SlideShare une entreprise Scribd logo

DoS/DDoS

Télécharger en tant que PPTX, PDF
Vihari Piratla
Vihari Piratla

describes about DoS/DDoS attacks, popular methods of carrying the attack and some mitigation techniques.

Technologie
1  sur  24
Saikiran Boga (B10010) Vihari Piratla (B10030) Vivek Vishwakarma (B10038)
 Attack against availability  Not used to gain unauthorized entry, just to mess it up  Wikipedia: “In computing, a denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users.”  Targets are sites or services hosted on high-profile webserver such as banks, credit card payment gateways or even root nameservers
 Any attack against availability is Denial of Service attack  Distributed DoS attack is DoS attack using multiple systems simultaneously to flood the bandwidth or resources of a targeted system  Mount attack from single machine => DoS  Uses multiple compromised systems (for example botnets) => DDoS  DDoS is harder to track and shut down
 Anti-competition business practices  Register your dissent!  Richard Stallman has stated DoS is a form of „Internet Street Protest‟  Punishment for undesired actions  DoS attack in online games to retaliate your competitor
 A worm called MyDoom started propagating which had a real target in mind - www.sco.com.  Targeting Microsoft Windows, became fastest spreading e-mail worm, estimated one million computers around the world  By January 2004 rapid spread of worm slows overall internet performance by 10%, average webpage load time by 50%, and responsible for 1 in 10 e-mails at this time  As February 1 arrives millions infected computers launch a Denial Of Service (DOS) attack against SCO  SCO Group offered a reward of $250,000 for information leading to arrest the worm‟s creator  Damage and total cost estimates from MyDoom are still in progress, but CEI now estimates the total may exceed $ 4 billion, making it one of the most costly cyber attacks on record
 Two general form of DoS –  Those who crash services  Those who flood services
 Consumption of computational resources such as bandwidth, disk space or processor time  Disruption of configuration information such as routing information  Disrupting physical network component or obstructing communication media between the intended users and the victim  Most DoS attack involves IP address spoofing so location of the attacking machines cannot easily be identified  Etc.
 Internet control Message Protocol (ICMP) flood.  Distributed attack.  RUDY.  Unintentional Denial of Service.  Peer-to-peer attacks.
 A smurf attack is one particular variant of a flooding DoS attack on the public Internet.  Works on the mechanism of flooding the victim‟s bandwidth.  Relies on broadcasting or misconfigured devices.  Attacker sends large number of ICMP echo requests to a broadcast address.  All the messages sent to the broadcast address have the source address spoofed to that of the victims IP address.  All the reply messages target and flood the victim‟s address.
 Used in identifying misconfigured networks and take appropriate actions.  Similar attacks:  Ping flood: sending the victim large number of ping packets.  Ping of death: sending malformed packet leading to victims system crash.
 Multiple systems flooding the bandwidth or resources of a targeted system, usually a single server or multiple servers.  Result of multiple compromised systems(ex: a botnet) flooding the targeted system with traffic.  Stacheldraht tool is an example of DDoS.  Client program is used by the attacker to connect to handlers which are compromised systems.  These handlers are then used to send commands to zombie agents, which carry the DDoS attacks.
Advantages:  Multiple machines can generate more attack traffic than one machine.  Turning off multiple machines is harder compared to turning off a single machine.  Each machine attack may be a stealthier attack, making hard to track and shutdown.  Mere purchase of more bandwidth doesn‟t help, since the attacker can easily add more attack machines.
 Attacks web applications by starvation of available sessions on the web server.  Keeps sessions at halt using never-ending POST transmissions and sending arbitrarily large content length header value.  Similar to Slowloris  Keeps server busy with less resources.  Sends partial HTTP requests, and continues to send subsequent headers at regular intervals to keep sockets from closing.  Slow HTTP post: After the establishment of the connection through headers, the actual content is sent at very low rates, thus keeping the session open for prolonged time.
 Situation where a website ends up denied not due to a deliberate attack by a single individual or a group of individuals, but simple due to spike in popularity of the website or a particular resource.  Usually due to potentially hundreds of thousands of users clicking some particular link in a span of few hours, showing similar effect to that of a DDoS attack.  Occurs on a site that is less-prepared for to server large number of users.  Ex: Massive number of would-be youtube.com users accidentally typing utube.com
 Done through exploiting bugs in peer-to-peer servers.  Usually and most of the attacks exploit DC++.  Attacker doesn‟t need to communicate with the client it want to attack.  Attacker plays the role of a puppet master.  Instructs the clients in large peer-to-peer network to connect to the victims website.  Typically a webserver can handle few hundred connections before performance degrades.
 Server fails instantly under five or six connections per second.  Easy to identify using signatures, but the number of IP addresses to be blocked becomes huge.  Blocking through the use of signatures require the establishment of connection, then transfer of signature, detection of the signature and finally turning down the connection. Even this might utilize large number of resources.  Can be prevented by specifying the allowable ports.
 SYN flood  Permanent DoS attack  Applications level floods  Nuke  Slow Read Attack  Telephony DoS attack
• • • • Tough to detect, premises on the TCP response timeout calculation vulnerabilities. Selection of timeout has to balance between 1. If set too low then spurious retransmissions as packets doomed lost and 2. Set too high unnecessary wait long for a lost packet. minRTO was observed to be optimal at 1 sec [RFC2988] Shrew attack contains short pulses of outages that will effectively decrease the throughput and transmitting at the lowest possible speed.
• • • The throughput of such a attack is RL/T where R is the max capacity of the channel, L >RTT and T>minRTO, rtt is of order 10100ms and T is >= 1sec and hence lesser the RTT more effective the attack is. In general the channel capacity is reduced to 1/10 th. These are very tough to detect for their very nature of passiveness.
• Firewall can be a one stop solution for many of these attacks. • Firewall is the network filters which decides whether to allow or discard a packet. • Effectively written firewalls can be tolerant to aggressive attacks like SYN floods (connection-full firewalls). • Botnets can be detected with Passive OS finger priniting. • Running malware detection on the computer periodically can reduce the vulnerability.
• • Some stateful firewalls, like OpenBSD's pf packet filter, can act as a proxy for connections: the handshake is validated (with the client) instead of simply forwarding the packet to the destination. One basic obvious rule that should be made and works very well for some of the DoS attacks is to keep count for the number of requests from a single client arriving at a server, along with tracking of the state of the connection.
• • • SYN flood can be mitigated by setting up a SYN proxy which sits before the webserver and forward the request to the web server only when the ACK is received by the firewall. To make sure that firewall itself doesn't run out of resources we first do ping to see whether the address is up or exists, if exists then it lets the firewall wait for it, or else will just remove that address. Blacklisting the IP addresses can help in future processing of requests.
It is tough to detect the low rate DOS attacks with pattern detection, as they are not aggresive and look quite normal. • It is possible to detect this attack with some known patterns of packet acknowledgement. like shrew attack. • Many variants of TCP congestion protocol like TCP Tahoe and Reno, TCP vegas, TCP cubic. None resistant to this. Fair queuing in the routers, can recover 90% of the throughput. 1.
1. Randomizing timeout: 1. 2. randomizing minRTO. (uniformly choosing minRTO between (a,b) ) changing it can affect the congestion, as 1 sec is an optimal value chosen. [RFC2988] RTO = max (minRTO, SRTT + max (G, 4RTTVAR)), RTO could be chosen uniformly at random from a range that depends upon minRTO and SRTT+ max (G, 4RTTVAR). For instance, we could choose RTO to be in the range between 80% and 120% of max (minRTO, SRTT + max (G, 4RTTVAR)). Doing this would imply that the timeouts at different times of a TCP session would be different. This could prevent the DoS attacker from ever

Recommandé

Module 9 Dos
Module 9 DosModule 9 Dos
Module 9 Dosleminhvuong
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackKaustubh Padwad
 
DDoS Attack
DDoS AttackDDoS Attack
DDoS AttackGopi Krishnan S
 
Denial of-service (do s) attack
Denial of-service (do s) attackDenial of-service (do s) attack
Denial of-service (do s) attackHTS Hosting
 
DDos
DDosDDos
DDosrohit verma
 
DDoS Attack and Mitigation
DDoS Attack and MitigationDDoS Attack and Mitigation
DDoS Attack and MitigationDevang Badrakiya
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Gaurav Sharma
 
Ddos
DdosDdos
Ddosuniversity of Gujrat, pakistan
 

Recommandé

Module 9 Dos
Module 9 DosModule 9 Dos
Module 9 Dosleminhvuong
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackKaustubh Padwad
 
DDoS Attack
DDoS AttackDDoS Attack
DDoS AttackGopi Krishnan S
 
Denial of-service (do s) attack
Denial of-service (do s) attackDenial of-service (do s) attack
Denial of-service (do s) attackHTS Hosting
 
DDos
DDosDDos
DDosrohit verma
 
DDoS Attack and Mitigation
DDoS Attack and MitigationDDoS Attack and Mitigation
DDoS Attack and MitigationDevang Badrakiya
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Gaurav Sharma
 
Ddos
DdosDdos
Ddosuniversity of Gujrat, pakistan
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackAhmed Ghazey
 
DDoS ATTACKS
DDoS ATTACKSDDoS ATTACKS
DDoS ATTACKSAnil Antony
 
Denial of Service Attack
Denial of Service AttackDenial of Service Attack
Denial of Service AttackDhrumil Panchal
 
Denail of Service
Denail of ServiceDenail of Service
Denail of ServiceRamasubbu .P
 
DDoS-bdNOG
DDoS-bdNOGDDoS-bdNOG
DDoS-bdNOGZobair Khan
 
An introduction to denial of service attack
An introduction to denial of service attackAn introduction to denial of service attack
An introduction to denial of service attackMohammad Reza Mousavinasr
 
Denial of service
Denial of serviceDenial of service
Denial of servicegarishma bhatia
 
Entropy and denial of service attacks
Entropy and denial of service attacksEntropy and denial of service attacks
Entropy and denial of service attackschris zlatis
 
Practical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksPractical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksSecurity Session
 
Defense mechanism for d do s attack through machine learning
Defense mechanism for d do s attack through machine learningDefense mechanism for d do s attack through machine learning
Defense mechanism for d do s attack through machine learningeSAT Publishing House
 
Assingement on dos ddos
Assingement on dos ddosAssingement on dos ddos
Assingement on dos ddoskalyan kumar
 
DDoS attacks
DDoS attacksDDoS attacks
DDoS attacksCh Anas Irshad
 
10 DDoS Mitigation Techniques
10 DDoS Mitigation Techniques10 DDoS Mitigation Techniques
10 DDoS Mitigation TechniquesIntruGuard
 
DDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtDDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtNitin Bisht
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS AttacksJignesh Patel
 
An introduction to denial of service attacks
An introduction to denial of service attacksAn introduction to denial of service attacks
An introduction to denial of service attacksRollingsherman
 
Destributed denial of service attack ppt
Destributed denial of service attack pptDestributed denial of service attack ppt
Destributed denial of service attack pptOECLIB Odisha Electronics Control Library
 
DDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceDDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceEr. Shiva K. Shrestha
 
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...IJNSA Journal
 
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/... Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...Suhail Khan
 
Fortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_IntroductionFortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_Introductionswang2010
 
Session for InfoSecGirls - New age threat management vol 1
Session for InfoSecGirls - New age threat management vol 1Session for InfoSecGirls - New age threat management vol 1
Session for InfoSecGirls - New age threat management vol 1InfoSec Girls
 

Contenu connexe

Tendances

Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackAhmed Ghazey
 
Denial of Service Attack
Denial of Service AttackDenial of Service Attack
Denial of Service AttackDhrumil Panchal
 
Entropy and denial of service attacks
Entropy and denial of service attacksEntropy and denial of service attacks
Entropy and denial of service attackschris zlatis
 
Practical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksPractical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksSecurity Session
 
Defense mechanism for d do s attack through machine learning
Defense mechanism for d do s attack through machine learningDefense mechanism for d do s attack through machine learning
Defense mechanism for d do s attack through machine learningeSAT Publishing House
 
Assingement on dos ddos
Assingement on dos ddosAssingement on dos ddos
Assingement on dos ddoskalyan kumar
 
10 DDoS Mitigation Techniques
10 DDoS Mitigation Techniques10 DDoS Mitigation Techniques
10 DDoS Mitigation TechniquesIntruGuard
 
DDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtDDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtNitin Bisht
 
An introduction to denial of service attacks
An introduction to denial of service attacksAn introduction to denial of service attacks
An introduction to denial of service attacksRollingsherman
 
DDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceDDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceEr. Shiva K. Shrestha
 
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...IJNSA Journal
 
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/... Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...Suhail Khan
 

Tendances (20)

Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
 
DDoS ATTACKS
DDoS ATTACKSDDoS ATTACKS
DDoS ATTACKS
 
Denial of Service Attack
Denial of Service AttackDenial of Service Attack
Denial of Service Attack
 
Denail of Service
Denail of ServiceDenail of Service
Denail of Service
 
DDoS-bdNOG
DDoS-bdNOGDDoS-bdNOG
DDoS-bdNOG
 
An introduction to denial of service attack
An introduction to denial of service attackAn introduction to denial of service attack
An introduction to denial of service attack
 
Denial of service
Denial of serviceDenial of service
Denial of service
 
Entropy and denial of service attacks
Entropy and denial of service attacksEntropy and denial of service attacks
Entropy and denial of service attacks
 
Practical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksPractical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacks
 
Defense mechanism for d do s attack through machine learning
Defense mechanism for d do s attack through machine learningDefense mechanism for d do s attack through machine learning
Defense mechanism for d do s attack through machine learning
 
Assingement on dos ddos
Assingement on dos ddosAssingement on dos ddos
Assingement on dos ddos
 
DDoS attacks
DDoS attacksDDoS attacks
DDoS attacks
 
10 DDoS Mitigation Techniques
10 DDoS Mitigation Techniques10 DDoS Mitigation Techniques
10 DDoS Mitigation Techniques
 
DDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtDDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin Bisht
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS Attacks
 
An introduction to denial of service attacks
An introduction to denial of service attacksAn introduction to denial of service attacks
An introduction to denial of service attacks
 
Destributed denial of service attack ppt
Destributed denial of service attack pptDestributed denial of service attack ppt
Destributed denial of service attack ppt
 
DDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceDDoS - Distributed Denial of Service
DDoS - Distributed Denial of Service
 
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
 
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/... Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
 

Similaire à DoS/DDoS

Fortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_IntroductionFortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_Introductionswang2010
 
Session for InfoSecGirls - New age threat management vol 1
Session for InfoSecGirls - New age threat management vol 1Session for InfoSecGirls - New age threat management vol 1
Session for InfoSecGirls - New age threat management vol 1InfoSec Girls
 
denialofservice.pdfdos attacck basic details with interactive design
denialofservice.pdfdos attacck basic details with interactive designdenialofservice.pdfdos attacck basic details with interactive design
denialofservice.pdfdos attacck basic details with interactive designperfetbyedshareen
 
MS_ISAC__DDoS_Attacks_Guide__2023_05.pdf
MS_ISAC__DDoS_Attacks_Guide__2023_05.pdfMS_ISAC__DDoS_Attacks_Guide__2023_05.pdf
MS_ISAC__DDoS_Attacks_Guide__2023_05.pdfssuser262297
 
DrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSDrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSSuzanne Aldrich
 
Using the Web or another research tool, search for alternative means.pdf
Using the Web or another research tool, search for alternative means.pdfUsing the Web or another research tool, search for alternative means.pdf
Using the Web or another research tool, search for alternative means.pdffms12345
 
12 types of DDoS attacks
12 types of DDoS attacks12 types of DDoS attacks
12 types of DDoS attacksHaltdos
 
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM ijcseit
 
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISMDISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISMijcseit
 
Whitepaper on DDoS Mitigation
Whitepaper on DDoS MitigationWhitepaper on DDoS Mitigation
Whitepaper on DDoS MitigationGaurav Bhatia
 
Protecting your business from ddos attacks
Protecting your business from ddos attacksProtecting your business from ddos attacks
Protecting your business from ddos attacksSaptha Wanniarachchi
 
Detection of application layer ddos attack using hidden semi markov model (20...
Detection of application layer ddos attack using hidden semi markov model (20...Detection of application layer ddos attack using hidden semi markov model (20...
Detection of application layer ddos attack using hidden semi markov model (20...Mumbai Academisc
 
Innovation in Network Security
Innovation in Network Security Innovation in Network Security
Innovation in Network Security MoranLeven
 
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!PriyadharshiniHemaku
 
Cyber security PPT
Cyber security PPTCyber security PPT
Cyber security PPTKavin Raval
 
UDP Flood Attack.pptx
UDP Flood Attack.pptxUDP Flood Attack.pptx
UDP Flood Attack.pptxdawitTerefe5
 

Similaire à DoS/DDoS (20)

Fortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_IntroductionFortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_Introduction
 
Session for InfoSecGirls - New age threat management vol 1
Session for InfoSecGirls - New age threat management vol 1Session for InfoSecGirls - New age threat management vol 1
Session for InfoSecGirls - New age threat management vol 1
 
denialofservice.pdfdos attacck basic details with interactive design
denialofservice.pdfdos attacck basic details with interactive designdenialofservice.pdfdos attacck basic details with interactive design
denialofservice.pdfdos attacck basic details with interactive design
 
MS_ISAC__DDoS_Attacks_Guide__2023_05.pdf
MS_ISAC__DDoS_Attacks_Guide__2023_05.pdfMS_ISAC__DDoS_Attacks_Guide__2023_05.pdf
MS_ISAC__DDoS_Attacks_Guide__2023_05.pdf
 
DrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSDrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoS
 
Using the Web or another research tool, search for alternative means.pdf
Using the Web or another research tool, search for alternative means.pdfUsing the Web or another research tool, search for alternative means.pdf
Using the Web or another research tool, search for alternative means.pdf
 
12 types of DDoS attacks
12 types of DDoS attacks12 types of DDoS attacks
12 types of DDoS attacks
 
Ix3615551559
Ix3615551559Ix3615551559
Ix3615551559
 
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
 
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISMDISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
 
Whitepaper on DDoS Mitigation
Whitepaper on DDoS MitigationWhitepaper on DDoS Mitigation
Whitepaper on DDoS Mitigation
 
L1803046876
L1803046876L1803046876
L1803046876
 
Protecting your business from ddos attacks
Protecting your business from ddos attacksProtecting your business from ddos attacks
Protecting your business from ddos attacks
 
Detection of application layer ddos attack using hidden semi markov model (20...
Detection of application layer ddos attack using hidden semi markov model (20...Detection of application layer ddos attack using hidden semi markov model (20...
Detection of application layer ddos attack using hidden semi markov model (20...
 
Innovation in Network Security
Innovation in Network Security Innovation in Network Security
Innovation in Network Security
 
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
 
Cyber security PPT
Cyber security PPTCyber security PPT
Cyber security PPT
 
about botnets
about botnetsabout botnets
about botnets
 
UDP Flood Attack.pptx
UDP Flood Attack.pptxUDP Flood Attack.pptx
UDP Flood Attack.pptx
 
A041201010
A041201010A041201010
A041201010
 

Dernier

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 

Dernier (20)

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 

DoS/DDoS

  • 1. Saikiran Boga (B10010) Vihari Piratla (B10030) Vivek Vishwakarma (B10038)
  • 2.  Attack against availability  Not used to gain unauthorized entry, just to mess it up  Wikipedia: “In computing, a denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users.”  Targets are sites or services hosted on high-profile webserver such as banks, credit card payment gateways or even root nameservers
  • 3.  Any attack against availability is Denial of Service attack  Distributed DoS attack is DoS attack using multiple systems simultaneously to flood the bandwidth or resources of a targeted system  Mount attack from single machine => DoS  Uses multiple compromised systems (for example botnets) => DDoS  DDoS is harder to track and shut down
  • 4.  Anti-competition business practices  Register your dissent!  Richard Stallman has stated DoS is a form of „Internet Street Protest‟  Punishment for undesired actions  DoS attack in online games to retaliate your competitor
  • 5.  A worm called MyDoom started propagating which had a real target in mind - www.sco.com.  Targeting Microsoft Windows, became fastest spreading e-mail worm, estimated one million computers around the world  By January 2004 rapid spread of worm slows overall internet performance by 10%, average webpage load time by 50%, and responsible for 1 in 10 e-mails at this time  As February 1 arrives millions infected computers launch a Denial Of Service (DOS) attack against SCO  SCO Group offered a reward of $250,000 for information leading to arrest the worm‟s creator  Damage and total cost estimates from MyDoom are still in progress, but CEI now estimates the total may exceed $ 4 billion, making it one of the most costly cyber attacks on record
  • 6.  Two general form of DoS –  Those who crash services  Those who flood services
  • 7.  Consumption of computational resources such as bandwidth, disk space or processor time  Disruption of configuration information such as routing information  Disrupting physical network component or obstructing communication media between the intended users and the victim  Most DoS attack involves IP address spoofing so location of the attacking machines cannot easily be identified  Etc.
  • 8.  Internet control Message Protocol (ICMP) flood.  Distributed attack.  RUDY.  Unintentional Denial of Service.  Peer-to-peer attacks.
  • 9.  A smurf attack is one particular variant of a flooding DoS attack on the public Internet.  Works on the mechanism of flooding the victim‟s bandwidth.  Relies on broadcasting or misconfigured devices.  Attacker sends large number of ICMP echo requests to a broadcast address.  All the messages sent to the broadcast address have the source address spoofed to that of the victims IP address.  All the reply messages target and flood the victim‟s address.
  • 10.  Used in identifying misconfigured networks and take appropriate actions.  Similar attacks:  Ping flood: sending the victim large number of ping packets.  Ping of death: sending malformed packet leading to victims system crash.
  • 11.  Multiple systems flooding the bandwidth or resources of a targeted system, usually a single server or multiple servers.  Result of multiple compromised systems(ex: a botnet) flooding the targeted system with traffic.  Stacheldraht tool is an example of DDoS.  Client program is used by the attacker to connect to handlers which are compromised systems.  These handlers are then used to send commands to zombie agents, which carry the DDoS attacks.
  • 12. Advantages:  Multiple machines can generate more attack traffic than one machine.  Turning off multiple machines is harder compared to turning off a single machine.  Each machine attack may be a stealthier attack, making hard to track and shutdown.  Mere purchase of more bandwidth doesn‟t help, since the attacker can easily add more attack machines.
  • 13.  Attacks web applications by starvation of available sessions on the web server.  Keeps sessions at halt using never-ending POST transmissions and sending arbitrarily large content length header value.  Similar to Slowloris  Keeps server busy with less resources.  Sends partial HTTP requests, and continues to send subsequent headers at regular intervals to keep sockets from closing.  Slow HTTP post: After the establishment of the connection through headers, the actual content is sent at very low rates, thus keeping the session open for prolonged time.
  • 14.  Situation where a website ends up denied not due to a deliberate attack by a single individual or a group of individuals, but simple due to spike in popularity of the website or a particular resource.  Usually due to potentially hundreds of thousands of users clicking some particular link in a span of few hours, showing similar effect to that of a DDoS attack.  Occurs on a site that is less-prepared for to server large number of users.  Ex: Massive number of would-be youtube.com users accidentally typing utube.com
  • 15.  Done through exploiting bugs in peer-to-peer servers.  Usually and most of the attacks exploit DC++.  Attacker doesn‟t need to communicate with the client it want to attack.  Attacker plays the role of a puppet master.  Instructs the clients in large peer-to-peer network to connect to the victims website.  Typically a webserver can handle few hundred connections before performance degrades.
  • 16.  Server fails instantly under five or six connections per second.  Easy to identify using signatures, but the number of IP addresses to be blocked becomes huge.  Blocking through the use of signatures require the establishment of connection, then transfer of signature, detection of the signature and finally turning down the connection. Even this might utilize large number of resources.  Can be prevented by specifying the allowable ports.
  • 17.  SYN flood  Permanent DoS attack  Applications level floods  Nuke  Slow Read Attack  Telephony DoS attack
  • 18. • • • • Tough to detect, premises on the TCP response timeout calculation vulnerabilities. Selection of timeout has to balance between 1. If set too low then spurious retransmissions as packets doomed lost and 2. Set too high unnecessary wait long for a lost packet. minRTO was observed to be optimal at 1 sec [RFC2988] Shrew attack contains short pulses of outages that will effectively decrease the throughput and transmitting at the lowest possible speed.
  • 19. • • • The throughput of such a attack is RL/T where R is the max capacity of the channel, L >RTT and T>minRTO, rtt is of order 10100ms and T is >= 1sec and hence lesser the RTT more effective the attack is. In general the channel capacity is reduced to 1/10 th. These are very tough to detect for their very nature of passiveness.
  • 20. • Firewall can be a one stop solution for many of these attacks. • Firewall is the network filters which decides whether to allow or discard a packet. • Effectively written firewalls can be tolerant to aggressive attacks like SYN floods (connection-full firewalls). • Botnets can be detected with Passive OS finger priniting. • Running malware detection on the computer periodically can reduce the vulnerability.
  • 21. • • Some stateful firewalls, like OpenBSD's pf packet filter, can act as a proxy for connections: the handshake is validated (with the client) instead of simply forwarding the packet to the destination. One basic obvious rule that should be made and works very well for some of the DoS attacks is to keep count for the number of requests from a single client arriving at a server, along with tracking of the state of the connection.
  • 22. • • • SYN flood can be mitigated by setting up a SYN proxy which sits before the webserver and forward the request to the web server only when the ACK is received by the firewall. To make sure that firewall itself doesn't run out of resources we first do ping to see whether the address is up or exists, if exists then it lets the firewall wait for it, or else will just remove that address. Blacklisting the IP addresses can help in future processing of requests.
  • 23. It is tough to detect the low rate DOS attacks with pattern detection, as they are not aggresive and look quite normal. • It is possible to detect this attack with some known patterns of packet acknowledgement. like shrew attack. • Many variants of TCP congestion protocol like TCP Tahoe and Reno, TCP vegas, TCP cubic. None resistant to this. Fair queuing in the routers, can recover 90% of the throughput. 1.
  • 24. 1. Randomizing timeout: 1. 2. randomizing minRTO. (uniformly choosing minRTO between (a,b) ) changing it can affect the congestion, as 1 sec is an optimal value chosen. [RFC2988] RTO = max (minRTO, SRTT + max (G, 4RTTVAR)), RTO could be chosen uniformly at random from a range that depends upon minRTO and SRTT+ max (G, 4RTTVAR). For instance, we could choose RTO to be in the range between 80% and 120% of max (minRTO, SRTT + max (G, 4RTTVAR)). Doing this would imply that the timeouts at different times of a TCP session would be different. This could prevent the DoS attacker from ever

Notes de l'éditeur

  1. 3 security objectives: IntegrityConfidentiality Availability. DoS targets availability.DoS is not used to gain unauthorized entry or information, just to mess it up.
  2. Anonymous group did a DoS attack on MasterCard.com as a punishment for blockade of WikiLeaks bank transactions.