Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/wZdUfJ
- 2. DoS ATTACK
• A DOS attack is an attempt to overload website or servers with
traffic.
• The goal is to disrupt the website or network in order to stop
legitimate users from accessing the service.
• The DOS attack is usually launched from a single machine
- 3. DDoS ATTACK
• DDOS attacks are normally worse than DOS attacks
• They are launched from multiple computers.
• The machines involved could number hundreds of thousands or more.
• Machines are usually added to the hacker’s network by means of malware
- 5. PHASES IN A DDoS ATTACK
STEP 1 : Recruiting of slave/zombie machines can be done using pirated
softwares , unknown links , untrusted sites etc.
When a computer has become a zombie it has the code to infect other
computers to which it is connected
STEP 2 :
Discovering the vulnerability of the target (using small scale attacks
before the actual attack)
This is done to check whether the target has taken any precautionary
measures or not.
- 6. STEP 3 : Sending the attack instructions to the slaves
This is usually done using IRC or Internet Relay Chats or by other
forms of communication between the attacker i.e maker of the
botnet and the virus which is present in a zombie computer.
STEP 4 : ATTACK
On getting the instruction to attack, all the zombie computers start
sending messages simultaneously and continuously to the target
server. The server tries to reply to all requests but after sometime
server gets overpowered and it crashes.
- 8. WHYARE DDOSATTACKS DONE?
Some of the reasons for a DDoS attack are:
• Financial/economical gain
Hackers in this case are hired by one company to attack against
rival companies.
• Revenge
Performed by an individual for the injustice he had may have incurred
before.
• For fun or show off.
• Cyberwarfare (organized by terrorist groups of one country against
another).
- 10. SMURF ATTACK
• A Smurf attack is a sort of Brute Force DOS Attack .
• A huge number of Internet Control Message Protocol (ICMP)
packet are sent to a victim system using Spoofed IP Address.
- 11. DIFFERENT PHASES OFATTACK
• IP address of the victim is obtained by the attacker.
• Using this spoofed IP address the attacker sends ICMP messages to a
network’s broadcasting address.
• All the devices in this network get these ICMP messages and they
send back ICMP replies to the IP address of the victim.
• Victim get flooded with packets coming from all these zombies and
crashes.
- 13. STEPS TO PROTECT AGAINST
SMURF ATTACKS
• Configure the router to not contact all the devices connected to its
network when an ICMP message is obtained to its broadcast address.
• Setup a firewall so as to filter unwanted messages.
- 14. • This attack exploits part of the normal TCP three-way
handshake to consume resources on the targeted server.
• The offender sends TCP connection requests faster than the
targeted machine can process them, causing network saturation.
TCP SYN/ACK ATTACK
- 15. DIFFERENT PHASES OFATTACK
• The attacker obtains the IP addresses of various systems.
• Impersonating as these systems, the attacker sends a number of SYN requests
which is the first signal to be sent for establishing a TCP connection with a 3
way handshake.
• The server which holds the website replies with a TCP SYN/ACK reply on
receiving the SYN requests and waits for the ACK signal to receive from the
IP address which had been spoofed by the attacker.
• The server thus wastes it resources and bandwidth and waits for the ACK
signal to be received.
- 17. STEPS TO PROTECT AGAINST
TCP/ACK ATTACKS
1) Decrease the TCP Connection Timeout on the victim server so
that the server waits for only a little time and stops waiting for
TCP ACK signal after that time.
2) Using firewall as an intermediary between the attacker and server.
- 18. PING TO DEATH
• An attack in which an attacker attempts to crash, destabilize,
or freeze the targeted computer or service by sending
oversized packets using a simple ping command.
• Many historical computer systems simply could not handle
larger packets(65,535bytes), and would crash if they received
one
- 19. DIFFERENT PHASES OF ATTACK
• Deliberately sending an IP packet larger than the 65,535 bytes
• One of the features of TCP/IP is fragmentation; it allows a
single IP packet to be broken down into smaller segments.
• A packet broken down into fragments could add up to more than
the allowed 65,535 bytes
• When they received an oversized packet, so they froze, crashed,
or rebooted.
- 20. SOME REAL LIFE ATTACK
• The first major attack occurred in January 2001. The target was
Register.com
• In February 2007, more than 10,000 online game servers in games such
as Return to Castle ,Counter-Strike and many others were attacked by
the hacker group.
• On August 6, 2009 several social networking sites, including Twitter,
Facebook, LiveJournal, and Google blogging pages were hit by DDoS
attacks.
- 21. COUNTER MEASURES
• Check for frequent and subscribe to automatic vendor notifications
• Attempt to understand the vulnerability patches in your software and
configuration
• Disable unnecessary network software
• Keep anti-virus (e.g. Norton) and anti-Trojan (e.g. BOClean) software
up to date
• Run a desktop firewall