Scribd Logo
Upload

Welcome to Scribd!

  • DDoS2 What Is ?

    Uploaded by

    Techne Phobos
    32 views10 pages
    What is DDoS2?

    Original Title

    DDoS2 What is ?

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    What is DDoS2?

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    32 views10 pages

    DDoS2 What Is ?

    Uploaded by

    Techne Phobos
    What is DDoS2?

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 10

    Distributed Denial of Service Attacks

    1
    Network Security Lab, Computer Engineering dept. Korea Aerospace University

    Contents
    2

    Introduction
    Backgrounds Related Works Proposed approach Experiments Discussions Future Works

    Distributed Denial of Service attacks


    3

    DDoS attacks are a large-scale, coordinated attack targeting on the availability of services at a victim system or network resources. According to CONCERT FORECAST 2008, DDoS attack, one of hacking technique, is the most important issue in recent information security field. DDoS attacks appeared in June of 1998 for the first time, and their threats have grown enormously since 2000s, and they occur 4000 times all over the world every week these days.

    Two Types of DDoS Attacks


    4

    Flood attacks

    Protocol attacks

    As a one frequently exercised manner to perform a DDoS attack, sending a huge stream of packets to a victim. This stream consumes network resource, thus rendering it unavailable to the victims legitimate clients. To success flooding attack, attacker needs many compromised hosts to send a stream of packets to a victim.

    An other common approach is for the attacker to send a few malformed packets that confuse an application or a protocol on the victim machine and force it to freeze or reboot. Protocol attack is very powerful although using few compromised host to send malformed packets.

    Trends of DDoS Attack


    Attacks Now Exceed 40Gigabit
    5

    The largest DDoS attacks have now grown 40gigabit barrier 2008. The growth in attack size continues to significantly outpace the corresponding increase in underlying transmission speed and ISP infrastructure investment.

    Worldwide Infrastructure Security Report, Arbor Networks, Oct. 2008

    Trends of DDoS Attack


    Services Under Threat
    6

    Growth in sophisticated service-level attacks at moderate and low bandwidth levels specifically designed to exploit knowledge of service weakness like vulnerable and expensive back-end queries and computational resource limitations. ISPs reported prolonged outages of prominent Internet services during the last year due to application-level attacks.

    Worldwide Infrastructure Security Report, Arbor Networks, Oct. 2008

    IP Spoofing
    7

    To conceal their location, many attackers forge, or spoof, the IP source address at random of each packet they send. Consequently, the packets appear to the victim to be arriving from one or more third parties. The ingress filtering technique has been proposed to prevent spoofing but more sophisticated technique such as subnet spoofing can avoid current defense approaches.

    Related Works
    8

    Pattern Detection

    Anomaly Detection

    Store the signatures of known attacks in a database and monitor each communication for the presence of these patterns. Known attacks are easily and reliably detected, and no false positive are encountered. Only known attacks can be detected, whereas new attacks or even slight variations of old attacks go unnoticed. SNORT

    Anomaly detection have a model of normal system behavior, such as traffic dynamics or expected system performance. Previously unknown attacks can be discovered. It must trade off their ability to detect all attacks against their tendency to misidentify normal behavior as an attack. Rate-limiting, Entropy, Chi-square

    DDoS defense technique


    9

    Rate-Limit

    Rate limiting is used to control the rate of traffic sent or received on a network interface. Traffic that is less than or equal to the specified rate is sent, whereas traffic that exceeds the rate is dropped or delayed. Rate limiting is performed by policing (discarding excess packets), queuing (delaying packets in transit) or congestion control (manipulating the protocols congestion mechanism). Policing and queuing can be applied to any network protocol.
    ACL is a list of permissions attached to host. The list specifies who or what is allowed to access the host and what operations are allowed to be performed on the host.

    ACL (Access Control List)

    Challenges of DDoS Defense


    10

    How can be sure that it is because of a DDoS attack in progress or FE(Flash Event; too many accesses of legitimated users) When the streams of packets on a network suddenly increase. Discriminating attack traffic from inbound traffic for filtering only attack packets. Detecting of service level attack at moderate and low bandwidth level attack

    You might also like