General Principles of Intellectual Property: Concepts of Intellectual Proper...
DDOS
1.
2. ./whoami
0 If You want to Hack some one First Hack Your self.
0 I am NOT a Hacker Just Learning for Security analyst.
3. Why DoS?
0 Sub-cultural status
0 To gain access
0 Revenge
0 Political reasons
0 Economic reasons
0 Nastiness
4. How DoS (remotely)?
0 Consume host resources
0 Memory
0 Processor cycles
0 Network state
0 Consume network resources
0 Bandwidth
0 Router resources (it’s a host too!)
0 Exploit protocol vulnerabilities
0 Poison ARP cache
0 Poison DNS cache
0 Etc…
5. Where DoS
0 End hosts
0 Critical servers (disrupt C/S network)
0 Web, File, Authentication, Update
0 DNS
0 Infrastructure
0 Routers within org
0 All routers in upstream path
7. What is DDoS attack?
• Internet DDoS attack is real threat
0
0
0
- on websites
· Yahoo, CNN, Amazon, eBay, etc (Feb. 2000)
services were unavailable for several hours
on Internet infrastructure
13 root DNS servers (Oct, 2002)
7 of them were shut down, 2 others partially
unavailable
• Lack of defense mechanism on current Internet
8. What is a DDos Attack?
0 Examples of DoS include:
0 Flooding a network
0 Disrupting connections between machines
0 Disrupting a service
0 Distributed Denial-of-Service Attacks
0 Many machines are involved in the attack against one or more
victim(s)
13. What Makes DDoS Attacks
Possible?
0 Internet was designed with functionality & not
security in mind
0 Internet security is highly interdependent
0 Internet resources are limited
0 Power of many is greater than power of a few
14. IP Traceback
- Allows victim to identify the origin of attackers
- Several approaches
ICMP trace messages, Probabilistic Packet Marking,
Hash-based IP Traceback, etc.
15. PPM
0 Probabilistic Packet Marking scheme
- Probabilistically inscribe local path info
- Use constant space in the packet header
- Reconstruct the attack path with high probability
Marking at router R
For each packet w
Generate a random number x from [0,1)
If x < p then
Write IP address of R into w.head
Write 0 into w.distance
else
if w.distance == 0 then
write IP address of R into w.tail
Increase w.distance
endif
19. What is Pushback?
0 A mechanism that allows a router to request adjacent
upstream routers to limit the rate of traffic
20. How Does it Work?
0 A congested router requests adjacent routers to limit
the rate of traffic for that particular aggregate
0 Router sends pushback message
0 Received routers propagate pushback
22. When is it invoked?
0 Drop rate for an aggregate exceeds the limit imposed
on it (monitoring the queue)
0 Pushback agent receives information that a DoS attack
is underway (packet drop history)
23. When does it stop?
0 Feedback messages are sent to upstream routers that
report on how much traffic from the aggregates is still
present
24. What are some advantages?
0 Pushback prevents bandwidth from being wasted on
packets that will later be dropped (better when closer
to the source)
0 Protects other traffic from the attack traffic
0 When network is under attack it can rate limit the
malicious traffic
26. !! For Regarding any question contact me !!
http://www.maulikkotak.webnode.com
http://www.facebook.com/maulikkotakstar
http://www.twitter.com/maulikkotakstar