SlideShare ist ein Scribd-Unternehmen logo

Cyber Attack Analysis : Part I DDoS

Kenny Huang Ph.D.
Kenny Huang Ph.D.

Cyber Attack Analysis : Part I DDoS

1 von 19
Downloaden Sie, um offline zu lesen
Cyber-Attacks Analysis Part I : DDoS Kenny Huang, Ph.D. 黃勝雄博士 Executive Council Member, APNIC Member, Board of Directors, TWNIC huangksh@gmail.com
Environmental Outlook Compromised Networks Worldwide 2 NSA reportedly compromised more than 50,000 networks worldwide (NSA, 2013 Nov)
Potential Motivation of Cyber Attacks 3 Political Motivation Extension of politics in the 21st century Cyber-attacks are referred to as the fifth generation warfare Facet Description References 1. Mirkovic, 2004 2. Arbor Networks web 3. Jose Nazario, 2007 Social Motivation Governments are common targets as not supported by people utilize cyber-attack tools against government websites 1. Don Jackson, 2009 2. Steven Adair, 2008 Business Motivation Cyber-attacked by competing companies Steal confidential information 1. FoxNews.com, 2008 2. Eneken Tikk, 2008 Personal Motivation Curiosity Get paid 1. Jeff Carr, 2009 Risks / Benefits It’s nearly impossible to find out who are conducting cyber attacks, there are definitely reasons as to how it would benefit them.
Cyber War Case - Afghanistan • Two-way cyber war measures – Cyber offensive capability – Cyber dependence : • Degree to which a nation relies upon cyber-controlled systems – Cyber defensive capability • “We have the most bandwidth running though our society and are more dependent on that bandwidth. We are the most vulnerable.“ – former Admiral McConnell. • Afghanistan 2001 – US had conducted a cyber war plan, but no targets for cyber warriors, that gives Afghanistan an advantage. – If Afghanistan had any offensive cyber capability, the cyber war would have shifted in different way 4
Cyber War Case - China • Offense vs. defense – US has the most sophisticated offensive capability, but it can’t make up its weaknesses in defensive position. Cyber defense trainings are offensive focus. – China cyber warriors are tasked with both offense and defense in cyberspace. • China advantages in cyber war – Ownership : Internet in China is like an intranet of a company. Government is the only service provider – Censorship • Great Firewall of China provides security advantages • The technology that Chinese use to screen emails/message provide the infrastructure to stop malware • Install software on all computers to keep children from gaining access to pornography – Give China control over every desktop in the country. – Critical infra: For electric power system, US relies on automation controlled system, but China require a large degree of manual control. 5
Cyber War Strength 6 US Cyber Offense: 8 Cyber Dependence : 2 Cyber Defense: 1 Total : 11 Russia Cyber Offense: 7 Cyber Dependence : 5 Cyber Defense: 4 Total : 16 China Cyber Offense: 5 Cyber Dependence : 4 Cyber Defense: 6 Total : 15 Iran Cyber Offense: 4 Cyber Dependence : 5 Cyber Defense: 3 Total : 12 North Korea Cyber Offense: 2 Cyber Dependence : 9 Cyber Defense: 7 Total : 18 (Richard Clarke, 2010).
Cyber Defense Award US Military Training for Cyber Warfare 7 YouTube. (2013 Apr 30). Cyber Defense - Military Training for Cyber Warfare
DDoS: Recent Cases Highlight 8 Date/Location: Event : 2014 June 14 Hong Kong Hong Kong Voting Site Suffers Massive DDoS Attack Before Civil Referendum Date/Location: 2014 June 19 US Event : Facebook being massive DDOS attack by China
DDoS Cyber-Attack Scenarios 9 ssh; ping; ftp; …., etc Spoofed source IP DNS; NTP; …, etc Error 503 Service Unavailable technical compliance protocols technical compliance protocols Amplification Attack
False Assumptions • Attackers use specific pattern to attack – No – Attackers try all means to maximize the outcome – Uniqueness of pattern is the principle of a cyber attack • Severe cyber-attack should be driven by cyber military (cyberwarfare) – Yes and no. – Massive traffic can be easily generated in an affordable price. • Solutions are available to against attacks – Yes and no – No ready-made solution for any cyber-attack • Cyber-attack happens occasionally in the global internet – It happens all the time. Live with it 10
DDoS vs. Cyber War 11 Critical info infrastructure of enemy country Cyber war initiated country DDoS DMZ 1. DDoS can only attack DMZ zone. DMZ was built for that purpose. 2. DDoS attacks are compelling. The targets can be easily identified. It gives enemy an advantage of increasing defensive capability, or relaxing cyber dependence. DDoS Cyber War
ECO System 12 Bot Makers BotNet Builders BotNet Operators BotNet brokers BotNet Users Selling tools or give away System compromised and code distribution. Trade valuable private information. Provide cloud services (non-exclusive ownership) Matching buyers and sellers running code on BotNet platform Legal Enforcement Low Low Low Low Medium
Economy 13 1000 Bots in Australia 24 Hrs : $100 1000 Bots in Vietnam 24 Hrs : $5 1000 Bots in China 24 Hrs Mainland (Tier2 cities) : $13 LiaoNing : $80 GuangDong : $160 1000 Bots in Taiwan 24 Hrs : $484 Bot Applications 1 Sell private information 2 Advertisement 3 DDoS services (PC Magazine, 2009 June)
Math Exercise • Infected PCs (Bot) – Assume 10,000 PCs – Sending 10,000 DNS queries /PC.sec, total 100M queries/sec – Generating outbound traffic 640KBytes/PC.sec – Total Cost : USD 130 (Bot@China) for 24 hrs • Public DNS resolvers – Assume 20,000 servers (open resolvers > 60K) – Message amplification x 50 times=>3,000bytes (6 packets)/msg – Receiving 5,000 DNS queries/server.sec – Generating outbound traffic 15MBytes/server.sec (30,000 packets/server.sec) – Total cost : Free (public goods) • Target Victims – Receiving inbound traffic 300GBytes/sec. (600M packets/sec) – Total liability : considerable costly. (priceless to actors, vice versa) 14
Solution Zone 15 ssh; ping; ftp; …., etc Firewall/DefenseSystem Build filtering rules/policing on the fly 1 block sources 2 block protocols/ports Challenges 1 capacity and performance 2 hard to identify dynamic sources 3 design new algorithm for new patterns instantly. S1 : rules/policing
Continue 16 Spoofed source IP DNS; NTP; …, etc technical compliance protocols technical compliance protocols Amplification Attack Firewall/DefenseSystem S1: BIND rate limit S2: buy transit S3: rules/policing Challenges S1 : out of victim’s control S2 : port speed may not be upgradable accordingly S3 : 1 capacity and performance 2 design new algorithm for new patterns instantly (DNSSEC: destination validation)
Performance Impact for Increasing Rules 17 Firewall Performance Impact Router Performance Impact (TechGuard, 2012)
Strengthen The Defensive System Unique Algorithm for Unique Pattern 18 Analyze attack pattern Design defensive algorithm Sizing engineering #max number of sessions/connections #fit in CPU Cache #risk of saturating a CPU at a given packet rate #timeout adjustment Rapid coding and deployment On going monitoring Knowledge Intensive
19

Empfohlen

Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
wajug
 
Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?
Radware
 
8 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 20208 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 2020
SecPod Technologies
 
Cyber attacks
Cyber attacks Cyber attacks
Cyber attacks
Anuradha Moti T
 
Types of Cyber Attacks
Types of Cyber AttacksTypes of Cyber Attacks
Types of Cyber Attacks
Rubal Sagwal
 
Types of Cyber-Attacks
Types of Cyber-AttacksTypes of Cyber-Attacks
Types of Cyber-Attacks
techexpert2345
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
newbie2019
 
IT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest ThreatIT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest Threat
ETech 7
 

Empfohlen

Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
wajug
 
Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?
Radware
 
8 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 20208 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 2020
SecPod Technologies
 
Cyber attacks
Cyber attacks Cyber attacks
Cyber attacks
Anuradha Moti T
 
Types of Cyber Attacks
Types of Cyber AttacksTypes of Cyber Attacks
Types of Cyber Attacks
Rubal Sagwal
 
Types of Cyber-Attacks
Types of Cyber-AttacksTypes of Cyber-Attacks
Types of Cyber-Attacks
techexpert2345
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
newbie2019
 
IT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest ThreatIT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest Threat
ETech 7
 
Cybersecurity…real world solutions
Cybersecurity…real world solutions Cybersecurity…real world solutions
Cybersecurity…real world solutions
ErnestStaats
 
AI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from PatentsAI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from Patents
Alex G. Lee, Ph.D. Esq. CLP
 
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Vasile
 
Types of Malware (CEH v11)
Types of Malware (CEH v11)Types of Malware (CEH v11)
Types of Malware (CEH v11)
EC-Council
 
Cambodia CERT Seminar: Incident response for ransomeware attacks
Cambodia CERT Seminar: Incident response for ransomeware attacksCambodia CERT Seminar: Incident response for ransomeware attacks
Cambodia CERT Seminar: Incident response for ransomeware attacks
APNIC
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
IBM Security
 
Ransomware: Can you protect against attacks?
Ransomware: Can you protect against attacks?Ransomware: Can you protect against attacks?
Ransomware: Can you protect against attacks?
Osirium Limited
 
Crack the Code
Crack the CodeCrack the Code
Crack the Code
InnoTech
 
Denial of Service Attacks: The Complete Guide
Denial of Service Attacks: The Complete GuideDenial of Service Attacks: The Complete Guide
Denial of Service Attacks: The Complete Guide
Imperva
 
Industry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacksIndustry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacks
kevinmass30
 
Ch03 Network and Computer Attacks
Ch03 Network and Computer AttacksCh03 Network and Computer Attacks
Ch03 Network and Computer Attacks
phanleson
 
What's new in​ CEHv11?
What's new in​ CEHv11?What's new in​ CEHv11?
What's new in​ CEHv11?
EC-Council
 
Cyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughCyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enough
Savvius, Inc
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed Adam
Mohammed Adam
 
Network Security
Network SecurityNetwork Security
Network Security
Manoj Singh
 
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
ClearDATACloud
 
The Evolution of Cyber Attacks
The Evolution of Cyber AttacksThe Evolution of Cyber Attacks
The Evolution of Cyber Attacks
Venafi
 
Security vulnerability
Security vulnerabilitySecurity vulnerability
Security vulnerability
A. Shamel
 
Evolution of ransomware
Evolution of ransomwareEvolution of ransomware
Evolution of ransomware
Charles Steve
 
DC970 Presents: Defense in Depth
DC970 Presents: Defense in DepthDC970 Presents: Defense in Depth
DC970 Presents: Defense in Depth
IceQUICK
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
krishh sivakrishna
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
Mark Silver
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughCyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enough
Savvius, Inc
 

Was ist angesagt? (20)

Cybersecurity…real world solutions
Cybersecurity…real world solutions Cybersecurity…real world solutions
Cybersecurity…real world solutions
 
AI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from PatentsAI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from Patents
 
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
 
Types of Malware (CEH v11)
Types of Malware (CEH v11)Types of Malware (CEH v11)
Types of Malware (CEH v11)
 
Cambodia CERT Seminar: Incident response for ransomeware attacks
Cambodia CERT Seminar: Incident response for ransomeware attacksCambodia CERT Seminar: Incident response for ransomeware attacks
Cambodia CERT Seminar: Incident response for ransomeware attacks
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
 
Ransomware: Can you protect against attacks?
Ransomware: Can you protect against attacks?Ransomware: Can you protect against attacks?
Ransomware: Can you protect against attacks?
 
Crack the Code
Crack the CodeCrack the Code
Crack the Code
 
Denial of Service Attacks: The Complete Guide
Denial of Service Attacks: The Complete GuideDenial of Service Attacks: The Complete Guide
Denial of Service Attacks: The Complete Guide
 
Industry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacksIndustry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacks
 
Ch03 Network and Computer Attacks
Ch03 Network and Computer AttacksCh03 Network and Computer Attacks
Ch03 Network and Computer Attacks
 
What's new in​ CEHv11?
What's new in​ CEHv11?What's new in​ CEHv11?
What's new in​ CEHv11?
 
Cyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughCyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enough
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed Adam
 
Network Security
Network SecurityNetwork Security
Network Security
 
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
 
The Evolution of Cyber Attacks
The Evolution of Cyber AttacksThe Evolution of Cyber Attacks
The Evolution of Cyber Attacks
 
Security vulnerability
Security vulnerabilitySecurity vulnerability
Security vulnerability
 
Evolution of ransomware
Evolution of ransomwareEvolution of ransomware
Evolution of ransomware
 
DC970 Presents: Defense in Depth
DC970 Presents: Defense in DepthDC970 Presents: Defense in Depth
DC970 Presents: Defense in Depth
 

Andere mochten auch

Vulnerability Analysis Taxonomy Achieving Completeness In A Systematic Way
Vulnerability Analysis Taxonomy Achieving Completeness In A Systematic Way Vulnerability Analysis Taxonomy Achieving Completeness In A Systematic Way
Vulnerability Analysis Taxonomy Achieving Completeness In A Systematic Way
Javier Tallón
 
Anatomy of a cyber-attack
Anatomy of a cyber-attackAnatomy of a cyber-attack
Anatomy of a cyber-attack
Icomm Technologies
 
Cyber Crime and Social Media Security
Cyber Crime and Social Media SecurityCyber Crime and Social Media Security
Cyber Crime and Social Media Security
Hem Pokhrel
 
Social networking ppt
Social networking pptSocial networking ppt
Social networking ppt
patricia
 

Andere mochten auch (20)

Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
Security evaluation of pattern classifiers under attack
Security evaluation of pattern classifiers under attack Security evaluation of pattern classifiers under attack
Security evaluation of pattern classifiers under attack
 
Vulnerability Analysis Taxonomy Achieving Completeness In A Systematic Way
Vulnerability Analysis Taxonomy Achieving Completeness In A Systematic Way Vulnerability Analysis Taxonomy Achieving Completeness In A Systematic Way
Vulnerability Analysis Taxonomy Achieving Completeness In A Systematic Way
 
Adversarial Pattern Classification
Adversarial Pattern ClassificationAdversarial Pattern Classification
Adversarial Pattern Classification
 
Anatomy of a cyber-attack
Anatomy of a cyber-attackAnatomy of a cyber-attack
Anatomy of a cyber-attack
 
Cyber Crime and Social Media Security
Cyber Crime and Social Media SecurityCyber Crime and Social Media Security
Cyber Crime and Social Media Security
 
Social media & cyber crime
Social media & cyber crimeSocial media & cyber crime
Social media & cyber crime
 
Social Media & Crime
Social Media & CrimeSocial Media & Crime
Social Media & Crime
 
E-Mail Forensics
E-Mail ForensicsE-Mail Forensics
E-Mail Forensics
 
Web Servislerine Yönelik Sızma Testleri
Web Servislerine Yönelik Sızma TestleriWeb Servislerine Yönelik Sızma Testleri
Web Servislerine Yönelik Sızma Testleri
 
İnternet Üzerinde Anonimlik ve Tespit Yöntemleri
İnternet Üzerinde Anonimlik ve Tespit Yöntemleriİnternet Üzerinde Anonimlik ve Tespit Yöntemleri
İnternet Üzerinde Anonimlik ve Tespit Yöntemleri
 
Uygulamalı Ağ Güvenliği Eğitimi Lab Çalışmaları
Uygulamalı Ağ Güvenliği Eğitimi Lab ÇalışmalarıUygulamalı Ağ Güvenliği Eğitimi Lab Çalışmaları
Uygulamalı Ağ Güvenliği Eğitimi Lab Çalışmaları
 
Zararlı Yazılım Analizi Eğitimi Lab Kitabı
Zararlı Yazılım Analizi Eğitimi Lab KitabıZararlı Yazılım Analizi Eğitimi Lab Kitabı
Zararlı Yazılım Analizi Eğitimi Lab Kitabı
 
İleri Seviye Ağ Güvenliği Lab Kitabı
İleri Seviye Ağ Güvenliği Lab Kitabıİleri Seviye Ağ Güvenliği Lab Kitabı
İleri Seviye Ağ Güvenliği Lab Kitabı
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS Attacks
 
Cluster analysis
Cluster analysisCluster analysis
Cluster analysis
 
Social networking
Social networkingSocial networking
Social networking
 
DoS/DDoS Saldırıları
DoS/DDoS SaldırılarıDoS/DDoS Saldırıları
DoS/DDoS Saldırıları
 
Social networking ppt
Social networking pptSocial networking ppt
Social networking ppt
 

Ähnlich wie Cyber Attack Analysis : Part I DDoS

The Art of Cyber War [From Black Hat Brazil 2014]
The Art of Cyber War [From Black Hat Brazil 2014]The Art of Cyber War [From Black Hat Brazil 2014]
The Art of Cyber War [From Black Hat Brazil 2014]
Radware
 
U11..All.Past papers.TaskA.Activity1.RiskAssessment.pptx
U11..All.Past papers.TaskA.Activity1.RiskAssessment.pptxU11..All.Past papers.TaskA.Activity1.RiskAssessment.pptx
U11..All.Past papers.TaskA.Activity1.RiskAssessment.pptx
14941
 
4-DDoS-DES-CEN451-BSE-Fall2023-16102023-082938pm (1).pdf
4-DDoS-DES-CEN451-BSE-Fall2023-16102023-082938pm (1).pdf4-DDoS-DES-CEN451-BSE-Fall2023-16102023-082938pm (1).pdf
4-DDoS-DES-CEN451-BSE-Fall2023-16102023-082938pm (1).pdf
UsamaBSEBUIC
 

Ähnlich wie Cyber Attack Analysis : Part I DDoS (20)

IoT Honeypots: State of the Art
IoT Honeypots: State of the ArtIoT Honeypots: State of the Art
IoT Honeypots: State of the Art
 
The Art of Cyber War [From Black Hat Brazil 2014]
The Art of Cyber War [From Black Hat Brazil 2014]The Art of Cyber War [From Black Hat Brazil 2014]
The Art of Cyber War [From Black Hat Brazil 2014]
 
DDoS.ppt
DDoS.pptDDoS.ppt
DDoS.ppt
 
L1803046876
L1803046876L1803046876
L1803046876
 
U11..All.Past papers.TaskA.Activity1.RiskAssessment.pptx
U11..All.Past papers.TaskA.Activity1.RiskAssessment.pptxU11..All.Past papers.TaskA.Activity1.RiskAssessment.pptx
U11..All.Past papers.TaskA.Activity1.RiskAssessment.pptx
 
Honeypots in Cyberwar
Honeypots in CyberwarHoneypots in Cyberwar
Honeypots in Cyberwar
 
Formative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering AttacksFormative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering Attacks
 
4-DDoS-DES-CEN451-BSE-Fall2023-16102023-082938pm (1).pdf
4-DDoS-DES-CEN451-BSE-Fall2023-16102023-082938pm (1).pdf4-DDoS-DES-CEN451-BSE-Fall2023-16102023-082938pm (1).pdf
4-DDoS-DES-CEN451-BSE-Fall2023-16102023-082938pm (1).pdf
 
Lecture 2
Lecture 2Lecture 2
Lecture 2
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
PACE-IT: Common Threats (part 2)
PACE-IT: Common Threats (part 2)PACE-IT: Common Threats (part 2)
PACE-IT: Common Threats (part 2)
 
Protecting your business from ddos attacks
Protecting your business from ddos attacksProtecting your business from ddos attacks
Protecting your business from ddos attacks
 
Disruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDisruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptx
 
Cyber Threats
Cyber ThreatsCyber Threats
Cyber Threats
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issues
 
Whitepaper on DDoS Mitigation
Whitepaper on DDoS MitigationWhitepaper on DDoS Mitigation
Whitepaper on DDoS Mitigation
 
Cyber Operations in Smart Megacities: TechNet Augusta 2015
Cyber Operations in Smart Megacities: TechNet Augusta 2015Cyber Operations in Smart Megacities: TechNet Augusta 2015
Cyber Operations in Smart Megacities: TechNet Augusta 2015
 
Brooks18
Brooks18Brooks18
Brooks18
 
Module 8 (denial of service)
Module 8 (denial of service)Module 8 (denial of service)
Module 8 (denial of service)
 

Mehr von Kenny Huang Ph.D.

Mehr von Kenny Huang Ph.D. (20)

Taiwan Internet Intermediaries and Cyber Norms
Taiwan Internet Intermediaries and Cyber NormsTaiwan Internet Intermediaries and Cyber Norms
Taiwan Internet Intermediaries and Cyber Norms
 
Internet Governance Model in Taiwan
Internet Governance Model in TaiwanInternet Governance Model in Taiwan
Internet Governance Model in Taiwan
 
Cyberspace and Digital Diplomacy
Cyberspace and Digital DiplomacyCyberspace and Digital Diplomacy
Cyberspace and Digital Diplomacy
 
Internet Routing Security
Internet Routing SecurityInternet Routing Security
Internet Routing Security
 
網路治理概念、組織及案例
網路治理概念、組織及案例網路治理概念、組織及案例
網路治理概念、組織及案例
 
Ethical Considerations in AI
Ethical Considerations in AIEthical Considerations in AI
Ethical Considerations in AI
 
創新網路服務產業發展條例建議草案
創新網路服務產業發展條例建議草案創新網路服務產業發展條例建議草案
創新網路服務產業發展條例建議草案
 
APNIC44 Briefing
APNIC44 BriefingAPNIC44 Briefing
APNIC44 Briefing
 
共享經濟關鍵議題之探討
共享經濟關鍵議題之探討共享經濟關鍵議題之探討
共享經濟關鍵議題之探討
 
Cybersecurity and Internet Governance
Cybersecurity and Internet GovernanceCybersecurity and Internet Governance
Cybersecurity and Internet Governance
 
網路中立性簡介
網路中立性簡介網路中立性簡介
網路中立性簡介
 
談已發展與發展中國家數位落差
談已發展與發展中國家數位落差談已發展與發展中國家數位落差
談已發展與發展中國家數位落差
 
Spectrum Policy
Spectrum PolicySpectrum Policy
Spectrum Policy
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy Considerations
 
Smart Energy
Smart EnergySmart Energy
Smart Energy
 
Smart Vehicle and Data Service Provisioning
Smart Vehicle and Data Service ProvisioningSmart Vehicle and Data Service Provisioning
Smart Vehicle and Data Service Provisioning
 
物聯網與工業4.0情境分析
物聯網與工業4.0情境分析物聯網與工業4.0情境分析
物聯網與工業4.0情境分析
 
Cloud Computing Business Models Review
Cloud Computing Business Models ReviewCloud Computing Business Models Review
Cloud Computing Business Models Review
 
Democracy 3.0 Experiences From Taiwan; Internet Empowerment in Taiwan Sunflow...
Democracy 3.0 Experiences From Taiwan; Internet Empowerment in Taiwan Sunflow...Democracy 3.0 Experiences From Taiwan; Internet Empowerment in Taiwan Sunflow...
Democracy 3.0 Experiences From Taiwan; Internet Empowerment in Taiwan Sunflow...
 
Big Data : Risks and Opportunities
Big Data : Risks and OpportunitiesBig Data : Risks and Opportunities
Big Data : Risks and Opportunities
 

Cyber Attack Analysis : Part I DDoS

  • 1. Cyber-Attacks Analysis Part I : DDoS Kenny Huang, Ph.D. 黃勝雄博士 Executive Council Member, APNIC Member, Board of Directors, TWNIC huangksh@gmail.com
  • 2. Environmental Outlook Compromised Networks Worldwide 2 NSA reportedly compromised more than 50,000 networks worldwide (NSA, 2013 Nov)
  • 3. Potential Motivation of Cyber Attacks 3 Political Motivation Extension of politics in the 21st century Cyber-attacks are referred to as the fifth generation warfare Facet Description References 1. Mirkovic, 2004 2. Arbor Networks web 3. Jose Nazario, 2007 Social Motivation Governments are common targets as not supported by people utilize cyber-attack tools against government websites 1. Don Jackson, 2009 2. Steven Adair, 2008 Business Motivation Cyber-attacked by competing companies Steal confidential information 1. FoxNews.com, 2008 2. Eneken Tikk, 2008 Personal Motivation Curiosity Get paid 1. Jeff Carr, 2009 Risks / Benefits It’s nearly impossible to find out who are conducting cyber attacks, there are definitely reasons as to how it would benefit them.
  • 4. Cyber War Case - Afghanistan • Two-way cyber war measures – Cyber offensive capability – Cyber dependence : • Degree to which a nation relies upon cyber-controlled systems – Cyber defensive capability • “We have the most bandwidth running though our society and are more dependent on that bandwidth. We are the most vulnerable.“ – former Admiral McConnell. • Afghanistan 2001 – US had conducted a cyber war plan, but no targets for cyber warriors, that gives Afghanistan an advantage. – If Afghanistan had any offensive cyber capability, the cyber war would have shifted in different way 4
  • 5. Cyber War Case - China • Offense vs. defense – US has the most sophisticated offensive capability, but it can’t make up its weaknesses in defensive position. Cyber defense trainings are offensive focus. – China cyber warriors are tasked with both offense and defense in cyberspace. • China advantages in cyber war – Ownership : Internet in China is like an intranet of a company. Government is the only service provider – Censorship • Great Firewall of China provides security advantages • The technology that Chinese use to screen emails/message provide the infrastructure to stop malware • Install software on all computers to keep children from gaining access to pornography – Give China control over every desktop in the country. – Critical infra: For electric power system, US relies on automation controlled system, but China require a large degree of manual control. 5
  • 6. Cyber War Strength 6 US Cyber Offense: 8 Cyber Dependence : 2 Cyber Defense: 1 Total : 11 Russia Cyber Offense: 7 Cyber Dependence : 5 Cyber Defense: 4 Total : 16 China Cyber Offense: 5 Cyber Dependence : 4 Cyber Defense: 6 Total : 15 Iran Cyber Offense: 4 Cyber Dependence : 5 Cyber Defense: 3 Total : 12 North Korea Cyber Offense: 2 Cyber Dependence : 9 Cyber Defense: 7 Total : 18 (Richard Clarke, 2010).
  • 7. Cyber Defense Award US Military Training for Cyber Warfare 7 YouTube. (2013 Apr 30). Cyber Defense - Military Training for Cyber Warfare
  • 8. DDoS: Recent Cases Highlight 8 Date/Location: Event : 2014 June 14 Hong Kong Hong Kong Voting Site Suffers Massive DDoS Attack Before Civil Referendum Date/Location: 2014 June 19 US Event : Facebook being massive DDOS attack by China
  • 9. DDoS Cyber-Attack Scenarios 9 ssh; ping; ftp; …., etc Spoofed source IP DNS; NTP; …, etc Error 503 Service Unavailable technical compliance protocols technical compliance protocols Amplification Attack
  • 10. False Assumptions • Attackers use specific pattern to attack – No – Attackers try all means to maximize the outcome – Uniqueness of pattern is the principle of a cyber attack • Severe cyber-attack should be driven by cyber military (cyberwarfare) – Yes and no. – Massive traffic can be easily generated in an affordable price. • Solutions are available to against attacks – Yes and no – No ready-made solution for any cyber-attack • Cyber-attack happens occasionally in the global internet – It happens all the time. Live with it 10
  • 11. DDoS vs. Cyber War 11 Critical info infrastructure of enemy country Cyber war initiated country DDoS DMZ 1. DDoS can only attack DMZ zone. DMZ was built for that purpose. 2. DDoS attacks are compelling. The targets can be easily identified. It gives enemy an advantage of increasing defensive capability, or relaxing cyber dependence. DDoS Cyber War
  • 12. ECO System 12 Bot Makers BotNet Builders BotNet Operators BotNet brokers BotNet Users Selling tools or give away System compromised and code distribution. Trade valuable private information. Provide cloud services (non-exclusive ownership) Matching buyers and sellers running code on BotNet platform Legal Enforcement Low Low Low Low Medium
  • 13. Economy 13 1000 Bots in Australia 24 Hrs : $100 1000 Bots in Vietnam 24 Hrs : $5 1000 Bots in China 24 Hrs Mainland (Tier2 cities) : $13 LiaoNing : $80 GuangDong : $160 1000 Bots in Taiwan 24 Hrs : $484 Bot Applications 1 Sell private information 2 Advertisement 3 DDoS services (PC Magazine, 2009 June)
  • 14. Math Exercise • Infected PCs (Bot) – Assume 10,000 PCs – Sending 10,000 DNS queries /PC.sec, total 100M queries/sec – Generating outbound traffic 640KBytes/PC.sec – Total Cost : USD 130 (Bot@China) for 24 hrs • Public DNS resolvers – Assume 20,000 servers (open resolvers > 60K) – Message amplification x 50 times=>3,000bytes (6 packets)/msg – Receiving 5,000 DNS queries/server.sec – Generating outbound traffic 15MBytes/server.sec (30,000 packets/server.sec) – Total cost : Free (public goods) • Target Victims – Receiving inbound traffic 300GBytes/sec. (600M packets/sec) – Total liability : considerable costly. (priceless to actors, vice versa) 14
  • 15. Solution Zone 15 ssh; ping; ftp; …., etc Firewall/DefenseSystem Build filtering rules/policing on the fly 1 block sources 2 block protocols/ports Challenges 1 capacity and performance 2 hard to identify dynamic sources 3 design new algorithm for new patterns instantly. S1 : rules/policing
  • 16. Continue 16 Spoofed source IP DNS; NTP; …, etc technical compliance protocols technical compliance protocols Amplification Attack Firewall/DefenseSystem S1: BIND rate limit S2: buy transit S3: rules/policing Challenges S1 : out of victim’s control S2 : port speed may not be upgradable accordingly S3 : 1 capacity and performance 2 design new algorithm for new patterns instantly (DNSSEC: destination validation)
  • 17. Performance Impact for Increasing Rules 17 Firewall Performance Impact Router Performance Impact (TechGuard, 2012)
  • 18. Strengthen The Defensive System Unique Algorithm for Unique Pattern 18 Analyze attack pattern Design defensive algorithm Sizing engineering #max number of sessions/connections #fit in CPU Cache #risk of saturating a CPU at a given packet rate #timeout adjustment Rapid coding and deployment On going monitoring Knowledge Intensive
  • 19. 19