SlideShare a Scribd company logo

DDOS (1).ppt

Download as PPT, PDF
H
HaipengCai1

DDoS attacks: introductory material

Software
1 of 20
Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu
Introduction  What is a Denial of Service attack?  Using up resources and / or bandwidth of a server in a malicious way to prevent legitimate users from accessing its services.  What is a DDoS?  A DoS attack carried out using a large number of compromised systems improving its potency and reducing traceability of the originator.  Some common DoS methodologies  SYN flood – exploits poor implementation of TCP in some OSs.  Ping of Death – uses inherent weakness in IP fragmentation and reassembly  Notorious DDoS attacks  MyDoom  Smurf attack
SYN Flood methodology
Ping of Death  Maximum legal size of IP packets is 65535 bytes.  Because of limitations in the physical layer, packets may have to be fragmented and then reassembled at the destination.  A fragmented packet with the maximum offset and size greater than 7 bytes will cause the server to allocate a buffer of size > 65535 bytes.
Distributed DoS attacks  Involves using some common DoS methodology, but the attack is carried out from a large number of machines  IP spoofing is a common technique used in almost all forms of attack.  Botnets consist of a large number of “zombie” machines controlled by a single user which can be used to carry out all sorts of attacks (including DDoS)  Network and protocol implementation loopholes can also be used for launching such attacks
Distributed DoS attacks (contd.) © Copyright 2008, WSTA, All Rights Reserved.
Notorious Attacks  Smurf attack:  A simple C program which spoofs the targets IP address and sends a broadcast ECHO (ICMP) message. All machines receiving the broadcast message ping the target machine, causing a massive DoS.  MyDoom: Fastest spreading email worm. On execution, opened a backdoor on the TCP 3127 port and could then be used to run DDoS attacks on specific domains. The affected domains were sco.com, microsoft.com, Google, AltaVista and Lycos
Techniques to mitigate Security Threats  Access Lists  NAT
Access Lists  Introduction  Purpose of Access Lists  Need for Access Lists  Definition  List of conditions
Detecting DOS attacks  How to determine if your system is under attack?  Show CPU utilization  Access-lists implementation
Commands (some examples)  access−list 111 permit ip 172.16.0.0 0.0.255.255 any  access−list 111 deny ip any any log  Interface serial 0/1  ip access−group 111 out
Prevention of DOS attacks  Cisco product ASA  Will be demonstrated in the simulation
Attacks mitigated by ALs  IP address spoofing  DOS smurf attacks  DOS sync attacks  Filtering traceroute
Network Address Translation “Network Address Translation also known as IP Masquerading or NAT, is an Internet standard that enables translation of IP addresses used within one network to different IP addresses known within another network”
Need for NAT  Shortage of IP addresses with protocol IPv4 -IP address is a unique 32 bit number -100 million of hosts & 350 million of users -NAT comes into picture requires only single IP address to represent a group of computers.
Types of NAT  Basic NAT : Involves IP translation only - not port mapping  PAT (Port Address Translation): Involves translation of both IP addresses & port numbers. a. SNAT : Translation of Source IP address & port number b. DNAT: Translation of Destination IP address & port number
NAT Configuration
NAT Security Capabilities  Basic NAT acts as firewall between Internet & local Intranet, protects Intranet from Denial of service attack.  NAT routers having advanced firewall implements stateful packet inspection which allows filtering of unnecessary data like IP spoofing, SYN flooding from your router.  NAT router supporting port forwarding keeps unwanted traffic away from your local network.
References  www.windowsecurity.com  http://en.wikipedia.org  Risk mitigation & threat management: compliance, security, and DDoS prevention : by Andreas M. Antonopoulos and Johna Till Johnson  http://computer.howstuffworks.com/nat.htm  http://nislab.bu.edu/sc546/sc441Spring2003/NAT/index.htm  http://en.wikipedia.org/wiki/Network_address_translation  http://www.ipv6.com/articles/nat/NAT-In-Depth.htm
DDOS (1).ppt

Recommended

Cyber security PPT
Cyber security PPTCyber security PPT
Cyber security PPTKavin Raval
 
Ddos
DdosDdos
DdosAbhishek Malik
 
Denial of services : limiting the threat
Denial of services : limiting the threatDenial of services : limiting the threat
Denial of services : limiting the threatSensePost
 
Module 9 Dos
Module 9 DosModule 9 Dos
Module 9 Dosleminhvuong
 
Hacking Cisco
Hacking CiscoHacking Cisco
Hacking Ciscoguestd05b31
 
Destributed denial of service attack ppt
Destributed denial of service attack pptDestributed denial of service attack ppt
Destributed denial of service attack pptOECLIB Odisha Electronics Control Library
 
DoS/DDoS
DoS/DDoSDoS/DDoS
DoS/DDoSVihari Piratla
 
An introduction to denial of service attack
An introduction to denial of service attackAn introduction to denial of service attack
An introduction to denial of service attackMohammad Reza Mousavinasr
 

Recommended

Cyber security PPT
Cyber security PPTCyber security PPT
Cyber security PPTKavin Raval
 
Ddos
DdosDdos
DdosAbhishek Malik
 
Denial of services : limiting the threat
Denial of services : limiting the threatDenial of services : limiting the threat
Denial of services : limiting the threatSensePost
 
Module 9 Dos
Module 9 DosModule 9 Dos
Module 9 Dosleminhvuong
 
Hacking Cisco
Hacking CiscoHacking Cisco
Hacking Ciscoguestd05b31
 
Destributed denial of service attack ppt
Destributed denial of service attack pptDestributed denial of service attack ppt
Destributed denial of service attack pptOECLIB Odisha Electronics Control Library
 
DoS/DDoS
DoS/DDoSDoS/DDoS
DoS/DDoSVihari Piratla
 
An introduction to denial of service attack
An introduction to denial of service attackAn introduction to denial of service attack
An introduction to denial of service attackMohammad Reza Mousavinasr
 
Presentation on Cyber Security
Presentation on Cyber SecurityPresentation on Cyber Security
Presentation on Cyber SecurityAnand Kater
 
UDP Flood Attack.pptx
UDP Flood Attack.pptxUDP Flood Attack.pptx
UDP Flood Attack.pptxdawitTerefe5
 
Assingement on dos ddos
Assingement on dos ddosAssingement on dos ddos
Assingement on dos ddoskalyan kumar
 
Fortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_IntroductionFortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_Introductionswang2010
 
DDoS-bdNOG
DDoS-bdNOGDDoS-bdNOG
DDoS-bdNOGZobair Khan
 
Innovation in Network Security
Innovation in Network Security Innovation in Network Security
Innovation in Network Security MoranLeven
 
L1803046876
L1803046876L1803046876
L1803046876IOSR Journals
 
CEH v9 cheat sheet notes Certified Ethical Hacker
CEH v9 cheat sheet notes Certified Ethical HackerCEH v9 cheat sheet notes Certified Ethical Hacker
CEH v9 cheat sheet notes Certified Ethical HackerDavid Sweigert
 
DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeMyNOG
 
Network security and System Admin
Network security and System AdminNetwork security and System Admin
Network security and System AdminMD SAHABUDDIN
 
20320140501016
2032014050101620320140501016
20320140501016IAEME Publication
 
F5 DDoS Protection
F5 DDoS ProtectionF5 DDoS Protection
F5 DDoS ProtectionMarketingArrowECS_CZ
 
DDoS.ppt
DDoS.pptDDoS.ppt
DDoS.pptEllenSutiyem
 
12 types of DDoS attacks
12 types of DDoS attacks12 types of DDoS attacks
12 types of DDoS attacksHaltdos
 
Network And Application Layer Attacks
Network And Application Layer AttacksNetwork And Application Layer Attacks
Network And Application Layer AttacksArun Modi
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Gaurav Sharma
 
Networkin new
Networkin newNetworkin new
Networkin newrajujast
 
cloud computing final year project
cloud computing final year projectcloud computing final year project
cloud computing final year projectAmeya Vashishth
 
DDoS Falcon_Tech_Specs-Haltdos
DDoS Falcon_Tech_Specs-HaltdosDDoS Falcon_Tech_Specs-Haltdos
DDoS Falcon_Tech_Specs-HaltdosHaltdos
 
Cyber security tutorial2
Cyber security tutorial2Cyber security tutorial2
Cyber security tutorial2sweta dargad
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnAmarnathKambale
 

More Related Content

Similar to DDOS (1).ppt

Presentation on Cyber Security
Presentation on Cyber SecurityPresentation on Cyber Security
Presentation on Cyber SecurityAnand Kater
 
UDP Flood Attack.pptx
UDP Flood Attack.pptxUDP Flood Attack.pptx
UDP Flood Attack.pptxdawitTerefe5
 
Assingement on dos ddos
Assingement on dos ddosAssingement on dos ddos
Assingement on dos ddoskalyan kumar
 
Fortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_IntroductionFortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_Introductionswang2010
 
Innovation in Network Security
Innovation in Network Security Innovation in Network Security
Innovation in Network Security MoranLeven
 
CEH v9 cheat sheet notes Certified Ethical Hacker
CEH v9 cheat sheet notes Certified Ethical HackerCEH v9 cheat sheet notes Certified Ethical Hacker
CEH v9 cheat sheet notes Certified Ethical HackerDavid Sweigert
 
DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeMyNOG
 
Network security and System Admin
Network security and System AdminNetwork security and System Admin
Network security and System AdminMD SAHABUDDIN
 
12 types of DDoS attacks
12 types of DDoS attacks12 types of DDoS attacks
12 types of DDoS attacksHaltdos
 
Network And Application Layer Attacks
Network And Application Layer AttacksNetwork And Application Layer Attacks
Network And Application Layer AttacksArun Modi
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Gaurav Sharma
 
Networkin new
Networkin newNetworkin new
Networkin newrajujast
 
cloud computing final year project
cloud computing final year projectcloud computing final year project
cloud computing final year projectAmeya Vashishth
 
DDoS Falcon_Tech_Specs-Haltdos
DDoS Falcon_Tech_Specs-HaltdosDDoS Falcon_Tech_Specs-Haltdos
DDoS Falcon_Tech_Specs-HaltdosHaltdos
 
Cyber security tutorial2
Cyber security tutorial2Cyber security tutorial2
Cyber security tutorial2sweta dargad
 

Similar to DDOS (1).ppt (20)

Presentation on Cyber Security
Presentation on Cyber SecurityPresentation on Cyber Security
Presentation on Cyber Security
 
UDP Flood Attack.pptx
UDP Flood Attack.pptxUDP Flood Attack.pptx
UDP Flood Attack.pptx
 
Assingement on dos ddos
Assingement on dos ddosAssingement on dos ddos
Assingement on dos ddos
 
Fortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_IntroductionFortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_Introduction
 
DDoS-bdNOG
DDoS-bdNOGDDoS-bdNOG
DDoS-bdNOG
 
Innovation in Network Security
Innovation in Network Security Innovation in Network Security
Innovation in Network Security
 
L1803046876
L1803046876L1803046876
L1803046876
 
CEH v9 cheat sheet notes Certified Ethical Hacker
CEH v9 cheat sheet notes Certified Ethical HackerCEH v9 cheat sheet notes Certified Ethical Hacker
CEH v9 cheat sheet notes Certified Ethical Hacker
 
DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL Lee
 
Network security and System Admin
Network security and System AdminNetwork security and System Admin
Network security and System Admin
 
20320140501016
2032014050101620320140501016
20320140501016
 
F5 DDoS Protection
F5 DDoS ProtectionF5 DDoS Protection
F5 DDoS Protection
 
DDoS.ppt
DDoS.pptDDoS.ppt
DDoS.ppt
 
12 types of DDoS attacks
12 types of DDoS attacks12 types of DDoS attacks
12 types of DDoS attacks
 
Network And Application Layer Attacks
Network And Application Layer AttacksNetwork And Application Layer Attacks
Network And Application Layer Attacks
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)
 
Networkin new
Networkin newNetworkin new
Networkin new
 
cloud computing final year project
cloud computing final year projectcloud computing final year project
cloud computing final year project
 
DDoS Falcon_Tech_Specs-Haltdos
DDoS Falcon_Tech_Specs-HaltdosDDoS Falcon_Tech_Specs-Haltdos
DDoS Falcon_Tech_Specs-Haltdos
 
Cyber security tutorial2
Cyber security tutorial2Cyber security tutorial2
Cyber security tutorial2
 

Recently uploaded

AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnAmarnathKambale
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...software pro Development
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfryanfarris8
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesVictorSzoltysek
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 

Recently uploaded (20)

AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 

DDOS (1).ppt

  • 1. Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu
  • 2. Introduction  What is a Denial of Service attack?  Using up resources and / or bandwidth of a server in a malicious way to prevent legitimate users from accessing its services.  What is a DDoS?  A DoS attack carried out using a large number of compromised systems improving its potency and reducing traceability of the originator.  Some common DoS methodologies  SYN flood – exploits poor implementation of TCP in some OSs.  Ping of Death – uses inherent weakness in IP fragmentation and reassembly  Notorious DDoS attacks  MyDoom  Smurf attack
  • 4. Ping of Death  Maximum legal size of IP packets is 65535 bytes.  Because of limitations in the physical layer, packets may have to be fragmented and then reassembled at the destination.  A fragmented packet with the maximum offset and size greater than 7 bytes will cause the server to allocate a buffer of size > 65535 bytes.
  • 5. Distributed DoS attacks  Involves using some common DoS methodology, but the attack is carried out from a large number of machines  IP spoofing is a common technique used in almost all forms of attack.  Botnets consist of a large number of “zombie” machines controlled by a single user which can be used to carry out all sorts of attacks (including DDoS)  Network and protocol implementation loopholes can also be used for launching such attacks
  • 6. Distributed DoS attacks (contd.) © Copyright 2008, WSTA, All Rights Reserved.
  • 7. Notorious Attacks  Smurf attack:  A simple C program which spoofs the targets IP address and sends a broadcast ECHO (ICMP) message. All machines receiving the broadcast message ping the target machine, causing a massive DoS.  MyDoom: Fastest spreading email worm. On execution, opened a backdoor on the TCP 3127 port and could then be used to run DDoS attacks on specific domains. The affected domains were sco.com, microsoft.com, Google, AltaVista and Lycos
  • 8. Techniques to mitigate Security Threats  Access Lists  NAT
  • 9. Access Lists  Introduction  Purpose of Access Lists  Need for Access Lists  Definition  List of conditions
  • 10. Detecting DOS attacks  How to determine if your system is under attack?  Show CPU utilization  Access-lists implementation
  • 11. Commands (some examples)  access−list 111 permit ip 172.16.0.0 0.0.255.255 any  access−list 111 deny ip any any log  Interface serial 0/1  ip access−group 111 out
  • 12. Prevention of DOS attacks  Cisco product ASA  Will be demonstrated in the simulation
  • 13. Attacks mitigated by ALs  IP address spoofing  DOS smurf attacks  DOS sync attacks  Filtering traceroute
  • 14. Network Address Translation “Network Address Translation also known as IP Masquerading or NAT, is an Internet standard that enables translation of IP addresses used within one network to different IP addresses known within another network”
  • 15. Need for NAT  Shortage of IP addresses with protocol IPv4 -IP address is a unique 32 bit number -100 million of hosts & 350 million of users -NAT comes into picture requires only single IP address to represent a group of computers.
  • 16. Types of NAT  Basic NAT : Involves IP translation only - not port mapping  PAT (Port Address Translation): Involves translation of both IP addresses & port numbers. a. SNAT : Translation of Source IP address & port number b. DNAT: Translation of Destination IP address & port number
  • 18. NAT Security Capabilities  Basic NAT acts as firewall between Internet & local Intranet, protects Intranet from Denial of service attack.  NAT routers having advanced firewall implements stateful packet inspection which allows filtering of unnecessary data like IP spoofing, SYN flooding from your router.  NAT router supporting port forwarding keeps unwanted traffic away from your local network.
  • 19. References  www.windowsecurity.com  http://en.wikipedia.org  Risk mitigation & threat management: compliance, security, and DDoS prevention : by Andreas M. Antonopoulos and Johna Till Johnson  http://computer.howstuffworks.com/nat.htm  http://nislab.bu.edu/sc546/sc441Spring2003/NAT/index.htm  http://en.wikipedia.org/wiki/Network_address_translation  http://www.ipv6.com/articles/nat/NAT-In-Depth.htm