Simulation and Analysis of DDos Attacks
Download
Report
Transcript Simulation and Analysis of DDos Attacks
Simulation and Analysis of
DDos Attacks
2012 – International Conference on Emerging Trends in Science, Engineering and Technology
Poongothai, M
Department of Information Technology
,Institute of Road and Transport
Technology,
Erode Tamilnadu, India
Speaker: 101061555
Sathyakala, M
Department of Information Technology
,Institute of Road and Transport
Technology,
Erode Tamilnadu, India
鍾國君
1
Outline
Introduction to DDos Attack
DDos Attack Architecture
Advantages of DDos Attack
Four Phase of bot installation
DDos Attack Methods
DDos Defenses
Simulation
Conclusion
2
Intruduction to DDos Attack
Distributed Denial of Service(DDos)
◦ Overloads the targeted server with useless
traffic, crashes the server and leaves it unable
to properly communicate with the legitimate
users.
◦ Consume mainly the victim’s bandwidth,
processing capacity and storage capacity.
◦ May need human intervention to resume.
3
DDos Attack Architecture
4
Advantages of DDos Attack
Simple
◦ No sophisticated mechanisms.
◦ A single hacker can do.
Difficult to trace
◦ Multi-tiered structure.
◦ IP source spoofing.
5
Advantages of DDos Attack
Similar to legitimate traffic
◦ Attack streams from numerous machines
converge near the victim.
Robust
◦ Attacks will continue even if one node is dead.
6
Four Phase of Bot Installation
What is Bot?
◦ A program that automatically operates as an
user or another program.
◦ Installed in the internal-node computers
called “handlers” or “agents”.
◦ Wait for the hacker to initiate the attack
remotely.
7
Four Phase of Bot Installation
1.Scanning
◦ Installed bots scan lots of computers for
security flaws.
2.Exploitation
◦ Susceptible hosts are found and
compromised hosts are listed.
8
Four Phase of Bot Installation
3.Deployment
◦ The “handler software” is installed in the
compromised hosts.
4.Propagation
◦ Handler then scans for vulnerable hosts and
compromises them, called “agents/Daemon”.
9
DDos Attack Methods
Methods
◦ Smurf Floods
Floods the network with ICMP ECHO requests
with the victim’s address, then the victim will filled
with ping responses.
◦ ICMP Floods
The Attacker generates lots of ICMP ECHO
packets directed at the victim. Finally, the victim is
busy replying all the ECHO requests.
10
DDos Attack Methods
◦ UDP/TCP Floods
Send a large number of UDP/TCP packets to the
victim and tie up the available network bandwidth.
◦ TCP SYN Floods
Not to give the final ACK packet and make the
victim waste the allocated buffer.
11
DDos Attack Methods
12
DDos Attack Methods
Dynamics
◦
◦
◦
◦
◦
◦
Application attacks
Protocol attacks
Operating system attacks
Host attacks
Network attacks
Infrastructure attacks
13
DDos Defense
Classification
◦ Preventive
Eliminate the vulnerabilities in the system and
prevent the attacker from gaining a group of
zombie machines.
◦ Survival
Increase the victim’s sources for surviving during
the attack.
◦ Responsive
Control the attack streams from influencing the
victim.
14
DDos Defense
Strategy
◦ Agent identification
who is attacking?
◦ Rate limiting
Impose a rate limit on the incoming streams.
◦ Filtering
Filter out the attack streams.
◦ Reconfiguration
Change the topology of the networks near the
victim.
15
DDos Defense
Countermeasures
◦ Path isolation
Routers isolate traffic path, and this information can
be used to deploy filters on the path.
◦ Privileged customer
Customers used to communicate with the server
will have the first priority.
16
DDos Defense
◦ Traffic baselining
Filter the traffic when some traffic parameter
exceed their expected value.
◦ Resource multiplication
More resources are deployed to sustain large
attacks.
◦ Legitimate traffic inflation
Multiply the legitimate traffic.
17
Simulation
Three considerations
◦ DDos attack traffic
◦ Legitimate traffic
◦ Network topology
Software used - NS2
◦ Can replicate threats of interests in a secure
environment.
18
Simulation
19
Conclusion
Evolution in intruder tools will continue.
Even if the system/network is robust,
others may be not. Thus, the security
issue still exists.
20