SlideShare une entreprise Scribd logo

Denial of Service Attacks

Pascal Flöschel
Pascal Flöschel
1  sur  16
Télécharger pour lire hors ligne
Denial-of-service (DoS) Attacks Risk & Security Management Dipl.-Phys. Rainer Barthels 09.11.2012 Pascal Flöschel (FS060217) Tomal K. Ganguly (FS090182) Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
Agenda 1. Facts and Figures Tomal 2. Examples Tomal 3. DoS – denial of service Tomal 4. DoS Attacks Pascal 5. Flooding Attacks Pascal 6. Attack Architectures Pascal 7. Defenses against DoS-Attacks Tomal 8. Responding to a DoS-Attack Tomal Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
1. Facts and Figures > Hackers have been carrying out DDoS attacks for more than a decade (400 MB/s in 2002 100 GB/s in 2010) > CSI Computer Crime and Security Survey states that 17% of respondents experienced some form of DoS attack in 2010 > Focus is generally on network services that are attacked over their network connection > Slashdotting / Flash crowd > popular website links to smaller site causing massive increase of traffic > overloading smaller site slow down, temporary unavailability > Flash crowd is more generic term network or host receives lots of traffic source: Stallings/Brown (2012), p. 243 f. Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
2. Examples Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
3. DoS – denial of service «A denial of service (DoS) is an action that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources such as central processing units (CPU), memory bandwidth, and disk space.» (from: NIST Computer Security Incident Handling Guide, source: Stallings/Brown (2012), p.244) > Categories of resources which can be attacked: network bandwidth, system resources, application resources > Typical aims of DoS attacks: > consuming bandwidth with large traffic volumes > overload or crash the network handling software > send specific types of packets to consume limited available resources Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
4. DoS Attacks Example network to illustrate DoS Attacks source: Stallings/Brown (2012), p. 245 Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
4. DoS Attacks > SYN Spoofing source: Stallings/Brown (2012), p. 248 f. Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
5. Flooding Attacks «Flooding attacks take a variety of forms, based on which network protocol is being used to implement the attack. In all cases the intent is generally to overload the network capacity on some link to a server.» (from: Stallings/Brown (2012), p.250) > ICMP Flood > UDP Flood > TCP Syn Flood > Distributed denial-of-service Attacks > Reflector Attacks > Amplifier Attacks Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
6. Attack Architectures > Distributed Denial-of-Service (DDoS) Attacks source: Stallings/Brown (2012), p. 253 Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
6. Attack Architectures > Application-based bandwidth attacks > SIP Flood > HTTP-Based Attacks > HTTP Flood source: Stallings/Brown (2012), p. 255 Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
6. Attack Architectures > Reflector and Amplifier Attacks > Reflection Attacks source: Stallings/Brown (2012), p. 247 ff. Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
6. Attack Architectures > Reflector and Amplifier Attacks > Amplification Attacks source: Stallings/Brown (2012), p. 259 Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
7. Defenses against DoS-Attacks > Attack prevention and preemption (before the attack) > Attack detection and filtering (during the attack) > Attack source traceback and identification (during and after the attack) Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
8. Responding to a DoS-Attack > Incident response plan > Details of how to contact technical personal for ISP > Flooding attacks can only be filtered upstream from user’s network connection > Details of how to respond to the attack > Implementation of standard antispoofing, directed broadcast and rate limiting filtering > Automated network monitoring and instrusion detection system for abnormal traffic flows and identification (attack, misconfiguration, hard- / software failure) Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
8. Responding to a DoS-Attack > Proposal of guideline for organizations 1) Identify the type of attack and traceback 2) Identify best approach to defend against it 3) Capture packets flowing into the organization and analyze them, looking for common attack types (e.g. network analysis tool) 4) Documentation of actions for support of any legal action 5) Develop a strategy to switch to alternative backup servers or commission of new site with new address to restore the service (forward planning) Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
Thank you for your attention. Any questions? Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein

Recommandé

Basics of Denial of Service Attacks
Basics of Denial of Service AttacksBasics of Denial of Service Attacks
Basics of Denial of Service AttacksHansa Nidushan
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Gaurav Sharma
 
Denial of service
Denial of serviceDenial of service
Denial of servicegarishma bhatia
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attackstollen_fusion
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackKaustubh Padwad
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS AttacksJignesh Patel
 
Ddos attacks
Ddos attacksDdos attacks
Ddos attackscommunication-eg
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackAhmed Ghazey
 

Recommandé

Basics of Denial of Service Attacks
Basics of Denial of Service AttacksBasics of Denial of Service Attacks
Basics of Denial of Service AttacksHansa Nidushan
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Gaurav Sharma
 
Denial of service
Denial of serviceDenial of service
Denial of servicegarishma bhatia
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attackstollen_fusion
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackKaustubh Padwad
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS AttacksJignesh Patel
 
Ddos attacks
Ddos attacksDdos attacks
Ddos attackscommunication-eg
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackAhmed Ghazey
 
Denial of Service Attack
Denial of Service AttackDenial of Service Attack
Denial of Service AttackDhrumil Panchal
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
What is Ransomware?
What is Ransomware?What is Ransomware?
What is Ransomware?Datto
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attackskrishh sivakrishna
 
Computer Security
Computer SecurityComputer Security
Computer SecurityVaibhavi Patel
 
Dos attack
Dos attackDos attack
Dos attackManjushree Mashal
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
Penetration testing
Penetration testingPenetration testing
Penetration testingAmmar WK
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chainAnkita Ganguly
 
DDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtDDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtNitin Bisht
 
Web security
Web securityWeb security
Web securityJatin Grover
 
Web application security
Web application securityWeb application security
Web application securityKapil Sharma
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
Intrusion Prevention System
Intrusion Prevention SystemIntrusion Prevention System
Intrusion Prevention SystemVishwanath Badiger
 
Cyber Security and Cloud Computing
Cyber Security and Cloud ComputingCyber Security and Cloud Computing
Cyber Security and Cloud ComputingKeet Sugathadasa
 
Ceh v5 module 11 hacking webservers
Ceh v5 module 11 hacking webserversCeh v5 module 11 hacking webservers
Ceh v5 module 11 hacking webserversVi Tính Hoàng Nam
 
IP Spoofing
IP SpoofingIP Spoofing
IP SpoofingAkmal Hussain
 
DoS Attack - Incident Handling
DoS Attack - Incident HandlingDoS Attack - Incident Handling
DoS Attack - Incident HandlingMarcelo Silva
 
Ransomware Attack.pptx
Ransomware Attack.pptxRansomware Attack.pptx
Ransomware Attack.pptxIkramSabir4
 
DDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceDDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceEr. Shiva K. Shrestha
 

Contenu connexe

Tendances

Denial of Service Attack
Denial of Service AttackDenial of Service Attack
Denial of Service AttackDhrumil Panchal
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
What is Ransomware?
What is Ransomware?What is Ransomware?
What is Ransomware?Datto
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
Penetration testing
Penetration testingPenetration testing
Penetration testingAmmar WK
 
DDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtDDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtNitin Bisht
 
Web application security
Web application securityWeb application security
Web application securityKapil Sharma
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
Cyber Security and Cloud Computing
Cyber Security and Cloud ComputingCyber Security and Cloud Computing
Cyber Security and Cloud ComputingKeet Sugathadasa
 
Ceh v5 module 11 hacking webservers
Ceh v5 module 11 hacking webserversCeh v5 module 11 hacking webservers
Ceh v5 module 11 hacking webserversVi Tính Hoàng Nam
 
DoS Attack - Incident Handling
DoS Attack - Incident HandlingDoS Attack - Incident Handling
DoS Attack - Incident HandlingMarcelo Silva
 
Ransomware Attack.pptx
Ransomware Attack.pptxRansomware Attack.pptx
Ransomware Attack.pptxIkramSabir4
 
DDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceDDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceEr. Shiva K. Shrestha
 

Tendances (20)

Denial of Service Attack
Denial of Service AttackDenial of Service Attack
Denial of Service Attack
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
What is Ransomware?
What is Ransomware?What is Ransomware?
What is Ransomware?
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Dos attack
Dos attackDos attack
Dos attack
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
 
DDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtDDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin Bisht
 
Web security
Web securityWeb security
Web security
 
Web application security
Web application securityWeb application security
Web application security
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
Intrusion Prevention System
Intrusion Prevention SystemIntrusion Prevention System
Intrusion Prevention System
 
Cyber Security and Cloud Computing
Cyber Security and Cloud ComputingCyber Security and Cloud Computing
Cyber Security and Cloud Computing
 
Ceh v5 module 11 hacking webservers
Ceh v5 module 11 hacking webserversCeh v5 module 11 hacking webservers
Ceh v5 module 11 hacking webservers
 
IP Spoofing
IP SpoofingIP Spoofing
IP Spoofing
 
DoS Attack - Incident Handling
DoS Attack - Incident HandlingDoS Attack - Incident Handling
DoS Attack - Incident Handling
 
Ransomware Attack.pptx
Ransomware Attack.pptxRansomware Attack.pptx
Ransomware Attack.pptx
 
DDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceDDoS - Distributed Denial of Service
DDoS - Distributed Denial of Service
 

Denial of Service Attacks

  • 1. Denial-of-service (DoS) Attacks Risk & Security Management Dipl.-Phys. Rainer Barthels 09.11.2012 Pascal Flöschel (FS060217) Tomal K. Ganguly (FS090182) Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
  • 2. Agenda 1. Facts and Figures Tomal 2. Examples Tomal 3. DoS – denial of service Tomal 4. DoS Attacks Pascal 5. Flooding Attacks Pascal 6. Attack Architectures Pascal 7. Defenses against DoS-Attacks Tomal 8. Responding to a DoS-Attack Tomal Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
  • 3. 1. Facts and Figures > Hackers have been carrying out DDoS attacks for more than a decade (400 MB/s in 2002 100 GB/s in 2010) > CSI Computer Crime and Security Survey states that 17% of respondents experienced some form of DoS attack in 2010 > Focus is generally on network services that are attacked over their network connection > Slashdotting / Flash crowd > popular website links to smaller site causing massive increase of traffic > overloading smaller site slow down, temporary unavailability > Flash crowd is more generic term network or host receives lots of traffic source: Stallings/Brown (2012), p. 243 f. Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
  • 4. 2. Examples Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
  • 5. 3. DoS – denial of service «A denial of service (DoS) is an action that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources such as central processing units (CPU), memory bandwidth, and disk space.» (from: NIST Computer Security Incident Handling Guide, source: Stallings/Brown (2012), p.244) > Categories of resources which can be attacked: network bandwidth, system resources, application resources > Typical aims of DoS attacks: > consuming bandwidth with large traffic volumes > overload or crash the network handling software > send specific types of packets to consume limited available resources Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
  • 6. 4. DoS Attacks Example network to illustrate DoS Attacks source: Stallings/Brown (2012), p. 245 Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
  • 7. 4. DoS Attacks > SYN Spoofing source: Stallings/Brown (2012), p. 248 f. Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
  • 8. 5. Flooding Attacks «Flooding attacks take a variety of forms, based on which network protocol is being used to implement the attack. In all cases the intent is generally to overload the network capacity on some link to a server.» (from: Stallings/Brown (2012), p.250) > ICMP Flood > UDP Flood > TCP Syn Flood > Distributed denial-of-service Attacks > Reflector Attacks > Amplifier Attacks Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
  • 9. 6. Attack Architectures > Distributed Denial-of-Service (DDoS) Attacks source: Stallings/Brown (2012), p. 253 Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
  • 10. 6. Attack Architectures > Application-based bandwidth attacks > SIP Flood > HTTP-Based Attacks > HTTP Flood source: Stallings/Brown (2012), p. 255 Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
  • 11. 6. Attack Architectures > Reflector and Amplifier Attacks > Reflection Attacks source: Stallings/Brown (2012), p. 247 ff. Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
  • 12. 6. Attack Architectures > Reflector and Amplifier Attacks > Amplification Attacks source: Stallings/Brown (2012), p. 259 Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
  • 13. 7. Defenses against DoS-Attacks > Attack prevention and preemption (before the attack) > Attack detection and filtering (during the attack) > Attack source traceback and identification (during and after the attack) Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
  • 14. 8. Responding to a DoS-Attack > Incident response plan > Details of how to contact technical personal for ISP > Flooding attacks can only be filtered upstream from user’s network connection > Details of how to respond to the attack > Implementation of standard antispoofing, directed broadcast and rate limiting filtering > Automated network monitoring and instrusion detection system for abnormal traffic flows and identification (attack, misconfiguration, hard- / software failure) Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
  • 15. 8. Responding to a DoS-Attack > Proposal of guideline for organizations 1) Identify the type of attack and traceback 2) Identify best approach to defend against it 3) Capture packets flowing into the organization and analyze them, looking for common attack types (e.g. network analysis tool) 4) Documentation of actions for support of any legal action 5) Develop a strategy to switch to alternative backup servers or commission of new site with new address to restore the service (forward planning) Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
  • 16. Thank you for your attention. Any questions? Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein