1 / 13

Distributed Denial of Service Attacks

Distributed Denial of Service Attacks. Darius Law. What is DDOS?. Distributed denial-of-service attack is one in which a multitude of compromised systems attack a single target, thereby causing denial-of-service for users of the targeted system

keefe-rocha
Download Presentation

Distributed Denial of Service Attacks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Distributed Denial of Service Attacks Darius Law CMPT 471

  2. What is DDOS? • Distributed denial-of-service attack is one in which a multitude of compromised systems attack a single target, thereby causing denial-of-service for users of the targeted system • Forces system to shutdown by flooding with incoming messages, thereby denying services to legitimate users CMPT 471

  3. Distributed… • Distributed computing is a method of computer processing in which different parts of a program run simultaneously on two or more computers that are communicating with each other over a network. • Major advantages of using a distributed denial-of-service attack • Generate more traffic • Multiple machines attacking harder to turn off • Each attack machine is stealthier, making it harder to track and shutdown CMPT 471

  4. Types of DOS attacks • Exercising software bug that causes the software running the service to fail • Sending enough data to consume all available network resources • Sending data in such a way as to consume a particular resource needed by the service CMPT 471

  5. How do DDOS attacks work? • A hacker first exploits a vulnerable computer system making it the DDOS “master” • “Master” computer communicates and loads on cracking tools to thousands of other compromised systems on the internet • All computers can then be instructed to launch one of many flood attacks to specified target CMPT 471

  6. SYN Flood • SYN packet initiates TCP/IP connection • SYN flood consumes all available slots in server’s TCP connection table • Exploits basic weakness of TCP/IP protocol • Prevents other users from establishing new connections • HTTP particularly vulnerable to SYN flood attack CMPT 471

  7. SYN Flood (2) • TCP/IP Protocol requires 3-step process • The originator of the connection (such as a web browser) initiates the connection by sending a packet having the SYN flag set in the TCP header (referred to as a “SYN packet”). • The receiver responds by sending back to the originator a packet that has the SYN and ACK flags set (a “SYN/ACK packet”) • The originator acknowledges receipt of the 2nd packet by sending to the receiver a third packet with only the ACK flag set (an “ACK packet”). CMPT 471

  8. SYN Flood (3) • During SYN flood, attacker sends large number of SYN packets alone without ACK packet response CMPT 471

  9. SYN Flood (4) • Connection table fills up rapidly with incomplete connections, crowding legitimate traffic CMPT 471

  10. Responding to DDOS attacks • Increasing size of network table seems most straightforward but may not be configurable • Spare servers to be placed in service during an attack • Very expensive to have idle equipment CMPT 471

  11. Prevention • Most DDOS attacks use forged source address to lie about where they are being sent • Manufacturers of firewalls/network security devices developed variety of defense methods • SYN threshold: establish limit of incomplete transactions, then start discarding • SYN defender: when SYN packet received, firewall synthesizes the final ACK packet in step 3, so no need to wait for actual ACK packet from originator • SYN Proxy: firewall synthesizes and sends SYN/ACK packet back to originator, and waits for final ACK packet. After firewall receives ACK packet from originator, firewall “replays” 3-step sequence to receiver. CMPT 471

  12. DDOS attack tools • Tribal flood network • Trin00 • TFN2K • Stacheldraht CMPT 471

  13. Sources What is denial of service; http://searchsoftwarequality.techtarget.com/sDefinition/0,,sid92_gci213591,00.html Distributed Denial of Service Attacks; http://www.linuxsecurity.com/resource_files/intrusion_detection/ddos-whitepaper.html Distributed Denial of Service Attack Tools; http://documents.iss.net/whitepapers/ddos.pdf How a ‘denial of service’ attack works; http://www.news.com/2100-1017-236728.html DDOS; http://chinese-school.netfirms.com/computer-article-denial-of-service.html CMPT 471

More Related