outline distributed denial of service
play

Outline Distributed Denial of Service Introduction Attacks - PDF document

Jan 23, 2023 •328 likes •421 views

Outline Distributed Denial of Service Introduction Attacks Characteristics of DDoS attacks CS 239 Some examples Security for Networks and Proposed prevention methods System Software May 15, 2002 Lecture 12 Lecture 12

  1. Outline Distributed Denial of Service • Introduction Attacks • Characteristics of DDoS attacks CS 239 • Some examples Security for Networks and • Proposed prevention methods System Software May 15, 2002 Lecture 12 Lecture 12 Page 1 Page 2 CS 239, Spring 2002 CS 239, Spring 2002 Other nodes on Introduction The Problem target’s network also suffer • DDoS is a relatively new kind of attack – First seen at small scale late in 99 • Use standard denial of service tools – SYN floods, smurf attacks, etc. • Combined with not-very-sophisticated Compromised distributed systems technology nodes start a DDoS attack • Resulting in an extremely effective attack Lecture 12 Page 3 CS 239, Spring 2002 Why Are Distributed Denial of Other Elements of Such Attacks Service Attacks Hard to Handle? • Each attacking machine can spoof its IP • Single machine denial of service address attacks are hard to handle • Typically under control of a single master • Spoofed IP addresses makes it harder machine • The Internet offers few or no tracing – Why is this “better” than launching from tools the attacker’s own machine? • Hacker toolkits make it trivial to • Often able to use different kinds of attacks compromise many machines Lecture 12 Lecture 12 Page 5 Page 6 CS 239, Spring 2002 CS 239, Spring 2002

  2. Sample Distributed Denial of Trinoo Service Toolkits • Trinoo • An early example • Relatively unsophisticated • Tribe Flood Network • But still effective • Stacheldraht • Doesn’t spoof IP addresses • Uses UDP flooding attacks –Basically, sending streams of UDP packets at random ports Lecture 12 Lecture 12 Page 7 Page 8 CS 239, Spring 2002 CS 239, Spring 2002 Trinoo Masters and Daemons Tribe Flood Network (TFN) • The machines actually sending the UDP • Somewhat more sophisticated than trinoo packets are daemons • Also uses master and daemon concept • The daemons are controlled by one or more • But can spoof IP addresses masters • And can exploit several different • Master machines start and stop attacks weaknesses – And specify the victim – TCP SYN flood, ICMP echo request • Daemons store encrypted list of acceptable flood, smurf attacks, plus UDP floods masters • Master/daemon communications sometimes encrypted Lecture 12 Lecture 12 Page 9 Page 10 CS 239, Spring 2002 CS 239, Spring 2002 Where Did the Toolkits Stacheldraht Come From? • A German hacker who calls himself • German for barbed wire Mixter wrote at least some of them • Derived, apparently, from Tribe Flood –TFN, at least Network • Other hackers altered his code or wrote • Added encryption to master/daemon their own communications before TFN did • After authors fiddled around a bit, they • Uses similar attacks to TFN posted the kits to hacking sites Lecture 12 Lecture 12 Page 11 Page 12 CS 239, Spring 2002 CS 239, Spring 2002

  3. Effects of Distributed Denial of Combating Distributed Denial of Service Attacks Service Attacks • Successfully launched against Yahoo, • Desirable properties of solution CNN, ETrade, many other sites • Approaches • Less successfully launched against Microsoft –Attacker didn’t have enough client machines • Attacks occur regularly Lecture 12 Lecture 12 Page 13 Page 14 CS 239, Spring 2002 CS 239, Spring 2002 Desirable Solution Properties Desirable Solution Properties Should be quick Should be accurate Lecture 12 Lecture 12 Page 15 Page 16 CS 239, Spring 2002 CS 239, Spring 2002 Desirable Solution Properties Desirable Solution Properties Not realistic to change basic stuff Must interoperate Should be cheap properly with • To deploy existing Internet • To run technology Lecture 12 Lecture 12 Page 17 Page 18 CS 239, Spring 2002 CS 239, Spring 2002

  4. Desirable Solution Properties Candidate Approaches • Filtering at the target • Tracing approaches • Pushback approaches • Filtering near source • Cooperative approaches • Public hygiene approaches Must itself be • Law enforcement approaches secure Lecture 12 Lecture 12 Page 19 Page 20 CS 239, Spring 2002 CS 239, Spring 2002 Filtering at the Target Filtering Solutions • When attack is detected, filter it • How? –Based on source IP addresses –Based on other header information Shut off the flow –Based on packet payload information at the target’s router • Modern routers can do this filtering Lecture 12 Page 21 CS 239, Spring 2002 Problems With Filtering Tracing Approaches Solutions • Find the sending sources and shut them • Can only be reactive down • Often requires assistance of third party • Requires tracing the attack packets –ISP provider or backbone site back through the network • Can’t filter everything always • Not simple with today’s technology • More clever attacks could bypass any • Smart attackers only attack for a while simple filter –Leaving nothing to trace Lecture 12 Lecture 12 Page 23 Page 24 CS 239, Spring 2002 CS 239, Spring 2002

  5. Basics of Tracing Tracing Solutions • Identify an attack packet ? • Check its IP address ? ? ? ? – If not forged, take external action – But it’s probably forged • Ask next upstream router where it came Trace the attack from back to its source(s) • And that router must ask the previous router Lecture 12 Page 25 CS 239, Spring 2002 Problems With Tracing Solutions Pushback Approaches • Install filtering at router close to target • No automated tools to do this • That router asks upstream routers to install • “Asking a router” amounts to a phone filters call to a system administrator – Which relieves the burden on target’s • Ultimately requires help of backbone router providers • Filters can be pushed further back, as • In wide DDOS, may have to trace needed hundreds of attack streams • Can rate limit, rather than filter Lecture 12 Lecture 12 Page 27 Page 28 CS 239, Spring 2002 CS 239, Spring 2002 Problems With Pushback Pushback Solutions But that router Approaches may still be So push the filtering overloaded • Requires cooperation among parties further back who normally don’t cooperate • Must address security flaws • Like other types of filtering, may filter the wrong stuff Start by shutting –And, with this approach, may get a off the flow at the target’s router lot of it Lecture 12 Lecture 12 Page 29 Page 30 CS 239, Spring 2002 CS 239, Spring 2002

  6. Filtering Near the Sources Source Side Filtering Solutions • Try to detect the problem close to the sites that are creating the traffic • Rate limit at routers close to the problem sites • A distributed solution to a distributed problem • Routers near attackers may have better information Shut off the flow at multiple entry points Lecture 12 Lecture 12 Page 31 Page 32 CS 239, Spring 2002 CS 239, Spring 2002 Problems With Filtering Near the Cooperative Approaches Sources • Requires deployment at many sites to be • Gather information from many effective different sources • Trying to detect the problem far away from • Analyze the total information to where it occurs understand what’s going on • Might be foolable from outside the local network • Apply some subset of previous – Turning the defense tool into an attack mechanisms to solve the problem tool Lecture 12 Lecture 12 Page 33 Page 34 CS 239, Spring 2002 CS 239, Spring 2002 Problems With Cooperative Public Hygiene Approaches Approaches • Must leverage off other approaches • A longer-term solution –Possibly inheriting their problems • Make sure that it’s harder to launch attacks • Some information provided may be untrustworthy • Make sure it’s harder to spoof IP addresses • Presumes some network connectivity • Basically, make sure everyone on the –Will that be available during an Internet has secure machines attack? Lecture 12 Lecture 12 Page 35 Page 36 CS 239, Spring 2002 CS 239, Spring 2002

  7. Problems With Public Hygiene Public Hygiene Solutions Approaches • Only work well if a high percentage of all sites follow them • Only work as long as no new vulnerabilities are discovered • Some of the prophylactic measures are limiting to those who apply them – And they’re not directly getting the Make it harder to benefits corrupt a bunch of machines Lecture 12 Lecture 12 Page 37 Page 38 CS 239, Spring 2002 CS 239, Spring 2002 Law Enforcement Approaches Law Enforcement Solutions • Call in the FBI • Have them trace down the culprit and toss him in jail • That’ll teach him! Call in the Feds! Lecture 12 Lecture 12 Page 39 Page 40 CS 239, Spring 2002 CS 239, Spring 2002 Problems With Law Enforcement A Sample Approach Approaches • The law, in its majesty, moves slowly • D-WARD –Even by human standards • Being developed here at UCLA • This kind of investigation is inherently • One of the family of approaches that costly works close to sources –And thus can’t often be done • Smart attackers may be very, very hard to find Lecture 12 Lecture 12 Page 41 Page 42 CS 239, Spring 2002 CS 239, Spring 2002

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Distributed Denial of Service Attacks & Defenses Guest Lecture by: Vamsi Kambhampati Fall

Distributed Denial of Service Attacks & Defenses Guest Lecture by: Vamsi Kambhampati Fall

Distributed Denial of Service Attacks & Defenses Guest Lecture by: Vamsi Kambhampati Fall 2011 Distributed Denial of Service (DDoS) Exhaust resources of a target, or the resources it depends on Resources: CPU, Memory, Bandwidth

427 views • 23 slides
In-Network Filtering of Distributed Denial-of-Service Traffic with Near-Optimal Rule Selection

In-Network Filtering of Distributed Denial-of-Service Traffic with Near-Optimal Rule Selection

In-Network Filtering of Distributed Denial-of-Service Traffic with Near-Optimal Rule Selection Devkishen Sisodia, Jun Li, Lei Jiao {dsisodia, lijun, jiao}@cs.uoregon.edu C ENTER F OR C YBER S ECURITY & P RIVACY Outline Introduction

730 views • 47 slides
The Problem Distributed Denial of Service Attacks and Defenses CS 239 Advanced Topics in

The Problem Distributed Denial of Service Attacks and Defenses CS 239 Advanced Topics in

The Problem Distributed Denial of Service Attacks and Defenses CS 239 Advanced Topics in Network Security Peter Reiher May 3, 2006 Lecture 9 Lecture 9 Page 1 Page 2 CS 239, Spring 2006 CS 239, Spring 2006 Distributed Denial of Service

500 views • 4 slides
Detecting Distributed Denial of Service Attacks: A Neural Network Approach Gulay Oke

Detecting Distributed Denial of Service Attacks: A Neural Network Approach Gulay Oke

Detecting Distributed Denial of Service Attacks: A Neural Network Approach Gulay Oke (g.oke@imperial.ac.uk) Intelligent Systems and Networks Group Dept. of Electrical and Electronic Engineering Imperial College London Multi-Service

681 views • 21 slides
Denial of Service Last Class Fault tolerance Concurrency Naming This Class

Denial of Service Last Class Fault tolerance Concurrency Naming This Class

Denial of Service Last Class Fault tolerance Concurrency Naming This Class Networking How DDoS works UDP Data Client Server Response TCP DDoS Distributed denial-of-service attack Attacker targets a victim from a

436 views • 28 slides
CyberWarfare Defense against Penetration T esting and distributed Denial-of-Service Attacks The

CyberWarfare Defense against Penetration T esting and distributed Denial-of-Service Attacks The

CyberWarfare Defense against Penetration T esting and distributed Denial-of-Service Attacks The Foundation of Network Security Stand-alone (ISP/Carrier Server Farm) modular TIPS for Perimeter Defense We brought a prototype for you!

263 views • 24 slides
Terminus: Towards a Network-Level Deployable Architecture Against Distributed Denial-of- Service

Terminus: Towards a Network-Level Deployable Architecture Against Distributed Denial-of- Service

Terminus: Towards a Network-Level Deployable Architecture Against Distributed Denial-of- Service Attacks Felipe Huici and Mark Handley Networks Research Group Department of Computer Science Overview Terminus architecture Protecting

553 views • 27 slides
A Machine Learning Approach for Detecting Distributed Denial of Service Attacks Tanaphon Roempluk

A Machine Learning Approach for Detecting Distributed Denial of Service Attacks Tanaphon Roempluk

A Machine Learning Approach for Detecting Distributed Denial of Service Attacks Tanaphon Roempluk Master's degree studying Majoring in Information technology Faculty of informatics, Mahasarakham University The 4th International Conference on

207 views • 17 slides
IoDDoS The Internet of Distributed Denial of Service Attacks A Case Study of the Mirai

IoDDoS The Internet of Distributed Denial of Service Attacks A Case Study of the Mirai

SPAWAR S YSTEMS C ENTER P ACIFIC IoDDoS The Internet of Distributed Denial of Service Attacks A Case Study of the Mirai Malware and IoT-Based Botnets 24-26 April, 2017 Presented at the 2 nd International Conference Presented by Roger

654 views • 20 slides
Denial of Service Denial of Service An attack designed to disrupt or completely deny

Denial of Service Denial of Service An attack designed to disrupt or completely deny

1 Denial of Service Denial of Service An attack designed to disrupt or completely deny legitimate users access to network, servers, services, or other resources Two basic favors: Target resource starvation Network

430 views • 19 slides
1 Connect | Communicate | Collaborate Distributed Denial of Service (DDoS) Effects, Mitigations

1 Connect | Communicate | Collaborate Distributed Denial of Service (DDoS) Effects, Mitigations

1 Connect | Communicate | Collaborate Distributed Denial of Service (DDoS) Effects, Mitigations & Future Tony Barber Nov 2013 TF-NOC Wayne Routly, DANTE GEANT APM, Vienna 8 October, 2013 Agenda Effects Real World Examples Mitigations

237 views • 13 slides
Resilient Networking 07: Denial of Service 1 Outline Classification DoS examples

Resilient Networking 07: Denial of Service 1 Outline Classification DoS examples

Resilient Networking 07: Denial of Service 1 Outline Classification DoS examples Countermeasures against DoS Crypto Puzzles Stateless Protocols Avoid IP address spoofing / identifying malicious nodes Ingress filtering

937 views • 72 slides
Denial of Service attacks Markus Peuhkuri 2005-04-12 Lecture topics Types of denial of service

Denial of Service attacks Markus Peuhkuri 2005-04-12 Lecture topics Types of denial of service

Denial of Service attacks Markus Peuhkuri 2005-04-12 Lecture topics Types of denial of service How to mitigate attacks How to find out senders What is Denial of Service

542 views • 8 slides
Outline Malware and the network, contd Denial of service and the network CSci 5271

Outline Malware and the network, contd Denial of service and the network CSci 5271

Outline Malware and the network, contd Denial of service and the network CSci 5271 Introduction to Computer Security Announcements intermission Malware and anonymity combined lecture Anonymous communications techniques Stephen McCamant

665 views • 10 slides
A study of denial of service attacks on the Internet David J. Marchette marchettedj@nswc.navy.mil

A study of denial of service attacks on the Internet David J. Marchette marchettedj@nswc.navy.mil

A study of denial of service attacks on the Internet David J. Marchette marchettedj@nswc.navy.mil Naval Surface Warfare Center Code B10 < > - + A study of denial of service attacks on the Internet p.1/39 Outline Background

761 views • 54 slides
Distributed Denial of Service Attacks and Coutntermeasures CSE598K/CSE545 - Advanced Network

Distributed Denial of Service Attacks and Coutntermeasures CSE598K/CSE545 - Advanced Network

740 views • 26 slides
Chapter 7 Denial of Service Attacks DoS attack: An action that prevents or impairs the

Chapter 7 Denial of Service Attacks DoS attack: An action that prevents or impairs the

Chapter 7 Denial of Service Attacks DoS attack: An action that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources such as central processing units (CPU), memory, bandwidth, and disk space.

1.55k views • 28 slides
Denial-of-Service (DoS) CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs:

Denial-of-Service (DoS) CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs:

Denial-of-Service (DoS) CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs: John Bethencourt, Erika Chin, Matthew Finifter, Cynthia Sturton, Joel Weinberger http://inst.eecs.berkeley.edu/~cs161/ Feb 22, 2010 Announcements

644 views • 29 slides
Dr. Tanya Stanko, Vice-Provost for Educa:on for Workshop

Dr. Tanya Stanko, Vice-Provost for Educa:on for Workshop

Dr. Tanya Stanko, Vice-Provost for Educa:on for Workshop for Deans, Department Chairs and Research Directors 13 October 2014 Wroclaw, Poland, The

659 views • 28 slides
Can we leverage network monitoring to build comprehensive situational awareness of our

Can we leverage network monitoring to build comprehensive situational awareness of our

Can we leverage network monitoring to build comprehensive situational awareness of our operating environments in a way that scales well? How could such an awareness allow us to find anomalous and malicious behavior? God I hope so. If

215 views • 7 slides
and Real-Time Detection Schemes Zhuozhao Li*, University of Chicago Tanmoy Sen and Haiying Shen,

and Real-Time Detection Schemes Zhuozhao Li*, University of Chicago Tanmoy Sen and Haiying Shen,

Impact of Memory DoS Attacks on Cloud Applications and Real-Time Detection Schemes Zhuozhao Li*, University of Chicago Tanmoy Sen and Haiying Shen, University of Virginia Mooi Choo Chuah, Lehigh University *Work done when Zhuozhao Li was at the

898 views • 24 slides
Exploring DDoS Defense Mechanisms Patrick Holl Seminar Future Internet SS14-WS14/15 Lehrstuhl

Exploring DDoS Defense Mechanisms Patrick Holl Seminar Future Internet SS14-WS14/15 Lehrstuhl

Lehrstuhl Netzarchitekturen und Netzdienste Institut fr Informatik Technische Universitt Mnchen Exploring DDoS Defense Mechanisms Patrick Holl Seminar Future Internet SS14-WS14/15 Lehrstuhl Netzarchitekturen und Netzdienste Fakultt

622 views • 29 slides
Security Middleware for Distributed applications Professor : Sophie Chabridon Ma Siqi Shalini

Security Middleware for Distributed applications Professor : Sophie Chabridon Ma Siqi Shalini

Security Middleware for Distributed applications Professor : Sophie Chabridon Ma Siqi Shalini Nagar 1 CONTENTS Security Characterizing Security General Scenario Tactics for Security A Design Checklist for Security Summary 2 01

487 views • 25 slides
A Brief History of the World 1 CEN-5079: 11.April.2019 Network Security Lecture 10 2

A Brief History of the World 1 CEN-5079: 11.April.2019 Network Security Lecture 10 2

A Brief History of the World 1 CEN-5079: 11.April.2019 Network Security Lecture 10 2 CEN-5079: 11.April.2019 Why and Who Attack Networks ? Challenge : Hackers Money : Espionage Money : Organized Crime Ideology :

728 views • 57 slides

More recommend