04 denial of service.pptx
DESCRIPTION
Part of the Web Application Security CourseTRANSCRIPT
![Page 1: 04 denial of service.pptx](https://reader033.vdocument.in/reader033/viewer/2022051610/5492a23db47959794d8b466b/html5/thumbnails/1.jpg)
Denial of Service Attacks
Problem and Protection
![Page 2: 04 denial of service.pptx](https://reader033.vdocument.in/reader033/viewer/2022051610/5492a23db47959794d8b466b/html5/thumbnails/2.jpg)
Anonymous fights for WikiLeaks
![Page 3: 04 denial of service.pptx](https://reader033.vdocument.in/reader033/viewer/2022051610/5492a23db47959794d8b466b/html5/thumbnails/3.jpg)
A denial of service attack involves intentionally
overwhelming a server by flooding it with bogus
requests.
![Page 4: 04 denial of service.pptx](https://reader033.vdocument.in/reader033/viewer/2022051610/5492a23db47959794d8b466b/html5/thumbnails/4.jpg)
How attackers do it
Using viruses, they get botnet software on PCs.
They coordinate botnets to send requests simultaneously.
![Page 5: 04 denial of service.pptx](https://reader033.vdocument.in/reader033/viewer/2022051610/5492a23db47959794d8b466b/html5/thumbnails/5.jpg)
Developers can’t do much about DoS
o It is the domain of system admins.
![Page 6: 04 denial of service.pptx](https://reader033.vdocument.in/reader033/viewer/2022051610/5492a23db47959794d8b466b/html5/thumbnails/6.jpg)
How we protect ourselves
o Prevent/remove botnet software o Turn off unneeded services o Enable quotas o Overprovisioning o Blackholing o Block invalid traffic o Block the attackers’ IPs o DDoS mitigation appliances o Wait for them to get bored and move on
![Page 7: 04 denial of service.pptx](https://reader033.vdocument.in/reader033/viewer/2022051610/5492a23db47959794d8b466b/html5/thumbnails/7.jpg)
Prevent and remove botnet software
o This doesn’t protect you. It protects others. o Malware detectors can find and clean them.
![Page 8: 04 denial of service.pptx](https://reader033.vdocument.in/reader033/viewer/2022051610/5492a23db47959794d8b466b/html5/thumbnails/8.jpg)
Turn off unneeded services
o Attackers can’t misuse a service that doesn’t exist.
![Page 9: 04 denial of service.pptx](https://reader033.vdocument.in/reader033/viewer/2022051610/5492a23db47959794d8b466b/html5/thumbnails/9.jpg)
Enable quotas
o Turn on CPU, disk usage, and network traffic quotas per user.
o Will allow your server to continue to run during an attack
o But will hurt legitimate users during peak times
![Page 10: 04 denial of service.pptx](https://reader033.vdocument.in/reader033/viewer/2022051610/5492a23db47959794d8b466b/html5/thumbnails/10.jpg)
o This is nigh impossible with a DDoS attack.
![Page 11: 04 denial of service.pptx](https://reader033.vdocument.in/reader033/viewer/2022051610/5492a23db47959794d8b466b/html5/thumbnails/11.jpg)
Blackholing takes your business offline
![Page 12: 04 denial of service.pptx](https://reader033.vdocument.in/reader033/viewer/2022051610/5492a23db47959794d8b466b/html5/thumbnails/12.jpg)
Block invalid traffic
o Usually impossible because bogus requests look exactly like valid ones.
o Sometimes though, attackers will use pings or bogus IP addresses. Routers can drop them.
![Page 13: 04 denial of service.pptx](https://reader033.vdocument.in/reader033/viewer/2022051610/5492a23db47959794d8b466b/html5/thumbnails/13.jpg)
Block the attackers’ IPs
o Isolate bogus traffic from valid traffic. • Set your firewall to ignore requests from that IP
or range. • Attackers can spoof their IP via relays.
![Page 14: 04 denial of service.pptx](https://reader033.vdocument.in/reader033/viewer/2022051610/5492a23db47959794d8b466b/html5/thumbnails/14.jpg)
DDoS mitigation appliances will sanitize
traffic
![Page 15: 04 denial of service.pptx](https://reader033.vdocument.in/reader033/viewer/2022051610/5492a23db47959794d8b466b/html5/thumbnails/15.jpg)
Wait for them to
get bored and
move on
![Page 16: 04 denial of service.pptx](https://reader033.vdocument.in/reader033/viewer/2022051610/5492a23db47959794d8b466b/html5/thumbnails/16.jpg)
Summary
o Denial of service attacks can be devastating to a business
o They are impossible to predict and nearly indefensible.
o We can turn on quotas, turn off services, over-provision, and use DDoS mitigation appliances beforehand.
o We can blackhole, block IPs and strange traffic during the attack.
o But none of these can completely protect us.