ddos last class
play

DDoS Last Class Fault tolerance Concurrency Naming This Class - PowerPoint PPT Presentation

Sep 15, 2022 •117 likes •356 views

DDoS Last Class Fault tolerance Concurrency Naming This Class Networking How DDoS works UDP Data Client Server Response TCP DDoS Distributed denial-of-service attack Attacker targets a victim from a number of

  1. DDoS

  3. Last Class • Fault tolerance • Concurrency • Naming

  4. This Class • Networking • How DDoS works

  6. UDP Data Client Server Response

  7. TCP

  8. DDoS • Distributed denial-of-service attack • Attacker targets a victim from a number of different IP addresses • Purpose is to overwhelm victim’s resources so that legitimate users can’t use them

  10. Mirai Botnet https://www.usenix.org/conference/usenixsecurity17/technical- sessions/presentation/antonakakis

  11. Victim Population

  12. Compromised Devices

  13. DDoS over time

  15. SYN Flood

  16. Protecting against SYN flood • Filtering • Increasing Backlog • Reducing SYN-RECEIVED Timer • Recycling the Oldest Half-Open TCB • SYN Cache • SYN Cookies • Firewalls and Proxies https://tools.ietf.org/html/rfc4987

  17. Smurf Attack • Send ping message “from” victim to broadcast IP address • Every computer on that network will helpfully reply to the victim.

  18. Ping Flood • Send a bunch of ping messages to a server • ping: ICMP "echo request"

  19. DNS amplification • Forge a DNS query to an open DNS resolver with victim’s IP address as return address • Victim gets overwhelmed with DNS queries they didn’t ask for • Queries for a DNSSEC-signed zone if victim is a DNS server

  20. DNS amplification • dig +trace cr.yp.to any cr.yp.to. 600 IN MX 0 a.mx.cr.yp.to. cr.yp.to. 600 IN MX 10 b.mx.cr.yp.to. cr.yp.to. 600 IN A 80.101.159.118 yp.to. 259200 IN NS a.ns.yp.to. yp.to. 259200 IN NS uz5uu2c7j228ujjccp3ustnfmr4pgcg5ylvt16kmd0qzw7bbjgd5xq.ns.yp.to. yp.to. 259200 IN NS b.ns.yp.to. yp.to. 259200 IN NS f.ns.yp.to. yp.to. 259200 IN NS uz5ftd8vckduy37du64bptk56gb8fg91mm33746r7hfwms2b58zrbv.ns.yp.t o. ;; Received 414 bytes from 131.193.36.24#53(f.ns.yp.to) in 32 ms https://dankaminsky.com/2011/01/05/djb-ccc/#dnsamp

  21. DNS amplification • http://www.pir.org. 300 IN A 173.201.238.128 pir.org. 300 IN NS ns1.sea1.afilias-nst.info. pir.org. 300 IN NS ns1.mia1.afilias-nst.info. pir.org. 300 IN NS ns1.ams1.afilias-nst.info. pir.org. 300 IN NS ns1.yyz1.afilias-nst.info. ;; Received 329 bytes from 199.19.50.79#53(ns1.sea1.afilias-nst.info) in 90 ms • http://www.pir.org. 300 IN A 173.201.238.128 http://www.pir.org. 300 IN RRSIG A 5 3 300 20110118085021 20110104085021 61847 pir.org. n5cv0V0GeWDPfrz4K/CzH9uzMGoPnzEr7MuxPuLUxwrek+922xiS3BJG NfcM9nlbM5GZ5+UPGv668NJ1dx6oKxH8SlR+x3d8gvw2DHdA51Ke3Rjn z +P595ZPB67D9Gh6l61itZOJexwsVNX4CYt6CXTSOhX/1nKzU80PVjiM wg0= pir.org. 300 IN NS ns1.mia1.afilias-nst.info. pir.org. 300 IN NS ns1.yyz1.afilias-nst.info. pir.org. 300 IN NS ns1.ams1.afilias-nst.info. pir.org. 300 IN NS ns1.sea1.afilias-nst.info. pir.org. 300 IN RRSIG NS 5 2 300 20110118085021 20110104085021 61847 pir.org. IIn3FUnmotgv6ygxBM8R3IsVv4jShN71j6DLEGxWJzVWQ6xbs5SIS0oL OA1ym3aQ4Y7wWZZIXpFK +/Z+Jnd8OXFsFyLo1yacjTylD94/54h11Irb fydAyESbEqxUBzKILMOhvoAtTJy1gi8ZGezMp1+M4L +RvqfGze+XFAHN N/U= ;; Received 674 bytes from 199.19.49.79#53(ns1.yyz1.afilias-nst.info) in 26 ms

  22. Exercise It appears a SYN-flood style DDoS has been carried out on this system. Send us a list of the IP addresses of the attackers (in any order, separated by spaces), so we can track them down and stop them. https://github.com/ctfs/write-ups-2013/blob/master/pico- ctf-2013/ddos-detection/syn_attack.pcap https://www.wireshark.org/docs/wsug_html_chunked/ ChapterWork.html

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

DDOS: DDos and DDonts DrupalCon 2016 Agenda What is DDoS Detecting DDoS Attacks

DDOS: DDos and DDonts DrupalCon 2016 Agenda What is DDoS Detecting DDoS Attacks

DDOS: DDos and DDonts DrupalCon 2016 Agenda What is DDoS Detecting DDoS Attacks DDoS Prevention Improving Performance Questions Glossary DDoS - Attempt to make a server or network resource unavailable to Internet

549 views • 30 slides
Denial of Service Last Class Fault tolerance Concurrency Naming This Class

Denial of Service Last Class Fault tolerance Concurrency Naming This Class

Denial of Service Last Class Fault tolerance Concurrency Naming This Class Networking How DDoS works UDP Data Client Server Response TCP DDoS Distributed denial-of-service attack Attacker targets a victim from a

436 views • 28 slides
.tr DDoS A)ack December 2015 A4la zgit .tr ccTLD Manager Dec, 2015 .tr DDoS A)ack A Summary

.tr DDoS A)ack December 2015 A4la zgit .tr ccTLD Manager Dec, 2015 .tr DDoS A)ack A Summary

.tr DDoS A)ack December 2015 A4la zgit .tr ccTLD Manager Dec, 2015 .tr DDoS A)ack A Summary of a 3 weeks long experience 2016-03-07 Dec 2015 DDoS A)ack on .TR 2 Before DDoS q Infrequent Small scale DoS and DDos A)acks Few Qmes

150 views • 13 slides
.tr DDoS Attack December 2015 Attila zgit .tr ccTLD Manager Dec, 2015 .tr DDoS Attack A

.tr DDoS Attack December 2015 Attila zgit .tr ccTLD Manager Dec, 2015 .tr DDoS Attack A

.tr DDoS Attack December 2015 Attila zgit .tr ccTLD Manager Dec, 2015 .tr DDoS Attack A Summary of a 3 weeks long experience 2016-03-07 Dec 2015 DDoS Attack on .TR 2 Before DDoS q Infrequent Small scale DoS and DDos Attacks Few

606 views • 14 slides
DDoS Mitigation collection TL;DR: DDOS STRATEGISTS DO DRUGS Agenda 2 Intro Methodology

DDoS Mitigation collection TL;DR: DDOS STRATEGISTS DO DRUGS Agenda 2 Intro Methodology

1 DDoS Mitigation collection TL;DR: DDOS STRATEGISTS DO DRUGS Agenda 2 Intro Methodology of work DDoS tactics in-the-wild and how to improve Ready, set, FACEPALM! Q&A ~$ whoami 3 Moshe Zioni, Head of Research,

656 views • 47 slides
Transport choice for Co-operative DDoS Mitigation 1 DDoS Transport Choice Message: DDoS victim

Transport choice for Co-operative DDoS Mitigation 1 DDoS Transport Choice Message: DDoS victim

Transport choice for Co-operative DDoS Mitigation 1 DDoS Transport Choice Message: DDoS victim to DDoS mitigation service SOS "I am getting DoSd" 2 DDoS Transport Choice SOS : Requirements Emergency signal.

247 views • 5 slides
Ca Catch ch M Me If Ca e If Can: A Cl A Clou oud-En -Enabled ed DDoS DDoS De Defen ense

Ca Catch ch M Me If Ca e If Can: A Cl A Clou oud-En -Enabled ed DDoS DDoS De Defen ense

Ca Catch ch M Me If Ca e If Can: A Cl A Clou oud-En -Enabled ed DDoS DDoS De Defen ense e Quan Jia, Huangxin Wang, Dan Fleck, Fei Li, Angelos Stavrou, Walter Powell Presented by Surya Mani Content u Motivation u Related Work u

262 views • 23 slides
Universal DDoS Mitigation Bypass DDoS Mitigation Lab About Us Industry body formed to foster

Universal DDoS Mitigation Bypass DDoS Mitigation Lab About Us Industry body formed to foster

Universal DDoS Mitigation Bypass DDoS Mitigation Lab About Us Industry body formed to foster synergy among stakeholders to promote advancement in DDoS defense knowledge. Independent academic R&D division of Nexusguard building next

764 views • 44 slides
Catch me if you can A cloud based DdoS defense Mikal Fourrier DDoS attacks Goal: prevent

Catch me if you can A cloud based DdoS defense Mikal Fourrier DDoS attacks Goal: prevent

Catch me if you can A cloud based DdoS defense Mikal Fourrier DDoS attacks Goal: prevent the access to a computer system to it's legitimate users. DDoS: DoS attack on the network using a lot of different source IP Why:

327 views • 16 slides
A Guide About DDoS Attacks Understanding and anticipating DDoS Guillaume Valadon

A Guide About DDoS Attacks Understanding and anticipating DDoS Guillaume Valadon

A Guide About DDoS Attacks Understanding and anticipating DDoS Guillaume Valadon guillaume.valadon@ssi.gouv.fr RIPE 70 - May, 11 2015 ANSSI - http://www.ssi.gouv.fr/guide-ddos & https://goo.gl/UL8M1 1/12 ANSSI Created on July 7th 2009,

142 views • 12 slides
CS 110 Summer 2018 Ryan Eberhardt DDoS Attacks

CS 110 Summer 2018 Ryan Eberhardt DDoS Attacks

CS 110 Summer 2018 Ryan Eberhardt DDoS Attacks https://www.reveelium.com/en/ddos-attacks-the-cyber-boogeyman-part-i/ DDoS Attacks 1,700 Gbps!! 2015 :-/

748 views • 20 slides
Discriminating reflective DDoS attack tools at the reflector Fons Mijnen Max Grim

Discriminating reflective DDoS attack tools at the reflector Fons Mijnen Max Grim

Discriminating reflective DDoS attack tools at the reflector Fons Mijnen Max Grim fons.mijnen@os3.nl max.grim@os3.nl 2 DDoS attacks DDoS attacks are a problem internet users have faced for many years, and is still relevant today. 3 DDoS

531 views • 52 slides
Filtering Based Techniques DDOS Attacks: Target CPU / Bandwidth for DDOS Mitigation

Filtering Based Techniques DDOS Attacks: Target CPU / Bandwidth for DDOS Mitigation

Introduction: Filtering Based Techniques DDOS Attacks: Target CPU / Bandwidth for DDOS Mitigation Attacker signals slaves to launch an attack on a specific target address (victim). Slaves then respond by Comp290: Network

275 views • 9 slides
A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms Jelena Mirkovic, Janice Martin & Peter

A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms Jelena Mirkovic, Janice Martin & Peter

A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms Jelena Mirkovic, Janice Martin & Peter Reiher Manu Shantharam & David Hadka What is DoS? DoS A type of attack wherein access to computer resource / service is denied or

380 views • 18 slides
DDoS Attack Landscapes Introduction General opinion AKA DDoS skeptics Denial of Service

DDoS Attack Landscapes Introduction General opinion AKA DDoS skeptics Denial of Service

DDoS Attack Landscapes Introduction General opinion AKA DDoS skeptics Denial of Service attacks are a fact of life on the Internet Service disruption Sometimes employed as a smoke screen What this talk is and

799 views • 23 slides
COLOSSAL DDoS ATTACKS ARE THE NEW REALITY Defeating DDoS Needs a Precision Strategy Your Secure

COLOSSAL DDoS ATTACKS ARE THE NEW REALITY Defeating DDoS Needs a Precision Strategy Your Secure

COLOSSAL DDoS ATTACKS ARE THE NEW REALITY Defeating DDoS Needs a Precision Strategy Your Secure Application Services CONFIDENTIAL | DO NOT DISTRIBUTE Company 1. CONFIDENTIAL | DO NOT DISTRIBUTE Attack Tools over Time - Evolved Binary

385 views • 12 slides
INTRODUCTION COMPUTER & NETWORK SECURITY CMSC 414 JAN 25 2018 TODAY What is

INTRODUCTION COMPUTER & NETWORK SECURITY CMSC 414 JAN 25 2018 TODAY What is

INTRODUCTION COMPUTER & NETWORK SECURITY CMSC 414 JAN 25 2018 TODAY What is security? Why is it so hard to achieve? Administrative The security mindset Analyzing a systems security 1. Summarize the system 2.

801 views • 43 slides
Denial of Service Denial of Service An attack designed to disrupt or completely deny

Denial of Service Denial of Service An attack designed to disrupt or completely deny

1 Denial of Service Denial of Service An attack designed to disrupt or completely deny legitimate users access to network, servers, services, or other resources Two basic favors: Target resource starvation Network

430 views • 19 slides
Availability Policies Chapter 7 Computer Security: Art and Science , 2 nd Edition Version 1.1

Availability Policies Chapter 7 Computer Security: Art and Science , 2 nd Edition Version 1.1

Availability Policies Chapter 7 Computer Security: Art and Science , 2 nd Edition Version 1.1 Slide 7-1 Outline Goals Deadlock Denial of service Constraint-based model State-based model Networks and flooding

971 views • 63 slides
Network Security: Network Flooding Seungwon Shin, KAIST Most slides from Dr. Dan Boneh and

Network Security: Network Flooding Seungwon Shin, KAIST Most slides from Dr. Dan Boneh and

Network Security: Network Flooding Seungwon Shin, KAIST Most slides from Dr. Dan Boneh and Darren Anstee What is a Denial of Service Attack? Goal take out a large site with little computing work Network Bandwidth Computing Power Processor

694 views • 31 slides
Denial of Service attacks Markus Peuhkuri 2005-04-12 Lecture topics Types of denial of service

Denial of Service attacks Markus Peuhkuri 2005-04-12 Lecture topics Types of denial of service

Denial of Service attacks Markus Peuhkuri 2005-04-12 Lecture topics Types of denial of service How to mitigate attacks How to find out senders What is Denial of Service

542 views • 8 slides
Introduction to Computer Security Session 2.2 Denial of Service Prof. Nadim Kobeissi 2.2a

Introduction to Computer Security Session 2.2 Denial of Service Prof. Nadim Kobeissi 2.2a

CSCI-UA.9480 Introduction to Computer Security Session 2.2 Denial of Service Prof. Nadim Kobeissi 2.2a Defining Denial of Service 2 CSCI-UA.9480: Introduction to Computer Security Nadim Kobeissi What is a Denial of Service attack? An

920 views • 23 slides
Mitigating IoT Device Based DDoS Attacks Using Blockchain Uzair Javaid, Ang Kiang Siang, Muhammad

Mitigating IoT Device Based DDoS Attacks Using Blockchain Uzair Javaid, Ang Kiang Siang, Muhammad

Mitigating IoT Device Based DDoS Attacks Using Blockchain Uzair Javaid, Ang Kiang Siang, Muhammad Naveed Aman, Biplab Sikdar by Uzair Javaid National University of Singapore, Singapore Cryblock , MobiSys 18, Munich, Germany Dated: June 15,

404 views • 15 slides
Class Freeware, Open Source, and Free Software There is a difference, who knew? Not otes

Class Freeware, Open Source, and Free Software There is a difference, who knew? Not otes

Class Freeware, Open Source, and Free Software There is a difference, who knew? Not otes Homework graded Im SORRY Homework 4&5: no homework this week Midterms How was it? Honestly Random, mostly unrelated

438 views • 24 slides

More recommend