Defending Against Denial of Service Attacks
Download
Report
Transcript Defending Against Denial of Service Attacks
Defending Against Denial of
Service Attacks
Presented By: Jordan Deveroux
1
Outline
I. What are Denial of Service Attacks and
what makes the internet vulnerable to
them?
II. How do these attacks occur?
III. How do we defend against such attacks?
IV. What are the ethical implications of
Denial of Service Attacks and their effect
on our society ?
2
Denial of Service Attacks
Denial of Service (Dos)- An attack that is
trying to deny access by legitimate users to
shared resources or services
Distributed Denial of Service (DDoS)- A
denial of service attack where the traffic
comes from multiple sources
3
Attacker
Zombies
4
Victim
Zombies
• Malicious Payload is
Installed
• Communication takes
place on IRC channels
• Software contains a
flooding mechanism
• Software can be
updated by attacker
5
Internet Vulnerabilities
IP Spoofing- creating an IP packet
with false information, often a
false address.
Multipath routing makes packet
tracing difficult
No centralized Internet authority
6
Outline
I. What are Denial of Service Attacks and
what makes the internet vulnerable to
them?
II. How do these attacks occur?
III. How do we defend against such attacks?
IV. What are the ethical implications of
Denial of Service Attacks and their effect
on our society ?
7
What does DoS Attack?
1. Consumes a host’s resources
CPU
Memory
2. Consumes network bandwidth
Legitimate traffic is unable to go through
Attack Power- level of resources consumed
at the victim by the attack
8
Categories of Bandwidth Attacks
Protocol-Based
Application-Based
Distributed Reflector
Infrastructure Attacks
9
Protocol-Based: SYN Flood
10
Protocol-Based: ICMP Flood
INTERMEDIARY
NETWORK
INTERNET
ATTACKER
VICTIM
11
Application-Based: HTTP Flood
Attacking web servers with many
http requests
Used in DDoS because it requires a
genuine IP
Multiple ways to flood using this
method
12
Application Based:
SIP FLOOD
VOIP Attack
Flood proxy servers with
many invite packets
Affects not only proxy
servers but legitimate
callers
13
Distributed Reflector Attacks
14
Infrastructure Attacks
Disable Critical components of the
Internet
Significant Attack power is required to
successfully execute an infrastructure
attack
These types of attacks are why we need
a globally-cooperative defense effort
15
Outline
I. What are Denial of Service Attacks and
what makes the internet vulnerable to
them?
II. How do these attacks occur?
III. How do we defend against such attacks?
IV. What are the ethical implications of
Denial of Service Attacks and their effect
on our society ?
16
Four Categories of Defense
Attack Prevention
Attack Detection
Attack Source Identification
Attack Reaction
17
Attack Prevention: Ingress/Egress
Filtering
18
Other Attack Prevention Techniques
Router Based Packet Filtering
Possible if Tier 1 ISPs are involved
SAVE Protocol
Needs to be universally deployed
These Techniques prevent IP spoofing and filter
traffic before it reaches the target, but need
wide adoption to be effective
19
Attack Detection Techniques
Easy to detect
Differentiate between flash crowds and DoS
attack
Rely on certain assumptions
Attack Detection Techniques:
DoS-attack-specific
Anomaly-based
20
Dos-Specific
MULTOPS
SYN Detection
Kolmogorov Test
Spectral Analysis
Time Series Analysis
Anomaly-Based
Need to build a normal
profile
Block irregular traffic
Difficult to determine all
normal traffic
Lightweight Intrusion
Detection System (LISYS)
The only way to detect a DDoS effectively and early is to
monitor features attackers can’t change or are really
difficult to change, (e.g. : Percent of new IP’s)
21
Attack Source Identification
Tracking IP traffic is difficult to do
Active IP traceback technique
Probabilistic traceback technique
Hash-Based IP traceback
22
Attack Reaction Techniques
23
Attack Reaction Techniques
Bottleneck Resource Management
Fix Software-Based Vulnerabilities
History-Based IP Filtering
Intermediate Network Reaction
Harder to track the greater the distance
Controller-Agent Scheme
Source End Reaction
D-WARD
24
Conclusion on Defense Techniques
Most of these are DoS defense
Limited progress made on DDoS
Attacker resources often surpass victim’s resources
Defenses are limited due to lack of central control of
the internet
We need to increase the reliability of global network
infrastructure
Most effective is to block attack close to source
25
Outline
I. What are Denial of Service Attacks and
what makes the internet vulnerable to
them?
II. How do these attacks occur?
III. How do we defend against such attacks?
IV. What are the ethical implications of
Denial of Service Attacks and their effect
on our society ?
26
Growth of DoS and DDoS attacks
Security knowledge of users is decreasing while attacks
are becoming more and more sophisticated
In 1988, 6 attacks were reported
In 2003, 137, 529 attacks were reported
CSI/FBI survey shows on average 35% percent who
participate suffered DoS attacks
Vulnerabilities have increased to 35x the number reported
in 1995
Only 4 out of 1127 customer-based system attacks used
spoofed addresses in 2004
27
What’s taking so long?
Implementing defense schemes are
expensive
Lack of economic incentive
Personal users
Internet Service Providers
Don’t want to spend money to protect
someone else’s network
28
“Code Red” Worm (2001)
300,000 zombie army to launch DoS against White House
website
Distributed Reflector Attack (2002)
Brought down www.grc.com
Internet DNS Root Servers (2002)
SYN Flood and ICMP Flood
All 13 DNS root servers were attacked at the same time
Total Attack Volume: 900 Mb/s
Most queries answered but some parts of internet
experienced congestion or were unreachable
Blaster Worm (2003)
Exploited vulnerability in RPC
SYN Flood against windowsupdate.com
29
Ethics
These attacks can have lasting effects,
including monetary damages
Used as a political statement
Wikileaks fiasco (2010)
Operation : Payback
Mastercard, PostFinance, Paypal
30
References
Survery of Network Based Defense Mechanisms
Countering the DoS and DDoS Problems (Peng, Leckie,
Ramamohanarao)
www.cert.org
http://www.pcmag.com/article2/0,2817,2374023,00.asp
31