A Taxonomy of DDoS Attacks - PowerPoint PPT Presentation

1 / 14
About This Presentation
Title:

A Taxonomy of DDoS Attacks

Description:

Uses information on the compromised host (Email worms) Permutation scanning ... Autonomous propagation (Code Red, Warhol & Email Worms) ... – PowerPoint PPT presentation

Number of Views:73
Avg rating:3.0/5.0
Slides: 15
Provided by: kma90
Category:

less

Transcript and Presenter's Notes

Title: A Taxonomy of DDoS Attacks


1
A Taxonomy of DDoS Attacks DDos Defense
Mechanisms
  • Written by
  • Jelena Mirkovic, Janice Martin Peter Reiher
  • Department of Computer Science, UCLA
  • Professor L. Gao
  • Presented by Karim Mattar Lei Liang

2
Overview of the Paper
  • Part 1 Proposes a taxonomy of distributed
    denial-of-service attacks
  • Part 2 Proposes a taxonomy of defense mechanisms
    to counter these attacks

3
What is a DDos Attack?
  • DoS attacks attempt to prevent legitimate users
    of a service from using it
  • Examples of DoS include
  • Flooding a network
  • Disrupting connections between machines
  • Disrupting a service
  • Distributed Denial-of-Service Attacks imply
    that many machines are involved in the attack
    against one or more victim(s).

4
DDos Modes of Attack
  • Consumption of scare resources
  • Network connectivity (SYN flooding)
  • Bandwidth consumption (Flooding of ICMP packets)
  • Consumption of Memory, disk space or data
    structures
  • Destruction or alteration of configuration files
  • Physical destruction or alteration of network
    components

5
What Makes DDoS Attacks Possible?
  • Internet was designed with functionality not
    security in mind
  • Internet security is highly interdependent
  • Internet resources are limited
  • Power of many is greater than power of a few

6
DDoS Attack Strategy
  • Automatically scan remote machines to identify
    vulnerable ones
  • Infect vulnerable machines with the attack code
  • Infected machines are used for further
    recruitment of new agents (slaves)

7
Goal of DDoS Attacks
  • The main goal of DDoS attacks is to inflict
    damage for one of the following reasons
  • Personal reasons (revenge)
  • Material gain
  • Popularity in the hacker community

8
Classification By Degree of Automation
  • Manual attacks
  • Semi-Automatic attacks
  • Direct communication
  • Master slave know each others identity
  • Indirect Communication
  • Use IRC channels to communicate
  • Automatic Attacks
  • Attacker is only involved in issuing a single
    command

9
Classification by Scanning Strategy
  • Random scanning
  • Probes random addresses in the IP address space
    (CRv2)
  • Hitlist scanning
  • Probes addresses from an externally supplied list
  • Topological scanning
  • Uses information on the compromised host (Email
    worms)
  • Permutation scanning
  • Uses a pseudo-random permutation of the IP
    address space (Not yet deployed)
  • Local subnet scanning
  • Preferentially scans targets that reside on the
    same subnet as the compromised host. (Code Red II
    Nimda Worm)

10
Classification by Propagation Mechanism
  • Central source propagation (li0n Worm)
  • Attack code resides on central server(s)
  • Back-chaining propagation (Ramen Morris Worms)
  • Attack code is downloaded from the machine that
    was used to exploit the system
  • Avoids a single point of failure
  • Autonomous propagation (Code Red, Warhol Email
    Worms)
  • Attack code is directly injected into the target
    host during the exploitation phase

11
Classification by Exploited Vulnerability
  • Protocol attacks
  • TCP SYN attack
  • CGI request attack
  • Authentication server attack
  • Brute-force attacks
  • Filterable attacks
  • UDP flood attack
  • ICMP request flood attack on a web server
  • Non-filterable attacks
  • HTTP request
  • DNS request

12
Classification by Attack Rate Dynamics
  • Continuous attack rates
  • Sometimes suffers from fast detection
  • Variable attack rates
  • Increasing rate attacks
  • Slow exhaustion of victims resources
  • Delays detection of the attack
  • Fluctuating rate attacks
  • Adjusts the rate of the attack based on the
    victims behavior or response to avoid detection

13
Classification by Impact
  • Disruptive attacks
  • Completely deny the victims service to its
    clients
  • Degrading attacks
  • Goal is to consume some portion of the victims
    resources
  • Could remain undetected for a very long time

14
End of Part I
  • Any Questions?
Write a Comment
User Comments (0)
About PowerShow.com