1

Simulation and Analysis of

DDos Attacks

Poongothai, MDepartment of Information

Technology,Institute of Road and Transport

Technology, Erode Tamilnadu, India

Sathyakala, MDepartment of Information

Technology,Institute of Road and Transport

Technology, Erode Tamilnadu, India

Speaker: 101061555 鍾國君

2012 – International Conference on Emerging Trends in Science, Engineering and Technology

2

OutlineIntroduction to DDos AttackDDos Attack ArchitectureAdvantages of DDos Attack Four Phase of bot installation DDos Attack MethodsDDos DefensesSimulationConclusion

3

Intruduction to DDos Attack

Distributed Denial of Service(DDos)◦Overloads the targeted server with

useless traffic, crashes the server and leaves it unable to properly communicate with the legitimate users.

◦Consume mainly the victim’s bandwidth, processing capacity and storage capacity.

◦May need human intervention to resume.

4

DDos Attack Architecture

5

Advantages of DDos Attack

Simple◦No sophisticated mechanisms.◦A single hacker can do.

Difficult to trace◦Multi-tiered structure.◦IP source spoofing.

6

Advantages of DDos Attack

Similar to legitimate traffic◦Attack streams from numerous

machines converge near the victim.

Robust ◦Attacks will continue even if one

node is dead.

7

Four Phase of Bot Installation

What is Bot?

◦A program that automatically operates as an user or another program.

◦Installed in the internal-node computers called “handlers” or “agents”.

◦Wait for the hacker to initiate the attack remotely.

8

Four Phase of Bot Installation

1.Scanning◦Installed bots scan lots of computers

for security flaws.

2.Exploitation◦Susceptible hosts are found and compromised hosts are listed.

9

Four Phase of Bot Installation

3.Deployment◦The “handler software” is installed in

the compromised hosts.

4.Propagation◦Handler then scans for vulnerable

hosts and compromises them, called “agents/Daemon”.

10

DDos Attack MethodsMethods

◦Smurf Floods Floods the network with ICMP ECHO

requests with the victim’s address, then the victim will filled with ping responses.

◦ICMP Floods The Attacker generates lots of ICMP

ECHO packets directed at the victim. Finally, the victim is busy replying all the ECHO requests.

11

DDos Attack Methods ◦UDP/TCP Floods

Send a large number of UDP/TCP packets to the victim and tie up the available network bandwidth.

◦TCP SYN Floods Not to give the final ACK packet and

make the victim waste the allocated buffer.

12

DDos Attack Methods

13

DDos Attack Methods Dynamics

◦Application attacks◦Protocol attacks◦Operating system attacks◦Host attacks◦Network attacks◦Infrastructure attacks

14

DDos Defense Classification

◦Preventive Eliminate the vulnerabilities in the

system and prevent the attacker from gaining a group of zombie machines.

◦Survival Increase the victim’s sources for

surviving during the attack.

◦Responsive Control the attack streams from

influencing the victim.

15

DDos Defense Strategy

◦Agent identification who is attacking?

◦Rate limiting Impose a rate limit on the incoming

streams.

◦Filtering Filter out the attack streams.

◦Reconfiguration Change the topology of the networks near

the victim.

16

DDos Defense Countermeasures

◦Path isolation Routers isolate traffic path, and this

information can be used to deploy filters on the path.

◦Privileged customer Customers used to communicate with the

server will have the first priority.

17

DDos Defense ◦Traffic baselining

Filter the traffic when some traffic parameter exceed their expected value.

◦Resource multiplication More resources are deployed to sustain

large attacks.

◦Legitimate traffic inflation Multiply the legitimate traffic.

18

SimulationThree considerations

◦DDos attack traffic◦Legitimate traffic◦Network topology

Software used - NS2◦Can replicate threats of interests in a

secure environment.

19

Simulation

20

ConclusionEvolution in intruder tools will

continue.

Even if the system/network is robust, others may be not. Thus, the security issue still exists.