SlideShare a Scribd company logo

Denial of Service Attacks

Pascal Flöschel
Pascal Flöschel
1 of 16
Download to read offline
Denial-of-service (DoS) Attacks Risk & Security Management Dipl.-Phys. Rainer Barthels 09.11.2012 Pascal Flöschel (FS060217) Tomal K. Ganguly (FS090182) Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
Agenda 1. Facts and Figures Tomal 2. Examples Tomal 3. DoS – denial of service Tomal 4. DoS Attacks Pascal 5. Flooding Attacks Pascal 6. Attack Architectures Pascal 7. Defenses against DoS-Attacks Tomal 8. Responding to a DoS-Attack Tomal Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
1. Facts and Figures > Hackers have been carrying out DDoS attacks for more than a decade (400 MB/s in 2002 100 GB/s in 2010) > CSI Computer Crime and Security Survey states that 17% of respondents experienced some form of DoS attack in 2010 > Focus is generally on network services that are attacked over their network connection > Slashdotting / Flash crowd > popular website links to smaller site causing massive increase of traffic > overloading smaller site slow down, temporary unavailability > Flash crowd is more generic term network or host receives lots of traffic source: Stallings/Brown (2012), p. 243 f. Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
2. Examples Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
3. DoS – denial of service «A denial of service (DoS) is an action that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources such as central processing units (CPU), memory bandwidth, and disk space.» (from: NIST Computer Security Incident Handling Guide, source: Stallings/Brown (2012), p.244) > Categories of resources which can be attacked: network bandwidth, system resources, application resources > Typical aims of DoS attacks: > consuming bandwidth with large traffic volumes > overload or crash the network handling software > send specific types of packets to consume limited available resources Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
4. DoS Attacks Example network to illustrate DoS Attacks source: Stallings/Brown (2012), p. 245 Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
4. DoS Attacks > SYN Spoofing source: Stallings/Brown (2012), p. 248 f. Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
5. Flooding Attacks «Flooding attacks take a variety of forms, based on which network protocol is being used to implement the attack. In all cases the intent is generally to overload the network capacity on some link to a server.» (from: Stallings/Brown (2012), p.250) > ICMP Flood > UDP Flood > TCP Syn Flood > Distributed denial-of-service Attacks > Reflector Attacks > Amplifier Attacks Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
6. Attack Architectures > Distributed Denial-of-Service (DDoS) Attacks source: Stallings/Brown (2012), p. 253 Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
6. Attack Architectures > Application-based bandwidth attacks > SIP Flood > HTTP-Based Attacks > HTTP Flood source: Stallings/Brown (2012), p. 255 Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
6. Attack Architectures > Reflector and Amplifier Attacks > Reflection Attacks source: Stallings/Brown (2012), p. 247 ff. Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
6. Attack Architectures > Reflector and Amplifier Attacks > Amplification Attacks source: Stallings/Brown (2012), p. 259 Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
7. Defenses against DoS-Attacks > Attack prevention and preemption (before the attack) > Attack detection and filtering (during the attack) > Attack source traceback and identification (during and after the attack) Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
8. Responding to a DoS-Attack > Incident response plan > Details of how to contact technical personal for ISP > Flooding attacks can only be filtered upstream from user’s network connection > Details of how to respond to the attack > Implementation of standard antispoofing, directed broadcast and rate limiting filtering > Automated network monitoring and instrusion detection system for abnormal traffic flows and identification (attack, misconfiguration, hard- / software failure) Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
8. Responding to a DoS-Attack > Proposal of guideline for organizations 1) Identify the type of attack and traceback 2) Identify best approach to defend against it 3) Capture packets flowing into the organization and analyze them, looking for common attack types (e.g. network analysis tool) 4) Documentation of actions for support of any legal action 5) Develop a strategy to switch to alternative backup servers or commission of new site with new address to restore the service (forward planning) Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
Thank you for your attention. Any questions? Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein

Recommended

Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackAhmed Ghazey
 
Denial of Service Attack
Denial of Service AttackDenial of Service Attack
Denial of Service AttackDhrumil Panchal
 
DDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceDDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceEr. Shiva K. Shrestha
 
DDoS ATTACKS
DDoS ATTACKSDDoS ATTACKS
DDoS ATTACKSAnil Antony
 
Denail of Service
Denail of ServiceDenail of Service
Denail of ServiceRamasubbu .P
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attackstollen_fusion
 
DDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtDDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtNitin Bisht
 
Dos n d dos
Dos n d dosDos n d dos
Dos n d dossadhana21297
 

Recommended

Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackAhmed Ghazey
 
Denial of Service Attack
Denial of Service AttackDenial of Service Attack
Denial of Service AttackDhrumil Panchal
 
DDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceDDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceEr. Shiva K. Shrestha
 
DDoS ATTACKS
DDoS ATTACKSDDoS ATTACKS
DDoS ATTACKSAnil Antony
 
Denail of Service
Denail of ServiceDenail of Service
Denail of ServiceRamasubbu .P
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attackstollen_fusion
 
DDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtDDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtNitin Bisht
 
Dos n d dos
Dos n d dosDos n d dos
Dos n d dossadhana21297
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Gaurav Sharma
 
Dos attack
Dos attackDos attack
Dos attackManjushree Mashal
 
Destributed denial of service attack ppt
Destributed denial of service attack pptDestributed denial of service attack ppt
Destributed denial of service attack pptOECLIB Odisha Electronics Control Library
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackKaustubh Padwad
 
An introduction to denial of service attacks
An introduction to denial of service attacksAn introduction to denial of service attacks
An introduction to denial of service attacksRollingsherman
 
Basics of Denial of Service Attacks
Basics of Denial of Service AttacksBasics of Denial of Service Attacks
Basics of Denial of Service AttacksHansa Nidushan
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS AttacksJignesh Patel
 
Cyber Security and Cloud Computing
Cyber Security and Cloud ComputingCyber Security and Cloud Computing
Cyber Security and Cloud ComputingKeet Sugathadasa
 
Malware
MalwareMalware
MalwareTuhin_Das
 
DNS spoofing/poisoning Attack
DNS spoofing/poisoning AttackDNS spoofing/poisoning Attack
DNS spoofing/poisoning AttackFatima Qayyum
 
Assingement on dos ddos
Assingement on dos ddosAssingement on dos ddos
Assingement on dos ddoskalyan kumar
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attackskrishh sivakrishna
 
Session Hijacking ppt
Session Hijacking pptSession Hijacking ppt
Session Hijacking pptHarsh Kevadia
 
Web application attacks
Web application attacksWeb application attacks
Web application attackshruth
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Cyber security
Cyber securityCyber security
Cyber securityDr. Kishor Nikam
 
Module 9 Dos
Module 9 DosModule 9 Dos
Module 9 Dosleminhvuong
 
Denial of service
Denial of serviceDenial of service
Denial of servicegarishma bhatia
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chainAnkita Ganguly
 
DDoS Protection
DDoS ProtectionDDoS Protection
DDoS ProtectionAmazon Web Services
 

More Related Content

What's hot

Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Gaurav Sharma
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackKaustubh Padwad
 
An introduction to denial of service attacks
An introduction to denial of service attacksAn introduction to denial of service attacks
An introduction to denial of service attacksRollingsherman
 
Basics of Denial of Service Attacks
Basics of Denial of Service AttacksBasics of Denial of Service Attacks
Basics of Denial of Service AttacksHansa Nidushan
 
Cyber Security and Cloud Computing
Cyber Security and Cloud ComputingCyber Security and Cloud Computing
Cyber Security and Cloud ComputingKeet Sugathadasa
 
DNS spoofing/poisoning Attack
DNS spoofing/poisoning AttackDNS spoofing/poisoning Attack
DNS spoofing/poisoning AttackFatima Qayyum
 
Assingement on dos ddos
Assingement on dos ddosAssingement on dos ddos
Assingement on dos ddoskalyan kumar
 
Session Hijacking ppt
Session Hijacking pptSession Hijacking ppt
Session Hijacking pptHarsh Kevadia
 
Web application attacks
Web application attacksWeb application attacks
Web application attackshruth
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 

What's hot (20)

Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)
 
Dos attack
Dos attackDos attack
Dos attack
 
Destributed denial of service attack ppt
Destributed denial of service attack pptDestributed denial of service attack ppt
Destributed denial of service attack ppt
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
 
An introduction to denial of service attacks
An introduction to denial of service attacksAn introduction to denial of service attacks
An introduction to denial of service attacks
 
Basics of Denial of Service Attacks
Basics of Denial of Service AttacksBasics of Denial of Service Attacks
Basics of Denial of Service Attacks
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS Attacks
 
Cyber Security and Cloud Computing
Cyber Security and Cloud ComputingCyber Security and Cloud Computing
Cyber Security and Cloud Computing
 
Malware
MalwareMalware
Malware
 
DNS spoofing/poisoning Attack
DNS spoofing/poisoning AttackDNS spoofing/poisoning Attack
DNS spoofing/poisoning Attack
 
Assingement on dos ddos
Assingement on dos ddosAssingement on dos ddos
Assingement on dos ddos
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
 
Session Hijacking ppt
Session Hijacking pptSession Hijacking ppt
Session Hijacking ppt
 
Web application attacks
Web application attacksWeb application attacks
Web application attacks
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
 
Cyber security
Cyber securityCyber security
Cyber security
 
Module 9 Dos
Module 9 DosModule 9 Dos
Module 9 Dos
 
Denial of service
Denial of serviceDenial of service
Denial of service
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
 
DDoS Protection
DDoS ProtectionDDoS Protection
DDoS Protection
 

Denial of Service Attacks

  • 1. Denial-of-service (DoS) Attacks Risk & Security Management Dipl.-Phys. Rainer Barthels 09.11.2012 Pascal Flöschel (FS060217) Tomal K. Ganguly (FS090182) Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
  • 2. Agenda 1. Facts and Figures Tomal 2. Examples Tomal 3. DoS – denial of service Tomal 4. DoS Attacks Pascal 5. Flooding Attacks Pascal 6. Attack Architectures Pascal 7. Defenses against DoS-Attacks Tomal 8. Responding to a DoS-Attack Tomal Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
  • 3. 1. Facts and Figures > Hackers have been carrying out DDoS attacks for more than a decade (400 MB/s in 2002 100 GB/s in 2010) > CSI Computer Crime and Security Survey states that 17% of respondents experienced some form of DoS attack in 2010 > Focus is generally on network services that are attacked over their network connection > Slashdotting / Flash crowd > popular website links to smaller site causing massive increase of traffic > overloading smaller site slow down, temporary unavailability > Flash crowd is more generic term network or host receives lots of traffic source: Stallings/Brown (2012), p. 243 f. Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
  • 4. 2. Examples Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
  • 5. 3. DoS – denial of service «A denial of service (DoS) is an action that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources such as central processing units (CPU), memory bandwidth, and disk space.» (from: NIST Computer Security Incident Handling Guide, source: Stallings/Brown (2012), p.244) > Categories of resources which can be attacked: network bandwidth, system resources, application resources > Typical aims of DoS attacks: > consuming bandwidth with large traffic volumes > overload or crash the network handling software > send specific types of packets to consume limited available resources Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
  • 6. 4. DoS Attacks Example network to illustrate DoS Attacks source: Stallings/Brown (2012), p. 245 Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
  • 7. 4. DoS Attacks > SYN Spoofing source: Stallings/Brown (2012), p. 248 f. Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
  • 8. 5. Flooding Attacks «Flooding attacks take a variety of forms, based on which network protocol is being used to implement the attack. In all cases the intent is generally to overload the network capacity on some link to a server.» (from: Stallings/Brown (2012), p.250) > ICMP Flood > UDP Flood > TCP Syn Flood > Distributed denial-of-service Attacks > Reflector Attacks > Amplifier Attacks Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
  • 9. 6. Attack Architectures > Distributed Denial-of-Service (DDoS) Attacks source: Stallings/Brown (2012), p. 253 Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
  • 10. 6. Attack Architectures > Application-based bandwidth attacks > SIP Flood > HTTP-Based Attacks > HTTP Flood source: Stallings/Brown (2012), p. 255 Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
  • 11. 6. Attack Architectures > Reflector and Amplifier Attacks > Reflection Attacks source: Stallings/Brown (2012), p. 247 ff. Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
  • 12. 6. Attack Architectures > Reflector and Amplifier Attacks > Amplification Attacks source: Stallings/Brown (2012), p. 259 Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
  • 13. 7. Defenses against DoS-Attacks > Attack prevention and preemption (before the attack) > Attack detection and filtering (during the attack) > Attack source traceback and identification (during and after the attack) Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
  • 14. 8. Responding to a DoS-Attack > Incident response plan > Details of how to contact technical personal for ISP > Flooding attacks can only be filtered upstream from user’s network connection > Details of how to respond to the attack > Implementation of standard antispoofing, directed broadcast and rate limiting filtering > Automated network monitoring and instrusion detection system for abnormal traffic flows and identification (attack, misconfiguration, hard- / software failure) Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
  • 15. 8. Responding to a DoS-Attack > Proposal of guideline for organizations 1) Identify the type of attack and traceback 2) Identify best approach to defend against it 3) Capture packets flowing into the organization and analyze them, looking for common attack types (e.g. network analysis tool) 4) Documentation of actions for support of any legal action 5) Develop a strategy to switch to alternative backup servers or commission of new site with new address to restore the service (forward planning) Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein
  • 16. Thank you for your attention. Any questions? Risk & Security Management – DoS Attacks 09.11.2012 University of Liechtenstein