SlideShare a Scribd company logo

Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/wZdUfJ

Download as PPTX, PDF
Suhail Khan
Suhail Khan

A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root name servers. The term is generally used with regards to computer networks, but is not limited to this field, for example, it is also used in reference to CPU resource management. There are two general forms of Dos attacks: those that crash services and those that flood services. One common method of attack involves saturating the target machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. In general terms, DoS attacks are implemented by either forcing the targeted computer to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.

Related slideshows

Cyber security
Cyber securityCyber security
Cyber security
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing
 
DDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtDDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin Bisht
 
1 of 22
DISTRIBUTED DENIAL OF SERVICE ATTACKS By Suhail Niyaz Khan B.E Electronic And Communication CCNA|MCSE
DoS ATTACK • A DOS attack is an attempt to overload website or servers with traffic. • The goal is to disrupt the website or network in order to stop legitimate users from accessing the service. • The DOS attack is usually launched from a single machine
DDoS ATTACK • DDOS attacks are normally worse than DOS attacks • They are launched from multiple computers. • The machines involved could number hundreds of thousands or more. • Machines are usually added to the hacker’s network by means of malware
The concept of DDoS can be explained using an example as follows
PHASES IN A DDoS ATTACK STEP 1 : Recruiting of slave/zombie machines can be done using pirated softwares , unknown links , untrusted sites etc. When a computer has become a zombie it has the code to infect other computers to which it is connected STEP 2 : Discovering the vulnerability of the target (using small scale attacks before the actual attack) This is done to check whether the target has taken any precautionary measures or not.
STEP 3 : Sending the attack instructions to the slaves This is usually done using IRC or Internet Relay Chats or by other forms of communication between the attacker i.e maker of the botnet and the virus which is present in a zombie computer. STEP 4 : ATTACK On getting the instruction to attack, all the zombie computers start sending messages simultaneously and continuously to the target server. The server tries to reply to all requests but after sometime server gets overpowered and it crashes.
AFTER-EFFECT
WHYARE DDOSATTACKS DONE? Some of the reasons for a DDoS attack are: • Financial/economical gain Hackers in this case are hired by one company to attack against rival companies. • Revenge Performed by an individual for the injustice he had may have incurred before. • For fun or show off. • Cyberwarfare (organized by terrorist groups of one country against another).
TYPES OF DDOS ATTACKS
SMURF ATTACK • A Smurf attack is a sort of Brute Force DOS Attack . • A huge number of Internet Control Message Protocol (ICMP) packet are sent to a victim system using Spoofed IP Address.
DIFFERENT PHASES OFATTACK • IP address of the victim is obtained by the attacker. • Using this spoofed IP address the attacker sends ICMP messages to a network’s broadcasting address. • All the devices in this network get these ICMP messages and they send back ICMP replies to the IP address of the victim. • Victim get flooded with packets coming from all these zombies and crashes.
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/wZdUfJ
STEPS TO PROTECT AGAINST SMURF ATTACKS • Configure the router to not contact all the devices connected to its network when an ICMP message is obtained to its broadcast address. • Setup a firewall so as to filter unwanted messages.
• This attack exploits part of the normal TCP three-way handshake to consume resources on the targeted server. • The offender sends TCP connection requests faster than the targeted machine can process them, causing network saturation. TCP SYN/ACK ATTACK
DIFFERENT PHASES OFATTACK • The attacker obtains the IP addresses of various systems. • Impersonating as these systems, the attacker sends a number of SYN requests which is the first signal to be sent for establishing a TCP connection with a 3 way handshake. • The server which holds the website replies with a TCP SYN/ACK reply on receiving the SYN requests and waits for the ACK signal to receive from the IP address which had been spoofed by the attacker. • The server thus wastes it resources and bandwidth and waits for the ACK signal to be received.
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/wZdUfJ
STEPS TO PROTECT AGAINST TCP/ACK ATTACKS 1) Decrease the TCP Connection Timeout on the victim server so that the server waits for only a little time and stops waiting for TCP ACK signal after that time. 2) Using firewall as an intermediary between the attacker and server.
PING TO DEATH • An attack in which an attacker attempts to crash, destabilize, or freeze the targeted computer or service by sending oversized packets using a simple ping command. • Many historical computer systems simply could not handle larger packets(65,535bytes), and would crash if they received one
DIFFERENT PHASES OF ATTACK • Deliberately sending an IP packet larger than the 65,535 bytes • One of the features of TCP/IP is fragmentation; it allows a single IP packet to be broken down into smaller segments. • A packet broken down into fragments could add up to more than the allowed 65,535 bytes • When they received an oversized packet, so they froze, crashed, or rebooted.
SOME REAL LIFE ATTACK • The first major attack occurred in January 2001. The target was Register.com • In February 2007, more than 10,000 online game servers in games such as Return to Castle ,Counter-Strike and many others were attacked by the hacker group. • On August 6, 2009 several social networking sites, including Twitter, Facebook, LiveJournal, and Google blogging pages were hit by DDoS attacks.
COUNTER MEASURES • Check for frequent and subscribe to automatic vendor notifications • Attempt to understand the vulnerability patches in your software and configuration • Disable unnecessary network software • Keep anti-virus (e.g. Norton) and anti-Trojan (e.g. BOClean) software up to date • Run a desktop firewall
STAY SAFE

More Related Content

Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/wZdUfJ

  • 1. DISTRIBUTED DENIAL OF SERVICE ATTACKS By Suhail Niyaz Khan B.E Electronic And Communication CCNA|MCSE
  • 2. DoS ATTACK • A DOS attack is an attempt to overload website or servers with traffic. • The goal is to disrupt the website or network in order to stop legitimate users from accessing the service. • The DOS attack is usually launched from a single machine
  • 3. DDoS ATTACK • DDOS attacks are normally worse than DOS attacks • They are launched from multiple computers. • The machines involved could number hundreds of thousands or more. • Machines are usually added to the hacker’s network by means of malware
  • 4. The concept of DDoS can be explained using an example as follows
  • 5. PHASES IN A DDoS ATTACK STEP 1 : Recruiting of slave/zombie machines can be done using pirated softwares , unknown links , untrusted sites etc. When a computer has become a zombie it has the code to infect other computers to which it is connected STEP 2 : Discovering the vulnerability of the target (using small scale attacks before the actual attack) This is done to check whether the target has taken any precautionary measures or not.
  • 6. STEP 3 : Sending the attack instructions to the slaves This is usually done using IRC or Internet Relay Chats or by other forms of communication between the attacker i.e maker of the botnet and the virus which is present in a zombie computer. STEP 4 : ATTACK On getting the instruction to attack, all the zombie computers start sending messages simultaneously and continuously to the target server. The server tries to reply to all requests but after sometime server gets overpowered and it crashes.
  • 8. WHYARE DDOSATTACKS DONE? Some of the reasons for a DDoS attack are: • Financial/economical gain Hackers in this case are hired by one company to attack against rival companies. • Revenge Performed by an individual for the injustice he had may have incurred before. • For fun or show off. • Cyberwarfare (organized by terrorist groups of one country against another).
  • 9. TYPES OF DDOS ATTACKS
  • 10. SMURF ATTACK • A Smurf attack is a sort of Brute Force DOS Attack . • A huge number of Internet Control Message Protocol (ICMP) packet are sent to a victim system using Spoofed IP Address.
  • 11. DIFFERENT PHASES OFATTACK • IP address of the victim is obtained by the attacker. • Using this spoofed IP address the attacker sends ICMP messages to a network’s broadcasting address. • All the devices in this network get these ICMP messages and they send back ICMP replies to the IP address of the victim. • Victim get flooded with packets coming from all these zombies and crashes.
  • 13. STEPS TO PROTECT AGAINST SMURF ATTACKS • Configure the router to not contact all the devices connected to its network when an ICMP message is obtained to its broadcast address. • Setup a firewall so as to filter unwanted messages.
  • 14. • This attack exploits part of the normal TCP three-way handshake to consume resources on the targeted server. • The offender sends TCP connection requests faster than the targeted machine can process them, causing network saturation. TCP SYN/ACK ATTACK
  • 15. DIFFERENT PHASES OFATTACK • The attacker obtains the IP addresses of various systems. • Impersonating as these systems, the attacker sends a number of SYN requests which is the first signal to be sent for establishing a TCP connection with a 3 way handshake. • The server which holds the website replies with a TCP SYN/ACK reply on receiving the SYN requests and waits for the ACK signal to receive from the IP address which had been spoofed by the attacker. • The server thus wastes it resources and bandwidth and waits for the ACK signal to be received.
  • 17. STEPS TO PROTECT AGAINST TCP/ACK ATTACKS 1) Decrease the TCP Connection Timeout on the victim server so that the server waits for only a little time and stops waiting for TCP ACK signal after that time. 2) Using firewall as an intermediary between the attacker and server.
  • 18. PING TO DEATH • An attack in which an attacker attempts to crash, destabilize, or freeze the targeted computer or service by sending oversized packets using a simple ping command. • Many historical computer systems simply could not handle larger packets(65,535bytes), and would crash if they received one
  • 19. DIFFERENT PHASES OF ATTACK • Deliberately sending an IP packet larger than the 65,535 bytes • One of the features of TCP/IP is fragmentation; it allows a single IP packet to be broken down into smaller segments. • A packet broken down into fragments could add up to more than the allowed 65,535 bytes • When they received an oversized packet, so they froze, crashed, or rebooted.
  • 20. SOME REAL LIFE ATTACK • The first major attack occurred in January 2001. The target was Register.com • In February 2007, more than 10,000 online game servers in games such as Return to Castle ,Counter-Strike and many others were attacked by the hacker group. • On August 6, 2009 several social networking sites, including Twitter, Facebook, LiveJournal, and Google blogging pages were hit by DDoS attacks.
  • 21. COUNTER MEASURES • Check for frequent and subscribe to automatic vendor notifications • Attempt to understand the vulnerability patches in your software and configuration • Disable unnecessary network software • Keep anti-virus (e.g. Norton) and anti-Trojan (e.g. BOClean) software up to date • Run a desktop firewall