Professional Documents
Culture Documents
6/2/2010 1
The problem.
Attack types.
Defense Proposals classification.
Integrated solutions to DDoS attacks.
Conclusion.
Stop-it.
6/2/2010 2
6/2/2010 3
The internet was designed for openness &
scalability, resulting in poor security.
6/2/2010 4
Supports ease of attachment.
6/2/2010 5
Now, if:
6/2/2010 6
(1) Sending one or more packets to exploit
software vulnerability.
Example: the “ping of death”
6/2/2010 7
Both forms occupy a significant proportion of
the available bandwidth. Hence DoS is also
called “bandwidth attacks”.
6/2/2010 8
DDoS- Distributed Denial of Service.
WHAT FOR???
◦ the power of a DDoS attack is amplified.
◦ the problem of defense is made more complicated.
6/2/2010 9
Users inconvenience can result in loosing
them, hence an economical result.
Essential
services.
6/2/2010 10
6/2/2010 11
A typical DDoS attack contains 3 stages:
1. Compromise vulnerable systems available in the
Internet.
2. Install attack tools in those systems.
6/2/2010 12
Online computers.
◦ Direct attack: include malicious payload.
◦ Indirect attack: exploit insecure actions that may be
performed by users.
6/2/2010 13
Botnet: A compromised computer that can
be managed by an attacker through the IRC
channel.
6/2/2010 14
There are 2 main ways to attack a server:
6/2/2010 15
Definition: the level of resources consumed at
the victim by the attack.
(1)Traffic volume
6/2/2010 16
We classify attacks according to the way the
attack power is magnified.
1. Internet protocols.
6/2/2010 17
Can be launched effectively from a single
attack source.
Examples:
◦ SYN Flood.
◦ ICMP flood.
6/2/2010 18
Forces the target to execute expensive
operations.
Examples:
◦ HTTP Flood.
◦ SIP flood.
6/2/2010 19
Aims to obscure the sources of attack traffic
by using third parties(reflectors) to relay attack
traffic to the victim.
Examples:
◦ DNS Amplification Attacks.
6/2/2010 20
The attack contains three stages:
6/2/2010 21
Aims to disable the services of critical
components of the Internet.
As a result- the whole Internet may be
affected.
{DNS root servers of top-level domains, such as .com}
6/2/2010 22
6/2/2010 23
1. The traffic volume.
2. Multiple sources.
6/2/2010 24
Resource sharing.
Keep it simple on the server side, let
usage.
Decentralized Internet Management.
6/2/2010 25
(1) Attack Prevention.
6/2/2010 26
6/2/2010 27
There has been only limited progress in
solving the DDoS problem.
6/2/2010 28
Limit the rate at which sources can generate
requests.
6/2/2010 29
Combines filtering and admission challenges
with a pushback scheme between the target
and the upstream ISPs.
Issues of pushback:
6/2/2010 30
6/2/2010 31
New operating systemsusers are given
more power over computer resources.
6/2/2010 32
And attacks are becoming more and more
sophisticated
6/2/2010 33
Securable Intra-AS communication.
Upgradable components.
Dependable Routing.
Under the above assumptions:
1. Effective Algorithm.
3. Fail safe.
Important note:
◦ Each node must verify that the stop-it request
comes from the right peer before it honors the
request to prevent malicious hosts from blocking
legitimate traffic
Passport for source identification.
6/2/2010 50