Embed Size (px)
Citation preview
DOS & DDOS A
Terrific Attack
Duration: 3 HRS Audience: ExpertMODULE HIGHLIGHT1. INTRODUCTION TALK (15 Min)
2. INFORMATIVE SESSION (15 Min)
2.1. Understanding Lab Setup
2.2. Surprise Gift
2.3. Security Field and Charlatans
3. FOUNDATION KNOWLEDGE(20 Min)
3.1. Understanding Web Request and Response
3.2. Understanding Proxy process
4. ATTACK SCENARIO (60 Min)
4.1. Understanding DOS and DDOS
4.2. DOS Attack
4.3. DOS Attack UDP Flood
4.4. DDOS attack
5. SECURITY SOLUTIONS (15 Min)
5.1. IDS Detection Logic and Mechanism
5.2. Firewall
5.3. Honeypot
6. MASSIVE ATTACK (55 Min)
6.1. Protocol Randomize DOS Attack
6.2. Protocol Randomize DDOS Attack
6.3. Proxy, Zombie, UA Protocol Randomize DDOS Attack
A. ABOUT US
1. About CELNET
2. CELNET Management
3. Job Market
4. CELNET Carrier Courses
5. CELNET Basic Courses
6 CELNET Services And Comparisons
7. CELNET Success In Global Market
B. Question and Contact Us
CREDIT AND THANKS(1 MIN)
PROF. ANIL K ROY
DR AMIT KUMAR
IEEE BANGLORE
SJB INSTITUTES
ALL ORGANIZERS
AND ALL SPEAKER AND CHIEF GUEST
1.1. ABOUT MERecognized as Alien of Extra Ordinary Ability Holder person in the filed of
Computer Security by USAAchieved First Rank in entire University during Master of Computer
Application StudyWritten 5 books in subject of Computer Security, Networking and
Communication, Ethical Hacking and Penetration TestingOwn two copyrights and five trademarksfounded Two companiesPublished many research papers in many reputed scientific journalsHighlighted in many news paper and mediaPenetrate Gujarat UNI web and received appreciation for his defensive
efforts from GU AuthorityA Lead Developer of Reputed Tool RPSSInvited by many college, institutes and corporate for exclusive speech and
conferencePublish many articles in magazines.Provided consultancy in many cyber crime related issue to governmentProvided comprehensive training to many government senior officersReviewer of many international Journals.Lead Developer of Expert in Ethical Hacking, Expert in Network Pen
testing, Expert in Web Pen testing, Expert in Computer Forensic and Expertin Server Management.IEEE Member
1. INTRODUCTION TALK(5 Min)
1.2. Research and Citation
• Reach is attested by USCIS• Cited by many researcher• Published its abstract in many journal• Provoked wide spread commentary by many news media
1.3. Legal Issue
• During this seminar no real resource is going to be harm and executed on virtually created target• all tools used are either self developed, trial version, open source or free
1.4. General Notice
• Photography or Recording is strictly not allowed• Any person who have criminally accused by any law enforcement agency is not permitted to attend this
session• Any person who have age less then 18 year is not allowed here• The intension of this seminar is only educational and research purpose and methods is the proof of concept of
different possible attacks.
1.5. Apology• Apology for Bad English
1. INTRODUCTION TALK(5 Min)
2. INFORMATIVE SESSION (15 Min)
2.3. Security Field and Charlatans
Mostly People are Miss understanding the Security Field
• Security Field is not mean to learn the Tips and Tricks• It is not the Field to Hack Some once Email or Social Network Account• Mentor can be helpful to you• This is not the Different Filed of Computer but it is Last Degree of Knowledge in Specific Domain
Visit The Site http://attrition.org/errata/charlatan/ to get some decent information in security world
Charlatans
2.1. Understanding Lab Setup
2.2. Surprise Gift
POST / HTTP/1.0
Accept-Encoding:
Host: www.example.com
Referer: http://www.ashikali.com
Cookie: Some-Values
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Connection: close
Content-Type: application
Content-Length: 14
HTTP/1.1 200 OK
Date: Sat, 22 Oct 2005 19:28:06 GMT
Server: Apache/1.3.19 (Unix)
3. FOUNDATION KNOWLEDGE 10 Min
3.1. Understanding Web Request And Response
Server of www.eeh.com
Firewall IDSISP
Database Server
200 : ok - Request and response succeeded404: not found - Resource is not exist301 : moved permanently - Request resource moved to other place302 : found - Resource found but temporary its in under different URL303 : see other Request - resource moved another place but should be receive401 : unauthorized - Its require user authentication because of protection500 : server error - Un expected server error
Response codes and description
3. FOUNDATION KNOWLEDGE 10 Min
3.2. Understanding Proxy Process
Firewall IDS
Database Server
Proxy Server
The Proxy use as a mediator which helps to exchange the request and responsebetween the Sender and receiver. Below scenario is helpful to understand the proxyprocess.
REMOTE_ADDR = IP address of proxyHTTP_VIA = IP address of proxy serverHTTP_X_FORWARDED_FOR = Your own IP address
Request Format ISP
4. ATTACK SCENARIO 10 Min
4.1. Understanding DOS & DDOS
The DOS mean distribute denial of attack in this attack. Attacker usually flood the target computer by sendingnumber of request or packets on specific port using either TCP or UDP Protocol. While in DDOS Attack sameprocedure done using the Zombie. Attacker send the instruction to the zombie to flood on the target . DDOS ismore powerful and silent then DOS Attack.
AttackerTarget
DOS Attack Example
DDOS ATTACK EXAMPLE
Attacker
Zombie Zombie
Symptoms
System Slow Crash the System Over Heating the System Interruption Jam the System
4. ATTACK SCENARIO 30 Min
4.2. DOS Attack (Live Demo)
4.3. DOS Attack UDP Flood (Live Demo)
4.4. DDOS Attack (Live Demo)
5. SECURITY SOLUTION 10 Min
5.2. IDS Logic and Detection Mechanism
Firewall IDS
Database Server
Proxy Server
IDS reads the request and logs and they first check their database as previouslycreated by the user and they act.
REMOTE_ADDR = IP address of proxyHTTP_VIA = IP address of proxy serverHTTP_X_FORWARDED_FOR = Your own IP address
Request Format ISP
5.1. Firewall Logic and Mechanism
Firewall Blocks the unwanted ports so that incoming connection from untrustedresources can be block.
5. SECURITY SOLUTION 10 Min
5.3. Honeypot
Honeypot is the system to create deliberately vulnerable resource to trap attacker.
6.1. Protocol Randomize DOS Attack (Live Demo)
6.2. Protocol Randomize DDOS Attack (Live Demo)
6.3. Proxy, Zombie, UA Protocol Randomize DDOS Attack (Live Demo)
6. ATTACK SCENARIO (60 Min)
