Denial of Service AttacksClayton Sullivan

Overview

Denial of Service Attack History What is a Denial of Service Attack? Modes of Attack Performing a Denial of Service Attack Distributed Denial of Service Detection and Prevention

History

First major attacks start to appear in 2001.

Major companies have been hit as well as major Governments

Twitter, Facebook, Google, Amazon, Wal-Mart, Pirate Bay, Irish Government, Iranian Government, Georgian Government

What is a Denial of Service Attack?

It is an attempt to make a computer resource unavailable to its intended users.

Reasons may vary but it is an effort to prevent an internet site or service from functioning efficiently.

Typical Connection Denial of Service Attack

Attacks

Basic Attack Types› Consumption of computational resources

Bandwidth, disk space, processor time› Disruption of configuration information

Routing information› Disruption of state information

Resetting of TCP sessions› Disruption of physical network components› Obstructing the communication media

between the intended users and the victim

Performing a Denial of Service Attack

An attacker sends several authentication messages to a server at once.

These authentication messages have fake return addresses so the server can not find the user to give authentication approval.

The server then waits to close the connection and when it does the attacker can send a new batch of fake requests.

This process is repeated over and over, tying up the service indefinitely.

Performing a Denial of Service Attack

Distributed Denial of Service

Distributed Denial of Service

In a distributed denial of service attack, the attacker takes over machines on the internet and uses them to perform a denial of service attack.

Used in order to generate the necessary traffic in order to bring down the resource.

Prevention and Detection

Denial of service attacks can lead to significant loss of time and resources.

Being able to detect and then prevent denial of service attacks can prevent this loss of time and resources

There are both hardware and software solutions for detection and prevention.

Prevention and Detection

A filter can be implemented that sniffs packet info and looks for suspicious patterns and will deny access if one can be found.

Intrusion Prevention Systems Firewalls, Switches, Routers

Conclusion

History Denial of Service Attack Distributed Denial of Service Attack Prevention and Detection

Questions?

References

www.wikipedia.org www.cisco.com www.cert.org www.us-cert.gov news.cnet.com