denialofservice.pdfdos attacck basic details with interactive design
- 1. DENIAL OF SERVICE BY – GARISHMA BHATIA
- 2. CONTENT • Denial of Service(D0S) Attack • Types of DoS Attacks • Tools that facilitate DoS Attack • BOTs • Distributed Denial of Service (DDoS) Attack • Characteristics of DDoS Attacks
- 3. Are Denial of Service Attacks on the Rise ? • August 15, 2003 o Microsoft.com falls to a DoS attack. The company's website is inaccessible for two hours. • March 27, 2003, 15:09 GMT o Within hours of an English version of AlJazeera's website coming online, it was blown away by a denial of service attack.
- 4. • A Denial of Service attack (DoS) is an attack through which a person can render a system unusable, or significantly slow it down for legitimate users, by overloading its resources • If an attacker is unable to gain access to a machine, the attacker will most likely crash the machine to accomplish a denial of service attack What are Denial of Service Attacks?
- 5. Goal of DoS • The goal of DoS is not to gain unauthorized access to machines or data, but to prevent users of a service from using it • Attackers may: o Attempt to flood a network, thereby preventing legitimate network traffic o Attempt to disrupt connections between two machines, thereby preventing access to a service o Attempt to prevent a particular individual from accessing a service o Attempt to disrupt service to a specific system or person
- 6. Impact and the Modes of Attack • The Impact: o Disabled network o Disabled organization o Financial loss o Loss of goodwill • The Modes: o Consumption of Scarce, limited, or non-renewable resources Network bandwidth, memory, disk space, CPU time, or data structures Access to other computers and networks, and certain environmental resources such as power, cool air, or even water o Destruction or Alteration of Configuration Information o Physical destruction or alteration of network components, resources such as power, cool air, or even water
- 7. Types of Attacks • There are two types of attacks: 1.DoS attack 2.DDos attack •A type of attack on a network that is designed to bring the network down by flooding it with data packets
- 8. DoS Attack Classification • Smurf • Buffer Overflow Attack • Ping of death • Teardrop • SYN Attack
- 9. • The perpetrator generates a large amount of ICMP echo (ping) traffic to a network broadcast address with a spoofed source IP set to a victim host • The result will be lots of ping replies (ICMP Echo Reply) flooding the spoofed host • Amplified ping reply stream can overwhelm the victim’s network connection • Fraggle attack, which uses UDP echo is similar to the smurf attack
- 11. Buffer Overflow Attack • Buffer overflow occurs any time the program writes more information into the buffer than the space it has allocated in the memory. • The attacker can overwrite data that controls the program execution path and hijack the control of the program to execute the attacker’s code instead of the process code. • Sending email messages that have attachments with 256 character file names can cause buffer overflow.
- 12. Teardrop Attack • IP requires that a packet that is too large for the next router to handle be divided into fragments. • The attacker's IP puts a confusing offset value in the second or later fragment. • If the receiving operating system is not able to aggregate the packets accordingly, it can crash the system . • It is a UDP attack, which uses overlapping offset fields to bring down hosts. • The Unnamed Attack – Variation of the Teardrop attack – Fragments are not overlapping but there are gaps incorporate
- 13. SYN Attack • The attacker sends bogus TCP SYN requests to a victim server. The host allocates resources (memory sockets) to the connection • Prevents the server from responding to legitimate requests • This attack exploits the three-way handshake • Malicious flooding by large volumes of TCP SYN packets to the victim’s system with spoofed source IP addresses can cause Do
- 14. SYN Flooding • It takes advantage of a flaw in how most hosts implement the TCP three-way handshake. • When Host B receives the SYN request from A, it must keep track of the partially-opened connection in a "listen queue" for at least 75 seconds. • A malicious host can exploit the small size of the listen queue by sending multiple SYN requests to a host, but never replying to the SYN&ACK. • The victim’s listen queue is quickly filled up. • This ability of removing a host from the network for at least 75 seconds can be used as a denial-of service attack.
- 15. DoS Attack Tools • Jolt2 • Bubonic.c • Land and LaTierra • Targa • Blast20 • Nemesy • Panther2 • Crazy Pinger • Some Trouble • UDP Flood ~ • FSMax
- 16. DoS Attack Tools • IRCbot -also called zombie or drone. • Internet Relay Chat(IRC) is a form of real time communication over the Internet. It is mainly designed for group (one-to-many) communication in discussion forums called channels • The bot joins a specific IRC channel on an IRC server and waits for further commands • The attacker can remotely control the bot and use it for fun and also for profit • Different bots connected together is called botnet
- 17. Botnets • Botnets consist of a multitude of machines • They are used for DDoS attacks • A relatively small botnet with only 1,000 bots has a combined bandwidth that is probably higher than the Internet connection of most corporate systems (1,000 home PCs with an average • upstream of 128KBit/s can offer more than 100MBit/s)
- 18. Uses of botnets • Distributed Denial-of-Service Attacks Botnets are used for Distributed Denial-of-Service (DDoS) attacks • Spamming Opens a SOCKS v4/v5 proxy server for spamming • Sniffing Traffic Bots can also use a packet sniffer to watch interesting clear-text data passing by a compromised machine • Keylogging With the help of a keylogger it is easy for an attacker to retrieve sensitive information such as online banking passwords • Spreading new malware Botnets are used to spread new bot • Installing Advertisement Addons Automated advertisement “clicks” • Google AdSense abuse AdSense offers companies the possibility to display Google advertisements on their own website and earn money this way. Botnet is used to click on these advertisements • Attacking IRC Chat Networks These are called “clone” attacks • Manipulating online polls Since every bot has a distinct IP address, every vote will have the same credibility as a vote cast by a real person • Mass identity theft ("phishing mails")
- 19. What is DDOS ATTACK ? • According to the website, www.searchsecurity.com: On the Internet, a distributed denial of service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users
- 20. Characteristics of DDoS Attacks • It is a large-scale, coordinated attack on the availability of services of a victim system • The services under attack are those of the “primary victim,” while the compromised systems used to launch the attack are often called the “secondary victims” • This makes it difficult to detect because attacks originate from several IP addresses • If a single IP address is attacking a company, it can block that address at its firewall. If it is 30,000, this is extremely difficult • Perpetrator is able to multiply the effectiveness of the Denial of Service significantly by harnessing the resources of multiple unwitting accomplice computers which serve as attack platforms
- 21. DDOS Unstoppable • DDoS attacks rely on finding thousands of vulnerable, Internet-connected systems and systematically compromising them using known vulnerabilities • Once the DDoS attack has been launched it is hard to stop • Packets arriving at your firewall may be blocked there, but they may just as easily overwhelm the incoming side of your Internet connection • If the source addresses of these packets have been spoofed, then you will have no way of knowing if they reflect the true source of the attack until you track down some of the alleged sources • The sheer volume of sources involved in DDoS attacks makes it difficult to stop
- 22. How to Conduct a DDoS Attack • Step 1: Write a virus that will send ping packets to a target network/websites Step 2: Infect a minimum of (30,000) computers with this virus and turn them into “zombies” Step 3: Trigger the zombies to launch the attack by sending wake-up signals to the zombies or activated by certain data Step 4: The zombies will start attacking the target server until they are disinfecte
- 23. Mitigate or Stop the Effects of DDoS Attacks • Load Balancing Providers can increase bandwidth on critical connections to prevent them from going down in the event of an attack Replicating servers can help provide additional failsafe protection Balancing the load to each server in a multiple-server architecture can improve both normal performances as well as mitigate the effect of a DDoS attack • Throttling This method sets up routers that access a server with logic to adjust (throttle) incoming traffic to levels that will be safe for the server to process
- 24. Deflect Attacks • Honeypots – Systems that are set up with limited security act as an enticement for an attacker – Serve as a means for gaining information about attackers by storing a record of their activities and learning what types of attacks and software tools the attackers use
- 25. THANK YOU