SlideShare a Scribd company logo

Basics of Denial of Service Attacks

Download as PPTX, PDF
Hansa Nidushan
Hansa Nidushan

This document discusses denial of service (DoS) attacks, including their history and types. It explains that a DoS attack is a malicious attempt to deny service to customers of a target site or network. The first major DoS attack was the 1988 Morris Worm, which infected 10% of internet computers and cost millions to clean up. Common types of DoS attacks are penetration attacks, eavesdropping, man-in-the-middle attacks, and flooding attacks, which overwhelm a target with traffic. While nothing can entirely prevent DoS attacks, defenses include firewalls, routers, switches, bandwidth limitations, and keeping systems patched. The document concludes that future DoS attacks may aim for broad destabilization rather

Related slideshows

Network attacks
Network attacksNetwork attacks
Network attacks
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
 
Dos attack
Dos attackDos attack
Dos attack
 
1 of 18
DoS Attacks Basics
OUTLINE • What Is DoS and what is DoS Attack • History • Types of Attacks • Main targets today • How to Defend • Prosecution • Conclusion
WHAT IS “DOS ATTACK” Denial-Of-Service Attack = DOS Attack is a malicious attempt by a single person or a group of people to cause the victim, site or node to deny service to it customers. • DoS = when a single host attacks • DDoS = when multiple hosts attack simultaneously
IDEA OF “DOS ATTACKS” • Purpose is to shut down a site, not penetrate it. • Purpose may be vandalism, extortion or social action (including terrorism) (Sports betting sites often extorted) • Modification of internal data, change of programs (Includes defacement of web sites)
Denial of Service Attack Typical Connection
HISTORY Morris Worm (November 2, 1988) • First DDoS attack to cripple large amounts of network infrastructure • Self-replicating, self-propagating. • Exploited software commonality (monoculture) 1. Fingerd buffer overflow exploit 2. Sendmail root vulnerability 3. Weak passwords
HISTORY Morris Worm effect • Infected systems became “catatonic” • Took roughly three days to come under control • Ultimately infected 10% of Internet computers (6,000) and cost $ million to clean up. • Morris convicted under computer fraud and abuse act, three years probation, fine of $10,000
TYPES OF DOS ATTACKS
TYPES OF DOS ATTACKS • Penetration • Eavesdropping • Man-In-The-Middle • Flooding
TYPES OF DOS ATTACKS Penetration • Attacker gets inside your machine • Can take over machine and do whatever he wants • Achieves entry via software flaw(s), stolen passwords or insider access
TYPES OF DOS ATTACKS Eavesdropping • Attacker gains access to same network • Listens to traffic going in and out of your machine
TYPES OF DOS ATTACKS Man-in-the-Middle • Attacker listens to output and controls output • Can substitute messages in both directions
TYPES OF DOS ATTACKS Flooding • Attacker sends an overwhelming number of messages at your machine; great congestion • The congestion may occur in the path before your machine • Messages from legitimate users are crowded out • Usually called a Denial of Service (DoS) attack, because that’s the effect. • Usually involves a large number of machines, hence Distributed Denial of Service (DDoS) attack
MAIN TARGETS
HOW TO DEFEND • Firewalls - can effectively prevent users from launching simple flooding type attacks from machines behind the firewall. • Switches - Some switches provide automatic and/or system- wide rate limiting, traffic shaping, delayed binding to detect and remediate denial of service attacks • Routers - If you add rules to take flow statistics out of the router during the DoS attacks, they further slow down and complicate the matter • DDS based defense • Clean pipes
• Nothing can be done to entirely prevent DOS • Minimize the dangers – Effective and Robust Design – Bandwidth Limitations – Keep Systems Patched – Run the least amount of services – Allow only necessary traffic – Block IP addresses
CONCLUSION • Role of international boundaries - consoles located across international borders, law-enforcement problem • In the past, as the present, DDoS has been more a nuisance activity conducted by cyber vandals than an activity with specific socioeconomic aims • In the future, DDoS may be used as a disruptive force, with broad destabilization as its aim instead of the targeting of specific targets • Destabilization has a high (ROI) Return On Investment when compared to targeted attacks
THANK YOU

More Related Content

Basics of Denial of Service Attacks

  • 2. OUTLINE • What Is DoS and what is DoS Attack • History • Types of Attacks • Main targets today • How to Defend • Prosecution • Conclusion
  • 3. WHAT IS “DOS ATTACK” Denial-Of-Service Attack = DOS Attack is a malicious attempt by a single person or a group of people to cause the victim, site or node to deny service to it customers. • DoS = when a single host attacks • DDoS = when multiple hosts attack simultaneously
  • 4. IDEA OF “DOS ATTACKS” • Purpose is to shut down a site, not penetrate it. • Purpose may be vandalism, extortion or social action (including terrorism) (Sports betting sites often extorted) • Modification of internal data, change of programs (Includes defacement of web sites)
  • 5. Denial of Service Attack Typical Connection
  • 6. HISTORY Morris Worm (November 2, 1988) • First DDoS attack to cripple large amounts of network infrastructure • Self-replicating, self-propagating. • Exploited software commonality (monoculture) 1. Fingerd buffer overflow exploit 2. Sendmail root vulnerability 3. Weak passwords
  • 7. HISTORY Morris Worm effect • Infected systems became “catatonic” • Took roughly three days to come under control • Ultimately infected 10% of Internet computers (6,000) and cost $ million to clean up. • Morris convicted under computer fraud and abuse act, three years probation, fine of $10,000
  • 8. TYPES OF DOS ATTACKS
  • 9. TYPES OF DOS ATTACKS • Penetration • Eavesdropping • Man-In-The-Middle • Flooding
  • 10. TYPES OF DOS ATTACKS Penetration • Attacker gets inside your machine • Can take over machine and do whatever he wants • Achieves entry via software flaw(s), stolen passwords or insider access
  • 11. TYPES OF DOS ATTACKS Eavesdropping • Attacker gains access to same network • Listens to traffic going in and out of your machine
  • 12. TYPES OF DOS ATTACKS Man-in-the-Middle • Attacker listens to output and controls output • Can substitute messages in both directions
  • 13. TYPES OF DOS ATTACKS Flooding • Attacker sends an overwhelming number of messages at your machine; great congestion • The congestion may occur in the path before your machine • Messages from legitimate users are crowded out • Usually called a Denial of Service (DoS) attack, because that’s the effect. • Usually involves a large number of machines, hence Distributed Denial of Service (DDoS) attack
  • 15. HOW TO DEFEND • Firewalls - can effectively prevent users from launching simple flooding type attacks from machines behind the firewall. • Switches - Some switches provide automatic and/or system- wide rate limiting, traffic shaping, delayed binding to detect and remediate denial of service attacks • Routers - If you add rules to take flow statistics out of the router during the DoS attacks, they further slow down and complicate the matter • DDS based defense • Clean pipes
  • 16. • Nothing can be done to entirely prevent DOS • Minimize the dangers – Effective and Robust Design – Bandwidth Limitations – Keep Systems Patched – Run the least amount of services – Allow only necessary traffic – Block IP addresses
  • 17. CONCLUSION • Role of international boundaries - consoles located across international borders, law-enforcement problem • In the past, as the present, DDoS has been more a nuisance activity conducted by cyber vandals than an activity with specific socioeconomic aims • In the future, DDoS may be used as a disruptive force, with broad destabilization as its aim instead of the targeting of specific targets • Destabilization has a high (ROI) Return On Investment when compared to targeted attacks