DDOS

Distributed Denial of Service Attacks

by Abin paul

Overview
Introduction Why? How? Synk attack DDOS case study

Introduction
limited and consumable resources (memory, processor cycles, bandwidth, ...)
inet security highly interdependent

DDos-Attack

prevent and impair computer use

Why?
sub-cultural status

nastiness
revenge

to gain access

political reasons

economic reasons

How?

TCP floods (various flags) ICMP echo requests (i.e.. Ping floods)

UDP floods

SYN-Attack
Handshake Attack

SYN-ACK Client SYN Server Attacker (spoofed IP) SYN Server

SYN-ACK
SYN SYN-ACK

ACK

Botnet
Collection of programs or systems to perform a particular task

Case study
2006 in Verisign 5Gbps attack Published 4028 byte zone request to 30,000 DNS servers 200.0.0.0 to 217.255.255.255 address space 79 mbps to 5Gbps

Solutions
Notification and alerting mechanism Sufficient bandwidth to absorb the attack Filtering technology that excludes only unwanted traffic A distributed model to create and maintain redundancy A logging/correlation system to collect detailed attack data

Is Rajagiri a Botnet?? A conjecture..

Potential threat of Security through obscurity