1 / 12

Denial of Service

Denial of Service. Bryan Oemler Web Enhanced Information Management March 22 nd , 2011. Introduction. A Constant threat to the web based providers Resources of servers limited Damaging effect on targets Goal: Drown out all legitimate traffic to server Consume resources of servers

raven-good
Download Presentation

Denial of Service

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Denial of Service Bryan Oemler Web Enhanced Information Management March 22nd, 2011

  2. Introduction • A Constant threat to the web based providers • Resources of servers limited • Damaging effect on targets • Goal: Drown out all legitimate traffic to server • Consume resources of servers • Monopolize the CPU • Mimic legitimate traffic to server • Method: Combine computing power over internet • Distribute the Denial of Service Attack (DDoS)

  3. DoS in the news • Attacks on WordPress Mar 4th, 2011 • Largest in History • Multiple Data Centers unable to handle load • Collateral damage for single target • Anonymous attacks on MasterCard, Visa Dec 8th 2010 • Individuals organizing DoS attack • Social Networking • Personal Computers launched DoS • Twitter, Facebook attacks Aug 5th, 2009 • Flood of emails • Target was individual using social networking tools

  4. Botnet • Network of infected computers • Computers Hijacked with malware • Contacted and controlled by perpetrator of attacks • Target victim with requests • Added Obfuscation and Computing Power • Large network of personal and corporate computers • Source looks legitimate to victim

  5. IP spoofing • Packets are sent out with a forged return IP address • Hides source of attacks • Complete TCP Connection cannot be formed • Victim host responds to random IP http://www.techrepublic.com/article/exploring-the-anatomy-of-a-data-packet/1041907

  6. SYN Flood • Critical Mass of Connection packets • TCP connections started with SYN(Synchronization) packet. • Server responds but never receives acknowledgement • Attacker creates many half open connections • Connections open use up server memory • Attacker monopolizes server with open connections

  7. TCP Connection vs Spoofed Packet http://www.understandingcomputers.ca/articles/grc/drdos_copy.html

  8. Reflection Attacks • “Reflect” requests off innocent servers • Return IP Address forged on to packet intended target of attack • Attacker sends packet to diverse set of hosts • Hosts act as middle man for the attack • Tracking packets task more difficult • Indirect path from attacker to victim • Rely on records of intermediate hosts

  9. Reflection Attack http://www.understandingcomputers.ca/articles/grc/drdos_copy.html

  10. Full HTTP Requests • Requests require greater amount of CPU time • Databases queries • Complex calculations • Files access • Attacks hidden through Botnet • Infected computers appear to be legitimate users • Botnets sufficiently large

  11. Final Observations • Extremely Potent • Capable of knocking even largest companies offline • Costly to victims • Services denied to e-commerce websites, public safety • Increasing risk of attacks • More tools and resources moving online • High collateral damage • Information interdependent • Hosts attacked or being used to attack

  12. References • http://www.computerworld.com/s/article/9200521/Update_MasterCard_Visa_others_hit_by_DDoS_attacks_over_WikiLeaks • http://www.reuters.com/article/2010/12/10/uk-wikileaks-cyberwarfare-amateur-idUSLNE6B902T20101210?feedType=RSS&feedName=everything&virtualBrandChannel=11563 • http://staff.washington.edu/dittrich/misc/ddos/ • http://www.understandingcomputers.ca/articles/grc/drdos_copy.html • http://www.cis.udel.edu/~sunshine/publications/ccr.pdf • http://www.sans.org/security-resources/idfaq/trinoo.php • http://www.pcmag.com/article2/0,2817,2381486,00.asp • http://www.nytimes.com/2009/08/08/technology/internet/08twitter.html?_r=2&hpw

More Related