• Aucun résultat trouvé

Distributed denial of service

N/A
N/A
Info
Télécharger
Protected

Academic year: 2022

Partager "Distributed denial of service"

Copied!
44
0
0

Chargement.... (Voir le texte intégral maintenant)

Texte intégral

(1)

Distributed denial of service

Prensented by:

• Kamar MEDDAH

• Redouane AIT ELMKDEM

• Fatima-Azzahra AYACH

• Jamila AKHARAZ

• Mohamed LIDOUH

(2)

Plan

2

Introduction

02 Dos vs DDos 01

How DDoS attack 03 works?

(3)

3

DDoS Tools

04 DDoS Attack Methods

AIM OF A DDoS ATTACK

05

07

06 DDoS ATTACK Types

(4)

4

DDoS Mitigation

09 Conclusion

08

(5)

Add a full screen image

Introduction 1

(6)

Introduction

DDos is an acronym of “ Distributed Denial of Service ”.

It is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources.

It denies a victim (host, router, or entire network) from providing or receiving normal services.

It is a dangerous and common type of cyber-attacks.

6

(7)

Add a full screen image

Wishing is not enough; we must do.

(8)

Add a full screen image

Dos vs DDos 2

(9)

Dos vs DDos

In a DoS attack, an attacker uses a single Internet connection to either exploit a software vulnerability or flood a target with fake requests in an attempt to exhaust server resources .

.

DDoS attacks are launched from multiple connected devices that are distributed across the Internet.

9

(10)

How DDoS attacks 3

works

(11)

Attack Daemon Agents

Master

Program/Agent

Attacker/Attacking Hosts

DDoS attack consist of 4 elements :

Victim (Target)

11

(12)
(13)
(14)
(15)
(16)
(17)
(18)

Add a full screen image

Ddos attack 4

methods

(19)

SMURF

19

(20)
(21)

Different phases of attack:

21

IP address of the victim is obtained by the attacking computer.

All the devices in this network gets these ICMF messages and they send back ICMF replies to the IP address of the victim.

Using this spoofed IP address the attacker sends ICMF messages to a network’s broadcasting address.

Victim get flooded with packets coming from all these zombies and crashes.

0 1

0 2 0 4 0

3

Phase 2 Pahse 1

Phase 4 Phase 3

(22)

Steps to protect against SMURF attacks

Configure the router to not contact all the devices connected to its network when an ICMP message is obtained to its broadcast address.

Setup a firewall so as to filters unwanted messages

22

(23)

SYN Flood (TCP SYN Atack)

23

(24)
(25)

Different phases of attack:

25

The attacker obtains the IP addresses of various systems.

Impersonating as these systems the attacker sends a number of SYN requests which is the first signal to be sent for establishing a TCP connection with a 3 way handshake.

The server which holds the website replies with a TCP SYN/ACK reply on receiving the SYN requests and waits for the ACK signal to receive from the IP address which had been spoofed by the

attacker

The server thus wastes it resources and bandwidth and waits for the ACK signal to be received.

0 1

0 2 0 4 0

3

Phase 2 Pahse 1

Phase 4 Phase 3

(26)
(27)

Steps to protect against SYN Flood

Decrease the TCP Connection Timeout on the victim server so that server

waits for only little time and stops waiting for TCP ACK signal after that time.

.

Using firewall as an intermediatory between the attacker and server.

27

(28)

UDP Flood

28

(29)
(30)

Different phases of attack:

30

As always the attacker obtains IP addresses of many devices.

He now sends data packets to random ports of the the server.

The server finds that the data packet received was in the wrong port and tries to notify the sender of the data packet that he has sent it to the wrong port by sending back a destination unreachable message.

Even though the server does this the continuous flow of data packets to different ports of the

server continues and server has time only to send destination unreachable packet and server

crashes due to overload.

0 1

0 2 0 4 0

3

Phase 2 Pahse 1

Phase 4 Phase 3

(31)

Steps to protect against UDP flood attacks

Limit the rate at which destination unreachable messages are sent or not send such packets.

.

Introduce a firewall before the server to check whether the incoming packets are assigned to the correct port or not.If correct then pass the packets, else reject the packet.

31

(32)

Add a full screen image

Ddos attack tools 5

(33)

Ddos attack tools

Trinoo UDP

Tribe Flood Network (TFN) UDP, ICMP, SYN, Smurf

Stacheldracht UDP, ICMP, SYN, Smurf

TFN 2K UDP, ICMP, SYN, Smurf

33

(34)

Add a full screen image

Ddos attack types 6

(35)

Ddos attack types

35

Attacker sends large number of packets directly towards victim

Direct attacks

An attacker sends packets that require responses to the reflectors with the packets’ inscribed source address set to victim’s address.

Reflectors Attacks

(36)

Add a full screen image

Aim of a Ddos 7

Attack

(37)

Aim of a Ddos Attack

37

Expression of anger and criticism.

Anticompetitive business practices.

To disrupt operation of private or government enterprise.

Means to extract money.

01 02 03 04

(38)

Add a full screen image

DDoS Mitigation 8

(39)

DDoS Mitigation

Identifying incoming traffic to separate human traffic from human-like bots and hijacked web browsers.

Analyzing and Filtering incoming traffic.

DDoS attack can be direct or indirect (spoofing).

Comparing signatures and examining different attributes of the traffic, including IP addresses, cookie variations, HTTP Headers, etc...

39

(40)

DDoS Mitigation

Setup having both anti-DDoS technology and antiDDoS emergency response services such as CloudFlare or Radware.

40

(41)

Add a full screen image

Conclusion 9

(42)

Conclusion

DDoS is a dangerous and common type of cyber-attacks.

It is an attempt to make services unavailable by overwhelming them with traffic from multiple sources.

DDoS attack can be direct or reflected (spoofing).

Identifying, analyzing and filtering incoming traffic helps to protect from DDoS attacks.

42

(43)

Thank you!

(44)

https://www.princeton.edu/~rblee/ELE572F02presentations/DDoS.ppt

https://fr.slideshare.net/cloudflare/ddos-101-attack-types-and-mitigation

https://fr.slideshare.net/AmazonWebServices/ddos-protection-79797085

https://web.cs.wpi.edu/~rek/Adv_Nets/Fall2006/DDOS.ppt

https://conference.apnic.net/35/pdf/ddos-

attacks_preparationdetectionmitigation_apricot_1361720605.pdf

https://www.icann.org/presentations/ssac-la-estonia-ddos-attacks-25jun07.pdf

https://www.f5.com/pdf/white-papers/ddos-threat-spectrum-wp.pdf

https://www.f5.com/pdf/white-papers/mitigating-ddos-attacks-tech-brief.pdf

Bibliography

Références

Télécharger maintenant ( PPTX - 44 Page - 3.25 MB )

Documents relatifs

Which countries? The countries and

Because of this WHO established the Centre for the Promotion of Environmental Planning and Applied Studies (PEPAS) in 1979. Located near Kuala Lumpur, in Malay- sia,

Signal Processing in the Receiving System with Spatially Distributed Receiving Elements

Figure 8 shows the improvement of the SNR depending on the number of antenna elements in the line of spatially distributed elements in the presence of one noise fluctuation and a

The original document from which this microfiche has- been prepared, has these imperfections:

J'ai vécu l'expérience dee run* de té B et 3( H â LVRF avec de* chercheur* qui n'ont par craint d'uiiliter mon matériel et d'accepter ma cet laboration. Tardieu et J.L. Ranck,

1 Summary The Internet is approaching a situation in which the current IP address space is no longer adequate for global addressing and routing

Also, the NSAP address used for running Internet applications (over TCP or UDP over CLNP) does not need to have any relationship with other NSAP addresses

Packets to and from the home network are tunneled by the Network Access Server (NAS) to which the user connects and a Home Agent (HA) on the user’s home network

destination. Each mobile node connecting to a home agent does so over a unique tunnel, identified by a tunnel identifier which is unique to a given FA-HA pair.

January 1998 Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing Status of this Memo This memo provides information for the Internet community

While the filtering method discussed in this document does absolutely nothing to protect against flooding attacks which originate from valid prefixes (IP addresses), it

It defines the SDP ’TCP’ protocol identifier, the SDP ’setup’ attribute, which describes the connection setup procedure, and the SDP ’connection’ attribute, which handles connection reestablishment

Nevertheless, offerers using this strategy should be aware that if the answerer chooses a connection value of ’new’, a new offer/answer exchange (typically initiated by

For reducing the IP address configuration latency, the document proposes that the new Care-of Address is always made to be the new access router’s IP address

In response to a handover trigger or indication, the mobile node sends a Fast Binding Update message to the Previous Access Router (PAR) (see Section 5.1).. Depending on