TYPES OF ATTACKS
Passive Attacks
Traffic Analysis
Release of Message Content
Active Attacks
Masquerade
Replay
Modification of Message
Denial of Service
WHAT IS DENIAL OF
SERVICE ATTACK?
When a denial of service (DoS) attack
occurs, a computer or a network user is
unable to access resources like e-mail and
the Internet. An attack can be directed at an
operating system or at the network.
An explicit attempt by attackers to prevent
legitimate users of a service from using that
service.
WHAT IS DISTRIBUTED
DENIAL OF SERVICE?
A distributed denial of service (DDoS) attack is
accomplished by using the Internet to break
into computers and using them to attack a
network. Hundreds or thousands of computer
systems across the Internet can be turned into
zombies and used to attack another system
or website.
DISTRIBUTED DENIAL
OF SERVICE
Bad guy
Master
agent
Victim (s)
Slave agents
(zombies, bots)
Owned
host
Third parties
MASSIVE ATTACK ON
PUBLIC SITES
STATUS
DoS attacks increasing in frequency, severity
32% respondents detected DoS attacks (1999 CSI/FBI survey)
August 6, 2009, several social networking sites, including
Twitter, Facebook, Livejournal, and Google blogging pages
were hit by DDoS attacks
Internet's root DNS servers attacked on
Oct. 22, 2002, 9 out of 13 disabled for about an hour
Feb. 6, 2007, one of the servers crashed, two reportedly
"suffered badly", while others saw "heavy traffic
An apparent attempt to disable the Internet itself
TYPES OF ATTACKS
SMURF ATTACK
(CONTD.)
TCP HANDSHAKE
C
S
SYNC
SYNS, ACKC
Listening
Store data
Wait
ACKS
Connected
SYN FLOODING
C
S
SYNC1
SYNC2
SYNC3
SYNC4
SYNC5
Listening
Store data
REFLECTOR DOS
ATTACK
ATTACK NETWORK
APPROPRIATE SOFTWARE
DETECTING VULNERABILITY IN THE VICTIM
SYSTEM
STRATEGY FOR LOCTAING VICTIM MACHINES
RANDOM
HIT-LIST
TOPOLOGICAL
LOCAL SUBNET
High
Tools
denial of service
packet spoofing
sniffers
Intruder
Knowledge
GUI
distributed
attack tools
www attacks
automated probes/scans
back doors
network mgmt. diagnostics
disabling audits
hijacking
burglaries sessions
Attack
Sophistication
Attackers
password guessing
Low
1980
Source: CERT/CC
1985
1990
1995
2001
DOS COUNTER
MEASURES
1. Attack Prevention (Before the Attack)- Firewalls,
Antiviruses, Defenders etc.
2. Attack Detection and Filtering(During the Attack)Routers, Switches, Fibre optic cables
3. Attack Source Traceback and Identifictaion (during
and after the Attack)- disabling Slave and Zombie
machines
THANK YOU