Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


Denial of Service Attacks

No description

Faham Usman

on 22 May 2014

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Denial of Service Attacks

Information Security
Denial of Service Attacks -
Types, Signs and How to Protect

Awareness Campaign
Salim is your Cyber Security Advisor.
Aims at promoting, building and ensuring a safer & secure cyber environment and culture in the UAE.
About aeCERT
One of the initiatives of the UAE Telecommunications Regulatory Authority.
aeCERT is the United Arab Emirates Computer Emergency Response Team.
About aeCERT
DoS and DDoS
DDoS Attack Architecture
DoS Attack Prevention
Basic DNS Lookup
DNS Amplification
DoS Tools
DoS Protection
Salim (aeCERT)
For more information
A DDoS attack is simply when an attacker uses lot of compromised computers, also known as “zombies”, to attack a single target.

This is done without the users’ knowledge.

Usually the attacker gains control of a system by infecting it with a Trojan or malware that can open a backdoor for him into the system.

DDoS describes the type of attack, not the method by which it is carried out. For example, a DDoS attack could be a TCP SYN flood using multiple machines instead of one.
ICMP, TCP and UDP are types of internet protocols used to communicate around the internet.

The attacker sends request to different ports on the host, the host has to check the request and then respond back whether it is listening or not.

Host can become overwhelmed if it receives large number of such requests. It might crash, or it more likely will just get so busy that legitimate user will not be able to get connected.
Data is transmitted across the internet in packets. A packet should have a beginning and an end. When it has no end it is not complete. It could take a switch a couple of microseconds to figure that out.
Flow Monitoring Telemetry during a DDoS Attack

The obvious way to tell if you are under attack is there is a spike in traffic. You should have some kind of alerting system to let you know when traffic exceeds normal thresholds.
Later we explain how you outsource your defenses.
Block spoofed source addresses

On routers as close to source as possible

Filters may be used to ensure path back to the claimed source address is the one being used by the current packet

Filters must be applied to traffic before it leaves the ISP’s network or at the point of entry to their network

Microsoft is helping others understand how to protect their network by documenting some of the attacks in this quarterly security intelligence report (see source link on slide).
On March 2013 hackers went after SpamHaus.com sending 300 gigabits per second to their web site in a DNS amplification attack
If you cannot build out your infrastructure to 300 Gbps (and many data centers cannot) then consider outsourcing DOS protection to a third-party company.
There are three types of DOS attacks:
Three-way Handshake
Two computers do a three-step handshake before they can talk to each other. These are:

Syn, sync, “Hi there”

Syn-ACK, sync again, “Yes, I hear you”

ACK, acknowledge, “OK, got it”
Unfortunately, there is not much you can do to prevent
DoS attacks.
Consider outsourcing your DoS protection.
Patch operating systems with known weaknesses.
Try not to make anyone mad at you.
A denial of service attack is designed to flood a target host with huge amount of traffic to make it inaccessible for legitimate users.

The difficulty with DoS attacks is that you cannot identify which traffic is legitimate and which is malicious.
Tor’s Hammer
Although they should be taken off the internet, Google and sourceforge.net, are giving away for free the tools shown below.
R-U-Dead-Yet—this one reads the fields on a web form page, provides Reponses, and floods the site with HTTP POSTS (i.e., fill in the data and press send)
DDOSIM—Layer 7 DDoS Simulator
HULK (HTTP Unbearable Load King)
XOIC—promotion says “so easy a beginner can use.”
LOIC (low orbit ion cannon)—just plug in the IP address of the targeted server and the program will start sending UDP, TCP, or HTTP requests to the site.
DoS (Denial of Service) Attack
DDoS (Distributed Denial of Service) Attack
DDoS Attack Architecture
DoS Attack Prevention
Who does DoS and Why?
What is the Damage From DoS?
How to Tell if you are Under Attack
How it Works
Basic DNS Lookup
DNS Amplification
How to Protect Against DNS Amplification?
Ping of Death
SYN, ICMP, TCP and UDP Floods
Malformed Packets
TCP SYN Spoofing Attacks
SYN Flood Defense: TCP Intercept
Free DoS Tools
Incident: Attacks on Microsoft.com
Source: http://download.microsoft.com/download/5/0/3/50310CCE-8AF5-4FB4-83E2-03F1DA92F33C/Microsoft_Security_Intelligence_Report_Volume_15_Cloud_Security_Conflict_and_Cooperation_English.pdf

Incident: SpamHaus
Outsource DoS Protection
DDoS Prevention in UAE: ISP's Role
Full transcript