Download DDoS

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
Document related concepts
no text concepts found
Transcript 
(Distributed) Denial of Service
• Relatively new development.
– Feb 2000 saw attacks on Yahoo, buy.com, ebay, Amazon, CNN.
• One form of DDoS attack simply saturates the network
– prevents legitimate use of resources such as Web services.
• Another form exploits vulnerabilities to crash machines.
• Results in degradation of services on the network.
– Locked up accounts.
________________
CS3235, Nov 2002
A Simple DOS attack
Attacker
________________
CS3235, Nov 2002
Zombie
Victim
Attacker
________________
CS3235, Nov 2002
Zombies galore
DDoS Attack
Victim
DDoS
• Many more pathways utilized to attack the victim.
• Can involve hundreds or thousands of machines all over the
Internet.
– Break into weakly-secured computers using well known bugs.
– Conceal the break-in and hide traces of subsequent activity.
– Install software to “remote control” the machine.
• Launch a coordinated attack on the victim.
________________
CS3235, Nov 2002
Flooding Attacks
• Smurf attack.
– Send ICMP ECHO to broadcast address with source address of victim.
• TCP SYN attack.
– Send SYN datagrams to victim with forged, non-existent source
addresses.
• UDP flooding
– Send UDP datagrams at high volume to ports on the victim machine.
________________
CS3235, Nov 2002
Logic Attacks
• Ping of Death
– Construct ICMP ECHO datagram as fragments such that the assembled
datagram exceeds the 64K limit for IP datagrams.
• Land
– Send a datagram with the same source and destination address.
________________
CS3235, Nov 2002
Defeating DDoS
• Egress filtering.
– Stop spoofed packets from leaving your network.
• Stop your network from being used as an amplification site.
– Disable IP directed broadcast on all systems
________________
CS3235, Nov 2002
Countering DOS
• Simple cookies
– Would need to remember them.
1
A
C
2
3
START PROTOCOL
B
C, REALLY START PROTOCOL
• TCP SYN cookies (http://cr.yp.to/syncookies.html)
– Particular choices of ISN.
– Self verifying: e.g., MD5(secret, time, src ip, src pt, dest ip, dest pt)
SYN
STATELESS COOKIE
________________
CS3235, Nov 2002
Countering DOS
• Require clients to do work in order to connect [Juel99].
– E.g., what 27-bit number has a SHA checksum of x?
________________
CS3235, Nov 2002
References
Juel99 Juels, A. and Brainard, J., “Client Puzzles: A Cryptographic
Countermeasure against Connection Depletion Attacks”, NDSS
Conference, 1999.
________________
CS3235, Nov 2002
Related documents
black friday advertising special advertising prices
black friday advertising special advertising prices
ethnicspp
ethnicspp
Distributed Denial of Service (DDoS)
Distributed Denial of Service (DDoS)
Lesson 4
Lesson 4
Geometry: Chapter 4 – Triangle Congruence
Geometry: Chapter 4 – Triangle Congruence
Presentation_Sharmistha_Roy
Presentation_Sharmistha_Roy
Biology
Biology
Solve and graphing one variable Inequalities
Solve and graphing one variable Inequalities
Biologic Medicine in Sports Medicine
Biologic Medicine in Sports Medicine
4.3 Day 1 Notes
4.3 Day 1 Notes
[edit] Methods of attack
[edit] Methods of attack
slides - The Fengs
slides - The Fengs