denial of service attacks (dos/ddos)
TRANSCRIPT
Presenation onDENIAL OF SERVICE
ATTACKS (DOS/ DDOS)Presented By:Gaurav Sharma1/13/FET/BCS/2/0686CSE1
MANAV RACHNA INTERNATIONAL UNIVERSITYFACULTY OF ENGINEERING, CSE
OUTLINE What is DoS/DDoS? An example of DoS Attack Type of DoS/DDoS Attacks Specific Type of DoS attacks
SYN Flood AttackSlowlorisUDP FloodICMP FloodPing-of-Death
The Amplification attacksDNS AMLIFICATION ATTACKNTP AMPLIFICATION ATTACK
MITIGATION TECHNIQUES CONCLUSION
What is a DoS/DDoS Attack?
DDoS stands for “Distributed Denial of Service.” A DDoS attack is a malicious attempt to make an online service unavailable to users, usually by temporarily interrupting or suspending the services of its hosting server.Unlike a Denial of Service (DoS) attack, in which a single Internet-connected device (one network connection) is used to flood targeted resource with packets, a DDoS attack is launched from numerous compromised devices, often distributed globally in what is referred to as a BOTNETS.
SO WHAT A DOS ATTACK CAN DO?
On 19th June, 2015 , a massive DOS attack originated from China and the victim was Facebook. And , the website was down for 30 minutes.
DDoS attacks can be broadly divided into three types:› Volume
Based Attacks
› Includes UDP floods, ICMP floods, and other spoofed-packet floods. The attack’s goal is to saturate the bandwidth of the attacked site, and magnitude is measured in bits per second (Bps).
› Protocol Attacks
› Includes SYN floods, fragmented packet attacks, Ping of Death, Smurf DDoS. This type of attack consumes actual server resources, or those of intermediate communication equipment, such as firewalls and load balancers, and is measured in Packets per second.
› Application Layer Attacks
› Comprised of seemingly legitimate and innocent requests, the goal of these attacks is to crash the web server, and the magnitude is measured in Requests per second.
Specific DDoS Attacks TypesSome specific and particularly popular and dangerous types of DDoS attacks include:
UDP Flood:This type of attack floods random ports on a remote host with numerous UDP packets, causing the host to repeatedly check for the application listening at that port.ICMP (Ping) FloodICMP flood overwhelms the target resource with ICMP Echo Request (ping) packets, generally sending packets as fast as possible without waiting for replies. This type of attack can consume both outgoing and incoming bandwidth.SYN FloodA SYN flood DDoS attack exploits a known weakness in the TCP connection sequence (the “three-way handshake”), wherein a SYN request to initiate a TCP connection with a host must be answered by a SYN-ACK response from that host, and then confirmed by an ACK response from the requester.
Ping of DeathIn a Ping of Death scenario, following malicious manipulation of fragment content, the recipient ends up with an IP packet which is larger than 65,535 bytes when reassembled. This can overflow memory buffers allocated for the packet, causing denial of service for legitimate packets.It can be done using cmd on windows: ping targeted-site -l 65500 -n 10000000 -w 0.00001
SlowlorisSlowloris constantly sends more HTTP headers, but never completes a request. The targeted server keeps each of these false connections open. This eventually overflows the maximum concurrent connection pool, and leads to denial of additional connections from legitimate clients.
LOIC
Used by the infamous group Anonymous to DDoS ISIS websites.
A NEW BREED OF MUCH DANGEROUS DOS ATTACKS WHICH CAN DISRUPT THE WHOLE
INTERNET !!
THE AMPLIFICATION ATTACKS
DNS AMPLIFICATION ATTACK› The attacker spoofs look-up requests to domain name system
(DNS) servers to hide the source of the exploit and direct the response to the target. The attacker sends a DNS look-up request using the spoofed IP address of the target to vulnerable DNS servers.
› These amplifications can increase the size of the requests from around 40 bytes to above the maximum Ethernet packet size of 4000 bytes.
Attacker achieves the amplification due to larger reply on DNS server , sometimes 100 times larger
And , by using very few computers (botnets) , attacker can amplify the overall attack to dangerous times and the poor victim webserver exhaust all his resources reading all the requests made. Causing denial of service
NTP AMPLIFICATION ATTACK
› In NTP Amplification attacks the perpetrator exploits publically-accessible Network Time Protocol (NTP) servers to overwhelm the targeted server with User Datagram Protocol (UDP) traffic. In an NTP amplification attack, the query-to-response ratio is anywhere between 1:20 and 1:200 or more. This means that any attacker that obtains a list of open NTP servers, can easily generate a devastating high-bandwidth, high-volume DDoS attack.
This type of attack are capable of generating a massive attack and recently witnessed 400Gbps , also dubbed as “Most devastating attack in history of digital Era”
MITIGATING DOS ATTACKSThere are no strict ways to completely preventing DDoS attacks but there can be a preparation done by the organizations to slow down the attack and reduce the impact of the attack.
Some of the known techniques used by renowned network security companies are:1. By absorbing them with a global network of scrubbing centers
that scale, on demand, to counter multi-gigabyte DDoS attacks.2. By blocking "bad" traffic before it even reaches the site,
leveraging visitor identification technology that differentiates between legitimate website visitors (humans, search engines etc.) and automated or malicious clients.
3. Mitigating Application Layer attacks by monitoring visitor behavior, blocking known bad bots, and challenging suspicious or unrecognized entities with JS test, Cookie challenge, and even CAPTCHAs.
CONCLUSION
Distributed Denial of Services attack poses great challenges to the researchers in the field of network security. It has already taken a heavy toll on many Internet based service providers in the world. There have been significant amount of work to tackle such DDoS attack with different kinds of approaches. Perhaps it will be a hard and impossible task to discuss each and every published work in this field and propose the best solution.
ANY QUESTIONS ?