Distributed Denial of Service Attacks - PowerPoint PPT Presentation

About This Presentation
Title:

Distributed Denial of Service Attacks

Description:

Causes service to be unusable or unavailable ... NMap. Send packets to target to interact. TCP Connect, TCP SYN, UDP, Software Vulnerabilities ... – PowerPoint PPT presentation

Number of Views:61
Avg rating:3.0/5.0
Slides: 18
Provided by: Viv683
Learn more at: http://www.cs.sjsu.edu
Category:

less

Transcript and Presenter's Notes

Title: Distributed Denial of Service Attacks


1
Distributed Denial of Service Attacks
  • Shankar Saxena
  • Veer Vivek Kaushik

2
Agenda
  • Introduction and Famous Attacks
  • How Attack Takes Place
  • Types of DDOS Attacks
  • Smurfing
  • UDP Flooding
  • TCP SYN Flooding

3
Introduction
  • Causes service to be unusable or unavailable
  • Coordinated mass scale attack from compromised
    computers
  • Exhaust bandwidth, router processing, network
    stack resource
  • Hard to detect at firewall level

4
Famous Attacks
  • February 2000
  • Yahoo, Ebay, Amazon websites attacked
  • Yahoo received packet traffic which some websites
    receive in 1 year
  • 1 billion dollars
  • October 2002
  • 7 of 13 DNS root servers attacked
  • Attack on internet itself

5
Scanning (Step 1)
  • Port Scanning
  • Search for open ports
  • NMap
  • Send packets to target to interact
  • TCP Connect, TCP SYN, UDP,
  • Software Vulnerabilities
  • Common Default Configuration Weaknesses
  • Nessus
  • Plugin
  • Windows, Backdoor, File Sharing, Firewalls, Mail
    Servers

6
Stack based Buffer overflow (Step 2)
  • Attacker chooses most vulnerable machines.
  • Buffer overflow occurs when attacker store too
    much data in undersize buffer.
  • Attacker precisely tune the amount and content of
    data.
  • Attacker overwrites the return pointer with his
    own , which points to his code.

7
Normal Stack
Bottom of memory
Fill Direction
Buffer(Local variable)
Return pointer
Function arguments

8
Smashed Stack
Bottom of memory
Fill direction
Buffer(Local variable)
Attacker machine code
New pointer
Top of memory
Function arg
9
Rootkit Attack (Step 3)
  • Rootkit
  • To get back into compromised system
  • Replace system file with there Trojan version
  • Attack
  • Instruct compromised systems to attack
  • Various flooding methods

10
DDoS attack
11
Kinds of Attacks
  • Smurfing
  • UDP Flooding
  • TCP Syn Flooding

12
Smurfing
  • Attacker sends packet to Network amplifier with
    return address spoofed to victim IP address
  • Attacking packets are typically ICMP echo request
  • This request generate ICMP echo reply which will
    flood the victim

13
TCP SYN Attack
  • Exploits Three way handshaking protocol.
  • Large number of bogus TCP Sync request are sent
    to victim in order to tie up its resources.
  • No AckSyn responses are returned, Server run out
    of memory resources

14
TCP SYN Attack
15
UDP Flooding
  • Connectionless protocol
  • No 3 way handshaking is required
  • Large number of UDP packets saturate the Network
    and deplete the bandwidth.

16
DDoS Counter Measures
  • Egress filtering
  • Scanning packets for certain criteria
  • Spoofed address
  • Close all unneeded ports
  • Be More aware
  • Install new patches
  • Check server logs
  • Test scanning tools on your system

17
Thanks
  • Queries?
Write a Comment
User Comments (0)
About PowerShow.com