Using Multiple Gateways to Foil DDOS Attack - PowerPoint PPT Presentation

1 / 8
About This Presentation
Title:

Using Multiple Gateways to Foil DDOS Attack

Description:

Site becomes unavailable to legitimate users. ... Compiled in new file, detour.c, in the dig directory that will send the reroute ... – PowerPoint PPT presentation

Number of Views:53
Avg rating:3.0/5.0
Slides: 9
Provided by: davidbwi
Learn more at: http://cs.uccs.edu
Category:

less

Transcript and Presenter's Notes

Title: Using Multiple Gateways to Foil DDOS Attack


1
Using Multiple Gateways to Foil DDOS Attack
  • by David Wilkinson

2
DDOS - Distributed Denial of Service
  • DDOS attack - host is flooded with packets that
    consume network bandwidth. Site becomes
    unavailable to legitimate users.
  • February 2000 DDOS attacks shut down Yahoo,
    Ebay, Amazon.com, et al.
  • October 2002 13 root DNS servers attacked (not
    successful)

3
Intrusion and attack phases
Client
(Intruder)
...
Handler
Handler
Handler
Systems Compromised
...
...
...
A
A
A
A
A
A
Messages to broadcast addresses
...
Replies to Victim
Victim
A Agent
4
Detail of attack
net-a.com
net-b.com
net-c.com
...
...
...
...
A
A
A
A
A
A
A
A
DNS
reflecting networks
DNS
DNS
R
R
reflecting networks
R
R
R
R
R
R
R
A Agent R Router
Victim
5
Solution reroute traffic through multiple
gateways
  • Idea expand capability of DNS software, BIND, to
    handle reroute command (opcode 3)
  • reroute is sent to the authority DNS name server
    for each IP address in victim database DNS
    message contains victim host name, victim IP
    address, proxy server IP address
  • named in each DNS server stores threetuple
  • resolver gets IP addresses of victim proxy
    server from named and returns them to requesting
    application (ftp, telnet, http, etc.)
  • application stores IP address of victim in IP
    header (options field), and sends message to
    proxy server
  • proxy server forwards message to victim

6
Traffic rerouted attack foiled
net-a.com
net-b.com
net-c.com
...
...
...
...
A
A
A
A
A
A
A
A
DNS
reflecting networks
DNS
DNS
R
R
reflecting networks
R
proxy
proxy
proxy
R
proxy
blocked by IDS
R
blocked by IDS
blocked
R
R
R
A Agent R Router
blocked
blocked
Victim
reroute
Help!
7
Results thus far
  • Installed BIND9 on experimental machine, set up
    as primary DNS name server
  • client.c dispatches DNS message based on opcode.
    Added new branch for opcode 3.
  • Compiled in new file, reroute.c, in the named
    directory to handle reroute msgs (not imp.)
  • Compiled in new file, detour.c, in the dig
    directory that will send the reroute command (not
    implemented)
  • Still three days left to accomplish something
    more impressive

8
References
  • DNS and BIND. Paul Albitz and Cricket Liu,
    OReilly, 2001.
  • TCP/IP Illustrated, Volume 1 The Protocols. W.
    Richard Stevens, Addison Wesley, 1994.
  • Counter Hack. Ed Skoudis, Prentice-Hall, Inc.,
    2002.
  • The stacheldraht distributed denial of service
    attack tool. David Dittrich, Univ. of Wash.,
    Dec. 31, 1999.
  • DRDoS Distributed Reflection Denial of
    Service. Steve Gibson, grc.com, Feb. 22, 2002.
  • Consensus Roadmap for Defeating Distributed
    Denial of Service Attacks. SANS Institute,
    sans.org, Feb. 23, 2000.
  • Attacks Exposed Internets Vulnerabilities.
    Brian Krebs and David McGuire, washingtonpost.com,
    Oct. 31, 2002.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Using Multiple Gateways to Foil DDOS Attack" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!