Upload
adrian-boyd
View
221
Download
0
Tags:
Embed Size (px)
Citation preview
2
Objectives
•What is denial of service?•What is distributed denial of service?•Common forms of attack•Modes of attack•Consequences of attack•Real example of attack•Sign of attack•Prevention•Ethic on Denial of Service attack
3
WHAT IS DENIAL OF SERVICE ATTACK?
•Denial-of-service attack, is a type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic.
•DoS attack, denial-of-service attack, is an explicit attempt to make a computer resource unavailable by either injecting a computer virus or flooding the network with useless traffic.
4
WHAT IS DENIAL OF SERVICE ATTACK? cont’Its aim is to prevent legitimate users by:
•Attempting to flood a network
•To disrupt connections between computers
•Prevent certain individuals from accessing a service
•Disrupt service to a specific system or person
5
Common forms of Attack
•SYN Floods
•Ping of death
•Smurf Attack
•Teardrop Attack
•Mail Bomb
•Ping of flood
6
SYN Floods
•It takes advantage of the flaw of TCP three-
way handshaking behavior.
•Sends many requests to the connection.
•Do not response to replies.
•The SYN flood attack sends TCP
connections requests faster than a machine
can process them
7
Ping of death
• Is a denial of service (DoS) attack caused by an
attacker deliberately sending an IP packet larger
than the bytes allowed by the IP protocol. Since
the received ICMP(Internet Control Message
Protocol) echo request packet is bigger than the
normal IP packet size, the victim cannot
reassemble the packets. The OS may be crashed
or rebooted as a result.
8
Smurf Attack
•A smurf attack occurs when an attacker sends
a large amount of IP packets to the broadcast
address of an intermediate network with
spoofed IP addresses as the origin.
• This cause all hosts on the network to reply
to the ICMP request, causing significant
traffic to the victim's computer.
9
Teardrop Attack
•Divides large files into fragments.
•An attacker sends two fragments that cannot be reassembled properly by manipulating the offset value of packet and cause reboot or halt of victim system.
•Teardrop exploits an overlapping IP fragment bug present in Windows 95, Windows NT and Windows 3.1 machines.
10
Mail Bomb
Email bombing is characterized by abusers
repeatedly sending an email message to a
particular address at a specific victim site.
In many instances, the messages will be
large and constructed from meaningless
data in an effort to consume additional
system and network resources
11
Ping of flood
• Attacker simply sends a huge number of
"ICMP Echo Requests(ping)" to the victim.
• It sends ICMP packets as fast as possible
without waiting for replies.
• The continuing combination of requests and
replies can slow the network or, in extreme
cases, to disconnect.
12
What does the DoS attack?
NETWORK BANDWITH
SERVER MEMORY
CPU USAGE
DATABASE CONNECTION POOL
DATABASE SPACE
HARD DISK SPACE
13
What is Distributed Denial of Service?
•DDOS, short for Distributed Denial of Service, is a type of DOS attack where multiple compromised systems , which are usually infected with a Trojan -- are used to target a single system causing a Denial of Service (DoS) attack.
•DDoS = when multiple hosts attack simultaneously
•DoS = when a single host attacks.
14
MODES OF ATTACK
Consumption of scarce, limited or non renewable resources
Destruction or alteration of configuration information
Physical destruction or alteration of network components
15
CONSEQUENCES OF ATTACKS
• BRAND DAMAGE
• FINANCIAL LOSSES
• SABORTAGE
• EXTORTION
• REPEAT ATTACK IF NOT WELL
PROTECTED
16
Examples of Attack
•Schwab Website Again Hit With Denial of Service Attack (http://www.euroinvestor.com/news/2013/04/24/schwab-website-again-hit-with-denial-of-service-attack/12305777)
•Spamhaus hit by biggest-ever DDoS attacks (http://www.computerworld.com/s/article/9237938/Update_Spamhaus_hit_by_biggest_ever_DDoS_attacks)
17
SIGNS OF AN ATTACK
•Unusually slow network
•Certain websites become slower to open
or unavailable.
•A high increase in the amount of spam
received.
•Disconnection of a wireless or wired
internet connection
18
PREVENTION OF ATTACK•Businesses
Firewall and Router configurationBlock unnecessary portsFilter broadcast messagesVerify source IP address (prevent IP spoofing across subnets)
Install DDoS protection equipment or servicesMonitor traffic under normal circumstances and detect anomalies
19
Cont’Apply latest patches to servers and PCs, Use
Antivirus softwareMaintain a redundant environment (hot swap
server)
• End UsersUse a home firewall/routerApply latest updates for operating systemUse Antivirus softwareUse caution when opening email attachments
or clicking on links
20
ETHICS IN DOS ATTACK
•A Denial of Service Attack is unethical.
This is because it is an invasion of
someone’s space and with others the
destruction of property which denies
them the right to use what rightfully
belongs to them as a legitimate owner.
21
CONCLUSION
•Denial of service attacks have now
become common forms of protests online
for many groups that feel unfairly treated
or have prejudices against companies.
22
References
• http://www.iplocation.net/tools/denial-of-service.php
• http://www.webopedia.com/TERM/D/DoS_attack.html
• http://www.webopedia.com/TERM/D/DDoS_attack.html
• http://ethics.csc.ncsu.edu/abuse/dos/study.php
• http://www.iss.net/security_center/advice/Exploits/TCP/SYN_flood/default.htm
• http://searchsecurity.techtarget.com/definition/ping-of-death
• http://www.cert.org/tech_tips/email_bombing_spamming.html