DDoS

Views:
 
     
 

Presentation Description

No description available.

Comments

Presentation Transcript

Seminar On Distributed Denial-of-Service attack (DDoS):

Seminar On Distributed Denial-of-Service attack (DDoS) Submitted By :- Chandresh bhanawat 10evnec015

Outline:

Outline Introduction DDoS Description Types of DDoS Attacks Tools of DDoS Attacks Defense Against DDoS Conclusion

Introduction:

Introduction Denial-of-Service Attack (DoS Attack) Is an attempt to make computer resources unavailable to its legitimate users. How it is done ?? forcing the targeted computer(s) to reset, or consume its resources; and/or, obstructing the communication media between the intended users and the victim. DoS v/s DDoS DoS : when a single host attacks DDoS : when multiple hosts attack simultaneously

Description:

Description What makes DDoS attack possible ?? Why do DDoS attack occur ?? How do DDoS attack occur ??

What ??:

What ?? Internet was designed keeping functionality in mind, not security. No common policy can be enforced due to distributed nature of internet. Open design has several security issues that gives opportunity for DDoS attacks: - Internet security is highly interdependent Internet resources are limited Power of many is greater than power of few

Why ??:

Why ?? The goal of a DDoS attack is to inflict damage on the victim. Broad classification of attackers/hackers according to their motive: - The “Fun” Hackers The Activists The Terrorists Grey Area Competitors About 90% of attacks can thus be classified and rest 10% hackers are negligible.

How ??:

How ?? Scan to discover vulnerable hosts on the network. Multiple machines are then exploited by using the discovered vulnerability to gain access to the machine. Compromised hosts are infected with the attack code. These infected machines can be used for further recruitment of new agents/hosts. Finally, Agent machines simultaneously attack the victim.

Types of DDoS attacks:

Types of DDoS attacks Bandwidth Depletion Attack Designed to flood the victim network with unwanted traffic. Can be characterized as: - Flood Attack UDP flood ICMP flood Amplification Attack Smurf Attack

Types of DDoS attacks (cont..):

Types of DDoS attacks (cont..) Resource Depletion Attack Designed to tie up the resources of a victim system causing inability to provide services. Can be characterized as: - Protocol Exploit Attack TCP SYN Malformed Packet Attack IP Address Attack IP Packet Options Attack

Tools of DDoS attacks:

Tools of DDoS attacks Tribal Flood Network (TFN) Exhibits 2 tier architecture involving attacking machine and multiple daemons. TFN daemon runs hidden service on client. Also hides client & daemon’s source when attacking. TRIN00 Exhibits 3 tier architecture involving main attacking machine, a few master servers & then multiple daemons. Harder to trace back the actual attacker .

Tools of DDoS attacks (cont..):

Tools of DDoS attacks (cont..) Tribal Flood Network 2K (TFN2K) Similar to TFN in basic working but, Added encryption to its communication b/w 2 tiers. Harder to detect. Stacheldraht Most advanced till date. Combination of both TFN & TRIN00 Also the latest version includes encryption methods for safer communication.

Defense Mechanisms:

Defense Mechanisms No fail-safe solution available to counter DDoS attacks Weaknesses of protocols are discovered Attackers find out a loophole in security mechanisms There are 2 approaches to defense: - Preventive Defense Goal is to eliminate the possibility of attack or to enable potential victims to endure the attack without denying services to legitimate clients. Reactive Defense Goal is to strive to alleviate the impact of an attack by detecting it and responding to it.

Preventive Defense:

Preventive Defense Attack Prevention Method modify the system configuration to eliminate the possibility of a DDoS attack System Security Protocol Security Denial-of-Service Prevention Method Enforce policies for the system’s resources such that the legitimate users are not affected enable victim to endure the attack Resource Accounting Resource Multiplication

Attack Prevention : System Security:

Attack Prevention : System Security Increase the overall security of the system to prevent intrusions & its misuse Examples of system security methods include: - Monitored Access to the System Install security patches in applications Firewall Systems Virus Scanners Intrusion Detection system This approach can never be 100% effective, but doing a good job here will certainly decrease the frequency and strength of DDoS attacks.

Attack Prevention : Protocol Security:

Attack Prevention : Protocol Security Address the problem of bad protocol design that results in generating attack Classic misuse example is the TCP SYN attack Examples of protocol security methods include: - Using those protocols that are safe in operation, i.e., commitment to resources is done after authentication Deployment of powerful proxy server that completes TCP connections will be advantageous

Denial-of-Service Prevention:

Denial-of-Service Prevention Resource Accounting Governs the access of each user to resources based on the privileges provided Guarantee fair service to legitimate well-behaving users Usually coupled with legitimacy-based access mechanisms that verify the user's identity Resource Multiplication Provide an abundance of resources to counter DDoS threats Deploys a pool of servers with a load balancer and installs high bandwidth links Raises the bar on how many machines must participate in an attack to be effective More or less impractical approach and not affordable by most

Reactive Defense:

Reactive Defense Attack Detection Method Goal is to detect every attempted DDoS attack as early as possible. Pattern Attack Detection Anomaly Attack Detection 3 rd Party Attack Detection Response Strategy Method Goal is to relieve the impact of the attack on the victim, while imposing minimal collateral damage to legitimate clients of the victim. Agent Identification Mechanism Reconfiguration Mechanism Filtering Mechanism

Attack Detection:

Attack Detection Pattern Attack Detection Deploy pattern detection Comparison with known attack types from database Database is constantly updated with new attack signatures Helpless against new attacks Anomaly Attack Detection Normal working model of system is prepared Current state is compared periodically with model. Unknown attacks can be detected Hybrid Attack Detection Combine functionality of both methods Intrusion detection system use this method The system must not permit attackers to fool it into detecting normal behavior as an attack signature, or the system itself becomes a denial-of-service tool 3 rd Party Attack Detection Rely on an external message to signal the occurrence of the attack and provides attack characterization.

Response Strategy:

Response Strategy Agent Identification Provides information about the identity of the machines that are performing the attack Numerous trace back techniques and approaches that eliminate spoofing are then done Reconfiguration Change the topology of the victim or the intermediate network, or just isolate the attack machines Very hard when victim is part of complex and big network Filtering Mechanism Filters out the attack stream completely If detection scheme is not reliable, the legitimate traffic is filtered out Clever attackers might use this as leverage.

Conclusion:

Conclusion Distributed denial of service attacks are a complex and serious problem, and consequently, numerous approaches have been proposed to counter them. Attackers spread attack code and information to vulnerable machines called Masters, and to organize their agents into coordinated networks to achieve immense power and survivability. Since no guaranteed mechanism is devised to counter DDoS attacks, the Internet Community just have to learn by experiencing new DDoS attacks.

Queries ???:

Queries ???

authorStream Live Help