week 8-1 week 8: denial of service (dos) what is denial of service attack? –any attack that causes...
TRANSCRIPT
![Page 1: Week 8-1 Week 8: Denial of Service (DoS) What is Denial of Service Attack? –Any attack that causes a system to be unavailability. This is a violation of](https://reader036.vdocument.in/reader036/viewer/2022082505/56649e055503460f94af1f3c/html5/thumbnails/1.jpg)
Week 8-1
Week 8: Denial of Service (DoS)
• What is Denial of Service Attack?– Any attack that causes a system to be
unavailability. This is a violation of security policy.
• A DoS attack can have an impact on commerce, industry, aviation, health care
![Page 2: Week 8-1 Week 8: Denial of Service (DoS) What is Denial of Service Attack? –Any attack that causes a system to be unavailability. This is a violation of](https://reader036.vdocument.in/reader036/viewer/2022082505/56649e055503460f94af1f3c/html5/thumbnails/2.jpg)
Week 8-2
Week 8: Denial of Service (DoS)
• Types of DoS Attacks– Stopping local services (process kill, process
crash, sys reconfig)– Exhausting local resources (forking
processes to fill process table, filling up file system)
– Remotely stopping services (Malformed packet attack via Land, Ping of Death, Jolt2, Buffer Overflow )
– Remotely exhausting resources (SYN flood, Smurf, DDoS)
• How DoS Works?
![Page 3: Week 8-1 Week 8: Denial of Service (DoS) What is Denial of Service Attack? –Any attack that causes a system to be unavailability. This is a violation of](https://reader036.vdocument.in/reader036/viewer/2022082505/56649e055503460f94af1f3c/html5/thumbnails/3.jpg)
Week 8-3
Week 8: Denial of Service (DoS)
• Hacking Tool: Ping of Death– Sending oversized ping pkt (> 64KB ). Some TCP/IP
implementations crash
• Hacking Tool: SSPing (Malformed ICMP pkt causes server to hang)
• Hacking Tool: Land – Send spoofed pkt with IPsrc=IPdest, PortSrc=
PortDest. Unexpected event Causes system crash
• Hacking Tool: Smurf– Directed Broadcast attack via sending ping to a
broadcast address but using a spoofed source address.
![Page 4: Week 8-1 Week 8: Denial of Service (DoS) What is Denial of Service Attack? –Any attack that causes a system to be unavailability. This is a violation of](https://reader036.vdocument.in/reader036/viewer/2022082505/56649e055503460f94af1f3c/html5/thumbnails/4.jpg)
Week 8-4
Week 8: Denial of Service (DoS)
• Hacking Tool: SYN Flood (send several SYN pkts using spoofed unknown source address. Fills up connection queue)
• Hacking Tool: CPU Hog • Hacking Tool: Win Nuke (Send garbage
to an open file sharing machine on TCP port 139. system crashes)
• Hacking Tool: RPC Locator
![Page 5: Week 8-1 Week 8: Denial of Service (DoS) What is Denial of Service Attack? –Any attack that causes a system to be unavailability. This is a violation of](https://reader036.vdocument.in/reader036/viewer/2022082505/56649e055503460f94af1f3c/html5/thumbnails/5.jpg)
Week 8-5
SYN Flood Countermeasure
• Increase size of connection queue• Decrease connection establishment timeout
period• Detect and employ SYNcookie to use
cryptographic challenge for legitimate users.
• Have connection queue at a threshhold.• Use NIDS
![Page 6: Week 8-1 Week 8: Denial of Service (DoS) What is Denial of Service Attack? –Any attack that causes a system to be unavailability. This is a violation of](https://reader036.vdocument.in/reader036/viewer/2022082505/56649e055503460f94af1f3c/html5/thumbnails/6.jpg)
Week 8-6
Week 8: Denial of Service (DoS)
• Hacking Tool: Jolt2 – Send a stream of pkt fragments none
with fragment offset = 0. Affects Windows OS
• Hacking Tool: Bubonic • Hacking Tool: Targa
![Page 7: Week 8-1 Week 8: Denial of Service (DoS) What is Denial of Service Attack? –Any attack that causes a system to be unavailability. This is a violation of](https://reader036.vdocument.in/reader036/viewer/2022082505/56649e055503460f94af1f3c/html5/thumbnails/7.jpg)
Week 8-7
Distributed DoS
• Attacker uses zombies to launch DoS attacks.
• Most zombies are taken over using buffer overflow attacks or related exploits.
• Zombies wait for command from attacker using a client tool to launch simultaneous attack.
![Page 8: Week 8-1 Week 8: Denial of Service (DoS) What is Denial of Service Attack? –Any attack that causes a system to be unavailability. This is a violation of](https://reader036.vdocument.in/reader036/viewer/2022082505/56649e055503460f94af1f3c/html5/thumbnails/8.jpg)
Week 8-8
Week 8: Denial of Service (DoS)
• Tools for Running DDoS Attacks • Hacking Tool: Trinoo • Hacking Tool: WinTrinoo • Hacking Tool: TFN (Tribe Flood
Network)• Hacking Tool: TFN2K (DDo • Hacking Tool: Stacheldraht –
combines features of TFN and Trin00
![Page 9: Week 8-1 Week 8: Denial of Service (DoS) What is Denial of Service Attack? –Any attack that causes a system to be unavailability. This is a violation of](https://reader036.vdocument.in/reader036/viewer/2022082505/56649e055503460f94af1f3c/html5/thumbnails/9.jpg)
Week 8-9
Week 8: Denial of Service (DoS)
• Hacking Tool: Shaft • Hacking Tool: mstream • DDoS Attack Sequence
![Page 10: Week 8-1 Week 8: Denial of Service (DoS) What is Denial of Service Attack? –Any attack that causes a system to be unavailability. This is a violation of](https://reader036.vdocument.in/reader036/viewer/2022082505/56649e055503460f94af1f3c/html5/thumbnails/10.jpg)
Week 8-10
Week 8: Denial of Service (DoS)
• Preventing DoS Attack– Use anti-spoof filters on routers– Disable directed-broadcast at border router.– Use find DDOS, a tool distributed by US
Govt.– Get zombie zapper
• DoS Scanning Tools eg. IDS like Snort to give early warning
• Find_ddos
![Page 11: Week 8-1 Week 8: Denial of Service (DoS) What is Denial of Service Attack? –Any attack that causes a system to be unavailability. This is a violation of](https://reader036.vdocument.in/reader036/viewer/2022082505/56649e055503460f94af1f3c/html5/thumbnails/11.jpg)
Week 8-11
Week 8: Denial of Service (DoS)
• SARA • DDoSPing • RID • Zombie Zapper
![Page 12: Week 8-1 Week 8: Denial of Service (DoS) What is Denial of Service Attack? –Any attack that causes a system to be unavailability. This is a violation of](https://reader036.vdocument.in/reader036/viewer/2022082505/56649e055503460f94af1f3c/html5/thumbnails/12.jpg)
Week 8-12
Week 8: Denial of Service (DoS)
• Summary