SlideShare a Scribd company logo

D do s

Download as PPT, PDF
S
sunilkumar021

mos dos poresentation

EducationTechnology
1 of 86
Distributed Denial of Service Attacks Prepared For: Prof. Ruby Lee ELE 572 September 23, 2002 Princeton University Electrical Engineering Department
Presentation Overview ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department
Introduction to DDoS ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Specht
Background Information: Denial of Service Attacks ,[object Object],[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Specht
Classification of DoS Attacks [1] September 23, 2002 Princeton University Electrical Engineering Department Specht Attack Affected Area Example Description Network Level Device Routers, IP Switches, Firewalls Ascend Kill II, “ Christmas Tree Packets” Attack attempts to exhaust hardware resources using multiple duplicate packets or a software bug. OS Level Equipment Vendor OS, End-User Equipment. Ping of Death, ICMP Echo Attacks, Teardrop Attack takes advantage of the way operating systems implement protocols. Application Level Attacks Finger Bomb Finger Bomb, Windows NT RealServer G2 6.0 Attack a service or machine by using an application attack to exhaust resources. Data Flood (Amplification, Oscillation, Simple Flooding) Host computer or network Smurf Attack (amplifier attack) UDP Echo (oscillation attack) Attack in which massive quantities of data are sent to a target with the intention of using up bandwidth/processing resources. Protocol Feature Attacks Servers, Client PC, DNS Servers SYN (connection depletion) Attack in which “bugs” in protocol are utilized to take down network resources. Methods of attack include: IP address spoofing, and corrupting DNS server cache.
Countermeasures for DoS Attacks [1] September 23, 2002 Princeton University Electrical Engineering Department Specht Attack Countermeasure Options Example Description Network Level Device Software patches, packet filtering Ingress and Egress Filtering Software upgrades can fix known bugs and packet filtering can prevent attacking traffic from entering a network. OS Level SYN Cookies, drop backlog connections, shorten timeout time SYN Cookies Shortening the backlog time and dropping backlog connections will free up resources. SYN cookies proactively prevent attacks. Application Level Attacks Intrusion Detection System GuardDog, other vendors. Software used to detect illicit activity. Data Flood (Amplification, Oscillation, Simple Flooding) Replication and Load Balancing Akami/Digital Island provide content distribution. Extend the volume of content under attack makes it more complicated and harder for attackers to identify services to attack and accomplish complete attacks. Protocol Feature Attacks Extend protocols to support security. ITEF standard for itrace, DNSSEC Trace source/destination packets by a means other than the IP address (blocks against IP address spoofing). DNSSEC would provide authorization and authentication on DNS information.
DoS Shortfalls ,[object Object],[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Specht
Distributed Denial of Service Attacks ,[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Specht
DDoS Architecture September 23, 2002 Princeton University Electrical Engineering Department Specht Client Client Handler Handler Handler Handler Agents
Widely Used DDoS Programs ,[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Specht
Trinoo ,[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Specht
Analysis of trinoo [4] ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Specht
TFN (Tribe Flood Network) ,[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Specht
Analysis of TFN [5] ,[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Specht
TFN2K ,[object Object],[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Specht
stacheldraht ,[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Specht
Analysis of stacheldraht [6] ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Specht
Common DDoS Countermeasures [2] ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Specht
DDoS Protection Environment [2] ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Specht
DDoS Case Study: GRC.com [7] ,[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Specht
GRC.com Network [7] September 23, 2002 Princeton University Electrical Engineering Department Verio Router T1 Trunk T1 Trunk Internet Internet GRC.COM Firewall Router 100Mbps 100Mbps Specht
GRC.COM Case Study: Initial Attack [7] ,[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Specht
GRC.COM Case Study: Initial Response to DDoS Attack [7] ,[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Specht
GRC.COM Case Study: Additional Attacks [7] ,[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Specht
GRC.COM Case Study: Attacker’s Mistake [7] ,[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Specht
GRC.COM Case Study: Difficulty in Getting Help Stopping DDoS Attacks [7] ,[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Specht
GRC.COM Case Study: GRC’s Infiltration [7] ,[object Object],[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Specht
GRC.COM Case Study: GRC’s Infiltration Network [7] September 23, 2002 Princeton University Electrical Engineering Department Specht IRC Servers “ Sitting Duck” T1 Trunk T1 Trunk Internet Packet sniffer ,[object Object],[object Object],[object Object],[object Object],Finland
GRC.COM Attack Network Setup September 23, 2002 Princeton University Electrical Engineering Department Verio Router T1 Trunk T1 Trunk Internet GRC.COM IRC Servers Attacker 1. Attacker logs on to IRC server (IRC Server does not store IP address and provides anonymous access. 2. Zombie “bots” or DDoS tools that were previously inserted to PCs out in the network “wake up” and connect to IRC server waiting for instructions. Specht
GRC.COM Attack Network Attacking September 23, 2002 Princeton University Electrical Engineering Department Verio Router T1 Trunk T1 Trunk Internet GRC.COM IRC Servers Attacker 1. Attacker issues command to attack GRC.COM 2. Each DDoS daemon begins to attack the selected website. Specht
Defending Against DDoS Attacks ,[object Object],[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Huang
Conceptual Model for Defending Against DDoS Attacks ,[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Huang
Conceptual Model for Defending Against DDoS Attacks ,[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Huang
Conceptual Model for Defending Against DDoS Attacks September 23, 2002 Princeton University Electrical Engineering Department Huang
Layer 1: Coordinated Technical Solutions ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department User-Level Server-level Huang
Layer 1: Coordinated Technical Solutions ,[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Huang
Layer 1: Coordinated Technical Solutions ,[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Huang
Layer 1: Coordinated Technical Solutions ,[object Object],[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Huang
Layer 1: Coordinated Technical Solutions ,[object Object],[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Huang
Layer 1: Coordinated Technical Solutions ,[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Huang
Layer 1: Coordinated Technical Solutions ,[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Huang
Layer 1: Coordinated Technical Solutions ,[object Object],[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Huang
IDIP: An Example of Anti-flood System ,[object Object],[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Huang
IDIP: An Example of Anti-flood System ,[object Object],[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Huang
IDIP: An Example of Anti-flood System ,[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Huang
IDIP: An Example of Anti-flood System ,[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Huang
Layer 2: Consistent Incentive Structure ,[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Huang
Layer 2: Consistent Incentive Structure ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Huang
Layer 2: Consistent Incentive Structure ,[object Object],[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Huang
Layer 2: Consistent Incentive Structure ,[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Huang
Special Issue: Wireless Network Against DDoS ,[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Huang
Special Issue: Wireless Network Against DDoS ,[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Huang
Special Issue: Wireless Network Against DDoS ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Huang
Special Issue: Wireless Network Against DDoS ,[object Object],September 23, 2002 Princeton University Electrical Engineering Department Huang
Special Issue: Wireless Network Against DDoS ,[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Huang
Special Issue: Wireless Network Against DDoS ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Huang
Conceptual Model for Wireless Network Against DDoS ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Huang
Conceptual Model for Wireless Network Against DDoS ,[object Object],[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Huang
Conceptual Model for Wireless Network Against DDoS ,[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Huang
Conceptual Model for Wireless Network Against DDoS ,[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Huang
Conceptual Model for Wireless Network Against DDoS ,[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Huang
Conceptual Model for Wireless Network Against DDoS ,[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Huang
Conceptual Model for Wireless Network Against DDoS ,[object Object],[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Huang
Wireless Network Against DDoS ,[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Huang
General Protections against DDoS September 23, 2002 Princeton University Electrical Engineering Department Bayazit
Motivation ,[object Object],[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Bayazit
Network Tracking Solutions ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Bayazit
Probabilistic Packet Marking ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Bayazit
ITrace ,[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Bayazit
SPIE ,[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Bayazit
Computer Based Protection ,[object Object],[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Bayazit
Intrusion Detection Systems ,[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Bayazit Anomaly Based vs. Signature Based Anomaly Based Signature Based
Operating System ,[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Bayazit
Filtering ,[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Bayazit
Problems with Filtering ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Bayazit
Filtering In Detail ,[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Bayazit
Defending Against Reflectors ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Bayazit
What can be filtered? September 23, 2002 Princeton University Electrical Engineering Department Bayazit IP Comments Version Insignificant Header Length Insignificant TOS/DSCP Could Be Useful Length Insignificant Fragments If Not Using NFS, AFS, GRE TTL None (is it?) Protocol None Checksum None Source ???? Destination ????
What Can Be Filtered? September 23, 2002 Princeton University Electrical Engineering Department Bayazit ICMP Comments Request/Reply Filterable Problem Filterable TCP Comments Source Port Not Much, Depends SYN ACK Not Much, Depends RST Dangerous Sequence numbers DANGEROUS!
What Can Be Filtered? September 23, 2002 Princeton University Electrical Engineering Department Bayazit UDP Comments Connectionless No big deal Length Insignificant Checksum Insignificant
Defending Against DDoS – Traffic Tracking ,[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Specht
Network Traffic Tracking Systems [8] ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Specht
Model of Network Anonymity [8] ,[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Specht Privacy Sensitivity Application Layer User Session Layer Network Session Layer Presentation Layer Network/Internetwork Layer Transport Layer Physical Layer Data Link Layer
Desirable properties of an NTTS [8] ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Specht
Three Model Environments [8] ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Specht
References ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],September 23, 2002 Princeton University Electrical Engineering Department Specht

Recommended

Ip Guardian customer presentation
Ip Guardian customer presentationIp Guardian customer presentation
Ip Guardian customer presentation
acaiani
 
DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...
DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...
DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...
MazeBolt Technologies
 
Paper id 41201622
Paper id 41201622Paper id 41201622
Paper id 41201622
IJRAT
 
IRJET- A Survey on DDOS Attack in Manet
IRJET- A Survey on DDOS Attack in ManetIRJET- A Survey on DDOS Attack in Manet
IRJET- A Survey on DDOS Attack in Manet
IRJET Journal
 
Preventing Distributed Denial of Service Attacks in Cloud Environments
Preventing Distributed Denial of Service Attacks in Cloud Environments Preventing Distributed Denial of Service Attacks in Cloud Environments
Preventing Distributed Denial of Service Attacks in Cloud Environments
IJITCA Journal
 
DDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBolt
DDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBoltDDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBolt
DDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBolt
MazeBolt Technologies
 
IRJET- Software Defined Network: DDOS Attack Detection
IRJET- Software Defined Network: DDOS Attack DetectionIRJET- Software Defined Network: DDOS Attack Detection
IRJET- Software Defined Network: DDOS Attack Detection
IRJET Journal
 
FIRECOL: A COLLABORATIVE PROTECTION NETWORK FOR THE DETECTION OF FLOODING DDO...
FIRECOL: A COLLABORATIVE PROTECTION NETWORK FOR THE DETECTION OF FLOODING DDO...FIRECOL: A COLLABORATIVE PROTECTION NETWORK FOR THE DETECTION OF FLOODING DDO...
FIRECOL: A COLLABORATIVE PROTECTION NETWORK FOR THE DETECTION OF FLOODING DDO...
Deenuji Loganathan
 

Recommended

Ip Guardian customer presentation
Ip Guardian customer presentationIp Guardian customer presentation
Ip Guardian customer presentation
acaiani
 
DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...
DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...
DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...
MazeBolt Technologies
 
Paper id 41201622
Paper id 41201622Paper id 41201622
Paper id 41201622
IJRAT
 
IRJET- A Survey on DDOS Attack in Manet
IRJET- A Survey on DDOS Attack in ManetIRJET- A Survey on DDOS Attack in Manet
IRJET- A Survey on DDOS Attack in Manet
IRJET Journal
 
Preventing Distributed Denial of Service Attacks in Cloud Environments
Preventing Distributed Denial of Service Attacks in Cloud Environments Preventing Distributed Denial of Service Attacks in Cloud Environments
Preventing Distributed Denial of Service Attacks in Cloud Environments
IJITCA Journal
 
DDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBolt
DDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBoltDDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBolt
DDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBolt
MazeBolt Technologies
 
IRJET- Software Defined Network: DDOS Attack Detection
IRJET- Software Defined Network: DDOS Attack DetectionIRJET- Software Defined Network: DDOS Attack Detection
IRJET- Software Defined Network: DDOS Attack Detection
IRJET Journal
 
FIRECOL: A COLLABORATIVE PROTECTION NETWORK FOR THE DETECTION OF FLOODING DDO...
FIRECOL: A COLLABORATIVE PROTECTION NETWORK FOR THE DETECTION OF FLOODING DDO...FIRECOL: A COLLABORATIVE PROTECTION NETWORK FOR THE DETECTION OF FLOODING DDO...
FIRECOL: A COLLABORATIVE PROTECTION NETWORK FOR THE DETECTION OF FLOODING DDO...
Deenuji Loganathan
 
Presentation1 shweta
Presentation1 shweta Presentation1 shweta
Presentation1 shweta
swet4
 
DDoS Defense for the Hosting Provider - Protection for you and your customers
DDoS Defense for the Hosting Provider - Protection for you and your customersDDoS Defense for the Hosting Provider - Protection for you and your customers
DDoS Defense for the Hosting Provider - Protection for you and your customers
Stephanie Weagle
 
Ix3615551559
Ix3615551559Ix3615551559
Ix3615551559
IJERA Editor
 
DDoS Attack Detection & Mitigation in SDN
DDoS Attack Detection & Mitigation in SDNDDoS Attack Detection & Mitigation in SDN
DDoS Attack Detection & Mitigation in SDN
Chao Chen
 
A secure intrusion detection system against ddos attack in wireless mobile ad...
A secure intrusion detection system against ddos attack in wireless mobile ad...A secure intrusion detection system against ddos attack in wireless mobile ad...
A secure intrusion detection system against ddos attack in wireless mobile ad...
vishnuRajan20
 
IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...
IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...
IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...
IRJET Journal
 
IRJET- DDOS Detection System using C4.5 Decision Tree Algorithm
IRJET- DDOS Detection System using C4.5 Decision Tree AlgorithmIRJET- DDOS Detection System using C4.5 Decision Tree Algorithm
IRJET- DDOS Detection System using C4.5 Decision Tree Algorithm
IRJET Journal
 
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware
 
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
ijcseit
 
Protection of server from syn flood attack
Protection of server from syn flood attackProtection of server from syn flood attack
Protection of server from syn flood attack
IAEME Publication
 
Infoblox Secure DNS Solution
Infoblox Secure DNS SolutionInfoblox Secure DNS Solution
Infoblox Secure DNS Solution
Srikrupa Srivatsan
 
A041201010
A041201010A041201010
A041201010
ijceronline
 
DDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT DevicesDDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT Devices
Seungjoo Kim
 
Entropy based DDos Detection in SDN
Entropy based DDos Detection in SDNEntropy based DDos Detection in SDN
Entropy based DDos Detection in SDN
Vishal Vasudev
 
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
IJNSA Journal
 
IJAEIT 20
IJAEIT 20IJAEIT 20
IJAEIT 20
Jackson Christian
 
A REVIEW ON DDOS PREVENTION AND DETECTION METHODOLOGY
A REVIEW ON DDOS PREVENTION AND DETECTION METHODOLOGYA REVIEW ON DDOS PREVENTION AND DETECTION METHODOLOGY
A REVIEW ON DDOS PREVENTION AND DETECTION METHODOLOGY
ijasa
 
IRJET- EEDE- Extenuating EDOS for DDOS and Eluding HTTP Web based Attacks in ...
IRJET- EEDE- Extenuating EDOS for DDOS and Eluding HTTP Web based Attacks in ...IRJET- EEDE- Extenuating EDOS for DDOS and Eluding HTTP Web based Attacks in ...
IRJET- EEDE- Extenuating EDOS for DDOS and Eluding HTTP Web based Attacks in ...
IRJET Journal
 
Improving routing security through concerted action
Improving routing security through concerted actionImproving routing security through concerted action
Improving routing security through concerted action
CSUC - Consorci de Serveis Universitaris de Catalunya
 
How the CC Harmonizes with Secure Software Development Lifecycle
How the CC Harmonizes with Secure Software Development LifecycleHow the CC Harmonizes with Secure Software Development Lifecycle
How the CC Harmonizes with Secure Software Development Lifecycle
Seungjoo Kim
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)
Gaurav Sharma
 
Defense mechanisms
Defense mechanismsDefense mechanisms
Defense mechanisms
DrSabnis
 

More Related Content

What's hot

A secure intrusion detection system against ddos attack in wireless mobile ad...
A secure intrusion detection system against ddos attack in wireless mobile ad...A secure intrusion detection system against ddos attack in wireless mobile ad...
A secure intrusion detection system against ddos attack in wireless mobile ad...
vishnuRajan20
 
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
ijcseit
 
Entropy based DDos Detection in SDN
Entropy based DDos Detection in SDNEntropy based DDos Detection in SDN
Entropy based DDos Detection in SDN
Vishal Vasudev
 
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
IJNSA Journal
 
A REVIEW ON DDOS PREVENTION AND DETECTION METHODOLOGY
A REVIEW ON DDOS PREVENTION AND DETECTION METHODOLOGYA REVIEW ON DDOS PREVENTION AND DETECTION METHODOLOGY
A REVIEW ON DDOS PREVENTION AND DETECTION METHODOLOGY
ijasa
 

What's hot (20)

Presentation1 shweta
Presentation1 shweta Presentation1 shweta
Presentation1 shweta
 
DDoS Defense for the Hosting Provider - Protection for you and your customers
DDoS Defense for the Hosting Provider - Protection for you and your customersDDoS Defense for the Hosting Provider - Protection for you and your customers
DDoS Defense for the Hosting Provider - Protection for you and your customers
 
Ix3615551559
Ix3615551559Ix3615551559
Ix3615551559
 
DDoS Attack Detection & Mitigation in SDN
DDoS Attack Detection & Mitigation in SDNDDoS Attack Detection & Mitigation in SDN
DDoS Attack Detection & Mitigation in SDN
 
A secure intrusion detection system against ddos attack in wireless mobile ad...
A secure intrusion detection system against ddos attack in wireless mobile ad...A secure intrusion detection system against ddos attack in wireless mobile ad...
A secure intrusion detection system against ddos attack in wireless mobile ad...
 
IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...
IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...
IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...
 
IRJET- DDOS Detection System using C4.5 Decision Tree Algorithm
IRJET- DDOS Detection System using C4.5 Decision Tree AlgorithmIRJET- DDOS Detection System using C4.5 Decision Tree Algorithm
IRJET- DDOS Detection System using C4.5 Decision Tree Algorithm
 
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
 
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
 
Protection of server from syn flood attack
Protection of server from syn flood attackProtection of server from syn flood attack
Protection of server from syn flood attack
 
Infoblox Secure DNS Solution
Infoblox Secure DNS SolutionInfoblox Secure DNS Solution
Infoblox Secure DNS Solution
 
A041201010
A041201010A041201010
A041201010
 
DDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT DevicesDDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT Devices
 
Entropy based DDos Detection in SDN
Entropy based DDos Detection in SDNEntropy based DDos Detection in SDN
Entropy based DDos Detection in SDN
 
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
 
IJAEIT 20
IJAEIT 20IJAEIT 20
IJAEIT 20
 
A REVIEW ON DDOS PREVENTION AND DETECTION METHODOLOGY
A REVIEW ON DDOS PREVENTION AND DETECTION METHODOLOGYA REVIEW ON DDOS PREVENTION AND DETECTION METHODOLOGY
A REVIEW ON DDOS PREVENTION AND DETECTION METHODOLOGY
 
IRJET- EEDE- Extenuating EDOS for DDOS and Eluding HTTP Web based Attacks in ...
IRJET- EEDE- Extenuating EDOS for DDOS and Eluding HTTP Web based Attacks in ...IRJET- EEDE- Extenuating EDOS for DDOS and Eluding HTTP Web based Attacks in ...
IRJET- EEDE- Extenuating EDOS for DDOS and Eluding HTTP Web based Attacks in ...
 
Improving routing security through concerted action
Improving routing security through concerted actionImproving routing security through concerted action
Improving routing security through concerted action
 
How the CC Harmonizes with Secure Software Development Lifecycle
How the CC Harmonizes with Secure Software Development LifecycleHow the CC Harmonizes with Secure Software Development Lifecycle
How the CC Harmonizes with Secure Software Development Lifecycle
 

Viewers also liked

Ne Course Part Two
Ne Course Part TwoNe Course Part Two
Ne Course Part Two
backdoor
 
Radek sýs – the blood donor
Radek sýs – the blood donorRadek sýs – the blood donor
Radek sýs – the blood donor
hanahadamkova
 
Audit Denial of Service (ddos)
Audit Denial of Service (ddos)Audit Denial of Service (ddos)
Audit Denial of Service (ddos)
Phonesec
 
05 02 surveillance et analyse de traffic tcpip
05 02 surveillance et analyse de traffic tcpip05 02 surveillance et analyse de traffic tcpip
05 02 surveillance et analyse de traffic tcpip
Noël
 

Viewers also liked (19)

Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)
 
Defense mechanisms
Defense mechanismsDefense mechanisms
Defense mechanisms
 
Ne Course Part Two
Ne Course Part TwoNe Course Part Two
Ne Course Part Two
 
DDOS ATTACKS
DDOS ATTACKSDDOS ATTACKS
DDOS ATTACKS
 
Radek sýs – the blood donor
Radek sýs – the blood donorRadek sýs – the blood donor
Radek sýs – the blood donor
 
DDoS Attacks in 2017: Beyond Packet Filtering
DDoS Attacks in 2017: Beyond Packet FilteringDDoS Attacks in 2017: Beyond Packet Filtering
DDoS Attacks in 2017: Beyond Packet Filtering
 
DDoS attacks
DDoS attacksDDoS attacks
DDoS attacks
 
Audit Denial of Service (ddos)
Audit Denial of Service (ddos)Audit Denial of Service (ddos)
Audit Denial of Service (ddos)
 
10 Most Common DDo S Attacks
10 Most Common DDo S Attacks10 Most Common DDo S Attacks
10 Most Common DDo S Attacks
 
Deep Learning for Artificial Intelligence (AI)
Deep Learning for Artificial Intelligence (AI)Deep Learning for Artificial Intelligence (AI)
Deep Learning for Artificial Intelligence (AI)
 
Chapter 7 Sound
Chapter 7 SoundChapter 7 Sound
Chapter 7 Sound
 
Denial of Service Attacks
Denial of Service AttacksDenial of Service Attacks
Denial of Service Attacks
 
CEH - Module 10 : Denial of Service
CEH - Module 10 : Denial of ServiceCEH - Module 10 : Denial of Service
CEH - Module 10 : Denial of Service
 
Blood Bank Management Information System [Web-Url: http://infobloodbank.somee...
Blood Bank Management Information System [Web-Url: http://infobloodbank.somee...Blood Bank Management Information System [Web-Url: http://infobloodbank.somee...
Blood Bank Management Information System [Web-Url: http://infobloodbank.somee...
 
Basics of Denial of Service Attacks
Basics of Denial of Service AttacksBasics of Denial of Service Attacks
Basics of Denial of Service Attacks
 
Snort IDS/IPS Basics
Snort IDS/IPS BasicsSnort IDS/IPS Basics
Snort IDS/IPS Basics
 
05 02 surveillance et analyse de traffic tcpip
05 02 surveillance et analyse de traffic tcpip05 02 surveillance et analyse de traffic tcpip
05 02 surveillance et analyse de traffic tcpip
 
CloudFlare DDoS attacks 101: what are they and how to protect your site?
CloudFlare DDoS attacks 101: what are they and how to protect your site?CloudFlare DDoS attacks 101: what are they and how to protect your site?
CloudFlare DDoS attacks 101: what are they and how to protect your site?
 
Blood Bank Management System (including UML diagrams)
Blood Bank Management System (including UML diagrams)Blood Bank Management System (including UML diagrams)
Blood Bank Management System (including UML diagrams)
 

Similar to D do s

A Survey: DDOS Attack on Internet of Things
A Survey: DDOS Attack on Internet of ThingsA Survey: DDOS Attack on Internet of Things
A Survey: DDOS Attack on Internet of Things
IJERD Editor
 
PREVENTING DISTRIBUTED DENIAL OF SERVICE ATTACKS IN CLOUD ENVIRONMENTS
PREVENTING DISTRIBUTED DENIAL OF SERVICE ATTACKS IN CLOUD ENVIRONMENTS PREVENTING DISTRIBUTED DENIAL OF SERVICE ATTACKS IN CLOUD ENVIRONMENTS
PREVENTING DISTRIBUTED DENIAL OF SERVICE ATTACKS IN CLOUD ENVIRONMENTS
IJITCA Journal
 
Internet Security
Internet SecurityInternet Security
Internet Security
Peter R. Egli
 
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISMDISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
ijcseit
 
Internet Traffic Monitoring and Analysis
Internet Traffic Monitoring and AnalysisInternet Traffic Monitoring and Analysis
Internet Traffic Monitoring and Analysis
Information Technology
 
Embedded
EmbeddedEmbedded
Embedded
Abindas
 

Similar to D do s (20)

DDoS.ppt
DDoS.pptDDoS.ppt
DDoS.ppt
 
L1803046876
L1803046876L1803046876
L1803046876
 
cloud computing final year project
cloud computing final year projectcloud computing final year project
cloud computing final year project
 
Ntp in Amplification Inferno
Ntp in Amplification InfernoNtp in Amplification Inferno
Ntp in Amplification Inferno
 
A Survey: DDOS Attack on Internet of Things
A Survey: DDOS Attack on Internet of ThingsA Survey: DDOS Attack on Internet of Things
A Survey: DDOS Attack on Internet of Things
 
PREVENTING DISTRIBUTED DENIAL OF SERVICE ATTACKS IN CLOUD ENVIRONMENTS
PREVENTING DISTRIBUTED DENIAL OF SERVICE ATTACKS IN CLOUD ENVIRONMENTS PREVENTING DISTRIBUTED DENIAL OF SERVICE ATTACKS IN CLOUD ENVIRONMENTS
PREVENTING DISTRIBUTED DENIAL OF SERVICE ATTACKS IN CLOUD ENVIRONMENTS
 
1766 1770
1766 17701766 1770
1766 1770
 
1766 1770
1766 17701766 1770
1766 1770
 
A Survey Report on DDOS Attacking Tools, Detection and Prevention Mechanisms
A Survey Report on DDOS Attacking Tools, Detection and Prevention MechanismsA Survey Report on DDOS Attacking Tools, Detection and Prevention Mechanisms
A Survey Report on DDOS Attacking Tools, Detection and Prevention Mechanisms
 
Internet Security
Internet SecurityInternet Security
Internet Security
 
I034_I041_I052_DDOS Attacks_Presentation.pdf
I034_I041_I052_DDOS Attacks_Presentation.pdfI034_I041_I052_DDOS Attacks_Presentation.pdf
I034_I041_I052_DDOS Attacks_Presentation.pdf
 
Aw36294299
Aw36294299Aw36294299
Aw36294299
 
20320140501016
2032014050101620320140501016
20320140501016
 
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISMDISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
 
Internet Traffic Monitoring and Analysis
Internet Traffic Monitoring and AnalysisInternet Traffic Monitoring and Analysis
Internet Traffic Monitoring and Analysis
 
DDOS (1).ppt
DDOS (1).pptDDOS (1).ppt
DDOS (1).ppt
 
Azure DDoS Protection Standard
Azure DDoS Protection StandardAzure DDoS Protection Standard
Azure DDoS Protection Standard
 
A Comparative Approach to Handle Ddos Attacks
A Comparative Approach to Handle Ddos AttacksA Comparative Approach to Handle Ddos Attacks
A Comparative Approach to Handle Ddos Attacks
 
Destributed denial of service attack ppt
Destributed denial of service attack pptDestributed denial of service attack ppt
Destributed denial of service attack ppt
 
Embedded
EmbeddedEmbedded
Embedded
 

Recently uploaded

BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
SoniaTolstoy
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
ciinovamais
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
heathfieldcps1
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Krashi Coaching
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
discovermytutordmt
 

Recently uploaded (20)

Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 

D do s

  • 1. Distributed Denial of Service Attacks Prepared For: Prof. Ruby Lee ELE 572 September 23, 2002 Princeton University Electrical Engineering Department
  • 2.
  • 3.
  • 4.
  • 5. Classification of DoS Attacks [1] September 23, 2002 Princeton University Electrical Engineering Department Specht Attack Affected Area Example Description Network Level Device Routers, IP Switches, Firewalls Ascend Kill II, “ Christmas Tree Packets” Attack attempts to exhaust hardware resources using multiple duplicate packets or a software bug. OS Level Equipment Vendor OS, End-User Equipment. Ping of Death, ICMP Echo Attacks, Teardrop Attack takes advantage of the way operating systems implement protocols. Application Level Attacks Finger Bomb Finger Bomb, Windows NT RealServer G2 6.0 Attack a service or machine by using an application attack to exhaust resources. Data Flood (Amplification, Oscillation, Simple Flooding) Host computer or network Smurf Attack (amplifier attack) UDP Echo (oscillation attack) Attack in which massive quantities of data are sent to a target with the intention of using up bandwidth/processing resources. Protocol Feature Attacks Servers, Client PC, DNS Servers SYN (connection depletion) Attack in which “bugs” in protocol are utilized to take down network resources. Methods of attack include: IP address spoofing, and corrupting DNS server cache.
  • 6. Countermeasures for DoS Attacks [1] September 23, 2002 Princeton University Electrical Engineering Department Specht Attack Countermeasure Options Example Description Network Level Device Software patches, packet filtering Ingress and Egress Filtering Software upgrades can fix known bugs and packet filtering can prevent attacking traffic from entering a network. OS Level SYN Cookies, drop backlog connections, shorten timeout time SYN Cookies Shortening the backlog time and dropping backlog connections will free up resources. SYN cookies proactively prevent attacks. Application Level Attacks Intrusion Detection System GuardDog, other vendors. Software used to detect illicit activity. Data Flood (Amplification, Oscillation, Simple Flooding) Replication and Load Balancing Akami/Digital Island provide content distribution. Extend the volume of content under attack makes it more complicated and harder for attackers to identify services to attack and accomplish complete attacks. Protocol Feature Attacks Extend protocols to support security. ITEF standard for itrace, DNSSEC Trace source/destination packets by a means other than the IP address (blocks against IP address spoofing). DNSSEC would provide authorization and authentication on DNS information.
  • 7.
  • 8.
  • 9. DDoS Architecture September 23, 2002 Princeton University Electrical Engineering Department Specht Client Client Handler Handler Handler Handler Agents
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21. GRC.com Network [7] September 23, 2002 Princeton University Electrical Engineering Department Verio Router T1 Trunk T1 Trunk Internet Internet GRC.COM Firewall Router 100Mbps 100Mbps Specht
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29. GRC.COM Attack Network Setup September 23, 2002 Princeton University Electrical Engineering Department Verio Router T1 Trunk T1 Trunk Internet GRC.COM IRC Servers Attacker 1. Attacker logs on to IRC server (IRC Server does not store IP address and provides anonymous access. 2. Zombie “bots” or DDoS tools that were previously inserted to PCs out in the network “wake up” and connect to IRC server waiting for instructions. Specht
  • 30. GRC.COM Attack Network Attacking September 23, 2002 Princeton University Electrical Engineering Department Verio Router T1 Trunk T1 Trunk Internet GRC.COM IRC Servers Attacker 1. Attacker issues command to attack GRC.COM 2. Each DDoS daemon begins to attack the selected website. Specht
  • 31.
  • 32.
  • 33.
  • 34. Conceptual Model for Defending Against DDoS Attacks September 23, 2002 Princeton University Electrical Engineering Department Huang
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40.
  • 41.
  • 42.
  • 43.
  • 44.
  • 45.
  • 46.
  • 47.
  • 48.
  • 49.
  • 50.
  • 51.
  • 52.
  • 53.
  • 54.
  • 55.
  • 56.
  • 57.
  • 58.
  • 59.
  • 60.
  • 61.
  • 62.
  • 63.
  • 64.
  • 65. General Protections against DDoS September 23, 2002 Princeton University Electrical Engineering Department Bayazit
  • 66.
  • 67.
  • 68.
  • 69.
  • 70.
  • 71.
  • 72.
  • 73.
  • 74.
  • 75.
  • 76.
  • 77.
  • 78. What can be filtered? September 23, 2002 Princeton University Electrical Engineering Department Bayazit IP Comments Version Insignificant Header Length Insignificant TOS/DSCP Could Be Useful Length Insignificant Fragments If Not Using NFS, AFS, GRE TTL None (is it?) Protocol None Checksum None Source ???? Destination ????
  • 79. What Can Be Filtered? September 23, 2002 Princeton University Electrical Engineering Department Bayazit ICMP Comments Request/Reply Filterable Problem Filterable TCP Comments Source Port Not Much, Depends SYN ACK Not Much, Depends RST Dangerous Sequence numbers DANGEROUS!
  • 80. What Can Be Filtered? September 23, 2002 Princeton University Electrical Engineering Department Bayazit UDP Comments Connectionless No big deal Length Insignificant Checksum Insignificant
  • 81.
  • 82.
  • 83.
  • 84.
  • 85.
  • 86.

Editor's Notes

  1. Agents