DDOS Attacks And Defence Technics
-
Upload
beguem-tokuyucu -
Category
Technology
-
view
251 -
download
0
Transcript of DDOS Attacks And Defence Technics
![Page 1: DDOS Attacks And Defence Technics](https://reader034.fdocuments.in/reader034/viewer/2022052413/559849c01a28ab5d168b4844/html5/thumbnails/1.jpg)
DENIAL OF SERVICE ATTACKS
AND DEFENCE TECHNICS
BEGÜM TOKUYUCU
1
![Page 2: DDOS Attacks And Defence Technics](https://reader034.fdocuments.in/reader034/viewer/2022052413/559849c01a28ab5d168b4844/html5/thumbnails/2.jpg)
OUTLINE
• What is DOS?
• What is DDOS?
• Types of DOS and DDOS Attacks
• Defencing ways of DDOS Attacks
2
![Page 3: DDOS Attacks And Defence Technics](https://reader034.fdocuments.in/reader034/viewer/2022052413/559849c01a28ab5d168b4844/html5/thumbnails/3.jpg)
What is DENial of service attacks?
• To prevent or impairs the authorised use of
networks, systems or applications by resources.
• Resources:
• Network Bandwidth,
• System Resources,
• Application Resources
• To characterise by how many systems are used to
direct traffic at the target system
![Page 4: DDOS Attacks And Defence Technics](https://reader034.fdocuments.in/reader034/viewer/2022052413/559849c01a28ab5d168b4844/html5/thumbnails/4.jpg)
WHAT IS DISTRIBUTED DENIAL
SERVICE ATTACK?
• DDOS
• Steps
• Recruiting of zombie machines
• Discovering the vulnerability of the target
• Sending the attack instructions to the zombies
• Attack
![Page 5: DDOS Attacks And Defence Technics](https://reader034.fdocuments.in/reader034/viewer/2022052413/559849c01a28ab5d168b4844/html5/thumbnails/5.jpg)
![Page 6: DDOS Attacks And Defence Technics](https://reader034.fdocuments.in/reader034/viewer/2022052413/559849c01a28ab5d168b4844/html5/thumbnails/6.jpg)
WHY DDOS?
• Financial and economical gain
• Revenge
• Fun
• Show
• Cyberwarfare
6
![Page 7: DDOS Attacks And Defence Technics](https://reader034.fdocuments.in/reader034/viewer/2022052413/559849c01a28ab5d168b4844/html5/thumbnails/7.jpg)
![Page 8: DDOS Attacks And Defence Technics](https://reader034.fdocuments.in/reader034/viewer/2022052413/559849c01a28ab5d168b4844/html5/thumbnails/8.jpg)
![Page 9: DDOS Attacks And Defence Technics](https://reader034.fdocuments.in/reader034/viewer/2022052413/559849c01a28ab5d168b4844/html5/thumbnails/9.jpg)
TYPES OF ATTACKS
• Classical DOS Attacks
• Source Address Spoofing
• TCP SYN/ACK Spoofing
• ICMP Flood Attacks
• UDP Flood Attacks
• Smurf Attack
• DNS DDOS
• Peer to Peer Attacks9
![Page 10: DDOS Attacks And Defence Technics](https://reader034.fdocuments.in/reader034/viewer/2022052413/559849c01a28ab5d168b4844/html5/thumbnails/10.jpg)
CLASSIC DOS ATTACKS
• Flooding attack
• To overwhelm the capacity of network
connection to the target organization
• The source of the attack is clearly identified.
10
![Page 11: DDOS Attacks And Defence Technics](https://reader034.fdocuments.in/reader034/viewer/2022052413/559849c01a28ab5d168b4844/html5/thumbnails/11.jpg)
SOURCE ADDRESS SPOOFING
• Use of forged source address.
• Forged source address harder to identify.
• You cannot create a normal network connection. Receiver will not be able to
reply to you.
• Raw socket interface on many operating systems
• Example:
• Man in the middle
• Routing redirect
• Source routing
11
![Page 12: DDOS Attacks And Defence Technics](https://reader034.fdocuments.in/reader034/viewer/2022052413/559849c01a28ab5d168b4844/html5/thumbnails/12.jpg)
TCP SYN/ACK SPOOFING
• Ability of a network server to respond to TCP
connection requests
![Page 13: DDOS Attacks And Defence Technics](https://reader034.fdocuments.in/reader034/viewer/2022052413/559849c01a28ab5d168b4844/html5/thumbnails/13.jpg)
• If there is a valid ->
(RST)
• If the system is busy -
>NO REPLY
• Using table to keep
connections
• When table is full
increase the table size
![Page 14: DDOS Attacks And Defence Technics](https://reader034.fdocuments.in/reader034/viewer/2022052413/559849c01a28ab5d168b4844/html5/thumbnails/14.jpg)
DEFENCE WAY OF
TCP SYN/ACK SPOOFING• Decrease the TCP connection timeout on the server
(victim)
• Using firewall as an intermediatory between server &
client.
14
![Page 15: DDOS Attacks And Defence Technics](https://reader034.fdocuments.in/reader034/viewer/2022052413/559849c01a28ab5d168b4844/html5/thumbnails/15.jpg)
FLOODING ATTACKS
• Based on network protocol. (TCP, UDP, ICMP)
• Goal:
• to overload the network capacity on same link in server
• to overload server’s ability to handle the traffic
• Types:
• ICMP Flood Attacks
• UDP Flood Attacks
• Smurf Attack
![Page 16: DDOS Attacks And Defence Technics](https://reader034.fdocuments.in/reader034/viewer/2022052413/559849c01a28ab5d168b4844/html5/thumbnails/16.jpg)
ICMP FLOOD ATTACKS
• Packets was chosen
traditionally network
administrators
allowed.
• Attackers used
ICMP packets
• Send packets to
victims address16
![Page 17: DDOS Attacks And Defence Technics](https://reader034.fdocuments.in/reader034/viewer/2022052413/559849c01a28ab5d168b4844/html5/thumbnails/17.jpg)
DEFENCE WAY OF
ICMP FLOOD ATTACKS
• To set a packet-per-second threshold for
ICMP requests.
• When the ICMP packet flow exceeds the
defined threshold, the security device
ignores further ICMP echo requests.
17
![Page 18: DDOS Attacks And Defence Technics](https://reader034.fdocuments.in/reader034/viewer/2022052413/559849c01a28ab5d168b4844/html5/thumbnails/18.jpg)
UDP FLOOD ATTACKS• Attackers obtain IP address of
many devices.
• Send data packets (UDP packets)
to random ports of the server
• If the server is not running then
packet discarded.
• If the server is running, it try to
identify data received wrong ports
and sent to “destination
unreachable” message.
18
![Page 19: DDOS Attacks And Defence Technics](https://reader034.fdocuments.in/reader034/viewer/2022052413/559849c01a28ab5d168b4844/html5/thumbnails/19.jpg)
DEFENCE WAY
OF UDPFLOOD ATTACKS
• Limit the rate at which destination unreachable
messages are sent or not send such packets.
• Introduce firewall before the server to check
whether the incoming packets are assigned to
the correct port or not.
• If correct than pass the packets, else reject the
packet.19
![Page 20: DDOS Attacks And Defence Technics](https://reader034.fdocuments.in/reader034/viewer/2022052413/559849c01a28ab5d168b4844/html5/thumbnails/20.jpg)
SMURF ATTACKS
• To send a huge amount of traffic and cause a virtual explosion of
traffic at the intended target.
• Steps
• To obtain IP address of victim,
• Use this spoofed IP address, hackers send ICMP packets via
routers to a networks broadcasting address of this IP address.
• Devices reply messages via ICMP to the IP address of victim.
• Victim get flooded with incoming packets.
20
![Page 21: DDOS Attacks And Defence Technics](https://reader034.fdocuments.in/reader034/viewer/2022052413/559849c01a28ab5d168b4844/html5/thumbnails/21.jpg)
![Page 22: DDOS Attacks And Defence Technics](https://reader034.fdocuments.in/reader034/viewer/2022052413/559849c01a28ab5d168b4844/html5/thumbnails/22.jpg)
DEFENCE WAYS OF SMURF
ATTACKS
• To set up a firewall so as to filters unwanted
messages.
• To configure the router to not contact all the
devices connected to its network when ICMP
message is obtained to its broadcast
address.
![Page 23: DDOS Attacks And Defence Technics](https://reader034.fdocuments.in/reader034/viewer/2022052413/559849c01a28ab5d168b4844/html5/thumbnails/23.jpg)
DNS DDOS ATTACKS
• Attacker asks zombies to send DNS queries of a site
www.kfssdfsdffks.com to a DNS server and zombies
are impersonated as the target server.
• DNS server thinks that it is the target server which is
requesting the pages and so the DNS server sends
these requested page’s IP address as reply to the
target.
• Target server is receiving a load of DNS replies and
server cashes 23
![Page 24: DDOS Attacks And Defence Technics](https://reader034.fdocuments.in/reader034/viewer/2022052413/559849c01a28ab5d168b4844/html5/thumbnails/24.jpg)
DEFENCE WAY OF
DNS DDOS ATTACKS
• You know the IP addresses of the sites
which the DNS server is sending to you
continuously, it is a simple matter to use your
firewall to block traffic from those addresses.
24
![Page 25: DDOS Attacks And Defence Technics](https://reader034.fdocuments.in/reader034/viewer/2022052413/559849c01a28ab5d168b4844/html5/thumbnails/25.jpg)
PEER TO PEER ATTACKS
• The attacker act as puppet, instructing clients of large
P2P file sharing networks to disconnect from their P2P
network and to connect o the victim’s website instead.
• Thousand of computers try to connect to the target
website specified by the attackers for
downloading/uploading files.
• Server get confused of whats going on with the
requests from different thousand computers. 25
![Page 26: DDOS Attacks And Defence Technics](https://reader034.fdocuments.in/reader034/viewer/2022052413/559849c01a28ab5d168b4844/html5/thumbnails/26.jpg)
![Page 27: DDOS Attacks And Defence Technics](https://reader034.fdocuments.in/reader034/viewer/2022052413/559849c01a28ab5d168b4844/html5/thumbnails/27.jpg)
DEFENCE WAY OF
PEER TO PEER ATTACKS• To have a semi centralised authority to track
large scale malicious P2P network activity.
• Update to torrent clients as most of the P2P
attacks are done using those computers
running old torrent clients whose loopholes
hadn’t be fixed.
• To encrypt P2P traffic.27
![Page 28: DDOS Attacks And Defence Technics](https://reader034.fdocuments.in/reader034/viewer/2022052413/559849c01a28ab5d168b4844/html5/thumbnails/28.jpg)
REFERENCES
• Computer Security Principles & Practice (book)
• https://www.nordu.net/articles/smurf.html
• http://hackmageddon.com/2012/10/22/1-15-october-2012-
cyber-attack-statistics/
• https://www.securelist.com/en/analysis/204792189/DDoS_
attacks_in_Q2_2011
• http://www.cse.wustl.edu/~jain/cse571-07/ftp/p2p/
28
![Page 29: DDOS Attacks And Defence Technics](https://reader034.fdocuments.in/reader034/viewer/2022052413/559849c01a28ab5d168b4844/html5/thumbnails/29.jpg)
• THANKS!
29