Embed Size (px)
Citation preview
Group Group 88
DoS
SYN Flood
DDoS
Proposed Algorithm
Group 8
What is Denial of Service? What is Denial of Service?
“Attack in which the primary goal is to deny the legitimate clients access to a particular resource.”
How to take down a restaurant? How to take down a restaurant?
DoS
Table for fourat 8 o’clock. Name of Mr. Smith.
O.K.,Mr. Smith
SYN Flood
DDoS
Proposed Algorithm
Group 8
How to take down a restaurant? How to take down a restaurant?
DoS
No More Tables!
Saboteur
Restaurateur
SYN Flood
DDoS
Proposed Algorithm
Group 8
DoS
DDoS
What is Distributed Denial of Service? What is Distributed Denial of Service?
Doesn’t rely on the weakness of a systemDoesn’t rely on the weakness of a system
• Distributed way
• Different sources
• Engage the power
• Consume resourceSYN Flood
Proposed Algorithm
Group 8
DoS
DDoS
DDoS Tools DDoS Tools
Plagued the attack on Yahoo, Amazon.com, and other famous web sites in February 2000 !!
SYN Flood
Proposed Algorithm
Group 8
DoS
DDoS
DDoS Attack DDoS Attack
One of the major attack on today’s InternetOne of the major attack on today’s Internet
SYN Flood
Proposed Algorithm
Group 8
DoS
DDoS
DDoS Defense Classification DDoS Defense Classification
The defense of DDoS attack is very difficult The defense of DDoS attack is very difficult • No apparent characteristics
• Distributed structures & small memory
• Difficult to traceback
• Attackers can modify their toolkits constantly
Three lines of defenseThree lines of defense• Attack Prevention
• Attack Detection
• Attack Mitigation
SYN Flood
Proposed Algorithm
Group 8
DoS
DDoS
Attack Prevention Attack Prevention
Stop the attackingStop the attacking• Filter packets with illegitimate source addresses
Need to be installed on all routersNeed to be installed on all routers• Not viable Usually refuses the legitimateUsually refuses the legitimate• Both match the signatures
Examples:Examples:• Ingress filtering• Egress filtering • Route-based distributed packet filtering
Obviously, the prevention line is inadequate for defense the DDoS attacks… Obviously, the prevention line is inadequate for defense the DDoS attacks… ……
SYN Flood
Proposed Algorithm
Group 8
DoS
DDoS
Attack Detection Attack Detection
Misuse Detection Misuse Detection • Identify the well defined patterns of known attack
Anomaly Detection Anomaly Detection • Detect the anomaly behaviors in system
• Examples: − NOMAD: statistical analysis of IP packet− D-WARD: monitors the traffic− MULTOPS: uses disproportional rates to/from hosts and
subnets
SYN Flood
Proposed Algorithm
Group 8
DoS
DDoS
Attack Mitigation Attack Mitigation
Minimize the impact of attacksMinimize the impact of attacks•Impossible to stop DDoS attack completely
Maximize the QoSMaximize the QoS•Describes the assurance of the ability of a network to deliver predictable results
Examples:Examples:•Class-Based Queuing Techniques •Resource Pricing Architecture •Pushback architecture •Throttling
SYN Flood
Proposed Algorithm
Group 8
DoS
DDoS
SYN Flood
Proposed Algorithm
Normal TCP/IP Communication Normal TCP/IP Communication
Group 8
Basic Vulnerability Basic Vulnerability
•TCB: contains all of the information about the connection.•Potential risk: each incoming SYN packet will be allocated a TCB, it will result the memory exhausted.•Backlog: contains all the simultaneous TCBs in the SYN_RECV state. •Potential risk: the backlog is full, the new request will be ignored until some of the TCBs is reaped or removed.
DoS
DDoS
SYN Flood
Proposed Algorithm
Group 8
Unfinished TCP/IP Communication Unfinished TCP/IP Communication
DoS
DDoS
SYN Flood
Proposed Algorithm
Group 8
Attack Method Attack MethodDoS
DDoS
SYN Flood
Proposed Algorithm
Group 8
Defense of SYN Flood Attack Defense of SYN Flood AttackDoS
DDoS
SYN Flood
Proposed Algorithm
Group 8
DoS
DDoS
SYN Flood
Proposed Algorithm
Group 8
Using Spoofed SYN-ACK Using Spoofed SYN-ACK DoS
DDoS
SYN Flood
Proposed Algorithm
Group 8
Using Spoofed ACK Using Spoofed ACK DoS
DDoS
SYN Flood
Proposed Algorithm
Group 8
DoS
DDoS
SYN Flood
Proposed Algorithm
Group 8
Three Counters Algorithm Three Counters Algorithm
THE ENDTHE ENDTHE ENDTHE END
Thank you for your listening!Thank you for your listening!
