SlideShare ist ein Scribd-Unternehmen logo

Ddos attack definitivo

•
•
L
lilith333
Technologie
1 von 35
Downloaden Sie, um offline zu lesen
CyBerwar and Intelligence Fall 2011 DDoS Attack Claudia Plantera I30033 2011.11.18
Outline Definitions Types of Attack Victims and Effects Case Studies Defense CyBerwar and Intelligence
Definitions CyBerwar and Intelligence
Malware “Malware (for "malicious software") is any program or file that is harmful to a computer user. Thus, malware includes computer viruses, worms, Trojan horses, and also spyware, programming that gathers information about a computer user without permission.” CyBerwar and Intelligence
Virus “a virus is a program or programming code that replicates by being copied or initiating its copying to another program, computer boot sector or document. Viruses can be transmitted as attachments to an e- mail note or in a downloaded file, or be present on a CD. Some viruses wreak their effect as soon as their code is executed; other viruses lie dormant until circumstances cause their code to be executed by the computer. Some viruses are benign or playful in intent and effect and some can be quite harmful, erasing data or causing your hard disk to require reformatting” CyBerwar and Intelligence
Worms “Computer worms are similar to viruses in that they replicate functional copies of themselves and can cause the same type of damage. In contrast to viruses, which require the spreading of an infected host file, worms are standalone software and do not require a host program or human help to propagate. To spread, worms either exploit a vulnerability on the target system or use some kind of social engineering to trick users into executing them. A worm enters a computer through a vulnerability in the system and takes advantage of file-transport or information-transport features on the system, allowing it to travel unaided.” CyBerwar and Intelligence
Trojan “It is a harmful piece of software that looks legitimate. Users are typically tricked into loading and executing it on their systems. After it is activated, it can achieve any number of attacks on the host, from irritating the user (popping up windows or changing desktops) to damaging the host (deleting files, stealing data, or activating and spreading other malware, such as viruses). Trojans are also known to create back doors to give malicious users access to the system. Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate. Trojans must spread through user interaction such as opening an e-mail attachment or downloading and running a file from the Internet.” CyBerwar and Intelligence
Bot “Bot" is derived from the word "robot" and is an automated process that interacts with other network services. Bots often automate tasks and provide information or services that would otherwise be conducted by a human being. A typical use of bots is to gather information (such as web crawlers ), or interact automatically with instant messaging (IM), Internet Relay Chat (IRC), or other web interfaces. They may also be used to interact dynamically with websites. Bots can be used for either good or malicious intent. A malicious bot is self-propagating malware designed to infect a host and connect back to a central server or servers that act as a command and control (C&C) center for an entire network of compromised devices, or "botnet.” CyBerwar and Intelligence
Denial of Service (DOS) Attack “an attempt to make a computer resource run out and make it unavaible to its intended users” CyBerwar and Intelligence
DDoS Attack DoS Attack The attacker mounts an attack from a single host DDoS Attack The attacker uses many systems to simultaneously launch attacks against a remote host CyBerwar and Intelligence
Zombie Computer Is a computer connected on the Internet that has been compromised by cracker, computer virus or trojan virus and can be used to perform malicious tasks of one sort or another under remote direction The computer attack is ampliefied: The rate of packets The size of packtes The difficulty to trace back an attack to the initiating attack CyBerwar and Intelligence
Attack CyBerwar and Intelligence
General Attack Classification Bandwidth Attack intended to overflow and consume resources available to the victim Logic Attack attempt to exploit a software program design flaw Protocol Attack take advantage of protocol inherent design CyBerwar and Intelligence
DoS Attack CyBerwar and Intelligence
Smurf Attack Attacker sends a huge amount of ICMP Echo Requests to victim Once network links become overloaded, all legitimate traffic will be slowed or stopped Use of bandwidth consumption to disable a victim's network resources using amplification of the attackers bandwitdh CyBerwar and Intelligence
The Fraggle Similar concept to ICMP flooding Networked slowed to the point where all valid connections are stopped Achieves a smaller amplication factor CyBerwar and Intelligence
SYN Flood – the client sends a SYN packet to the server – the server sends a SYN-ACK back to the client – the client sends an ACK back to the server to complete the three-way handshake and establish the connection TCP CyBerwar and Intelligence
SYN Flood • The half-open connections buffer • The attack occurs by the on the victim attacker server will eventually fill initiating a TCP connection to • The system will be unable to the server accept any new with a SYN. (using a legitimate incoming connections until the or spoofed buffer is emptied source address) out. • There is a timeout associated • The server replies with a SYN- with a pending ACK connection, so the half-open connections will • The client then doesn’t send eventually expire. back a ACK, • The attacking system can causing the server to allocate continue sending memory for connection requesting new the pending connection and connections faster than wait. the victim system can expire the pending connections. CyBerwar and Intelligence
DDoS Attack CyBerwar and Intelligence
How it works Attackers recruits multiple zombies machines Zombie computers send the attack packets and recruit other machines the identity of subverted machine is hide through spooking of the source address filed in the attack packets
TrinOO • Affects Windows and many Unix OS’s •Communication • Attacker scans for between Master- exploits, gains root, and >Daemon downloads Trin00 through a password- programs. protected cleartext • Attacker->Master- UDP-based protocol. >Daemon hierarchy (One -> More -> Many) • Daemons attack the • Attacker can telnet target with a UDP or into a Master to initiate commands, TCP packet which are distributed bombardment. amongst its Daemons. CyBerwar and Intelligence
Other attacks TFN and TFN2k Stacheldraht • Smurf attack • Smurf attack • The Fraggle • The Fraggle • SYN flood • SYN flood Encrypted All three at once communication bw the attacker and the Masters The Agents can upgrade their code automatically CyBerwar and Intelligence
Victim & Damage CyBerwar and Intelligence
General Victim Classification Application Exploit some feature of a specific application in order to make impossible the use of the resource Host The access to the target machine is impossible because its communication mechianisms are overloading or disabling. Network The incoming bandwidth of the target network is consumed Infrastructure Target some distributed service that is crucial for global internet operation or operation of a subnetwork CyBerwar and Intelligence
Symptoms Unusually slow network perfomance Unavailability of a particular web site Inability to access to any web site Dramatic increase in the number of spam email CyBerwar and Intelligence
Motivation Material gain Personal reasons (revenge) Fame Political reasons CyBerwar and Intelligence
Damage Disruptive Degrade Deny the victim's service Degrate some portion of a to its clients. victim's resources. Since In the case of recoverable this kind of attack attacks, the victim can doesn't lead to total recover as soon as the service disruption, it coul influx of the attack is remain undected for a stopped, but if is non significant period of recoverable it requires time. some human interventions. CyBerwar and Intelligence
Case Studies CyBerwar and Intelligence
Estonia . Dispute with Russia over the removal of a Soviet-era war memorial, a giant bronze soldier statue, from the center of  Tallinn. The botnet fooled Estonian network routers into continuously resending useless packets of information to one another, rapidly flooding the infrastructure used to conduct all online business in the country. ● Bank websites became unreachable, paralyzing most of Estonia's financial activity. ● Press sites also came under attack, in an attempt to disable news ROK&US sources. ● ISPs were overwhelmed, blacking out internet access for significant portions of the population. ● NATO stablished the alliance's cyber defense research center in Tallinn in 2008. ● Motivated Estonia to call on the European Union to make cyber attacks a criminal offense. CyBerwar and Intelligence
Georgia . In the weeks leading up to the five-day 2008 South Ossetia war, a DDoS attack directed ifirst to the Website of the Georgian president Several Russian blogs, forums, and websites spread a Microsoft Windows batch script that was designed to attack Georgian websites. The effects was the Georgians could not connect to any outside ROK&US news or information sources and could not send email out of the country. The aim of the attack was to prevent Georgians from learning what was going on Georgia’s banking operations were paralyzed. Credit card systems shut down, followed by the mobile phone system. CyBerwar and Intelligence
Defence CyBerwar and Intelligence
Main Problem: Zombie Computers patches for software defects that were reported and fixed months ago are never installed anti-virus tools are not kept up to date the computer owners give away control of their computers by indiscriminately running unknown programs. CyBerwar and Intelligence
Local Solutions Local filtering the victim can try to stop the inflitrating IP packets on the local router by installing a filter to detect them Changing IPs Systems administrators must make a series of changes to lead the traffic to the new IP address, once the IP change is completed, all internet routers will been informed ad edge routers will drop the attacking packets. Creating client bottlnecks The aim is creating bottleneck process on the zombie computers, such as solving puzzle or requiring to answer a random questions to the attacking computer before establishing the connection. In this way the attacking ability is limited because those strategies consume computtational power, limiting attacker in the number of connection requests it can make at the same time CyBerwar and Intelligence
Global Solutions improving the security of the entiry Internet the victim can try to stop the inflitrating IP packets on the local router by installing a filter to detect them Using globally coordinate filters to prevent the accomulation if a critical mass of attacking packets in time. A victim can send information that it has detected an attack, and the filters can stop attacking packets earlier preventing it to spread Tracing the source of IP address to trace the intruders' path back to zombie computers and stop their attacks. CyBerwar and Intelligence
Thank you CyBerwar and Intelligence

Empfohlen

DDoS ATTACKS
DDoS ATTACKSDDoS ATTACKS
DDoS ATTACKSAnil Antony
 
Rise of Dr Dos DDoS Attacks - Infographic
Rise of Dr Dos DDoS Attacks - InfographicRise of Dr Dos DDoS Attacks - Infographic
Rise of Dr Dos DDoS Attacks - InfographicState of the Internet
 
DDoS-bdNOG
DDoS-bdNOGDDoS-bdNOG
DDoS-bdNOGZobair Khan
 
Module 9 Dos
Module 9 DosModule 9 Dos
Module 9 Dosleminhvuong
 
Entropy and denial of service attacks
Entropy and denial of service attacksEntropy and denial of service attacks
Entropy and denial of service attackschris zlatis
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackAhmed Ghazey
 
Information security advanced
Information security advancedInformation security advanced
Information security advancedJamil S. Alagha
 
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/... Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...Suhail Khan
 

Empfohlen

DDoS ATTACKS
DDoS ATTACKSDDoS ATTACKS
DDoS ATTACKSAnil Antony
 
Rise of Dr Dos DDoS Attacks - Infographic
Rise of Dr Dos DDoS Attacks - InfographicRise of Dr Dos DDoS Attacks - Infographic
Rise of Dr Dos DDoS Attacks - InfographicState of the Internet
 
DDoS-bdNOG
DDoS-bdNOGDDoS-bdNOG
DDoS-bdNOGZobair Khan
 
Module 9 Dos
Module 9 DosModule 9 Dos
Module 9 Dosleminhvuong
 
Entropy and denial of service attacks
Entropy and denial of service attacksEntropy and denial of service attacks
Entropy and denial of service attackschris zlatis
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackAhmed Ghazey
 
Information security advanced
Information security advancedInformation security advanced
Information security advancedJamil S. Alagha
 
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/... Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...Suhail Khan
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackKaustubh Padwad
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS AttacksVitor Jesus
 
Denail of Service
Denail of ServiceDenail of Service
Denail of ServiceRamasubbu .P
 
Network defenses
Network defensesNetwork defenses
Network defensesG Prachi
 
DDOS ATTACKS
DDOS ATTACKSDDOS ATTACKS
DDOS ATTACKSShaurya Gogia
 
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili SaghafiComputer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili SaghafiProfessor Lili Saghafi
 
5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS Attack5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS AttackRedZone Technologies
 
DoS Attack - Incident Handling
DoS Attack - Incident HandlingDoS Attack - Incident Handling
DoS Attack - Incident HandlingMarcelo Silva
 
Enhancing the impregnability of linux servers
Enhancing the impregnability of linux serversEnhancing the impregnability of linux servers
Enhancing the impregnability of linux serversIJNSA Journal
 
An introduction to denial of service attack
An introduction to denial of service attackAn introduction to denial of service attack
An introduction to denial of service attackMohammad Reza Mousavinasr
 
Defense mechanism for d do s attack through machine learning
Defense mechanism for d do s attack through machine learningDefense mechanism for d do s attack through machine learning
Defense mechanism for d do s attack through machine learningeSAT Publishing House
 
An introduction to denial of service attacks
An introduction to denial of service attacksAn introduction to denial of service attacks
An introduction to denial of service attacksRollingsherman
 
Denial of Service Attack
Denial of Service AttackDenial of Service Attack
Denial of Service AttackDhrumil Panchal
 
Ddos- distributed denial of service
Ddos- distributed denial of service Ddos- distributed denial of service
Ddos- distributed denial of service laxmi chandolia
 
Destributed denial of service attack ppt
Destributed denial of service attack pptDestributed denial of service attack ppt
Destributed denial of service attack pptOECLIB Odisha Electronics Control Library
 
Denial of service
Denial of serviceDenial of service
Denial of servicegarishma bhatia
 
L1803046876
L1803046876L1803046876
L1803046876IOSR Journals
 
DoS/DDoS
DoS/DDoSDoS/DDoS
DoS/DDoSVihari Piratla
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Gaurav Sharma
 
A Comparative Approach to Handle Ddos Attacks
A Comparative Approach to Handle Ddos AttacksA Comparative Approach to Handle Ddos Attacks
A Comparative Approach to Handle Ddos AttacksIOSR Journals
 
Operation of Ping - (Computer Networking)
Operation of Ping - (Computer Networking) Operation of Ping - (Computer Networking)
Operation of Ping - (Computer Networking) Jubayer Al Mahmud
 
UN/ITU - Organisational Structures and Incident Management - Cybersecurity
UN/ITU - Organisational Structures and Incident Management - CybersecurityUN/ITU - Organisational Structures and Incident Management - Cybersecurity
UN/ITU - Organisational Structures and Incident Management - CybersecurityDr David Probert
 

Weitere ähnliche Inhalte

Was ist angesagt?

Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackKaustubh Padwad
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS AttacksVitor Jesus
 
Denail of Service
Denail of ServiceDenail of Service
Denail of ServiceRamasubbu .P
 
Network defenses
Network defensesNetwork defenses
Network defensesG Prachi
 
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili SaghafiComputer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili SaghafiProfessor Lili Saghafi
 
5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS Attack5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS AttackRedZone Technologies
 
DoS Attack - Incident Handling
DoS Attack - Incident HandlingDoS Attack - Incident Handling
DoS Attack - Incident HandlingMarcelo Silva
 
Enhancing the impregnability of linux servers
Enhancing the impregnability of linux serversEnhancing the impregnability of linux servers
Enhancing the impregnability of linux serversIJNSA Journal
 
An introduction to denial of service attack
An introduction to denial of service attackAn introduction to denial of service attack
An introduction to denial of service attackMohammad Reza Mousavinasr
 
Defense mechanism for d do s attack through machine learning
Defense mechanism for d do s attack through machine learningDefense mechanism for d do s attack through machine learning
Defense mechanism for d do s attack through machine learningeSAT Publishing House
 
An introduction to denial of service attacks
An introduction to denial of service attacksAn introduction to denial of service attacks
An introduction to denial of service attacksRollingsherman
 
Denial of Service Attack
Denial of Service AttackDenial of Service Attack
Denial of Service AttackDhrumil Panchal
 
Ddos- distributed denial of service
Ddos- distributed denial of service Ddos- distributed denial of service
Ddos- distributed denial of service laxmi chandolia
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Gaurav Sharma
 
A Comparative Approach to Handle Ddos Attacks
A Comparative Approach to Handle Ddos AttacksA Comparative Approach to Handle Ddos Attacks
A Comparative Approach to Handle Ddos AttacksIOSR Journals
 

Was ist angesagt? (20)

Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS Attacks
 
Denail of Service
Denail of ServiceDenail of Service
Denail of Service
 
Network defenses
Network defensesNetwork defenses
Network defenses
 
DDOS ATTACKS
DDOS ATTACKSDDOS ATTACKS
DDOS ATTACKS
 
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili SaghafiComputer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
 
5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS Attack5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS Attack
 
DoS Attack - Incident Handling
DoS Attack - Incident HandlingDoS Attack - Incident Handling
DoS Attack - Incident Handling
 
Enhancing the impregnability of linux servers
Enhancing the impregnability of linux serversEnhancing the impregnability of linux servers
Enhancing the impregnability of linux servers
 
An introduction to denial of service attack
An introduction to denial of service attackAn introduction to denial of service attack
An introduction to denial of service attack
 
Defense mechanism for d do s attack through machine learning
Defense mechanism for d do s attack through machine learningDefense mechanism for d do s attack through machine learning
Defense mechanism for d do s attack through machine learning
 
An introduction to denial of service attacks
An introduction to denial of service attacksAn introduction to denial of service attacks
An introduction to denial of service attacks
 
Denial of Service Attack
Denial of Service AttackDenial of Service Attack
Denial of Service Attack
 
Ddos- distributed denial of service
Ddos- distributed denial of service Ddos- distributed denial of service
Ddos- distributed denial of service
 
Destributed denial of service attack ppt
Destributed denial of service attack pptDestributed denial of service attack ppt
Destributed denial of service attack ppt
 
Denial of service
Denial of serviceDenial of service
Denial of service
 
L1803046876
L1803046876L1803046876
L1803046876
 
DoS/DDoS
DoS/DDoSDoS/DDoS
DoS/DDoS
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)
 
A Comparative Approach to Handle Ddos Attacks
A Comparative Approach to Handle Ddos AttacksA Comparative Approach to Handle Ddos Attacks
A Comparative Approach to Handle Ddos Attacks
 

Andere mochten auch

Operation of Ping - (Computer Networking)
Operation of Ping - (Computer Networking) Operation of Ping - (Computer Networking)
Operation of Ping - (Computer Networking) Jubayer Al Mahmud
 
UN/ITU - Organisational Structures and Incident Management - Cybersecurity
UN/ITU - Organisational Structures and Incident Management - CybersecurityUN/ITU - Organisational Structures and Incident Management - Cybersecurity
UN/ITU - Organisational Structures and Incident Management - CybersecurityDr David Probert
 
Overview on security and privacy issues in wireless sensor networks-2014
Overview on security and privacy issues in wireless sensor networks-2014Overview on security and privacy issues in wireless sensor networks-2014
Overview on security and privacy issues in wireless sensor networks-2014Tarek Gaber
 
CEH - Module 10 : Denial of Service
CEH - Module 10 : Denial of ServiceCEH - Module 10 : Denial of Service
CEH - Module 10 : Denial of ServiceAvirot Mitamura
 
DDoS Attack Detection & Mitigation in SDN
DDoS Attack Detection & Mitigation in SDNDDoS Attack Detection & Mitigation in SDN
DDoS Attack Detection & Mitigation in SDNChao Chen
 
Wireless sensor network security issues
Wireless sensor network security issuesWireless sensor network security issues
Wireless sensor network security issuesMaha Saad
 
WiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & DefenceWiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & DefencePrakashchand Suthar
 

Andere mochten auch (7)

Operation of Ping - (Computer Networking)
Operation of Ping - (Computer Networking) Operation of Ping - (Computer Networking)
Operation of Ping - (Computer Networking)
 
UN/ITU - Organisational Structures and Incident Management - Cybersecurity
UN/ITU - Organisational Structures and Incident Management - CybersecurityUN/ITU - Organisational Structures and Incident Management - Cybersecurity
UN/ITU - Organisational Structures and Incident Management - Cybersecurity
 
Overview on security and privacy issues in wireless sensor networks-2014
Overview on security and privacy issues in wireless sensor networks-2014Overview on security and privacy issues in wireless sensor networks-2014
Overview on security and privacy issues in wireless sensor networks-2014
 
CEH - Module 10 : Denial of Service
CEH - Module 10 : Denial of ServiceCEH - Module 10 : Denial of Service
CEH - Module 10 : Denial of Service
 
DDoS Attack Detection & Mitigation in SDN
DDoS Attack Detection & Mitigation in SDNDDoS Attack Detection & Mitigation in SDN
DDoS Attack Detection & Mitigation in SDN
 
Wireless sensor network security issues
Wireless sensor network security issuesWireless sensor network security issues
Wireless sensor network security issues
 
WiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & DefenceWiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & Defence
 

Ähnlich wie Ddos attack definitivo

Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3Kabul Education University
 
Tools and methods used in cybercrime
Tools and methods used in cybercrimeTools and methods used in cybercrime
Tools and methods used in cybercrimepatelripal99
 
denialofservice.pdfdos attacck basic details with interactive design
denialofservice.pdfdos attacck basic details with interactive designdenialofservice.pdfdos attacck basic details with interactive design
denialofservice.pdfdos attacck basic details with interactive designperfetbyedshareen
 
DoS.ppt
DoS.pptDoS.ppt
DoS.pptVishalSb4
 
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM ijcseit
 
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISMDISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISMijcseit
 
Attack on computer
Attack on computerAttack on computer
Attack on computerRabail khan
 
Computing safety
Computing safetyComputing safety
Computing safetyBrulius
 
Internet security
Internet securityInternet security
Internet securitygOhElprashanT
 
Internet security
Internet securityInternet security
Internet securitygohel
 
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!PriyadharshiniHemaku
 
security in IOT.pptx
security in IOT.pptxsecurity in IOT.pptx
security in IOT.pptxTulasi72
 

Ähnlich wie Ddos attack definitivo (20)

Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3
 
Tools and methods used in cybercrime
Tools and methods used in cybercrimeTools and methods used in cybercrime
Tools and methods used in cybercrime
 
denialofservice.pdfdos attacck basic details with interactive design
denialofservice.pdfdos attacck basic details with interactive designdenialofservice.pdfdos attacck basic details with interactive design
denialofservice.pdfdos attacck basic details with interactive design
 
DoS.ppt
DoS.pptDoS.ppt
DoS.ppt
 
DoS.ppt
DoS.pptDoS.ppt
DoS.ppt
 
DoS.ppt
DoS.pptDoS.ppt
DoS.ppt
 
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
 
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISMDISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
 
Attack on computer
Attack on computerAttack on computer
Attack on computer
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS Attacks
 
Security and Linux Security
Security and Linux SecuritySecurity and Linux Security
Security and Linux Security
 
Cyber Security Terms
Cyber Security TermsCyber Security Terms
Cyber Security Terms
 
Botnets Attacks.pptx
Botnets Attacks.pptxBotnets Attacks.pptx
Botnets Attacks.pptx
 
Security Threats at OSI layers
Security Threats at OSI layersSecurity Threats at OSI layers
Security Threats at OSI layers
 
Computing safety
Computing safetyComputing safety
Computing safety
 
Aw36294299
Aw36294299Aw36294299
Aw36294299
 
Internet security
Internet securityInternet security
Internet security
 
Internet security
Internet securityInternet security
Internet security
 
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
 
security in IOT.pptx
security in IOT.pptxsecurity in IOT.pptx
security in IOT.pptx
 

KĂźrzlich hochgeladen

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel AraĂşjo
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 

KĂźrzlich hochgeladen (20)

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 

Ddos attack definitivo

  • 1. CyBerwar and Intelligence Fall 2011 DDoS Attack Claudia Plantera I30033 2011.11.18
  • 2. Outline Definitions Types of Attack Victims and Effects Case Studies Defense CyBerwar and Intelligence
  • 3. Definitions CyBerwar and Intelligence
  • 4. Malware “Malware (for "malicious software") is any program or file that is harmful to a computer user. Thus, malware includes computer viruses, worms, Trojan horses, and also spyware, programming that gathers information about a computer user without permission.” CyBerwar and Intelligence
  • 5. Virus “a virus is a program or programming code that replicates by being copied or initiating its copying to another program, computer boot sector or document. Viruses can be transmitted as attachments to an e- mail note or in a downloaded file, or be present on a CD. Some viruses wreak their effect as soon as their code is executed; other viruses lie dormant until circumstances cause their code to be executed by the computer. Some viruses are benign or playful in intent and effect and some can be quite harmful, erasing data or causing your hard disk to require reformatting” CyBerwar and Intelligence
  • 6. Worms “Computer worms are similar to viruses in that they replicate functional copies of themselves and can cause the same type of damage. In contrast to viruses, which require the spreading of an infected host file, worms are standalone software and do not require a host program or human help to propagate. To spread, worms either exploit a vulnerability on the target system or use some kind of social engineering to trick users into executing them. A worm enters a computer through a vulnerability in the system and takes advantage of file-transport or information-transport features on the system, allowing it to travel unaided.” CyBerwar and Intelligence
  • 7. Trojan “It is a harmful piece of software that looks legitimate. Users are typically tricked into loading and executing it on their systems. After it is activated, it can achieve any number of attacks on the host, from irritating the user (popping up windows or changing desktops) to damaging the host (deleting files, stealing data, or activating and spreading other malware, such as viruses). Trojans are also known to create back doors to give malicious users access to the system. Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate. Trojans must spread through user interaction such as opening an e-mail attachment or downloading and running a file from the Internet.” CyBerwar and Intelligence
  • 8. Bot “Bot" is derived from the word "robot" and is an automated process that interacts with other network services. Bots often automate tasks and provide information or services that would otherwise be conducted by a human being. A typical use of bots is to gather information (such as web crawlers ), or interact automatically with instant messaging (IM), Internet Relay Chat (IRC), or other web interfaces. They may also be used to interact dynamically with websites. Bots can be used for either good or malicious intent. A malicious bot is self-propagating malware designed to infect a host and connect back to a central server or servers that act as a command and control (C&C) center for an entire network of compromised devices, or "botnet.” CyBerwar and Intelligence
  • 9. Denial of Service (DOS) Attack “an attempt to make a computer resource run out and make it unavaible to its intended users” CyBerwar and Intelligence
  • 10. DDoS Attack DoS Attack The attacker mounts an attack from a single host DDoS Attack The attacker uses many systems to simultaneously launch attacks against a remote host CyBerwar and Intelligence
  • 11. Zombie Computer Is a computer connected on the Internet that has been compromised by cracker, computer virus or trojan virus and can be used to perform malicious tasks of one sort or another under remote direction The computer attack is ampliefied: The rate of packets The size of packtes The difficulty to trace back an attack to the initiating attack CyBerwar and Intelligence
  • 12. Attack CyBerwar and Intelligence
  • 13. General Attack Classification Bandwidth Attack intended to overflow and consume resources available to the victim Logic Attack attempt to exploit a software program design flaw Protocol Attack take advantage of protocol inherent design CyBerwar and Intelligence
  • 14. DoS Attack CyBerwar and Intelligence
  • 15. Smurf Attack Attacker sends a huge amount of ICMP Echo Requests to victim Once network links become overloaded, all legitimate traffic will be slowed or stopped Use of bandwidth consumption to disable a victim's network resources using amplification of the attackers bandwitdh CyBerwar and Intelligence
  • 16. The Fraggle Similar concept to ICMP flooding Networked slowed to the point where all valid connections are stopped Achieves a smaller amplication factor CyBerwar and Intelligence
  • 17. SYN Flood – the client sends a SYN packet to the server – the server sends a SYN-ACK back to the client – the client sends an ACK back to the server to complete the three-way handshake and establish the connection TCP CyBerwar and Intelligence
  • 18. SYN Flood • The half-open connections buffer • The attack occurs by the on the victim attacker server will eventually fill initiating a TCP connection to • The system will be unable to the server accept any new with a SYN. (using a legitimate incoming connections until the or spoofed buffer is emptied source address) out. • There is a timeout associated • The server replies with a SYN- with a pending ACK connection, so the half-open connections will • The client then doesn’t send eventually expire. back a ACK, • The attacking system can causing the server to allocate continue sending memory for connection requesting new the pending connection and connections faster than wait. the victim system can expire the pending connections. CyBerwar and Intelligence
  • 19. DDoS Attack CyBerwar and Intelligence
  • 20. How it works Attackers recruits multiple zombies machines Zombie computers send the attack packets and recruit other machines the identity of subverted machine is hide through spooking of the source address filed in the attack packets
  • 21. TrinOO • Affects Windows and many Unix OS’s •Communication • Attacker scans for between Master- exploits, gains root, and >Daemon downloads Trin00 through a password- programs. protected cleartext • Attacker->Master- UDP-based protocol. >Daemon hierarchy (One -> More -> Many) • Daemons attack the • Attacker can telnet target with a UDP or into a Master to initiate commands, TCP packet which are distributed bombardment. amongst its Daemons. CyBerwar and Intelligence
  • 22. Other attacks TFN and TFN2k Stacheldraht • Smurf attack • Smurf attack • The Fraggle • The Fraggle • SYN flood • SYN flood Encrypted All three at once communication bw the attacker and the Masters The Agents can upgrade their code automatically CyBerwar and Intelligence
  • 23. Victim & Damage CyBerwar and Intelligence
  • 24. General Victim Classification Application Exploit some feature of a specific application in order to make impossible the use of the resource Host The access to the target machine is impossible because its communication mechianisms are overloading or disabling. Network The incoming bandwidth of the target network is consumed Infrastructure Target some distributed service that is crucial for global internet operation or operation of a subnetwork CyBerwar and Intelligence
  • 25. Symptoms Unusually slow network perfomance Unavailability of a particular web site Inability to access to any web site Dramatic increase in the number of spam email CyBerwar and Intelligence
  • 26. Motivation Material gain Personal reasons (revenge) Fame Political reasons CyBerwar and Intelligence
  • 27. Damage Disruptive Degrade Deny the victim's service Degrate some portion of a to its clients. victim's resources. Since In the case of recoverable this kind of attack attacks, the victim can doesn't lead to total recover as soon as the service disruption, it coul influx of the attack is remain undected for a stopped, but if is non significant period of recoverable it requires time. some human interventions. CyBerwar and Intelligence
  • 28. Case Studies CyBerwar and Intelligence
  • 29. Estonia . Dispute with Russia over the removal of a Soviet-era war memorial, a giant bronze soldier statue, from the center of  Tallinn. The botnet fooled Estonian network routers into continuously resending useless packets of information to one another, rapidly flooding the infrastructure used to conduct all online business in the country. ● Bank websites became unreachable, paralyzing most of Estonia's financial activity. ● Press sites also came under attack, in an attempt to disable news ROK&US sources. ● ISPs were overwhelmed, blacking out internet access for significant portions of the population. ● NATO stablished the alliance's cyber defense research center in Tallinn in 2008. ● Motivated Estonia to call on the European Union to make cyber attacks a criminal offense. CyBerwar and Intelligence
  • 30. Georgia . In the weeks leading up to the five-day 2008 South Ossetia war, a DDoS attack directed ifirst to the Website of the Georgian president Several Russian blogs, forums, and websites spread a Microsoft Windows batch script that was designed to attack Georgian websites. The effects was the Georgians could not connect to any outside ROK&US news or information sources and could not send email out of the country. The aim of the attack was to prevent Georgians from learning what was going on Georgia’s banking operations were paralyzed. Credit card systems shut down, followed by the mobile phone system. CyBerwar and Intelligence
  • 31. Defence CyBerwar and Intelligence
  • 32. Main Problem: Zombie Computers patches for software defects that were reported and fixed months ago are never installed anti-virus tools are not kept up to date the computer owners give away control of their computers by indiscriminately running unknown programs. CyBerwar and Intelligence
  • 33. Local Solutions Local filtering the victim can try to stop the inflitrating IP packets on the local router by installing a filter to detect them Changing IPs Systems administrators must make a series of changes to lead the traffic to the new IP address, once the IP change is completed, all internet routers will been informed ad edge routers will drop the attacking packets. Creating client bottlnecks The aim is creating bottleneck process on the zombie computers, such as solving puzzle or requiring to answer a random questions to the attacking computer before establishing the connection. In this way the attacking ability is limited because those strategies consume computtational power, limiting attacker in the number of connection requests it can make at the same time CyBerwar and Intelligence
  • 34. Global Solutions improving the security of the entiry Internet the victim can try to stop the inflitrating IP packets on the local router by installing a filter to detect them Using globally coordinate filters to prevent the accomulation if a critical mass of attacking packets in time. A victim can send information that it has detected an attack, and the filters can stop attacking packets earlier preventing it to spread Tracing the source of IP address to trace the intruders' path back to zombie computers and stop their attacks. CyBerwar and Intelligence
  • 35. Thank you CyBerwar and Intelligence