Transcript DOS Attacks

DOS Attacks
Lyle YapDiangco
COEN 150
5/21/04
Background

DOS attacks have been around for decades
 Usually intentional and malicious
 Can cost a target person and company a great deal
of time and money
– In 1998, the highest reported financial loss to a single
DOS attack was $1 million
– In 2002, it ballooned up to $50 million
– As the Internet grows and computers become more
advanced, DOS attacks will grow in size, strength,
security, and sophistication.
What is a DOS attack?

DOS attacks (Denial of Service attacks)
– An explicit attempt by intruders to prevent
legitimate users of a service from using that
service
– Various ways to execute DOS attacks:




Flood network
Disrupt connections between two machines
Prevent a particular user from accessing a service
Disrupt service to a specific system or person
Impact of DOS attacks

Disable your computer or network
 Even worse, cripple your company
 Lots of time, money, and production wasted
TCP Connection
Methods of Attacks

Consumption of scarce, limited, or non-renewable
resources
–
–
–
–

Network Connectivity
Using your own resources against you
Bandwidth Consumption
Consumption of other resources
Destruction or alteration of configuration
information
 Physical destruction or alteration of network
components
Network Connectivity

Most DOS attacks are executed on network
connectivity (TCP/IP)
 Goal is to prevent hosts or networks from
communicating over the network
 An example of this is a SYN Flood attack
TCP Gone Bad (SYN attack)
Other Methods of
Consumption of Resources

Using Your Own Resources Against You
– An intruder uses forged UDP packets to connect the
echo service on one machine to the chargen service on
another.

Bandwidth Consumption
– Generate large number of packets directed to your
network

Consumption of Other Resources
– Generate excessive mail messages, place files in ftp
areas, consume system data structures with bogus
programs
Destruction or Alteration of
Configuration Information

An improperly configured computer may
not perform well or may not operate at all
– An intruder can modify the registry on a
Windows machine
– Can change routing information
Physical Destruction or
Alteration of Network
Components

Primary concern is physical security
– Guard against unauthorized access to
computers, routers, network wiring closets,
power, etc.

Ex. Cutting a wire
Three Stages of DOS attacks

A Typical DOS attack
 DDOS (Distributed DOS attack)
 DRDOS (Distributed Reflection DOS
attack)
 In general, with each increasing stage, the
DOS attack grows in size, speed, security,
and sophistication.
DDOS
DRDOS
Famous Occurrences

Ping of Death
– Creates a packet that exceeds the max 65,536 bytes of
data allowed by the IP specification.

Teardrop Attack
– Creates a series of IP fragments with overloading offset
fields.

Smurf Attack (Brute Force Attack)
– Floods the router with Internet Control Messages
Protocol (ICMP) ECHO packets.

SYN Flood Attack
 UDP Flood Attack
 Viruses, Worms, and Trojan Horses
Countermeasures

Disable any unused or unneeded network
services
 Observe system performance
 Routinely examine physical features
 Establish and maintain regular backup
schedules and policies (ex. Config. Info
 Establish and maintain password policies
Countermeasures (ctd.)

If these are available
– Implement router filters to guard against certain
–
–
–
–
DOS attacks
Install patches to guard against SYN attacks
Invest in redundant and fault-tolerant network
configurations
Use Tripwire to detect changes in configuration
info or in files
Enable quota systems
Conclusion

DOS attacks are a major nuisance and can
be a serious threat
– Loss in money, time, productivity, possibly
human lives

People have the available tools and methods
in securing their computers and networks,
it’s just a matter of effort and awareness.
Questions?