DDoS Attack and Its Defense

  • Published on
    25-Feb-2016

  • View
    236

  • Download
    3

Embed Size (px)

DESCRIPTION

DDoS Attack and Its Defense. CSE551: Introduction to Information Security. Outline. What is a DDOS attack? How to defend a DDoS attack?. What is DDoS attack?. Internet DDoS attack is real threat - on websites Yahoo, CNN, Amazon, eBay, etc (Feb. 2000) - PowerPoint PPT Presentation

Transcript

<ul><li><p>CSE551 Handout on DDoS*DDoS Attack and Its Defense</p><p>CSE551: Introduction to Information Security</p><p>CSE551 Handout on DDoS</p></li><li><p>CSE551 Handout on DDoS and Worm*OutlineWhat is a DDOS attack?How to defend a DDoS attack?</p><p>CSE551 Handout on DDoS and Worm</p></li><li><p>CSE551 Handout on DDoS and Worm*What is DDoS attack?Internet DDoS attack is real threat</p><p> - on websites Yahoo, CNN, Amazon, eBay, etc (Feb. 2000) services were unavailable for several hours - on Internet infrastructure 13 root DNS servers (Oct, 2002) 7 of them were shut down, 2 others partially unavailable</p><p>Lack of defense mechanism on current Internet</p><p>CSE551 Handout on DDoS and Worm</p></li><li><p>CSE551 Handout on DDoS and Worm*What is a DDos Attack?DoS attacks: Attempt to prevent legitimate users of a service from using itExamples of DoS include:Flooding a networkDisrupting connections between machinesDisrupting a serviceDistributed Denial-of-Service Attacks Many machines are involved in the attack against one or more victim(s)</p><p>CSE551 Handout on DDoS and Worm</p></li><li><p>CSE551 Handout on DDoS and Worm*</p><p>CSE551 Handout on DDoS and Worm</p></li><li><p>CSE551 Handout on DDoS and Worm*</p><p>CSE551 Handout on DDoS and Worm</p></li><li><p>CSE551 Handout on DDoS and Worm*</p><p>CSE551 Handout on DDoS and Worm</p></li><li><p>CSE551 Handout on DDoS and Worm*What Makes DDoS Attacks Possible? Internet was designed with functionality &amp; not security in mindInternet security is highly interdependentInternet resources are limitedPower of many is greater than power of a few</p><p>CSE551 Handout on DDoS and Worm</p></li><li><p>CSE551 Handout on DDoS and Worm*To Address DDoS attackIngress Filtering - P. Ferguson and D. Senie, RFC 2267, Jan 1998 - Block packets that has illegitimate source addresses - Disadvantage : Overhead makes routing slowIdentification of the origins (Traceback problem) - IP spoofing enables attackers to hide their identity - Many IP traceback techniques are suggestedMitigating the effect during the attack- Pushback</p><p>CSE551 Handout on DDoS and Worm</p></li><li><p>CSE551 Handout on DDoS and Worm*IP Traceback</p><p> - Allows victim to identify the origin of attackers - Several approaches ICMP trace messages, Probabilistic Packet Marking, Hash-based IP Traceback, etc.</p><p>CSE551 Handout on DDoS and Worm</p></li><li><p>CSE551 Handout on DDoS and Worm*PPMProbabilistic Packet Marking scheme - Probabilistically inscribe local path info - Use constant space in the packet header - Reconstruct the attack path with high probability</p><p>Making at router RFor each packet w Generate a random number x from [0,1)If x &lt; p then Write IP address of R into w.head Write 0 into w.distance else if w.distance == 0 then wirte IP address of R into w.tail Increase w.distanceendif</p><p>CSE551 Handout on DDoS and Worm</p></li><li><p>CSE551 Handout on DDoS and Worm*PPM (Cont.)Victimlegitimate userattacker</p><p>CSE551 Handout on DDoS and Worm</p></li><li><p>CSE551 Handout on DDoS and Worm*PPM (Cont.)Victimlegitimate userattacker</p><p>CSE551 Handout on DDoS and Worm</p></li><li><p>CSE551 Handout on DDoS and Worm*PPM (Cont.)Victimlegitimate userattacker</p><p>CSE551 Handout on DDoS and Worm</p></li><li><p>CSE551 Handout on DDoS and Worm*PPM (Cont.)Victimlegitimate userattacker</p><p>CSE551 Handout on DDoS and Worm</p></li><li><p>CSE551 Handout on DDoS and Worm*What is Pushback?A mechanism that allows a router to request adjacent upstream routers to limit the rate of traffic </p><p>CSE551 Handout on DDoS and Worm</p></li><li><p>CSE551 Handout on DDoS and Worm*How Does it Work?A congested router request other adjacent routers to limit the rate of traffic for that particular aggregate.Router sends pushback messageReceived routers propagates pushback</p><p>CSE551 Handout on DDoS and Worm</p></li><li><p>CSE551 Handout on DDoS and Worm*ConclusionWhat is a DDoS attack?Defending a DDoS attackIngress filteringTrace-back Push-back</p><p>CSE551 Handout on DDoS and Worm</p><p>*</p></li></ul>