denial of service bryan oemler web enhanced information management march 22 nd, 2011
TRANSCRIPT
![Page 1: Denial of Service Bryan Oemler Web Enhanced Information Management March 22 nd, 2011](https://reader036.vdocuments.mx/reader036/viewer/2022083007/56649e7c5503460f94b7eb35/html5/thumbnails/1.jpg)
Denial of Service
Bryan OemlerWeb Enhanced Information
ManagementMarch 22nd, 2011
![Page 2: Denial of Service Bryan Oemler Web Enhanced Information Management March 22 nd, 2011](https://reader036.vdocuments.mx/reader036/viewer/2022083007/56649e7c5503460f94b7eb35/html5/thumbnails/2.jpg)
Introduction
• A Constant threat to the web based providers• Resources of servers limited• Damaging effect on targets
• Goal: Drown out all legitimate traffic to server– Consume resources of servers– Monopolize the CPU– Mimic legitimate traffic to server• Method: Combine computing power over internet– Distribute the Denial of Service Attack (DDoS)
![Page 3: Denial of Service Bryan Oemler Web Enhanced Information Management March 22 nd, 2011](https://reader036.vdocuments.mx/reader036/viewer/2022083007/56649e7c5503460f94b7eb35/html5/thumbnails/3.jpg)
DoS in the news• Attacks on WordPress Mar 4th, 2011– Largest in History– Multiple Data Centers unable to handle load– Collateral damage for single target
• Anonymous attacks on MasterCard, Visa Dec 8th 2010– Individuals organizing DoS attack– Social Networking – Personal Computers launched DoS
• Twitter, Facebook attacks Aug 5th, 2009– Flood of emails– Target was individual using social networking tools
![Page 4: Denial of Service Bryan Oemler Web Enhanced Information Management March 22 nd, 2011](https://reader036.vdocuments.mx/reader036/viewer/2022083007/56649e7c5503460f94b7eb35/html5/thumbnails/4.jpg)
Botnet
• Network of infected computers– Computers Hijacked with malware– Contacted and controlled by perpetrator of
attacks– Target victim with requests
• Added Obfuscation and Computing Power– Large network of personal and corporate
computers– Source looks legitimate to victim
![Page 5: Denial of Service Bryan Oemler Web Enhanced Information Management March 22 nd, 2011](https://reader036.vdocuments.mx/reader036/viewer/2022083007/56649e7c5503460f94b7eb35/html5/thumbnails/5.jpg)
IP spoofing
• Packets are sent out with a forged return IP address– Hides source of attacks
• Complete TCP Connection cannot be formed– Victim host responds to random IP
http://www.techrepublic.com/article/exploring-the-anatomy-of-a-data-packet/1041907
![Page 6: Denial of Service Bryan Oemler Web Enhanced Information Management March 22 nd, 2011](https://reader036.vdocuments.mx/reader036/viewer/2022083007/56649e7c5503460f94b7eb35/html5/thumbnails/6.jpg)
SYN Flood
• Critical Mass of Connection packets– TCP connections started with
SYN(Synchronization) packet. – Server responds but never receives
acknowledgement – Attacker creates many half open connections– Connections open use up server memory– Attacker monopolizes server with open
connections
![Page 7: Denial of Service Bryan Oemler Web Enhanced Information Management March 22 nd, 2011](https://reader036.vdocuments.mx/reader036/viewer/2022083007/56649e7c5503460f94b7eb35/html5/thumbnails/7.jpg)
TCP Connection vs Spoofed Packet
http://www.understandingcomputers.ca/articles/grc/drdos_copy.html
![Page 8: Denial of Service Bryan Oemler Web Enhanced Information Management March 22 nd, 2011](https://reader036.vdocuments.mx/reader036/viewer/2022083007/56649e7c5503460f94b7eb35/html5/thumbnails/8.jpg)
Reflection Attacks
• “Reflect” requests off innocent servers– Return IP Address forged on to packet intended
target of attack– Attacker sends packet to diverse set of hosts– Hosts act as middle man for the attack
• Tracking packets task more difficult– Indirect path from attacker to victim– Rely on records of intermediate hosts
![Page 9: Denial of Service Bryan Oemler Web Enhanced Information Management March 22 nd, 2011](https://reader036.vdocuments.mx/reader036/viewer/2022083007/56649e7c5503460f94b7eb35/html5/thumbnails/9.jpg)
Reflection Attack
http://www.understandingcomputers.ca/articles/grc/drdos_copy.html
![Page 10: Denial of Service Bryan Oemler Web Enhanced Information Management March 22 nd, 2011](https://reader036.vdocuments.mx/reader036/viewer/2022083007/56649e7c5503460f94b7eb35/html5/thumbnails/10.jpg)
Full HTTP Requests
• Requests require greater amount of CPU time– Databases queries– Complex calculations– Files access
• Attacks hidden through Botnet– Infected computers appear to be legitimate users– Botnets sufficiently large
![Page 11: Denial of Service Bryan Oemler Web Enhanced Information Management March 22 nd, 2011](https://reader036.vdocuments.mx/reader036/viewer/2022083007/56649e7c5503460f94b7eb35/html5/thumbnails/11.jpg)
Final Observations
• Extremely Potent– Capable of knocking even largest companies offline
• Costly to victims– Services denied to e-commerce websites, public safety
• Increasing risk of attacks– More tools and resources moving online
• High collateral damage– Information interdependent – Hosts attacked or being used to attack
![Page 12: Denial of Service Bryan Oemler Web Enhanced Information Management March 22 nd, 2011](https://reader036.vdocuments.mx/reader036/viewer/2022083007/56649e7c5503460f94b7eb35/html5/thumbnails/12.jpg)
References• http://www.computerworld.com/s/article/9200521/Update_MasterCard
_Visa_others_hit_by_DDoS_attacks_over_WikiLeaks• http://www.reuters.com/article/2010/12/10/uk-wikileaks-cyberwarfare-a
mateur-idUSLNE6B902T20101210?feedType=RSS&feedName=everything&virtualBrandChannel=11563
• http://staff.washington.edu/dittrich/misc/ddos/• http://www.understandingcomputers.ca/articles/grc/drdos_copy.html• http://www.cis.udel.edu/~sunshine/publications/ccr.pdf• http://www.sans.org/security-resources/idfaq/trinoo.php• http://www.pcmag.com/article2/0,2817,2381486,00.asp• http://www.nytimes.com/2009/08/08/technology/internet/
08twitter.html?_r=2&hpw