SlideShare ist ein Scribd-Unternehmen logo

Denial of services : limiting the threat

Als PPT, PDF herunterladen
SensePost
SensePost

Presentation by Charl van der Walt at INFO SEC Africa 2001. The presentation begins with a case study of a DoS attack launched on a number of high profile sites by the canadian teen "Mafiaboy". An explanation of DoS and DDoS given. The impact of DDoS in South Africa is also discussed. The presentation ends with a series of discussions on DDoS countermeasures.

Technologie
1 von 45
Denial of Service: Limiting the Threat
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],AGENDA
Hi! All about me.
Introduction ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],discussion, truthfully conducted, must lead to public advantage: the discussion stimulates curiosity, and curiosity stimulates invention - Charles Tomlinson - Rudimentary Treatise on the Construction of Locks - 1850
Ooh! Die bang-maak goed
February Fun
February Fun ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
February Fun - the aftermath ,[object Object],[object Object]
Future Imperfect - predictions 2001 Peter G. Neumann SRI International We are likely to see some organized, possibly collaborative, attacks that do some real damage, perhaps to our critical infrastructures, perhaps to our financial systems, perhaps to government systems all of which have significant vulnerabilities.
Future Imperfect - predictions 2001 Bruce Moulton Fidelity Investments Hactivism and other cyber attacks emanating from countries with weak or non-existent legal sanctions and investigative capabilities will escalate. This is likely to be the root of at least one headline-grabbing cyber incident (much bigger than DDOS or LoveBug) that will send a loud wake-up call to the commercial sector.
Future Imperfect - predictions 2001 Marcus H. Sachs US Department of Defense 2001 will also see continued development of distributed denial of service attack networks. These attack networks will no longer rely on manual establishment by the attacker, but will automatically establish themselves through the use of mobile code and html scripting.
The Nuts & Bolts Stuff
Understanding the ‘Net
[object Object],Understanding DoS „ The real requirement is not quick recovery but the absence of outages“ „ We talk today of 'Internet Time'; the Internet does not allow for delays“ Steven J. Ross, Information Systems Control, March 2000
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Why do DoS?
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],How DoS works
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Classical DoS examples
DoS using Amplifiers - SMURF check: www.netscan.org
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Revisiting SYN floods
New Kid on the block - DDoS
Profile of a typical attack ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Building an attack network ,[object Object],[object Object]
Common DDoS tools ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Common DDoS tools ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The challenge of DDoS ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Boom! Assesing the impact
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],What me worry?!
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],RSADDoS (in the motherland)
Whoah Cowboy! icsa.net, February 2000: „ The Internet has now taken a drastic "hit" to its reliability and integrity due to the recent DDoS attacks. It is only through the cooperation and unification of all Internet users that we will find the solution-and stop DDoS from taking the Internet out from under our commerce, education, communities, and individuals.“ But has it really been all that bad?
Pow! Fighting back
DoS defense strategies ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Ingress Filtering ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Egress Filtering ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Planning for disaster ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
DDoS - Defending yourself ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Protecting web servers from DoS ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Responding to a DoS attack ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Getting Greasy
Configuration Examples - CISCO ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Interesting other stuff
Things to consider ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Other possible tricks ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],DoS the SA way
THE BOTTOM LINE ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
questions?

Empfohlen

Denail of Service
Denail of ServiceDenail of Service
Denail of Service
Ramasubbu .P
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
Kaustubh Padwad
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)
Gaurav Sharma
 
An introduction to denial of service attack
An introduction to denial of service attackAn introduction to denial of service attack
An introduction to denial of service attack
Mohammad Reza Mousavinasr
 
Network seurity
Network seurityNetwork seurity
Network seurity
Naqash Rasheed
 
Assingement on dos ddos
Assingement on dos ddosAssingement on dos ddos
Assingement on dos ddos
kalyan kumar
 
Module 9 Dos
Module 9 DosModule 9 Dos
Module 9 Dos
leminhvuong
 
12 types of DDoS attacks
12 types of DDoS attacks12 types of DDoS attacks
12 types of DDoS attacks
Haltdos
 

Empfohlen

Denail of Service
Denail of ServiceDenail of Service
Denail of Service
Ramasubbu .P
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
Kaustubh Padwad
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)
Gaurav Sharma
 
An introduction to denial of service attack
An introduction to denial of service attackAn introduction to denial of service attack
An introduction to denial of service attack
Mohammad Reza Mousavinasr
 
Network seurity
Network seurityNetwork seurity
Network seurity
Naqash Rasheed
 
Assingement on dos ddos
Assingement on dos ddosAssingement on dos ddos
Assingement on dos ddos
kalyan kumar
 
Module 9 Dos
Module 9 DosModule 9 Dos
Module 9 Dos
leminhvuong
 
12 types of DDoS attacks
12 types of DDoS attacks12 types of DDoS attacks
12 types of DDoS attacks
Haltdos
 
DoS Attack - Incident Handling
DoS Attack - Incident HandlingDoS Attack - Incident Handling
DoS Attack - Incident Handling
Marcelo Silva
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
Ahmed Ghazey
 
Denial of service
Denial of serviceDenial of service
Denial of service
garishma bhatia
 
DDoS Attacks and Countermeasures
DDoS Attacks and CountermeasuresDDoS Attacks and Countermeasures
DDoS Attacks and Countermeasures
thaidn
 
Denial of Service Attack
Denial of Service AttackDenial of Service Attack
Denial of Service Attack
Dhrumil Panchal
 
Dos n d dos
Dos n d dosDos n d dos
Dos n d dos
sadhana21297
 
Network Security
Network SecurityNetwork Security
Network Security
DURYODHAN MAHAPATRA
 
DDOS Attack
DDOS Attack DDOS Attack
DDOS Attack
Ahmed Salama
 
DDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceDDoS - Distributed Denial of Service
DDoS - Distributed Denial of Service
Er. Shiva K. Shrestha
 
Destributed denial of service attack ppt
Destributed denial of service attack pptDestributed denial of service attack ppt
Destributed denial of service attack ppt
OECLIB Odisha Electronics Control Library
 
An introduction to denial of service attacks
An introduction to denial of service attacksAn introduction to denial of service attacks
An introduction to denial of service attacks
Rollingsherman
 
DDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtDDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin Bisht
Nitin Bisht
 
Denial Of Service Attack
Denial Of Service AttackDenial Of Service Attack
Denial Of Service Attack
Vishnuvardhan Reddy
 
Network Security fundamentals
Network Security fundamentalsNetwork Security fundamentals
Network Security fundamentals
Tariq kanher
 
Ddos
DdosDdos
Ddos
university of Gujrat, pakistan
 
Defense mechanism for d do s attack through machine learning
Defense mechanism for d do s attack through machine learningDefense mechanism for d do s attack through machine learning
Defense mechanism for d do s attack through machine learning
eSAT Publishing House
 
DDos
DDosDDos
DDos
rohit verma
 
Network security
Network securityNetwork security
Network security
-jyothish kumar sirigidi
 
Denial of Service Attack Project
Denial of Service Attack ProjectDenial of Service Attack Project
Denial of Service Attack Project
Nadim Ebadi
 
DNS Security, is it enough?
DNS Security, is it enough? DNS Security, is it enough?
DNS Security, is it enough?
Zscaler
 
Customer distributed denial of service (DDoS) experiences - Networkshop44
Customer distributed denial of service (DDoS) experiences - Networkshop44Customer distributed denial of service (DDoS) experiences - Networkshop44
Customer distributed denial of service (DDoS) experiences - Networkshop44
Jisc
 
Bab 01 complete
Bab 01 completeBab 01 complete
Bab 01 complete
Norhisham Mohamad Nordin
 

Weitere ähnliche Inhalte

Was ist angesagt?

An introduction to denial of service attacks
An introduction to denial of service attacksAn introduction to denial of service attacks
An introduction to denial of service attacks
Rollingsherman
 
Network Security fundamentals
Network Security fundamentalsNetwork Security fundamentals
Network Security fundamentals
Tariq kanher
 
Defense mechanism for d do s attack through machine learning
Defense mechanism for d do s attack through machine learningDefense mechanism for d do s attack through machine learning
Defense mechanism for d do s attack through machine learning
eSAT Publishing House
 

Was ist angesagt? (20)

DoS Attack - Incident Handling
DoS Attack - Incident HandlingDoS Attack - Incident Handling
DoS Attack - Incident Handling
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
 
Denial of service
Denial of serviceDenial of service
Denial of service
 
DDoS Attacks and Countermeasures
DDoS Attacks and CountermeasuresDDoS Attacks and Countermeasures
DDoS Attacks and Countermeasures
 
Denial of Service Attack
Denial of Service AttackDenial of Service Attack
Denial of Service Attack
 
Dos n d dos
Dos n d dosDos n d dos
Dos n d dos
 
Network Security
Network SecurityNetwork Security
Network Security
 
DDOS Attack
DDOS Attack DDOS Attack
DDOS Attack
 
DDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceDDoS - Distributed Denial of Service
DDoS - Distributed Denial of Service
 
Destributed denial of service attack ppt
Destributed denial of service attack pptDestributed denial of service attack ppt
Destributed denial of service attack ppt
 
An introduction to denial of service attacks
An introduction to denial of service attacksAn introduction to denial of service attacks
An introduction to denial of service attacks
 
DDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtDDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin Bisht
 
Denial Of Service Attack
Denial Of Service AttackDenial Of Service Attack
Denial Of Service Attack
 
Network Security fundamentals
Network Security fundamentalsNetwork Security fundamentals
Network Security fundamentals
 
Ddos
DdosDdos
Ddos
 
Defense mechanism for d do s attack through machine learning
Defense mechanism for d do s attack through machine learningDefense mechanism for d do s attack through machine learning
Defense mechanism for d do s attack through machine learning
 
DDos
DDosDDos
DDos
 
Network security
Network securityNetwork security
Network security
 
Denial of Service Attack Project
Denial of Service Attack ProjectDenial of Service Attack Project
Denial of Service Attack Project
 
DNS Security, is it enough?
DNS Security, is it enough? DNS Security, is it enough?
DNS Security, is it enough?
 

Andere mochten auch

How to launch and defend against a DDoS
How to launch and defend against a DDoSHow to launch and defend against a DDoS
How to launch and defend against a DDoS
jgrahamc
 
Packet sniffing in switched LANs
Packet sniffing in switched LANsPacket sniffing in switched LANs
Packet sniffing in switched LANs
Ishraq Al Fataftah
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security ppt
Lipsita Behera
 

Andere mochten auch (10)

Customer distributed denial of service (DDoS) experiences - Networkshop44
Customer distributed denial of service (DDoS) experiences - Networkshop44Customer distributed denial of service (DDoS) experiences - Networkshop44
Customer distributed denial of service (DDoS) experiences - Networkshop44
 
Bab 01 complete
Bab 01 completeBab 01 complete
Bab 01 complete
 
Basics of Denial of Service Attacks
Basics of Denial of Service AttacksBasics of Denial of Service Attacks
Basics of Denial of Service Attacks
 
How to launch and defend against a DDoS
How to launch and defend against a DDoSHow to launch and defend against a DDoS
How to launch and defend against a DDoS
 
Packet sniffing in switched LANs
Packet sniffing in switched LANsPacket sniffing in switched LANs
Packet sniffing in switched LANs
 
(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS Attacks
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security ppt
 
Denial of Service Attacks
Denial of Service AttacksDenial of Service Attacks
Denial of Service Attacks
 
10 DDoS Mitigation Techniques
10 DDoS Mitigation Techniques10 DDoS Mitigation Techniques
10 DDoS Mitigation Techniques
 

Ähnlich wie Denial of services : limiting the threat

Fortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_IntroductionFortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_Introduction
swang2010
 
DoS (Denial of Service) Attack Tutorial Ping of Death, DDOS Wha.docx
DoS (Denial of Service) Attack Tutorial Ping of Death, DDOS Wha.docxDoS (Denial of Service) Attack Tutorial Ping of Death, DDOS Wha.docx
DoS (Denial of Service) Attack Tutorial Ping of Death, DDOS Wha.docx
madlynplamondon
 
Recognizing security threats
Recognizing security threatsRecognizing security threats
Recognizing security threats
Kishore Kumar
 
Using the Web or another research tool, search for alternative means.pdf
Using the Web or another research tool, search for alternative means.pdfUsing the Web or another research tool, search for alternative means.pdf
Using the Web or another research tool, search for alternative means.pdf
fms12345
 
Ch04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and AttacksCh04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and Attacks
Information Technology
 

Ähnlich wie Denial of services : limiting the threat (20)

DDOS (1).ppt
DDOS (1).pptDDOS (1).ppt
DDOS (1).ppt
 
Fortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_IntroductionFortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_Introduction
 
DrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSDrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoS
 
Event - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security PerimetersEvent - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security Perimeters
 
Ddos
DdosDdos
Ddos
 
basic knowhow hacking
basic knowhow hackingbasic knowhow hacking
basic knowhow hacking
 
DoS/DDoS
DoS/DDoSDoS/DDoS
DoS/DDoS
 
Network And Application Layer Attacks
Network And Application Layer AttacksNetwork And Application Layer Attacks
Network And Application Layer Attacks
 
PLNOG 9: Paweł Wachelka - Network protection against DoS/DDoS attacks
PLNOG 9: Paweł Wachelka - Network protection against DoS/DDoS attacks PLNOG 9: Paweł Wachelka - Network protection against DoS/DDoS attacks
PLNOG 9: Paweł Wachelka - Network protection against DoS/DDoS attacks
 
Protecting your business from ddos attacks
Protecting your business from ddos attacksProtecting your business from ddos attacks
Protecting your business from ddos attacks
 
Hacking and its Defence
Hacking and its DefenceHacking and its Defence
Hacking and its Defence
 
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
 
DoS (Denial of Service) Attack Tutorial Ping of Death, DDOS Wha.docx
DoS (Denial of Service) Attack Tutorial Ping of Death, DDOS Wha.docxDoS (Denial of Service) Attack Tutorial Ping of Death, DDOS Wha.docx
DoS (Denial of Service) Attack Tutorial Ping of Death, DDOS Wha.docx
 
Dos & Ddos Attack. Man in The Middle Attack
Dos & Ddos Attack. Man in The Middle AttackDos & Ddos Attack. Man in The Middle Attack
Dos & Ddos Attack. Man in The Middle Attack
 
Recognizing security threats
Recognizing security threatsRecognizing security threats
Recognizing security threats
 
Using the Web or another research tool, search for alternative means.pdf
Using the Web or another research tool, search for alternative means.pdfUsing the Web or another research tool, search for alternative means.pdf
Using the Web or another research tool, search for alternative means.pdf
 
Ch04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and AttacksCh04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and Attacks
 
Attacks on the cyber world
Attacks on the cyber worldAttacks on the cyber world
Attacks on the cyber world
 
DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16
 
Atelier Technique CISCO ACSS 2018
Atelier Technique CISCO ACSS 2018Atelier Technique CISCO ACSS 2018
Atelier Technique CISCO ACSS 2018
 

Mehr von SensePost

Hacking Z-Wave Home Automation Systems
Hacking Z-Wave Home Automation SystemsHacking Z-Wave Home Automation Systems
Hacking Z-Wave Home Automation Systems
SensePost
 

Mehr von SensePost (20)

objection - runtime mobile exploration
objection - runtime mobile explorationobjection - runtime mobile exploration
objection - runtime mobile exploration
 
Vulnerabilities in TN3270 based Application
Vulnerabilities in TN3270 based ApplicationVulnerabilities in TN3270 based Application
Vulnerabilities in TN3270 based Application
 
Ruler and Liniaal @ Troopers 17
Ruler and Liniaal @ Troopers 17Ruler and Liniaal @ Troopers 17
Ruler and Liniaal @ Troopers 17
 
Introducing (DET) the Data Exfiltration Toolkit
Introducing (DET) the Data Exfiltration ToolkitIntroducing (DET) the Data Exfiltration Toolkit
Introducing (DET) the Data Exfiltration Toolkit
 
ZaCon 2015 - Zombie Mana Attacks
ZaCon 2015 - Zombie Mana AttacksZaCon 2015 - Zombie Mana Attacks
ZaCon 2015 - Zombie Mana Attacks
 
Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22
 
Heartbleed Overview
Heartbleed OverviewHeartbleed Overview
Heartbleed Overview
 
Botconf 2013 - DNS-based Botnet C2 Server Detection
Botconf 2013 - DNS-based Botnet C2 Server DetectionBotconf 2013 - DNS-based Botnet C2 Server Detection
Botconf 2013 - DNS-based Botnet C2 Server Detection
 
Rat a-tat-tat
Rat a-tat-tatRat a-tat-tat
Rat a-tat-tat
 
Hacking Z-Wave Home Automation Systems
Hacking Z-Wave Home Automation SystemsHacking Z-Wave Home Automation Systems
Hacking Z-Wave Home Automation Systems
 
Offence oriented Defence
Offence oriented DefenceOffence oriented Defence
Offence oriented Defence
 
Threats to machine clouds
Threats to machine cloudsThreats to machine clouds
Threats to machine clouds
 
Inside .NET Smart Card Operating System
Inside .NET Smart Card Operating SystemInside .NET Smart Card Operating System
Inside .NET Smart Card Operating System
 
SNMP : Simple Network Mediated (Cisco) Pwnage
SNMP : Simple Network Mediated (Cisco) PwnageSNMP : Simple Network Mediated (Cisco) Pwnage
SNMP : Simple Network Mediated (Cisco) Pwnage
 
Its Ok To Get Hacked
Its Ok To Get HackedIts Ok To Get Hacked
Its Ok To Get Hacked
 
Web Application Hacking
Web Application HackingWeb Application Hacking
Web Application Hacking
 
Putting the tea back into cyber terrorism
Putting the tea back into cyber terrorismPutting the tea back into cyber terrorism
Putting the tea back into cyber terrorism
 
Major global information security trends - a summary
Major global information security trends - a summaryMajor global information security trends - a summary
Major global information security trends - a summary
 
Attacks and Defences
Attacks and DefencesAttacks and Defences
Attacks and Defences
 
Corporate Threat Modeling v2
Corporate Threat Modeling v2Corporate Threat Modeling v2
Corporate Threat Modeling v2
 

Kürzlich hochgeladen

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Kürzlich hochgeladen (20)

HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 

Denial of services : limiting the threat

  • 1. Denial of Service: Limiting the Threat
  • 2.
  • 4.
  • 7.
  • 8.
  • 9. Future Imperfect - predictions 2001 Peter G. Neumann SRI International We are likely to see some organized, possibly collaborative, attacks that do some real damage, perhaps to our critical infrastructures, perhaps to our financial systems, perhaps to government systems all of which have significant vulnerabilities.
  • 10. Future Imperfect - predictions 2001 Bruce Moulton Fidelity Investments Hactivism and other cyber attacks emanating from countries with weak or non-existent legal sanctions and investigative capabilities will escalate. This is likely to be the root of at least one headline-grabbing cyber incident (much bigger than DDOS or LoveBug) that will send a loud wake-up call to the commercial sector.
  • 11. Future Imperfect - predictions 2001 Marcus H. Sachs US Department of Defense 2001 will also see continued development of distributed denial of service attack networks. These attack networks will no longer rely on manual establishment by the attacker, but will automatically establish themselves through the use of mobile code and html scripting.
  • 12. The Nuts & Bolts Stuff
  • 14.
  • 15.
  • 16.
  • 17.
  • 18. DoS using Amplifiers - SMURF check: www.netscan.org
  • 19.
  • 20. New Kid on the block - DDoS
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 27.
  • 28.
  • 29. Whoah Cowboy! icsa.net, February 2000: „ The Internet has now taken a drastic "hit" to its reliability and integrity due to the recent DDoS attacks. It is only through the cooperation and unification of all Internet users that we will find the solution-and stop DDoS from taking the Internet out from under our commerce, education, communities, and individuals.“ But has it really been all that bad?
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 39.
  • 41.
  • 42.
  • 43.
  • 44.

Hinweis der Redaktion

  1. Comment on our background and the kind of work we do - technology focused
  2. Comment on our background and the kind of work we do - technology focused
  3. Comment on actual statistics Give URL as source ** Refer to John Tullet’s talk earlier...
  4. Comment on actual statistics Give URL as source ** Refer to John Tullet’s talk earlier...
  5. Comment on actual statistics Give URL as source ** Refer to John Tullet’s talk earlier...
  6. Comment on actual statistics Give URL as source ** Refer to John Tullet’s talk earlier...
  7. Comment on actual statistics Give URL as source ** Refer to John Tullet’s talk earlier...
  8. Comment on actual statistics Give URL as source ** Refer to John Tullet’s talk earlier...