Transcript of "An introduction to denial of service attacks"
By: Dominic Dinkel CIS-620DoS
The world today is heavily dependent on the internet Denial of service attacks (DoS) are very common today. “In each of the last six years, between seventeen percent and thirty-two percent of the organizations surveyed were the targets of a DoS attack.” -Computer Security Institute Costs businesses and governments millions of dollars each year to prevent and recover from the attacks.
An attack that attempts to stop or prevent a legitimate user from accessing a service or system. The attacker will either directly attack the users network or system or the system or service that the users are attempting to access. Distributed denial of service attack (DDoS): ◦ This type of attack is distributed among many different systems making it more powerful and harder to shutdown.
Unusually slow network performance, unavailability of a particular website, inability to access any website, and dramatic increase in the amount of spam you receive. Symptoms could stem from hardware or software problems and mistaken for a DoS. Users can take steps to prevent becoming part of a botnet: ◦ Install and use Anti-virus software ◦ Setup a firewall to protect your system from unauthorized access ◦ Use common sense security practices to avoid malware, trojans and viruses
Nick-named “Smurf attack” after a program used to make ICMP flooding attacks. This attack works by sending fake ICMP echo request packets to the networks broadcast address. The attacker will send an ICMP echo request from a location outside the victim’s network to an intermediary who then passes it on to their networks broadcast address. When all machines on the network send a reply packet back, it creates severe problems.
This type of attack takes advantage of the SYN request process. ◦ Client attempts a TCP connection by sending a SYN request to server ◦ Server responds by sending a SYN-ACK message back ◦ Client then completes the request by sending a an ACK message to the server Attacker takes advantage of this process by flooding the server with SYN requests and never responding to SYN-ACK ◦ Attacker can use spoofed IP addresses, the SYN-ACK goes to faked address The server is left waiting for the ACK message and leaves many connections open. Legitimate requests are ignored.
Attacks are illegal and break the terms of service of most ISPs In the United States, these crimes are covered at the federal level by the Computer Fraud and Abuse Act In 2006, the U.K. finally passed a specific law calling out DoS attacks as illegal. ◦ Punishable by up to 10 years in prison Laws are ambiguous and often open to interpretation Attacks are seen by some, such as Anonymous, as legal forms of protest Distributed forms of attack are hard to prosecute ◦ Attackers are often outside the jurisdiction of the victim’s country
Attacks are being used by governments against other governments The next major war will most likely see the use of DoS attacks United States and Iran have traded blows recently over Iran’s nuclear program ◦ Attacks against major US banks in January 2013 are suspected to have come from Iran Russian conflict with Georgia over South Ossetia in 2008 ◦ Georgian systems suffered major DoS attacks while Russian troops intervened in South Ossetia China has used attacks to target Chinese human rights organizations