garishma bhatia, profile picture
Uploaded bygarishma bhatia
PPTX, PDF4,397 views

Denial of service

This document discusses denial of service (DoS) and distributed denial of service (DDoS) attacks. It defines DoS attacks as attempts to render a system unusable or slow it down for legitimate users by overloading its resources. DDoS attacks multiply the effectiveness of DoS by using multiple compromised computers to launch attacks simultaneously. Common DoS attack types like SYN floods, Smurf attacks, and ping of death are described. The rise of botnets, which are networks of compromised computers controlled remotely, enabled more powerful DDoS attacks. Mitigation strategies include load balancing, throttling traffic, and using honeypots to gather attacker information.

Downloaded 45 times
DENIAL OF SERVICE BY – GARISHMA BHATIA
CONTENT • Denial of Service(D0S) Attack • Types of DoS Attacks • Tools that facilitate DoS Attack • BOTs • Distributed Denial of Service (DDoS) Attack • Characteristics of DDoS Attacks
Are Denial of Service Attacks on the Rise ? • August 15, 2003 o Microsoft.com falls to a DoS attack. The company's website is inaccessible for two hours. • March 27, 2003, 15:09 GMT o Within hours of an English version of AlJazeera's website coming online, it was blown away by a denial of service attack.
• A Denial of Service attack (DoS) is an attack through which a person can render a system unusable, or significantly slow it down for legitimate users, by overloading its resources • If an attacker is unable to gain access to a machine, the attacker will most likely crash the machine to accomplish a denial of service attack What are Denial of Service Attacks?
Goal of DoS • The goal of DoS is not to gain unauthorized access to machines or data, but to prevent users of a service from using it • Attackers may: o Attempt to flood a network, thereby preventing legitimate network traffic o Attempt to disrupt connections between two machines, thereby preventing access to a service o Attempt to prevent a particular individual from accessing a service o Attempt to disrupt service to a specific system or person
Impact and the Modes of Attack • The Impact: o Disabled network o Disabled organization o Financial loss o Loss of goodwill • The Modes: o Consumption of  Scarce, limited, or non-renewable resources  Network bandwidth, memory, disk space, CPU time, or data structures  Access to other computers and networks, and certain environmental resources such as power, cool air, or even water o Destruction or Alteration of Configuration Information o Physical destruction or alteration of network components, resources such as power, cool air, or even water
Types of Attacks • There are two types of attacks: 1.DoS attack 2.DDos attack •A type of attack on a network that is designed to bring the network down by flooding it with data packets
DoS Attack Classification • Smurf • Buffer Overflow Attack • Ping of death • Teardrop • SYN Attack
• The perpetrator generates a large amount of ICMP echo (ping) traffic to a network broadcast address with a spoofed source IP set to a victim host • The result will be lots of ping replies (ICMP Echo Reply) flooding the spoofed host • Amplified ping reply stream can overwhelm the victim’s network connection • Fraggle attack, which uses UDP echo is similar to the smurf attack
Buffer Overflow Attack • Buffer overflow occurs any time the program writes more information into the buffer than the space it has allocated in the memory. • The attacker can overwrite data that controls the program execution path and hijack the control of the program to execute the attacker’s code instead of the process code. • Sending email messages that have attachments with 256 character file names can cause buffer overflow.
Teardrop Attack • IP requires that a packet that is too large for the next router to handle be divided into fragments. • The attacker's IP puts a confusing offset value in the second or later fragment. • If the receiving operating system is not able to aggregate the packets accordingly, it can crash the system . • It is a UDP attack, which uses overlapping offset fields to bring down hosts. • The Unnamed Attack – Variation of the Teardrop attack – Fragments are not overlapping but there are gaps incorporate
SYN Attack • The attacker sends bogus TCP SYN requests to a victim server. The host allocates resources (memory sockets) to the connection • Prevents the server from responding to legitimate requests • This attack exploits the three-way handshake • Malicious flooding by large volumes of TCP SYN packets to the victim’s system with spoofed source IP addresses can cause Do
SYN Flooding • It takes advantage of a flaw in how most hosts implement the TCP three-way handshake. • When Host B receives the SYN request from A, it must keep track of the partially-opened connection in a "listen queue" for at least 75 seconds. • A malicious host can exploit the small size of the listen queue by sending multiple SYN requests to a host, but never replying to the SYN&ACK. • The victim’s listen queue is quickly filled up. • This ability of removing a host from the network for at least 75 seconds can be used as a denial-of service attack.
DoS Attack Tools • Jolt2 • Bubonic.c • Land and LaTierra • Targa • Blast20 • Nemesy • Panther2 • Crazy Pinger • Some Trouble • UDP Flood ~ • FSMax
DoS Attack Tools • IRCbot -also called zombie or drone. • Internet Relay Chat(IRC) is a form of real time communication over the Internet. It is mainly designed for group (one-to-many) communication in discussion forums called channels • The bot joins a specific IRC channel on an IRC server and waits for further commands • The attacker can remotely control the bot and use it for fun and also for profit • Different bots connected together is called botnet
Botnets • Botnets consist of a multitude of machines • They are used for DDoS attacks • A relatively small botnet with only 1,000 bots has a combined bandwidth that is probably higher than the Internet connection of most corporate systems (1,000 home PCs with an average • upstream of 128KBit/s can offer more than 100MBit/s)
Uses of botnets • Distributed Denial-of-Service Attacks Botnets are used for Distributed Denial-of-Service (DDoS) attacks • Spamming Opens a SOCKS v4/v5 proxy server for spamming • Sniffing Traffic Bots can also use a packet sniffer to watch interesting clear-text data passing by a compromised machine • Keylogging With the help of a keylogger it is easy for an attacker to retrieve sensitive information such as online banking passwords • Spreading new malware Botnets are used to spread new bot • Installing Advertisement Addons Automated advertisement “clicks” • Google AdSense abuse AdSense offers companies the possibility to display Google advertisements on their own website and earn money this way. Botnet is used to click on these advertisements • Attacking IRC Chat Networks These are called “clone” attacks • Manipulating online polls Since every bot has a distinct IP address, every vote will have the same credibility as a vote cast by a real person • Mass identity theft ("phishing mails")
What is DDOS ATTACK ? • According to the website, www.searchsecurity.com: On the Internet, a distributed denial of service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users
Characteristics of DDoS Attacks • It is a large-scale, coordinated attack on the availability of services of a victim system • The services under attack are those of the “primary victim,” while the compromised systems used to launch the attack are often called the “secondary victims” • This makes it difficult to detect because attacks originate from several IP addresses • If a single IP address is attacking a company, it can block that address at its firewall. If it is 30,000, this is extremely difficult • Perpetrator is able to multiply the effectiveness of the Denial of Service significantly by harnessing the resources of multiple unwitting accomplice computers which serve as attack platforms
DDOS Unstoppable • DDoS attacks rely on finding thousands of vulnerable, Internet-connected systems and systematically compromising them using known vulnerabilities • Once the DDoS attack has been launched it is hard to stop • Packets arriving at your firewall may be blocked there, but they may just as easily overwhelm the incoming side of your Internet connection • If the source addresses of these packets have been spoofed, then you will have no way of knowing if they reflect the true source of the attack until you track down some of the alleged sources • The sheer volume of sources involved in DDoS attacks makes it difficult to stop
How to Conduct a DDoS Attack • Step 1: Write a virus that will send ping packets to a target network/websites Step 2: Infect a minimum of (30,000) computers with this virus and turn them into “zombies” Step 3: Trigger the zombies to launch the attack by sending wake-up signals to the zombies or activated by certain data Step 4: The zombies will start attacking the target server until they are disinfecte
Mitigate or Stop the Effects of DDoS Attacks • Load Balancing Providers can increase bandwidth on critical connections to prevent them from going down in the event of an attack Replicating servers can help provide additional failsafe protection Balancing the load to each server in a multiple-server architecture can improve both normal performances as well as mitigate the effect of a DDoS attack • Throttling This method sets up routers that access a server with logic to adjust (throttle) incoming traffic to levels that will be safe for the server to process
Deflect Attacks • Honeypots – Systems that are set up with limited security act as an enticement for an attacker – Serve as a means for gaining information about attackers by storing a record of their activities and learning what types of attacks and software tools the attackers use
THANK YOU

More Related Content

PPTX
Basics of Denial of Service Attacks
byHansa Nidushan
 
PPTX
DDoS ATTACKS
byAnil Antony
 
PPTX
Dos attack
byManjushree Mashal
 
PPTX
Denial of Service Attacks (DoS/DDoS)
byGaurav Sharma
 
PPTX
Denial of Service Attack
byDhrumil Panchal
 
PPT
DDOS Attack
byAhmed Salama
 
PPT
DDoS Attacks
byJignesh Patel
 
PPTX
Dos n d dos
bysadhana21297
 
Basics of Denial of Service Attacks
byHansa Nidushan
 
DDoS ATTACKS
byAnil Antony
 
Dos attack
byManjushree Mashal
 
Denial of Service Attacks (DoS/DDoS)
byGaurav Sharma
 
Denial of Service Attack
byDhrumil Panchal
 
DDOS Attack
byAhmed Salama
 
DDoS Attacks
byJignesh Patel
 
Dos n d dos
bysadhana21297
 

What's hot

PPTX
DoS or DDoS attack
bystollen_fusion
 
PPT
DDoS Attack PPT by Nitin Bisht
byNitin Bisht
 
PPTX
Denial of service attack
byKaustubh Padwad
 
PPTX
Man in The Middle Attack
byDeepak Upadhyay
 
PPTX
Cyber security
byManjushree Mashal
 
PPT
IDS and IPS
bySantosh Khadsare
 
PPTX
Ddos attacks
bycommunication-eg
 
PPTX
Intrusion detection and prevention system
byNikhil Raj
 
PPTX
Ransomware
byAkshita Pillai
 
PPSX
Intrusion detection system
bygaurav koriya
 
PPTX
Network security
byquest university nawabshah
 
PPT
Web Security
byBharath Manoharan
 
PPT
Network Security
byMAJU
 
PPTX
Denial of service attack
byAhmed Ghazey
 
PPTX
Introduction to Network Security
byJohn Ely Masculino
 
PPTX
Operating System Security
byRamesh Upadhaya
 
PPTX
SQL INJECTION
byAnoop T
 
PPTX
Password Cracking
bySagar Verma
 
PPTX
Computer security concepts
byPrachi Gulihar
 
PPTX
Trojan virus & backdoors
byShrey Vyas
 
DoS or DDoS attack
bystollen_fusion
 
DDoS Attack PPT by Nitin Bisht
byNitin Bisht
 
Denial of service attack
byKaustubh Padwad
 
Man in The Middle Attack
byDeepak Upadhyay
 
Cyber security
byManjushree Mashal
 
IDS and IPS
bySantosh Khadsare
 
Ddos attacks
bycommunication-eg
 
Intrusion detection and prevention system
byNikhil Raj
 
Ransomware
byAkshita Pillai
 
Intrusion detection system
bygaurav koriya
 
Network security
byquest university nawabshah
 
Web Security
byBharath Manoharan
 
Network Security
byMAJU
 
Denial of service attack
byAhmed Ghazey
 
Introduction to Network Security
byJohn Ely Masculino
 
Operating System Security
byRamesh Upadhaya
 
SQL INJECTION
byAnoop T
 
Password Cracking
bySagar Verma
 
Computer security concepts
byPrachi Gulihar
 
Trojan virus & backdoors
byShrey Vyas
 

Similar to Denial of service

PPTX
DoS/DDoS
byVihari Piratla
 
PPT
Module 9 Dos
byleminhvuong
 
PDF
ECE560 Denial of Service Attacks Fall2020.pdf
byTuulTriyason
 
PDF
A041201010
byijceronline
 
PPTX
DDoS - Distributed Denial of Service
byEr. Shiva K. Shrestha
 
PPTX
Denial of Service (DoS) and Distributed DoS (DDoS) Attacks
bySwarup Saw
 
PPTX
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
byPriyadharshiniHemaku
 
PPTX
An introduction to denial of service attacks
byRollingsherman
 
PDF
File000144
byDesmond Devendran
 
PDF
Ddos- distributed denial of service
bylaxmi chandolia
 
PDF
cloud computing final year project
byAmeya Vashishth
 
PDF
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
byProfessor Lili Saghafi
 
PDF
A REVIEW ON DDOS PREVENTION AND DETECTION METHODOLOGY
byijasa
 
PDF
A Comparative Approach to Handle Ddos Attacks
byIOSR Journals
 
PPT
Denail of Service
byRamasubbu .P
 
PPTX
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
bySuhail Khan
 
PDF
International Journal of Computational Science and Information Technology (I...
byijcsity
 
PDF
MS_ISAC__DDoS_Attacks_Guide__2023_05.pdf
byssuser262297
 
PDF
A vivacious approach to detect and prevent d do s attack
byeSAT Publishing House
 
PPT
CS10NETWOKSecurityhdhgsfdhsdheahgqergd.ppt
bymohammednisath
 
DoS/DDoS
byVihari Piratla
 
Module 9 Dos
byleminhvuong
 
ECE560 Denial of Service Attacks Fall2020.pdf
byTuulTriyason
 
A041201010
byijceronline
 
DDoS - Distributed Denial of Service
byEr. Shiva K. Shrestha
 
Denial of Service (DoS) and Distributed DoS (DDoS) Attacks
bySwarup Saw
 
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
byPriyadharshiniHemaku
 
An introduction to denial of service attacks
byRollingsherman
 
File000144
byDesmond Devendran
 
Ddos- distributed denial of service
bylaxmi chandolia
 
cloud computing final year project
byAmeya Vashishth
 
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
byProfessor Lili Saghafi
 
A REVIEW ON DDOS PREVENTION AND DETECTION METHODOLOGY
byijasa
 
A Comparative Approach to Handle Ddos Attacks
byIOSR Journals
 
Denail of Service
byRamasubbu .P
 
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
bySuhail Khan
 
International Journal of Computational Science and Information Technology (I...
byijcsity
 
MS_ISAC__DDoS_Attacks_Guide__2023_05.pdf
byssuser262297
 
A vivacious approach to detect and prevent d do s attack
byeSAT Publishing House
 
CS10NETWOKSecurityhdhgsfdhsdheahgqergd.ppt
bymohammednisath
 

More from garishma bhatia

PPTX
Peephole optimization techniques
bygarishma bhatia
 
PPTX
Vm migration techniques
bygarishma bhatia
 
PPTX
Iot + cloud
bygarishma bhatia
 
PPTX
WORKFLOW OF THE PROCESS IN SPM
bygarishma bhatia
 
PPTX
MULTILEVEL QUEUE SCHEDULING
bygarishma bhatia
 
PPTX
Constructor overloading & method overloading
bygarishma bhatia
 
PPT
MULTIPLE ACCESS PROTOCOL COMPUTER NETWORKS
bygarishma bhatia
 
PPTX
BLOCKCHAIN TECHNOLOGY
bygarishma bhatia
 
PPTX
Knapsack problem
bygarishma bhatia
 
PPTX
PRIM'S ALGORITHM
bygarishma bhatia
 
PPTX
Data types IN JAVA
bygarishma bhatia
 
PPTX
Data Algorithms And Analysis
bygarishma bhatia
 
DOCX
VEHICLE REGISTRATION PROJECT
bygarishma bhatia
 
PPTX
WIFI TECH
bygarishma bhatia
 
PPTX
MATCHING GRAPH THEORY
bygarishma bhatia
 
PPTX
Garishma se
bygarishma bhatia
 
PPTX
Garishma xcs
bygarishma bhatia
 
PPTX
Garishma maTHS
bygarishma bhatia
 
PPTX
Garishma ec
bygarishma bhatia
 
Peephole optimization techniques
bygarishma bhatia
 
Vm migration techniques
bygarishma bhatia
 
Iot + cloud
bygarishma bhatia
 
WORKFLOW OF THE PROCESS IN SPM
bygarishma bhatia
 
MULTILEVEL QUEUE SCHEDULING
bygarishma bhatia
 
Constructor overloading & method overloading
bygarishma bhatia
 
MULTIPLE ACCESS PROTOCOL COMPUTER NETWORKS
bygarishma bhatia
 
BLOCKCHAIN TECHNOLOGY
bygarishma bhatia
 
Knapsack problem
bygarishma bhatia
 
PRIM'S ALGORITHM
bygarishma bhatia
 
Data types IN JAVA
bygarishma bhatia
 
Data Algorithms And Analysis
bygarishma bhatia
 
VEHICLE REGISTRATION PROJECT
bygarishma bhatia
 
WIFI TECH
bygarishma bhatia
 
MATCHING GRAPH THEORY
bygarishma bhatia
 
Garishma se
bygarishma bhatia
 
Garishma xcs
bygarishma bhatia
 
Garishma maTHS
bygarishma bhatia
 
Garishma ec
bygarishma bhatia
 

Recently uploaded

PDF
6.IPE431_KINEMATIC STRUCTURE2133e324.pdf
bygixaj71508
 
PPTX
Rahul Sharma.pptx for summer internshipp
byirfan7231089794
 
PPTX
Class 3 of Module 2 - Strings in Python Syllabus, VIT
byVijayanthVijay
 
PDF
Best Popular Sites to Buy Verified Binance Accounts Are ....pdf
byusaold smm1
 
PDF
DevSecOps - November + MCP Workshop @ Google
byLuiz Carneiro
 
DOCX
Forensic Engineering Project Tacoma Narrows Bridge
byhaskellljones
 
PPTX
Presentation "Risk Assessment of Essential Product Requirements by Example" a...
byBurkhard Stubert
 
PPTX
Industrial Plant Safety Guide | Ensure Reliability, Compliance & Zero-Inciden...
byMaintWiz Technologies Private Limited
 
PDF
OpenInfra Europe 2025: OVN traffic flow & Troubleshooting
byVadim Ponomarev
 
DOCX
Summer training report on plc and scada.docx
byharshgahlyan3108
 
PPTX
5G Technology & Future Communication Systems
bySakshiMarakana
 
PDF
Resonating 25 years of service- 1988 exam batch.pdf
byRajesh Prasad
 
PDF
Certified Cloud Security Professional (CCSP)
byVICTOR MAESTRE RAMIREZ
 
PDF
High performance liquid chromatography.pdf
byatharvjpk21
 
PPTX
Develop and Implement a Maintenance Competency Plan | Build Skilled, Reliable...
byMaintWiz Technologies Private Limited
 
PDF
Test Blueprint for National Exit Examination.pdf
byshumibiru238
 
PPTX
METAFABRIC – Cooling Textiles with Radiative Properties
bytamilarasi192002
 
PDF
Integrating_AI_in_React_Applications_Using_OpenAI_Gemini_and_Hugging_Face_Tec...
byJaydeep Kale
 
PDF
OpenStack on Autopilot with K8s & ArgoCD in OpenInfra Days France 2024
byVadim Ponomarev
 
PDF
20It2005securitylabmanualforthefollowingyear
byKevinjr22
 
6.IPE431_KINEMATIC STRUCTURE2133e324.pdf
bygixaj71508
 
Rahul Sharma.pptx for summer internshipp
byirfan7231089794
 
Class 3 of Module 2 - Strings in Python Syllabus, VIT
byVijayanthVijay
 
Best Popular Sites to Buy Verified Binance Accounts Are ....pdf
byusaold smm1
 
DevSecOps - November + MCP Workshop @ Google
byLuiz Carneiro
 
Forensic Engineering Project Tacoma Narrows Bridge
byhaskellljones
 
Presentation "Risk Assessment of Essential Product Requirements by Example" a...
byBurkhard Stubert
 
Industrial Plant Safety Guide | Ensure Reliability, Compliance & Zero-Inciden...
byMaintWiz Technologies Private Limited
 
OpenInfra Europe 2025: OVN traffic flow & Troubleshooting
byVadim Ponomarev
 
Summer training report on plc and scada.docx
byharshgahlyan3108
 
5G Technology & Future Communication Systems
bySakshiMarakana
 
Resonating 25 years of service- 1988 exam batch.pdf
byRajesh Prasad
 
Certified Cloud Security Professional (CCSP)
byVICTOR MAESTRE RAMIREZ
 
High performance liquid chromatography.pdf
byatharvjpk21
 
Develop and Implement a Maintenance Competency Plan | Build Skilled, Reliable...
byMaintWiz Technologies Private Limited
 
Test Blueprint for National Exit Examination.pdf
byshumibiru238
 
METAFABRIC – Cooling Textiles with Radiative Properties
bytamilarasi192002
 
Integrating_AI_in_React_Applications_Using_OpenAI_Gemini_and_Hugging_Face_Tec...
byJaydeep Kale
 
OpenStack on Autopilot with K8s & ArgoCD in OpenInfra Days France 2024
byVadim Ponomarev
 
20It2005securitylabmanualforthefollowingyear
byKevinjr22
 

Denial of service

  • 1.
    DENIAL OF SERVICE BY– GARISHMA BHATIA
  • 2.
    CONTENT • Denial ofService(D0S) Attack • Types of DoS Attacks • Tools that facilitate DoS Attack • BOTs • Distributed Denial of Service (DDoS) Attack • Characteristics of DDoS Attacks
  • 3.
    Are Denial ofService Attacks on the Rise ? • August 15, 2003 o Microsoft.com falls to a DoS attack. The company's website is inaccessible for two hours. • March 27, 2003, 15:09 GMT o Within hours of an English version of AlJazeera's website coming online, it was blown away by a denial of service attack.
  • 4.
    • A Denialof Service attack (DoS) is an attack through which a person can render a system unusable, or significantly slow it down for legitimate users, by overloading its resources • If an attacker is unable to gain access to a machine, the attacker will most likely crash the machine to accomplish a denial of service attack What are Denial of Service Attacks?
  • 5.
    Goal of DoS •The goal of DoS is not to gain unauthorized access to machines or data, but to prevent users of a service from using it • Attackers may: o Attempt to flood a network, thereby preventing legitimate network traffic o Attempt to disrupt connections between two machines, thereby preventing access to a service o Attempt to prevent a particular individual from accessing a service o Attempt to disrupt service to a specific system or person
  • 6.
    Impact and theModes of Attack • The Impact: o Disabled network o Disabled organization o Financial loss o Loss of goodwill • The Modes: o Consumption of  Scarce, limited, or non-renewable resources  Network bandwidth, memory, disk space, CPU time, or data structures  Access to other computers and networks, and certain environmental resources such as power, cool air, or even water o Destruction or Alteration of Configuration Information o Physical destruction or alteration of network components, resources such as power, cool air, or even water
  • 7.
    Types of Attacks •There are two types of attacks: 1.DoS attack 2.DDos attack •A type of attack on a network that is designed to bring the network down by flooding it with data packets
  • 8.
    DoS Attack Classification •Smurf • Buffer Overflow Attack • Ping of death • Teardrop • SYN Attack
  • 9.
    • The perpetratorgenerates a large amount of ICMP echo (ping) traffic to a network broadcast address with a spoofed source IP set to a victim host • The result will be lots of ping replies (ICMP Echo Reply) flooding the spoofed host • Amplified ping reply stream can overwhelm the victim’s network connection • Fraggle attack, which uses UDP echo is similar to the smurf attack
  • 11.
    Buffer Overflow Attack •Buffer overflow occurs any time the program writes more information into the buffer than the space it has allocated in the memory. • The attacker can overwrite data that controls the program execution path and hijack the control of the program to execute the attacker’s code instead of the process code. • Sending email messages that have attachments with 256 character file names can cause buffer overflow.
  • 12.
    Teardrop Attack • IPrequires that a packet that is too large for the next router to handle be divided into fragments. • The attacker's IP puts a confusing offset value in the second or later fragment. • If the receiving operating system is not able to aggregate the packets accordingly, it can crash the system . • It is a UDP attack, which uses overlapping offset fields to bring down hosts. • The Unnamed Attack – Variation of the Teardrop attack – Fragments are not overlapping but there are gaps incorporate
  • 13.
    SYN Attack • Theattacker sends bogus TCP SYN requests to a victim server. The host allocates resources (memory sockets) to the connection • Prevents the server from responding to legitimate requests • This attack exploits the three-way handshake • Malicious flooding by large volumes of TCP SYN packets to the victim’s system with spoofed source IP addresses can cause Do
  • 14.
    SYN Flooding • Ittakes advantage of a flaw in how most hosts implement the TCP three-way handshake. • When Host B receives the SYN request from A, it must keep track of the partially-opened connection in a "listen queue" for at least 75 seconds. • A malicious host can exploit the small size of the listen queue by sending multiple SYN requests to a host, but never replying to the SYN&ACK. • The victim’s listen queue is quickly filled up. • This ability of removing a host from the network for at least 75 seconds can be used as a denial-of service attack.
  • 15.
    DoS Attack Tools •Jolt2 • Bubonic.c • Land and LaTierra • Targa • Blast20 • Nemesy • Panther2 • Crazy Pinger • Some Trouble • UDP Flood ~ • FSMax
  • 16.
    DoS Attack Tools •IRCbot -also called zombie or drone. • Internet Relay Chat(IRC) is a form of real time communication over the Internet. It is mainly designed for group (one-to-many) communication in discussion forums called channels • The bot joins a specific IRC channel on an IRC server and waits for further commands • The attacker can remotely control the bot and use it for fun and also for profit • Different bots connected together is called botnet
  • 17.
    Botnets • Botnets consistof a multitude of machines • They are used for DDoS attacks • A relatively small botnet with only 1,000 bots has a combined bandwidth that is probably higher than the Internet connection of most corporate systems (1,000 home PCs with an average • upstream of 128KBit/s can offer more than 100MBit/s)
  • 18.
    Uses of botnets •Distributed Denial-of-Service Attacks Botnets are used for Distributed Denial-of-Service (DDoS) attacks • Spamming Opens a SOCKS v4/v5 proxy server for spamming • Sniffing Traffic Bots can also use a packet sniffer to watch interesting clear-text data passing by a compromised machine • Keylogging With the help of a keylogger it is easy for an attacker to retrieve sensitive information such as online banking passwords • Spreading new malware Botnets are used to spread new bot • Installing Advertisement Addons Automated advertisement “clicks” • Google AdSense abuse AdSense offers companies the possibility to display Google advertisements on their own website and earn money this way. Botnet is used to click on these advertisements • Attacking IRC Chat Networks These are called “clone” attacks • Manipulating online polls Since every bot has a distinct IP address, every vote will have the same credibility as a vote cast by a real person • Mass identity theft ("phishing mails")
  • 19.
    What is DDOSATTACK ? • According to the website, www.searchsecurity.com: On the Internet, a distributed denial of service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users
  • 20.
    Characteristics of DDoSAttacks • It is a large-scale, coordinated attack on the availability of services of a victim system • The services under attack are those of the “primary victim,” while the compromised systems used to launch the attack are often called the “secondary victims” • This makes it difficult to detect because attacks originate from several IP addresses • If a single IP address is attacking a company, it can block that address at its firewall. If it is 30,000, this is extremely difficult • Perpetrator is able to multiply the effectiveness of the Denial of Service significantly by harnessing the resources of multiple unwitting accomplice computers which serve as attack platforms
  • 21.
    DDOS Unstoppable • DDoSattacks rely on finding thousands of vulnerable, Internet-connected systems and systematically compromising them using known vulnerabilities • Once the DDoS attack has been launched it is hard to stop • Packets arriving at your firewall may be blocked there, but they may just as easily overwhelm the incoming side of your Internet connection • If the source addresses of these packets have been spoofed, then you will have no way of knowing if they reflect the true source of the attack until you track down some of the alleged sources • The sheer volume of sources involved in DDoS attacks makes it difficult to stop
  • 22.
    How to Conducta DDoS Attack • Step 1: Write a virus that will send ping packets to a target network/websites Step 2: Infect a minimum of (30,000) computers with this virus and turn them into “zombies” Step 3: Trigger the zombies to launch the attack by sending wake-up signals to the zombies or activated by certain data Step 4: The zombies will start attacking the target server until they are disinfecte
  • 23.
    Mitigate or Stopthe Effects of DDoS Attacks • Load Balancing Providers can increase bandwidth on critical connections to prevent them from going down in the event of an attack Replicating servers can help provide additional failsafe protection Balancing the load to each server in a multiple-server architecture can improve both normal performances as well as mitigate the effect of a DDoS attack • Throttling This method sets up routers that access a server with logic to adjust (throttle) incoming traffic to levels that will be safe for the server to process
  • 24.
    Deflect Attacks • Honeypots –Systems that are set up with limited security act as an enticement for an attacker – Serve as a means for gaining information about attackers by storing a record of their activities and learning what types of attacks and software tools the attackers use
  • 25.