Denial of Service Attacks and Countermeasures Analysis

1
Denial of Service Attacks and Countermeasures
Analysis

• Dang Nguyen Duc
• School of Engineering
• (2001816)

2
Contents

• 1. Introduction
• 2. What is DoS attacks?
• 3. Well-known DoS attacks
• 4. Intermediate countermeasures
• 5. Protocols against DoS
• 6. Conclusion
• 7. References

3
1.Introduction

• We are at war, not at risk.
• DoS is very simple but powerful attack
• To defeat attack, we need to analyze it
• We need intermediate solutions
• We need long-term solutions (make use of
  cryptographic primitives)

4
2.1. What is DoS attack?

• attempts to flood a network, thereby preventing
  legitimate network traffic
• attempts to disrupt connections between two
  machines, thereby preventing access to a service
• attempts to prevent a particular individual from
  accessing a service
• attempts to disrupt to a specific system or
  person.

5
2.1.Distributed DoS
6
2.2. Modes of attacks

• Consumption of limited or non-renewable
  Resources network connectivity, bandwidth, etc.
• Destruction or Alteration of Configuration
  Information
• Physical Destruction or Alteration of Network
  Components

7
3.1. Smurf attack (ping of death)
8
3.1. SYN flood
9
3.1. UDP flood (fraggle)

• Similar to Smurf attack
• UDP echo messages always expects UDP reply
  messages

10
Distributed DoS attacks

• Trinoo
• Tribe Flood Network (TFN)
• Stacheldraht
• Shaft
• TFN2K

11
4. Intermediate countermeasures

• Software patches
• Secure host computer from hacking, trojan horse,
  virus, back door,
• Configure router to deny spoofed source address
• Reduce time-out of half-open connections
• Increase resources for half-open connections
  (backlog)
• Close unused TCP/UDP port
• Firewall
• Etc.

12
5.1. Why IPsec not work?

• Too many design goals
• High complexity
• Provide authentication but introduce another
  attack abuse resources for expensive operations
  (i.e. exponentiation)

13
5.2. Client Puzzle
14
5.2. Client Puzzle (cont.)

• Creating a puzzle and verifying puzzles solution
  is inexpensive for the server
• The cost of solving the puzzle is easy to adjust
  from zero to impossible (i.e. when servers
  resource is getting exhausted, server should
  increase the difficulty level).
• It is not possible to precompute solutions
• While client is solving the puzzle, the server
  does not need to store the solution or other
  client specific data.
• The same puzzle may be given to several clients.
  Knowing the solution of one or more clients does
  not help a new client in solving the puzzle
• A client can reuse a puzzle by creating several
  instances of it

15
5.2. Puzzle by hash function

• Hash function is simplest cryptographic
  primitive, free of charge
• H(Ns, x) 0ky
• Ns Servers Nonce (Puzzle)
• X solution to puzzle
• Y anything
• K difficulty level
• Client find x by brute-force method
• Unique solution
• H(client_id, Nc, Ns, x) 0ky
• Nc Clients nonce
• client_id Client identity

16
5.2. Authentication protocol
17
6. Conclusion

• Analyze attacks and countermeasures
• Client Puzzle using hash function
• We are behind attackers
• Combination of countermeasures is required

18
7. References

• 1 http//www.cert.org
• 2 Jussipekka Leiwo, Towards Network Denial of
  Service Resistant Protocols.
• 3 Christoph L. Schuba, Ivan V.Krusl, Markus G.
  Kuhn, et al., Analysis of a Denial of Service
  Attack on TCP.
• 4 Felix Lau, Stuart H. Rubin, Michael H. Smith,
  Ljiljana Trajkovic, Distributed Denial of
  Service.
• 5 Tuomas Aura, Pekka Nikander, Jussipekka
  Leiwo, DoS-Resistant Authentication with Client
  Puzzles.
• 6 Pasi Eronen, Denial of Service In Public Key
  Protocols.
• 7 Douglas E. Comer, Internetworking with
  TCP/IP, Principles, Protocols, and Architectures
  Volume 1, Fourth Edition
• 8 RFC(s)
• 9 David Dittrich et al, The distributed denial
  of service attack tool series.
• 10 Niels Ferguson and Bruce Schneier, A
  Cryptographic Evaluation of IPsec.