Upload
raven-good
View
13
Download
0
Embed Size (px)
DESCRIPTION
Denial of Service. Bryan Oemler Web Enhanced Information Management March 22 nd , 2011. Introduction. A Constant threat to the web based providers Resources of servers limited Damaging effect on targets Goal: Drown out all legitimate traffic to server Consume resources of servers - PowerPoint PPT Presentation
Citation preview
Denial of Service
Bryan OemlerWeb Enhanced Information
ManagementMarch 22nd, 2011
Introduction
• A Constant threat to the web based providers• Resources of servers limited• Damaging effect on targets
• Goal: Drown out all legitimate traffic to server– Consume resources of servers– Monopolize the CPU– Mimic legitimate traffic to server• Method: Combine computing power over internet– Distribute the Denial of Service Attack (DDoS)
DoS in the news• Attacks on WordPress Mar 4th, 2011– Largest in History– Multiple Data Centers unable to handle load– Collateral damage for single target
• Anonymous attacks on MasterCard, Visa Dec 8th 2010– Individuals organizing DoS attack– Social Networking – Personal Computers launched DoS
• Twitter, Facebook attacks Aug 5th, 2009– Flood of emails– Target was individual using social networking tools
Botnet
• Network of infected computers– Computers Hijacked with malware– Contacted and controlled by perpetrator of
attacks– Target victim with requests
• Added Obfuscation and Computing Power– Large network of personal and corporate
computers– Source looks legitimate to victim
IP spoofing
• Packets are sent out with a forged return IP address– Hides source of attacks
• Complete TCP Connection cannot be formed– Victim host responds to random IP
http://www.techrepublic.com/article/exploring-the-anatomy-of-a-data-packet/1041907
SYN Flood
• Critical Mass of Connection packets– TCP connections started with
SYN(Synchronization) packet. – Server responds but never receives
acknowledgement – Attacker creates many half open connections– Connections open use up server memory– Attacker monopolizes server with open
connections
TCP Connection vs Spoofed Packet
http://www.understandingcomputers.ca/articles/grc/drdos_copy.html
Reflection Attacks
• “Reflect” requests off innocent servers– Return IP Address forged on to packet intended
target of attack– Attacker sends packet to diverse set of hosts– Hosts act as middle man for the attack
• Tracking packets task more difficult– Indirect path from attacker to victim– Rely on records of intermediate hosts
Reflection Attack
http://www.understandingcomputers.ca/articles/grc/drdos_copy.html
Full HTTP Requests
• Requests require greater amount of CPU time– Databases queries– Complex calculations– Files access
• Attacks hidden through Botnet– Infected computers appear to be legitimate users– Botnets sufficiently large
Final Observations
• Extremely Potent– Capable of knocking even largest companies offline
• Costly to victims– Services denied to e-commerce websites, public safety
• Increasing risk of attacks– More tools and resources moving online
• High collateral damage– Information interdependent – Hosts attacked or being used to attack
References• http://www.computerworld.com/s/article/9200521/Update_MasterCard
_Visa_others_hit_by_DDoS_attacks_over_WikiLeaks• http://www.reuters.com/article/2010/12/10/uk-wikileaks-cyberwarfare-a
mateur-idUSLNE6B902T20101210?feedType=RSS&feedName=everything&virtualBrandChannel=11563
• http://staff.washington.edu/dittrich/misc/ddos/• http://www.understandingcomputers.ca/articles/grc/drdos_copy.html• http://www.cis.udel.edu/~sunshine/publications/ccr.pdf• http://www.sans.org/security-resources/idfaq/trinoo.php• http://www.pcmag.com/article2/0,2817,2381486,00.asp• http://www.nytimes.com/2009/08/08/technology/internet/
08twitter.html?_r=2&hpw