Date post: | 30-Dec-2015 |
Category: |
Documents |
Upload: | bo-mccullough |
View: | 61 times |
Download: | 1 times |
DefinitionDefinition
““A "denial-of-service" attack is A "denial-of-service" attack is characterized by an explicit attempt characterized by an explicit attempt by attackers to prevent legitimate by attackers to prevent legitimate users of a service from using that users of a service from using that service.”service.”11
Denial-of-service attacks deal with Denial-of-service attacks deal with the issue of availability.the issue of availability.
11 CERT Website
ExamplesExamples
Examples include attempts toExamples include attempts to "flood" a network, thereby preventing "flood" a network, thereby preventing
legitimate network trafficlegitimate network traffic11 disrupt connections between two disrupt connections between two
machines, thereby preventing access to a machines, thereby preventing access to a serviceservice11
prevent a particular individual from prevent a particular individual from accessing a serviceaccessing a service11
disrupt service to a specific system or disrupt service to a specific system or personperson11
11 CERT Website
Types of AttacksTypes of Attacks
Physical Attack Physical Attack Physically destroying components.Physically destroying components.
Configuration Attack Configuration Attack Altering or destroying configuration Altering or destroying configuration
files or information.files or information. Consumption AttackConsumption Attack
Using limited or scarce resources and Using limited or scarce resources and thereby preventing legitimate users thereby preventing legitimate users from using them. from using them.
Physical AttackPhysical Attack
Probably considered the least Probably considered the least interesting to most of us.interesting to most of us.
ExamplesExamples Taking a bat a smashing an ATM, thus Taking a bat a smashing an ATM, thus
denying others the ability to use the ATM.denying others the ability to use the ATM. Snipping or cutting a fiber optic line Snipping or cutting a fiber optic line
therefore preventing communication to a therefore preventing communication to a network or system.network or system.
Intentionally turning off or disabling a Intentionally turning off or disabling a cooling system which results in a machine cooling system which results in a machine overheating and failing.overheating and failing.
Configuration AttackConfiguration Attack Most of us probably don’t think about this Most of us probably don’t think about this
one right away.one right away. ExamplesExamples
Obtaining administrator rights and deleting user Obtaining administrator rights and deleting user accounts.accounts.
Hacking the .htaccess file on a web server and Hacking the .htaccess file on a web server and preventing anyone from viewing the site.preventing anyone from viewing the site.
Changing the default gateway that a DHCP Changing the default gateway that a DHCP Server sends to its clients.Server sends to its clients.
Changing the settings on a machine which Changing the settings on a machine which interferes with its ability to get onto the network.interferes with its ability to get onto the network.
Modifying a domain name’s DNS information.Modifying a domain name’s DNS information.
Consumption AttackConsumption Attack
Perhaps the one most of us think of Perhaps the one most of us think of and probably find the most and probably find the most interesting.interesting.
CERT defines four subtypesCERT defines four subtypes Network ConnectivityNetwork Connectivity Using Your Own Resources Against YouUsing Your Own Resources Against You Other Resource ConsumptionOther Resource Consumption Bandwidth ConsumptionBandwidth Consumption
Network Connectivity Network Connectivity AttackAttack
““Denial-of-service attacks are most frequently Denial-of-service attacks are most frequently executed against network connectivity. The executed against network connectivity. The goal is to prevent hosts or networks from goal is to prevent hosts or networks from communicating on the network.”communicating on the network.”11
““An example of this type of attack is the "SYN An example of this type of attack is the "SYN flood" attack”flood" attack”11
Also known as a Protocol Attack.Also known as a Protocol Attack. This is an example of an “asymmetric attack”This is an example of an “asymmetric attack”
““attacks can be executed with limited resources against attacks can be executed with limited resources against a large, sophisticated site”a large, sophisticated site”11
““an attacker with an old PC and a slow modem may be an attacker with an old PC and a slow modem may be able to disable much faster and more sophisticated able to disable much faster and more sophisticated machines or networks.”machines or networks.”11
11 CERT Website
Using Your Own Resources Using Your Own Resources Against You AttackAgainst You Attack
An attacker uses your own resources An attacker uses your own resources against you in unexpected ways.against you in unexpected ways.
An example is a UDP chargen/echo scenarioAn example is a UDP chargen/echo scenario
Other Resource Other Resource Consumption AttackConsumption Attack
Most of us don’t readily consider Most of us don’t readily consider Consumption Attacks.Consumption Attacks.
ExamplesExamples CPU timeCPU time
Spawning a large number of processes that bog down the Spawning a large number of processes that bog down the CPU CPU
Consuming “locks”Consuming “locks” Intentionally incorrectly logging in a user until security Intentionally incorrectly logging in a user until security
features prevent any more login attempts for that user.features prevent any more login attempts for that user. Could include using file or database locks so others can’t Could include using file or database locks so others can’t
access them.access them. Filling up disk spaceFilling up disk space
Generating excessive email messagesGenerating excessive email messages Generating error messages that get loggedGenerating error messages that get logged Placing files in anonymous ftp server space or open sharesPlacing files in anonymous ftp server space or open shares
Bandwidth Consumption Bandwidth Consumption AttackAttack
The attacker consumes all available bandwidth on a The attacker consumes all available bandwidth on a network.network.
Most often done with ICMP ECHO (Ping) packets, Most often done with ICMP ECHO (Ping) packets, but doesn’t have to be.but doesn’t have to be.
The attacker may be using multiple machines to The attacker may be using multiple machines to coordinate the attack.coordinate the attack. DDoS – Distributed Denial-of-ServiceDDoS – Distributed Denial-of-Service DRDoS – Distributed Reflection Denial-of-ServiceDRDoS – Distributed Reflection Denial-of-Service DoS – Any type of Denial-of-ServiceDoS – Any type of Denial-of-Service
DDoS & DRDoS are Brute Force AttacksDDoS & DRDoS are Brute Force Attacks Filterable vs. Non-filterable AttacksFilterable vs. Non-filterable Attacks
Filterable Attacks consist of bogus packets or non-critical Filterable Attacks consist of bogus packets or non-critical services which can be blocked by a firewall without services which can be blocked by a firewall without affecting the rest of the machine or network.affecting the rest of the machine or network.
Non-filterable Attacks consist of packets requesting Non-filterable Attacks consist of packets requesting legitimate services and resources, thus a firewall will not legitimate services and resources, thus a firewall will not help stop the attack.help stop the attack.
What can we do?What can we do? ISP’sISP’s
Implement hardware/software settings and filters on routers Implement hardware/software settings and filters on routers and machines that limit and bound packets.and machines that limit and bound packets.
Prevent users from spoofing packets (Firewall).Prevent users from spoofing packets (Firewall). AdministratorsAdministrators
Install and use a firewall.Install and use a firewall. Close all unnecessary ports and turn off all unused services.Close all unnecessary ports and turn off all unused services. Use quotas.Use quotas. Maintain backups of configuration files.Maintain backups of configuration files. Install intrusion detection software.Install intrusion detection software. Monitor network traffic.Monitor network traffic. Evaluate physical security on a routine basis.Evaluate physical security on a routine basis.
Average Jane and John DoeAverage Jane and John Doe Don’t download/install software from unknown/unreliable Don’t download/install software from unknown/unreliable
sources.sources. Install personal firewall/port protection software.Install personal firewall/port protection software.
SourcesSources http://www.cert.org/tech_tips/denial_of_service.htmlhttp://www.cert.org/tech_tips/denial_of_service.html http://grc.com/dos/drdos.htmhttp://grc.com/dos/drdos.htm http://grc.com/dos/grcdos.htmhttp://grc.com/dos/grcdos.htm http://www.rbs2.com/ccrime.htm#anchor111666http://www.rbs2.com/ccrime.htm#anchor111666 http://www.netcraft.com/presentations/interop/http://www.netcraft.com/presentations/interop/
dos.htmldos.html http://lasr.cs.ucla.edu/ddos/http://lasr.cs.ucla.edu/ddos/
ucla_tech_report_020018.pdfucla_tech_report_020018.pdf http://www.cnn.com/2002/TECH/internet/10/23/http://www.cnn.com/2002/TECH/internet/10/23/
net.attack/net.attack/ http://www.infoworld.com/article/http://www.infoworld.com/article/
03/01/25/030125hnsqlnet_1.html?s=IDGNS03/01/25/030125hnsqlnet_1.html?s=IDGNS