DDoS Attack and Its Defense

  • Published on
    25-Feb-2016

  • View
    236

  • Download
    3

DESCRIPTION

DDoS Attack and Its Defense. CSE551: Introduction to Information Security. Outline. What is a DDOS attack? How to defend a DDoS attack?. What is DDoS attack?. Internet DDoS attack is real threat - on websites Yahoo, CNN, Amazon, eBay, etc (Feb. 2000) - PowerPoint PPT Presentation

Transcript

  • CSE551 Handout on DDoS*DDoS Attack and Its Defense

    CSE551: Introduction to Information Security

    CSE551 Handout on DDoS

  • CSE551 Handout on DDoS and Worm*OutlineWhat is a DDOS attack?How to defend a DDoS attack?

    CSE551 Handout on DDoS and Worm

  • CSE551 Handout on DDoS and Worm*What is DDoS attack?Internet DDoS attack is real threat

    - on websites Yahoo, CNN, Amazon, eBay, etc (Feb. 2000) services were unavailable for several hours - on Internet infrastructure 13 root DNS servers (Oct, 2002) 7 of them were shut down, 2 others partially unavailable

    Lack of defense mechanism on current Internet

    CSE551 Handout on DDoS and Worm

  • CSE551 Handout on DDoS and Worm*What is a DDos Attack?DoS attacks: Attempt to prevent legitimate users of a service from using itExamples of DoS include:Flooding a networkDisrupting connections between machinesDisrupting a serviceDistributed Denial-of-Service Attacks Many machines are involved in the attack against one or more victim(s)

    CSE551 Handout on DDoS and Worm

  • CSE551 Handout on DDoS and Worm*

    CSE551 Handout on DDoS and Worm

  • CSE551 Handout on DDoS and Worm*

    CSE551 Handout on DDoS and Worm

  • CSE551 Handout on DDoS and Worm*

    CSE551 Handout on DDoS and Worm

  • CSE551 Handout on DDoS and Worm*What Makes DDoS Attacks Possible? Internet was designed with functionality & not security in mindInternet security is highly interdependentInternet resources are limitedPower of many is greater than power of a few

    CSE551 Handout on DDoS and Worm

  • CSE551 Handout on DDoS and Worm*To Address DDoS attackIngress Filtering - P. Ferguson and D. Senie, RFC 2267, Jan 1998 - Block packets that has illegitimate source addresses - Disadvantage : Overhead makes routing slowIdentification of the origins (Traceback problem) - IP spoofing enables attackers to hide their identity - Many IP traceback techniques are suggestedMitigating the effect during the attack- Pushback

    CSE551 Handout on DDoS and Worm

  • CSE551 Handout on DDoS and Worm*IP Traceback

    - Allows victim to identify the origin of attackers - Several approaches ICMP trace messages, Probabilistic Packet Marking, Hash-based IP Traceback, etc.

    CSE551 Handout on DDoS and Worm

  • CSE551 Handout on DDoS and Worm*PPMProbabilistic Packet Marking scheme - Probabilistically inscribe local path info - Use constant space in the packet header - Reconstruct the attack path with high probability

    Making at router RFor each packet w Generate a random number x from [0,1)If x < p then Write IP address of R into w.head Write 0 into w.distance else if w.distance == 0 then wirte IP address of R into w.tail Increase w.distanceendif

    CSE551 Handout on DDoS and Worm

  • CSE551 Handout on DDoS and Worm*PPM (Cont.)Victimlegitimate userattacker

    CSE551 Handout on DDoS and Worm

  • CSE551 Handout on DDoS and Worm*PPM (Cont.)Victimlegitimate userattacker

    CSE551 Handout on DDoS and Worm

  • CSE551 Handout on DDoS and Worm*PPM (Cont.)Victimlegitimate userattacker

    CSE551 Handout on DDoS and Worm

  • CSE551 Handout on DDoS and Worm*PPM (Cont.)Victimlegitimate userattacker

    CSE551 Handout on DDoS and Worm

  • CSE551 Handout on DDoS and Worm*What is Pushback?A mechanism that allows a router to request adjacent upstream routers to limit the rate of traffic

    CSE551 Handout on DDoS and Worm

  • CSE551 Handout on DDoS and Worm*How Does it Work?A congested router request other adjacent routers to limit the rate of traffic for that particular aggregate.Router sends pushback messageReceived routers propagates pushback

    CSE551 Handout on DDoS and Worm

  • CSE551 Handout on DDoS and Worm*ConclusionWhat is a DDoS attack?Defending a DDoS attackIngress filteringTrace-back Push-back

    CSE551 Handout on DDoS and Worm

    *

Recommended

View more >