 8. SOURCE ADDRESS SPOOFING • Use of forged source address. • Forged source address harder to identify. • You cannot create a normal network connection. Receiver will not be able to reply to you. • Raw socket interface on many operating systems • Example: • Man in the middle • Routing redirect • Source routing 11
  9. 9. TCP SYN/ACK SPOOFING • Ability of a network server to respond to TCP connection requests
  10. 10. • If there is a valid -> (RST) • If the system is busy - >NO REPLY • Using table to keep connections • When table is full increase the table size
  11. 11. DEFENCE WAY OF TCP SYN/ACK SPOOFING • Decrease the TCP connection timeout on the server (victim) • Using firewall as an intermediatory between server & client. 14
  12. 12. FLOODING ATTACKS • Based on network protocol. (TCP, UDP, ICMP) • Goal: • to overload the network capacity on same link in server • to overload server’s ability to handle the traffic • Types: • ICMP Flood Attacks • UDP Flood Attacks • Smurf Attack
  13. 13. ICMP FLOOD ATTACKS • Packets was chosen traditionally network administrators allowed. • Attackers used ICMP packets • Send packets to victims address 16
  14. 14. DEFENCE WAY OF ICMP FLOOD ATTACKS • To set a packet-per-second threshold for ICMP requests. • When the ICMP packet flow exceeds the defined threshold, the security device ignores further ICMP echo requests. 17
  15. 15. UDP FLOOD ATTACKS • Attackers obtain IP address of many devices. • Send data packets (UDP packets) to random ports of the server • If the server is not running then packet discarded. • If the server is running, it try to identify data received wrong ports and sent to “destination unreachable” message. 18
  16. 16. DEFENCE WAY OF UDPFLOOD ATTACKS • Limit the rate at which destination unreachable messages are sent or not send such packets. • Introduce firewall before the server to check whether the incoming packets are assigned to the correct port or not. • If correct than pass the packets, else reject the packet. 19
  17. 17. SMURF ATTACKS • To send a huge amount of traffic and cause a virtual explosion of traffic at the intended target. • Steps • To obtain IP address of victim, • Use this spoofed IP address, hackers send ICMP packets via routers to a networks broadcasting address of this IP address. • Devices reply messages via ICMP to the IP address of victim. • Victim get flooded with incoming packets. 20
  18. 18. DEFENCE WAYS OF SMURF ATTACKS • To set up a firewall so as to filters unwanted messages. • To configure the router to not contact all the devices connected to its network when ICMP message is obtained to its broadcast address.
  19. 19. DNS DDOS ATTACKS • Attacker asks zombies to send DNS queries of a site www.kfssdfsdffks.com to a DNS server and zombies are impersonated as the target server. • DNS server thinks that it is the target server which is requesting the pages and so the DNS server sends these requested page’s IP address as reply to the target. • Target server is receiving a load of DNS replies and server cashes 23
  20. 20. DEFENCE WAY OF DNS DDOS ATTACKS • You know the IP addresses of the sites which the DNS server is sending to you continuously, it is a simple matter to use your firewall to block traffic from those addresses. 24
  21. 21. PEER TO PEER ATTACKS • The attacker act as puppet, instructing clients of large P2P file sharing networks to disconnect from their P2P network and to connect o the victim’s website instead. • Thousand of computers try to connect to the target website specified by the attackers for downloading/uploading files. • Server get confused of whats going on with the requests from different thousand computers. 25
  22. 22. DEFENCE WAY OF PEER TO PEER ATTACKS • To have a semi centralised authority to track large scale malicious P2P network activity. • Update to torrent clients as most of the P2P attacks are done using those computers running old torrent clients whose loopholes hadn’t be fixed. • To encrypt P2P traffic. 27
  23. 23. REFERENCES • Computer Security Principles & Practice (book) • https://www.nordu.net/articles/smurf.html • http://hackmageddon.com/2012/10/22/1-15-october-2012- cyber-attack-statistics/ • https://www.securelist.com/en/analysis/204792189/DDoS_ attacks_in_Q2_2011 • http://www.cse.wustl.edu/~jain/cse571-07/ftp/p2p/ 28
  24. 24. • THANKS! 29

×