Basics of Denial of Service Attacks
- 2. OUTLINE
• What Is DoS and what is DoS Attack
• History
• Types of Attacks
• Main targets today
• How to Defend
• Prosecution
• Conclusion
- 3. WHAT IS “DOS ATTACK”
Denial-Of-Service Attack = DOS Attack is a malicious attempt by a
single person or a group of people to cause the victim, site or
node to deny service to it customers.
• DoS = when a single host attacks
• DDoS = when multiple hosts attack simultaneously
- 4. IDEA OF “DOS ATTACKS”
• Purpose is to shut down a site, not penetrate it.
• Purpose may be vandalism, extortion or social action
(including terrorism) (Sports betting sites often extorted)
• Modification of internal data, change of programs (Includes
defacement of web sites)
- 6. HISTORY
Morris Worm (November 2, 1988)
• First DDoS attack to cripple large amounts of network
infrastructure
• Self-replicating, self-propagating.
• Exploited software commonality (monoculture)
1. Fingerd buffer overflow exploit
2. Sendmail root vulnerability
3. Weak passwords
- 7. HISTORY
Morris Worm effect
• Infected systems became “catatonic”
• Took roughly three days to come under control
• Ultimately infected 10% of Internet computers (6,000) and
cost $ million to clean up.
• Morris convicted under computer fraud and abuse act, three
years probation, fine of $10,000
- 9. TYPES OF DOS ATTACKS
• Penetration
• Eavesdropping
• Man-In-The-Middle
• Flooding
- 10. TYPES OF DOS ATTACKS
Penetration
• Attacker gets inside your machine
• Can take over machine and do whatever he wants
• Achieves entry via software flaw(s), stolen passwords
or insider access
- 11. TYPES OF DOS ATTACKS
Eavesdropping
• Attacker gains access to same network
• Listens to traffic going in and out of your machine
- 12. TYPES OF DOS ATTACKS
Man-in-the-Middle
• Attacker listens to output and controls output
• Can substitute messages in both directions
- 13. TYPES OF DOS ATTACKS
Flooding
• Attacker sends an overwhelming number of messages at your
machine; great congestion
• The congestion may occur in the path before your machine
• Messages from legitimate users are crowded out
• Usually called a Denial of Service (DoS) attack, because that’s
the effect.
• Usually involves a large number of machines, hence
Distributed Denial of Service (DDoS) attack
- 15. HOW TO DEFEND
• Firewalls - can effectively prevent users from launching simple
flooding type attacks from machines behind the firewall.
• Switches - Some switches provide automatic and/or system-
wide rate limiting, traffic shaping, delayed binding to detect
and remediate denial of service attacks
• Routers - If you add rules to take flow statistics out of the
router during the DoS attacks, they further slow down and
complicate the matter
• DDS based defense
• Clean pipes
- 16. • Nothing can be done to entirely prevent DOS
• Minimize the dangers
– Effective and Robust Design
– Bandwidth Limitations
– Keep Systems Patched
– Run the least amount of services
– Allow only necessary traffic
– Block IP addresses
- 17. CONCLUSION
• Role of international boundaries - consoles located across
international borders, law-enforcement problem
• In the past, as the present, DDoS has been more a nuisance
activity conducted by cyber vandals than an activity with
specific socioeconomic aims
• In the future, DDoS may be used as a disruptive force, with
broad destabilization as its aim instead of the targeting of
specific targets
• Destabilization has a high (ROI) Return On Investment when
compared to targeted attacks