Post on 03-Jan-2016
description
1
Defending Against Denial of Service Attacks
Presented By: Jordan Deveroux
2
I. What are Denial of Service Attacks and what makes the internet vulnerable to them?
II. How do these attacks occur?III.How do we defend against such
attacks?IV.What are the ethical implications of
Denial of Service Attacks and their effect on our society ?
Outline
3
Denial of Service (Dos)- An attack that is trying to deny access by legitimate users to shared resources or services
Distributed Denial of Service (DDoS)- A denial of service attack where the traffic comes from multiple sources
Denial of Service Attacks
Attacker
Victim
Zombies
5
Zombies
• Malicious Payload is Installed• Communication
takes place on IRC channels• Software
contains a flooding mechanism• Software can be
updated by attacker
6
IP Spoofing- creating an IP packet with false information, often a false address.
Multipath routing makes packet tracing difficult
No centralized Internet authority
Internet Vulnerabilities
7
I. What are Denial of Service Attacks and what makes the internet vulnerable to them?
II. How do these attacks occur?III.How do we defend against such
attacks?IV.What are the ethical implications of
Denial of Service Attacks and their effect on our society ?
Outline
8
1. Consumes a host’s resources CPU Memory
2. Consumes network bandwidth Legitimate traffic is unable to go
through
Attack Power- level of resources consumed at the victim by the attack
What does DoS Attack?
9
Protocol-BasedApplication-BasedDistributed Reflector Infrastructure Attacks
Categories of Bandwidth Attacks
Protocol-Based: SYN Flood
11
Protocol-Based: ICMP Flood
INTERNET
ATTACKER VICTIM
INTERMEDIARYNETWORK
12
Application-Based: HTTP Flood
Attacking web servers with many http requests
Used in DDoS because it requires a genuine IP
Multiple ways to flood using this method
Application Based:SIP FLOOD
VOIP Attack Flood proxy
servers with many invite packets
Affects not only proxy servers but legitimate callers
Distributed Reflector Attacks
15
Disable Critical components of the Internet
Significant Attack power is required to successfully execute an infrastructure attack
These types of attacks are why we need a globally-cooperative defense effort
Infrastructure Attacks
16
I. What are Denial of Service Attacks and what makes the internet vulnerable to them?
II. How do these attacks occur?III.How do we defend against such
attacks?IV.What are the ethical implications of
Denial of Service Attacks and their effect on our society ?
Outline
17
Attack PreventionAttack DetectionAttack Source Identification
Attack Reaction
Four Categories of Defense
18
Attack Prevention: Ingress/Egress Filtering
19
Router Based Packet Filtering Possible if Tier 1 ISPs are involved
SAVE Protocol Needs to be universally deployed
These Techniques prevent IP spoofing and filter traffic before it reaches the target, but need wide adoption to be effective
Other Attack Prevention Techniques
20
Easy to detect Differentiate between flash crowds
and DoS attack Rely on certain assumptions
Attack Detection Techniques: DoS-attack-specific Anomaly-based
Attack Detection Techniques
21
Dos-Specific
MULTOPS SYN Detection Kolmogorov Test Spectral Analysis Time Series
Analysis
Anomaly-Based Need to build a normal
profile Block irregular traffic Difficult to determine
all normal traffic Lightweight Intrusion
Detection System (LISYS)
The only way to detect a DDoS effectively and early is to monitor features attackers can’t change or are really difficult to change, (e.g. : Percent of new IP’s)
22
Tracking IP traffic is difficult to do
Active IP traceback technique Probabilistic traceback technique
Hash-Based IP traceback
Attack Source Identification
23
Attack Reaction Techniques
24
Bottleneck Resource Management Fix Software-Based Vulnerabilities History-Based IP Filtering
Intermediate Network Reaction Harder to track the greater the distance Controller-Agent Scheme
Source End Reaction D-WARD
Attack Reaction Techniques
25
Most of these are DoS defense Limited progress made on DDoS Attacker resources often surpass
victim’s resources Defenses are limited due to lack of
central control of the internet We need to increase the reliability of
global network infrastructure Most effective is to block attack close
to source
Conclusion on Defense Techniques
26
I. What are Denial of Service Attacks and what makes the internet vulnerable to them?
II. How do these attacks occur?III.How do we defend against such
attacks?IV.What are the ethical implications of
Denial of Service Attacks and their effect on our society ?
Outline
27
Security knowledge of users is decreasing while attacks are becoming more and more sophisticated
In 1988, 6 attacks were reported In 2003, 137, 529 attacks were reported CSI/FBI survey shows on average 35% percent who
participate suffered DoS attacks Vulnerabilities have increased to 35x the number
reported in 1995 Only 4 out of 1127 customer-based system attacks
used spoofed addresses in 2004
Growth of DoS and DDoS attacks
28
Implementing defense schemes are expensive
Lack of economic incentive Personal users Internet Service Providers
Don’t want to spend money to protect someone else’s network
What’s taking so long?
“Code Red” Worm (2001) 300,000 zombie army to launch DoS against
White House website Distributed Reflector Attack (2002)
Brought down www.grc.com Internet DNS Root Servers (2002)
SYN Flood and ICMP Flood All 13 DNS root servers were attacked at the
same time Total Attack Volume: 900 Mb/s Most queries answered but some parts of
internet experienced congestion or were unreachable
Blaster Worm (2003) Exploited vulnerability in RPC SYN Flood against windowsupdate.com
30
These attacks can have lasting effects, including monetary damages
Used as a political statement Wikileaks fiasco (2010)
Operation : Payback Mastercard, PostFinance, Paypal
Ethics
31
Survery of Network Based Defense Mechanisms Countering the DoS and DDoS Problems (Peng, Leckie, Ramamohanarao)
www.cert.org
http://www.pcmag.com/article2/0,2817,2374023,00.asp
References