1.Khi nim v phn loi

1.1Khi nim

Tn cng bng t chi dch v DoS (Denial of Service) c th m t nh hnh ng ngn cn nhng ngi dng hp php kh nng truy cp v s dng vo mt dch v no .

N bao gm: lm trn ngp mng, mt kt ni vi dch v m mc ch cui cng l my ch (Server) khng th p ng c cc yu cu s dng dch v t cc my trm (Client).

1.2 Phn loi

C 2 loi

Loi 1: Da theo c im ca h thng b tn cng: gy qu ti khin h thng mt kh nng phc v

Tin tc gi rt nhiu yu cu dch v, bt chc nh ngi dng thc s yu cu i vi h thng

gii quyt yu cu, h thng phi tn ti nguyn (CPU, b nh, ng truyn,). M ti nguyn ny th l hu hn. Do h thng s khng cn ti nguyn phc v cc yu cu sau

Hnh thc ch yu ca kiu ny tn cng t chi dch v phn tn

Loi 2 : Lm cho h thng b treo, t lit do tn cng vo c im ca h thng hoc li v an ton thng tin

Tin tc li dng k h an ton thng tin ca h thng gi cc yu cu hoc cc gi tin khng hp l (khng ng theo tiu chun) mt cch c , khin cho h thng b tn cng khi nhn c yu cu hay gi tin ny, x l khng ng hoc khng theo trnh t c thit k, dn n s sp ca chnh h thng

in hnh l kiu tn cng Ping of Death hoc SYN Flood

2.Cc cch thc tn cng

2.1 Tn cng thng qua kt ni

SYN Flood Attack

-c xem l mt trong nhng kiu tn cng DoS kinh in nht. Li dng s h ca th tc TCP khi bt tay ba chiu, mi khi client (my khch) mun thc hin kt ni (connection) vi server (my ch) th n thc hin vic bt tay ba ln (three ways handshake) thng qua cc gi tin (packet).

Bc 1: Client (my khch) s gi cc gi tin (packet cha SYN=1) n my ch yu cu kt ni.

Bc 2: Khi nhn c gi tin ny, server s gi li gi tin SYN/ACK thng bo cho client bit l n nhn c yu cu kt ni v chun b ti nguyn cho vic yu cu ny. Server s ginh mt phn ti nguyn h thng nh b nh m (cache) nhn v truyn d liu. Ngoi ra, cc thng tin khc ca client nh a ch IP v cng (port) cng c ghi nhn.

Bc 3: Cui cng, client hon tt vic bt tay ba ln bng cch hi m li gi tin cha ACK cho server v tin hnh kt ni.

-Do TCP l th tc tin cy trong vic giao nhn (end-to-end) nn trong ln bt tay th hai,server gi cc gi tin SYN/ACK tr li li client m khng nhn li c hi m caclient thc hin kt ni th n vn bo lu ngun ti nguyn chun b kt ni v lpli vic gi gi tin SYN/ACK cho client n khi no nhn c hi p ca my client.

-im mu cht l y l lm cho client khng hi p cho Server. V c hng nhiu,nhiu client nh th trong khi server vn ngy th lp li vic gi packet v ginhti nguyn ch ngi v trong lc ti nguyn ca h thng l c gii hn! Cchacker tn cng s tm cch t n gii hn .

-Nu qu trnh ko di, server s nhanh chng tr nn qu ti, dn n tnh trng crash (treo) nn cc yu cu hp l s b t chi khng th p ng c. C th hnh dung qu trnh ny cng ging h khi my tnh c nhn (PC) hay b treo khi m cng lc qu nhiu chng trnh cng lc vy .

-Thng thng, gi a ch IP gi tin, cc hacker c th dng Raw Sockets (khng phi gi tin TCP hay UDP) lm gi mo hay ghi gi ln IP gc ca gi tin. Khi mt gi tin SYN vi IP gi mo c gi n server, n cng nh bao gi tin khc, vn hp l i vi server v server s cp vng ti nguyn cho ng truyn ny, ng thi ghi nhn ton b thng tin v gi gi SYN/ACK ngc li cho Client. V a ch IP ca client l gi mo nn s khng c client no nhn c SYN/ACK packet ny hi p cho my ch. Sau mt thi gian khng nhn c gi tin ACK t client, server ngh rng gi tin b tht lc nn li tip tc gi tip SYN/ACK, c nh th, cc kt ni (connections) tip tc m.

Nu nh k tn cng tip tc gi nhiu gi tin SYN n server th cui cng server khng th tip nhn thm kt ni no na, d l cc yu cu kt ni hp l. Vic khng th phc na cng ng ngha vi vic my ch khng tn ti. Vic ny cng ng ngha vi xy ra nhiu tn tht do ngng tr hot ng, c bit l trong cc giao dch thng mi in t trc tuyn.

-y khng phi l kiu tn cng bng ng truyn cao, bi v ch cn mt my tnh ni internet qua ng dial-up n gin cng c th tn cng kiu ny (tt nhin s lu hn cht).

2.2 Li dng ti nguyn ca nn nhn tn cng

Land Attack

Tng t nh SYN flood

Nhng hacker s dng chnh IP ca mc tiu cn tn cng dng lm a ch IP ngun trong gi tin

y mc tiu vo mt vng lp v tn khi c gng thit lp kt ni vi chnh n

UDP flood

Hacker gi gi tin UDP echo vi a ch IP ngun l cng loopback ca chnh mc tiu cn tn cng hoc ca mt my tnh trong cng mng

Vi mc tiu s dng cng UDP echo (port 7) thit lp vic gi v nhn cc gi tin echo trn 2 my tnh (hoc gia mc tiu vi chnh n nu mc tiu c cu hnh cng loopback), khin cho 2 my tnh ny dn dn s dng ht bng thng ca chng, v cn tr hot ng chia s ti nguyn mng ca cc my tnh khc trong mng

2.3 S dng Bng Thng

DDoS (Distributed Denial of Service)

-Xut hin vo ma thu 1999, so vi tn cng DoS c in, sc mnh ca DDoS cao hn gp nhiu ln. Hu ht cc cuc tn cng DDoS nhm vo vic chim dng bng thng (bandwidth) gy nghn mch h thng dn n h thng ngng hot ng. thc hin th k tn cng tm cch chim dng v iu khin nhiu my tnh/mng my tnh trung gian (ng vai tr zombie) t nhiu ni ng lot gi o t cc gi tin (packet) vi s lng rt ln nhm chim dng ti nguyn v lm trn ngp ng truyn ca mt mc tiu xc nh no .

-Theo cch ny th d bng thng c bao nhiu i chng na th cng khng th chu ng c s lng hng triu cc gi tin nn h thng khng th hot ng c na v nh th dn n vic cc yu cu hp l khc khng th no c p ng, server s b vng khi internet.

- Ni nm na l n ging nh tnh trng kt xe vo gi cao im vy. V d r nht l s cng hng trong ln truy cp im thi i hc va qua khi c qu nhiu my tnh yu cu truy cp cng lc lm dung lng ng truyn hin ti ca my ch khng ti no p ng ni.-Hin nay, xut hin dng virus/worm c kh nng thc hin cc cuc tn cng DDoS.Khi b ly nhim vo cc my khc, chng s t ng gi cc yu cu phc v n mt mc tiu xc nh no vo thi im xc nh chim dng bng thng hoc ti nguyn h thng my ch. Trng hp ca MyDoom l v d tiu biu cho kiu ny

2.4 S dng ti nguyn khc

Smurf Attack

Kiu tn cng ny cn mt h thng rt quan trng l mng khuych i

Hacker dng a ch ca my tnh cn tn cng gi gi tin ICMP echo cho ton b mng (broadcast)

Cc my tnh trong mng s ng lot gi gi tin ICMP reply cho my tnh m hacker mun tn cng

Kt qu l my tnh ny s khng th x l kp thi mt lng ln thng tin v dn ti b treo my.

Tear Drop

Trong mng chuyn mch gi, d liu c chia thnh nhiu gi tin nh, mi gi tin c mt gi tr offset ring v c th truyn i theo nhiu con ng khc nhau ti ch. Ti ch, nh vo gi tr offset ca tng gi tin m d liu li c kt hp li nh ban u

Li dng iu ny, hacker c th to ra nhiu gi tin c gi tr offset trng lp nhau gi n mc tiu mun tn cng

Kt qu l my tnh ch khng th sp xp c nhng gi tin ny v dn ti b treo my v b "vt kit" kh nng x l

Ph hoi hoc chnh sa thng tin cu hnh

Li dng vic cu hnh thiu an ton nh vic khng xc thc thng tin trong vic gi/nhn bn tin cp nht (update) ca router... m k tn cng s thay i trc tip hoc t xa cc thng tin quan trng ny

khin cho nhng ngi dng hp php khng th s dng dch v.

Ph hoi hoc chnh sa phn cng

Li dng quyn hn ca chnh bn thn k tn cng i vi cc thit b trong h thng mng tip cn ph hoi cc thit b phn cng nh router, switch

vNgoi ra cn c kiu tn cng t chi dch v phn x nhiu vng DRDoS (Distributed Reflection Denial of Service)

-Xut hin vo u nm 2002, l kiu tn cng mi nht, mnh nht trong h DoS. Nu c thc hin bi k tn cng c tay ngh th n c th h gc bt c h thng no trn th gii trong pht chc.

-Mc tiu chnh ca DDDoS l chim ot ton b bng thng ca my ch, tc l lm tc nghn hon ton ng kt ni t my ch vo xng sng ca Internet v tiu hao ti nguyn my ch. Trong sut qu trnh my ch b tn cng bng DrDoS, khng mt my khch no c th kt ni c vo my ch . Tt c cc dch v chy trn nn TCP/IP nh DNS, HTTP, FTP, POP3, ... u b v hiu ha.

-V c bn, DRDoS l s phi hp gia hai kiu DoS v DDoS. N c kiu tn cng SYN vi mt my tnh n, va c s kt hp gia nhiu my tnh chim dng bng thng nh kiu DDoS. K tn cng thc hin bng cch gi mo a ch ca server mc tiu ri gi yu cu SYN n cc server ln nh Yahoo, Micorosoft, chng hn cc server ny gi cc gi tin SYN/ACK n server mc tiu. Cc server ln, ng truyn mnh v tnh ng vai tr zoombies cho k tn cng nh trong DDoS.

Qu trnh gi c lp li lin tc vi nhiu a ch IP gi t k tn cng, vi nhiu server ln tham gia nn server mc tiu nhanh chng b qu ti, bandwidth b chim dng bi server ln. Tnh ngh thut l ch ch cn vi mt my tnh vi modem 56kbps, mt hacker lnh ngh c th nh bi bt c my ch no trong giy lt m khng cn chim ot bt c my no lm phng tin thc hin tn cng

3. Cch phng chng tng qut

Nhn chung, tn cng t chi dch v khng qu kh thc hin, nhng rt kh phng chng do tnh bt ng v thng l phng chng trong th b ng khi s vic ri. Vic i ph bng cch tng cng phn cng cng l gii php tt, nhng thng xuyn theo di pht hin v ngn chn kp thi ci gi tin IP t cc ngun khng tin cy l hu hiu nht.

M hnh h thng cn phi c xy dng hp l, trnh ph thuc ln nhau qu mc. Bi khi mt b phn gp s c s lm nh hng ti ton b h thng

Thit lp mt khu mnh (strong password) bo v cc thit b mng v cc ngun ti nguyn quan trng khc.

Thit lp cc mc xc thc i vi ngi s dng cng nh cc ngun tin trn mng. c bit, nn thit lp ch xc thc khi cp nht cc thng tin nh tuyn gia cc router.

Xy dng h thng lc thng tin trn router, firewall v h thng bo v chng li SYN flood.

Ch kch hot cc dch v cn thit, tm thi v hiu ho v dng cc dch v cha c yu cu hoc khng s dng.

Xy dng h thng nh mc, gii hn cho ngi s dng, nhm mc ch ngn nga trng hp ngi s dng c mun li dng cc ti nguyn trn server tn cng chnh server hoc mng v server khc.

Lin tc cp nht, nghin cu, kim tra pht hin cc l hng bo mt v c bin php khc phc kp thi.

S dng cc bin php kim tra hot ng ca h thng mt cch lin tc pht hin ngay nhng hnh ng bt bnh thng.

Xy dng v trin khai h thng d phng.

Khi bn pht hin my ch mnh b tn cng hy nhanh chng truy tm a ch IP v cm khng cho gi d liu n my ch.

Dng tnh nng lc d liu ca router/firewall loi b cc packet khng mong mun, gim lng lu thng trn mng v ti ca my ch.

Nu b tn cng do li ca phn mm hay thit b th nhanh chng cp nht cc bn sa li cho h thng hoc thay th.

Dng mt s c ch, cng c, phn mm chng li TCP SYN Flooding. Tt cc dch v khc nu c trn my ch gim ti v c th p ng tt hn. Nu c c th nng cp cc thit b phn cng nng cao kh nng p ng ca h thng hay s dng thm cc my ch cng tnh nng khc phn chia ti.

Tm thi chuyn my ch sang mt a ch khc.

4.Chi tit phng chng DDoS

-C rt nhiu gii php v tng c a ra nhm i ph vi cc cuc tn cng kiu DDoS. Tuy nhin khng c gii php v tng no l gii quyt trn vn bi ton Anti-DDoS. Cc hnh thi khc nhau ca DDoS lin tc xut hin theo thi gian song song vi cc gii php i ph, tuy nhin cuc ua vn tun theo quy lut tt yu ca bo mt my tnh: Hacker lun i trc gii bo mt mt bc.-C ba giai on chnh trong qu trnh Anti-DDoS:

Giai on ngn nga: ti thiu ha lng Agent, tm v v hiu ha cc Handler

Giai on i u vi cuc tn cng: Pht hin v ngn chn cuc tn cng, lm suy gim v dng cuc tn cng, chuyn hng cuc tn cng.

Giai on sau khi cuc tn cng xy ra: thu thp chng c v rt kinh nghim

(suu tam)