Transcript DENIAL OF SERVICE ATTACK

DENIAL OF SERVICE ATTACK
YVONNE M. AKUTSA 128467
BEHROKH MOHEB 118451
2
Objectives
•
•
•
•
•
•
•
•
•
What is denial of service?
What is distributed denial of service?
Common forms of attack
Modes of attack
Consequences of attack
Real example of attack
Sign of attack
Prevention
Ethic on Denial of Service attack
3
WHAT IS DENIAL OF SERVICE ATTACK?
• Denial-of-service attack, is a type of attack on
a network that is designed to bring the network
to its knees by flooding it with useless traffic.
• DoS attack, denial-of-service attack, is an
explicit attempt to make a computer resource
unavailable by either injecting a computer virus
or flooding the network with useless traffic.
4
WHAT IS DENIAL OF SERVICE ATTACK? cont’
Its aim is to prevent legitimate users by:
• Attempting to flood a network
• To disrupt connections between computers
• Prevent certain individuals from accessing a
service
• Disrupt service to a specific system or person
5
Common forms of Attack
• SYN Floods
• Ping of death
• Smurf Attack
• Teardrop Attack
• Mail Bomb
• Ping of flood
6
SYN Floods
• It takes advantage of the flaw of TCP three-way
handshaking behavior.
• Sends many requests to the connection.
• Do not response to replies.
• The SYN flood attack sends TCP connections
requests faster than a machine can process them
7
Ping of death
• Is a denial of service (DoS) attack caused by an
attacker deliberately sending an IP packet larger
than the bytes allowed by the IP protocol. Since the
received ICMP(Internet Control Message Protocol)
echo request packet is bigger than the normal IP
packet size, the victim cannot reassemble the
packets. The OS may be crashed or rebooted as a
result.
8
Smurf Attack
• A smurf attack occurs when an attacker sends a
large amount of IP packets to the broadcast
address of an intermediate network with spoofed
IP addresses as the origin.
• This cause all hosts on the network to reply to
the ICMP request, causing significant traffic to
the victim's computer.
9
Teardrop Attack
• Divides large files into fragments.
• An attacker sends two fragments that cannot be
reassembled properly by manipulating the offset
value of packet and cause reboot or halt of victim
system.
• Teardrop exploits an overlapping IP fragment
bug present in Windows 95, Windows NT and
Windows 3.1 machines.
10
Mail Bomb
Email bombing is characterized by abusers
repeatedly sending an email message to a
particular address at a specific victim site. In
many instances, the messages will be large and
constructed from meaningless data in an effort
to consume additional system and network
resources
11
Ping of flood
• Attacker simply sends a huge number of "ICMP
Echo Requests(ping)" to the victim.
• It sends ICMP packets as fast as possible without
waiting for replies.
• The continuing combination of requests and replies
can slow the network or, in extreme cases, to
disconnect.
12
What does the DoS attack?
NETWORK BANDWITH
SERVER MEMORY
CPU USAGE
DATABASE CONNECTION POOL
DATABASE SPACE
HARD DISK SPACE
13
What is Distributed Denial of Service?
• DDOS, short for Distributed Denial of Service,
is a type of DOS attack where multiple
compromised systems , which are usually
infected with a Trojan -- are used to target a
single system causing a Denial of Service (DoS)
attack.
• DDoS = when multiple hosts attack
simultaneously
• DoS = when a single host attacks.
14
MODES OF ATTACK
Consumption of scarce, limited or non
renewable resources
Destruction or alteration of configuration
information
Physical destruction or alteration of network
components
15
CONSEQUENCES OF ATTACKS
• BRAND DAMAGE
• FINANCIAL LOSSES
• SABORTAGE
• EXTORTION
• REPEAT ATTACK IF NOT WELL PROTECTED
16
Examples of Attack
• Schwab Website Again Hit With Denial
of Service Attack
(http://www.euroinvestor.com/news/2013/04/24/s
chwab-website-again-hit-with-denial-of-serviceattack/12305777)
• Spamhaus hit by biggest-ever DDoS
attacks
(http://www.computerworld.com/s/article/923793
8/Update_Spamhaus_hit_by_biggest_ever_DDoS
_attacks)
17
SIGNS OF AN ATTACK
• Unusually slow network
• Certain websites become slower to open or
unavailable.
• A high increase in the amount of spam received.
• Disconnection of a wireless or wired internet
connection
18
PREVENTION OF ATTACK
• Businesses
Firewall and Router configuration
Block unnecessary ports
Filter broadcast messages
Verify source IP address (prevent IP
spoofing across subnets)
Install DDoS protection equipment or services
Monitor traffic under normal circumstances
and detect anomalies
19
Cont’
Apply latest patches to servers and PCs, Use
Antivirus software
Maintain a redundant environment (hot swap
server)
• End Users
Use a home firewall/router
Apply latest updates for operating system
Use Antivirus software
Use caution when opening email attachments or
clicking on links
20
ETHICS IN DOS ATTACK
• A Denial of Service Attack is unethical. This is
because it is an invasion of someone’s space and
with others the destruction of property which
denies them the right to use what rightfully
belongs to them as a legitimate owner.
21
CONCLUSION
• Denial of service attacks have now become
common forms of protests online for many
groups that feel unfairly treated or have
prejudices against companies.
22
References
• http://www.iplocation.net/tools/denial-of-service.php
• http://www.webopedia.com/TERM/D/DoS_attack.html
• http://www.webopedia.com/TERM/D/DDoS_attack.ht
ml
• http://ethics.csc.ncsu.edu/abuse/dos/study.php
• http://www.iss.net/security_center/advice/Exploits/TC
P/SYN_flood/default.htm
• http://searchsecurity.techtarget.com/definition/ping-ofdeath
• http://www.cert.org/tech_tips/email_bombing_spamm
ing.html