1 / 10

(Distributed) Denial of Service

(Distributed) Denial of Service. Nick Feamster CS 4251 Spring 2008. Distributed Denial of Service (DDoS). Daemon. Master. Daemon. Daemon. Daemon. Daemon. Real Attacker. Victim. Asymmetry comes in the form of a large farm of machines. IP addresses no longer need to be spoofed.

enye
Download Presentation

(Distributed) Denial of Service

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. (Distributed) Denial of Service Nick FeamsterCS 4251Spring 2008

  2. Distributed Denial of Service (DDoS) Daemon Master Daemon Daemon Daemon Daemon Real Attacker Victim Asymmetry comes in the form of a large farm of machines.IP addresses no longer need to be spoofed

  3. February 2000: DDoS Traditional protection techniques no longer applicable.

  4. DDoS Attack: Yahoo! • February 2000 • Intermittent outages for nearly three hours • Estimated to have cost Yahoo $500,000 due to fewer page hits during the attack • Attacker caught and successfully prosecuted • Other companies (eBay, CNN) attacked in the same way the following days

  5. DDoS Attack: Microsoft • Target of multiple DDoS attacks • Some successful, some not • Successful one in January 2001 • Attacked router in front of Microsoft’s DNS servers • During attack, as few as 2% of web page requests were being fulfilled

  6. DDoS Attack: DNS Root Servers • October 2002 for 1 hour • Ping flood to all 13 of the DNS root servers • Successfully halted operations on 9 • Did not cause major impact on Internet • DNS NS record caching at local resolvers helped • Several root servers are very well-provisioned

  7. DDoS: Setting up the Infrastructure • Zombies • Slow-spreading installations can be difficult to detect • Can be spread quickly with worms • Indirection makes attacker harder to locate • No need to spoof IP addresses

  8. What is a Worm? • Code that replicates and propagates across the network • Often carries a “payload” • Usually spread via exploiting flaws in open services • “Viruses” require user action to spread • First worm: Robert Morris, November 1988 • 6-10% of all Internet hosts infected (!) • Many more since, but none on that scale until July 2001

  9. Example Worm: Code Red • Initial version: July 13, 2001 • Exploited known ISAPI vulnerability in Microsoft IIS Web servers • 1st through 20th of each month: spread20th through end of each month: attack • Payload: Web site defacement • Scanning: Random IP addresses • Bug: failure to seed random number generator

  10. Why Denial-of-Service “Works” • Asymmetry: generating a request is cheaper than formulating a response • One attack machine can generate a lot of requests, and effectively multiply its power • Not always possible to achieve this asymmetry

More Related