Published on October 7, 2007
DDoS Attacks And Their Progression: DDoS Attacks And Their Progression Group 9 Ben Dumford Travis Nauman Doug Showell Denial of Service Attacks: Denial of Service Attacks What is a Denial of Service Attack? The goal is to disrupt some legitimate activity. Means of a DoS Attack Consume Resources - Resources include Bandwidth, CPU time, etc. Malformed Packets Disrupt Physical Network What is a DDoS attack?: What is a DDoS attack? “Distributed denial-of-service attack” Attempt to make a computer resource unavailable, usually by flooding the target with internet traffic from many different sources Compromised “zombie” systems IRC Bot Net: IRC Bot Net Internet Relay Chat bot network Hundreds or even thousands of IRC bots Install on host computers all over the internet Execute commands from the attacker Zombie Botnets: Zombie Botnets Virus, worm, or trojan gets installed on host systems through various methods. These PC’s become agents of a DDoS attack known as zombies. DDoS tools Trinoo TFN, TFN2k Stacheldraht MyDoom DRDoS Attack: DRDoS Attack “Distributed reflected denial of service attack” Send requests to a large number of computers using spoofed source IP address Only considered a DDoS attack if many hosts send out signals to many subnets Unintentional DDoS Attack: Unintentional DDoS Attack Usually caused by a sudden spike in popularity “Slashdot effect” or “Digg effect” Packet Flooding : Packet Flooding Most DDoS schemes involve the consumption of bandwidth or network resources via packet flooding. ICMP Packets UDP Packets TCP Packets TCP SYN Packets Multiple Packet Attacks Latest: DNS Look-ups How to Tell If You Are Under Attack: How to Tell If You Are Under Attack Unusually slow network performance Unavailability of a particular website Inability to access any website Dramatic increase in the amount of spam you receive in your email account. Source: U.S. Computer Emergency Readiness Team. Part of Department of Homeland Security Defense Against Becoming a Zombie: Defense Against Becoming a Zombie Unfortunately, defending against DDoS attacks is not dependent on the security of your own network but of the whole internet. Antivirus Software Firewalls (Zombies hate fire!) Egress Filtering IDS Strong E-mail Policy and Spam Blockers Defense Against Flooding: Defense Against Flooding System Monitoring to Detect Attacks/Analyze Packets Packet Filtering Rate Limiting Delayed Binding Get to Know Your ISP - Blackhole Filtering Plan in Advance DDoS Attacks: DDoS Attacks Some History First DDoS attacks were mainly directed toward to disrupting IRC servers. TimeLine 1996 SYN flood Worked with minimum bandwidth DDoS Attacks: DDoS Attacks 1997 Vulnerability in Microsoft Windows TCP/IP Stack Tools were teardrop, boink, bonk Smurf Attack Bounce packets off misconfigured network Lagging Just sending a lot of packets DDoS Attacks: DDoS Attacks 1998 - 99 Targa Multiple attacks in one tool Attackers would work together to bring down systems Big increase in ability to attack computer systems this year. DDoS Attacks: DDoS Attacks 2000 Many huge sites are taken down Big losses in profit. 2001 DNS Attacks Microsoft DDoS Attacks: DDoS Attacks 2002 Root DNS servers are attacked No serious damage because of the length of the attack. 2003 - 2004 Attacking smaller sites and even some extortion attempts. Bot networks DDoS Attacks: DDoS Attacks Current Hackers beginning to attack Linux/Unix machines Many web servers are based on those operating systems Web servers have a lot of bandwidth and having control of the server would mean a lot of attack power Spam Screensavers Attacks spammers Conclusion: Conclusion Stopping DDoS attacks depends on the whole internet community. Protect your machine from malware that could be used in these attacks. Security against DDoS is an ongoing race between hackers and security experts.